diff --git a/.github/workflows/auto_merge.yml b/.github/workflows/auto_merge.yml
index 06409558b..150910770 100644
--- a/.github/workflows/auto_merge.yml
+++ b/.github/workflows/auto_merge.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.2.0
+        uses: actions/checkout@v4.2.1
         with:
           fetch-depth: 0  # Fetch all history for merging
           ref: ${{ github.event.pull_request.head.ref }} # Checkout the PR's branch
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 540a1f893..59688f675 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 17b35903d..f77b99e80 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -48,7 +48,7 @@ jobs:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 6bce651e8..f0b7256db 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5
diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml
index 05741ee64..f305ea7b5 100644
--- a/.github/workflows/ossar-analysis.yml
+++ b/.github/workflows/ossar-analysis.yml
@@ -27,7 +27,7 @@ jobs:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 9d2740b29..2f96f041d 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -36,7 +36,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/snyk-analysis.yml b/.github/workflows/snyk-analysis.yml
index 5369a1e38..5f56496e3 100644
--- a/.github/workflows/snyk-analysis.yml
+++ b/.github/workflows/snyk-analysis.yml
@@ -23,7 +23,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
     - name: Build a Docker image
       run: docker build -t your/image-to-test .
     - name: Run Snyk to check Docker image for vulnerabilities
diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index cdaf45ca7..bfa576665 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -32,7 +32,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+    - uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
     - name: Build a Docker image
       run: docker build -t your/image-to-test .
     - name: Run Snyk to check Docker image for vulnerabilities
diff --git a/.github/workflows/snyk-infrastructure-analysis.yml b/.github/workflows/snyk-infrastructure-analysis.yml
index 503aad594..b2822f7a9 100644
--- a/.github/workflows/snyk-infrastructure-analysis.yml
+++ b/.github/workflows/snyk-infrastructure-analysis.yml
@@ -31,7 +31,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
       - name: Run Snyk to check configuration files for security issues
         # Snyk can be used to break the build when it detects security issues.
         # In this case we want to upload the issues to GitHub Code Scanning
diff --git a/.github/workflows/trivy-analysis.yml b/.github/workflows/trivy-analysis.yml
index 135c61812..c5680dd3f 100644
--- a/.github/workflows/trivy-analysis.yml
+++ b/.github/workflows/trivy-analysis.yml
@@ -20,7 +20,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e # v4.2.0
 
       - name: Build an image from Dockerfile
         run: |