diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index cb168d8..7511f4c 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
       - name: update cloudflared version
         id: update
         run: |
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 7fde992..5ec429f 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
       - name: Read version
         id: version
         run: echo "version=$(cat Dockerfile | grep -wE "ARG CLOUDFLARED_VERSION=*" | sed "s|ARG CLOUDFLARED_VERSION=||g" | sed "s| \\\||g")" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/json.yml b/.github/workflows/json.yml
index 7018e83..b70c8b4 100644
--- a/.github/workflows/json.yml
+++ b/.github/workflows/json.yml
@@ -7,7 +7,7 @@ jobs:
   test-json:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
       - name: json-syntax-check
         uses: limitusus/json-syntax-check@v2
         with:
diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
index ab20d44..3b5fa72 100644
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code.
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
       - name: misspell
         uses: reviewdog/action-misspell@v1
         with:
diff --git a/.github/workflows/yq.yml b/.github/workflows/yq.yml
index 3b46938..18ef2b0 100644
--- a/.github/workflows/yq.yml
+++ b/.github/workflows/yq.yml
@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
         with:
           token: ${{ secrets.YQ }}
       - name: update workflows