diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index eef7027e8..d62c6ab94 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -76,7 +76,7 @@ jobs:
     needs: call-docs-build-push
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.workflow_run.head_branch }}
       - uses: actions/setup-node@v4
diff --git a/.github/workflows/check-broken-links.yml b/.github/workflows/check-broken-links.yml
index 05d7baf30..3a9bbdfbb 100644
--- a/.github/workflows/check-broken-links.yml
+++ b/.github/workflows/check-broken-links.yml
@@ -11,7 +11,7 @@ jobs:
   check-broken-links:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: BoundfoxStudios/action-hugo-link-check@v2.0.3
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index 3b5b58f6c..6097ce643 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -22,7 +22,7 @@ jobs:
     if: ${{ github.event.repository.fork == false }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
 
       - name: Scan
         uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # v1.4.0
diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
index 961722146..38fecbc59 100644
--- a/.github/workflows/mend.yml
+++ b/.github/workflows/mend.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
         with:
           ref: ${{ inputs.branch && inputs.branch || github.ref }}
 
diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml
index 48d5d6a1e..f909c91d4 100644
--- a/.github/workflows/ossf_scorecard.yml
+++ b/.github/workflows/ossf_scorecard.yml
@@ -29,7 +29,7 @@ jobs:
       checks: read # To detect SAST tools
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.0
         with:
           persist-credentials: false