diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index ccbbe26ecdcdf..ca3fd0f83808a 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -33,6 +33,6 @@ jobs:
     env: ${{ matrix.env }}
     steps:
       - name: Repository checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
       - name: Build check
         run: .github/workflows/build_test.sh
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d66dcdc7e8912..1a9445845313e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 05bf751924d54..e1dc4de00c7d2 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -22,7 +22,7 @@ jobs:
       COVERITY_SCAN_NOTIFICATION_EMAIL: "${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}"
     steps:
       - name: Repository checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
       # Reuse the setup phase of the unit test script to avoid code duplication
       - name: Install build dependencies
         run: sudo -E .github/workflows/unit_tests.sh SETUP
diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml
index 17065b24d2753..e16e2cca039db 100644
--- a/.github/workflows/development_freeze.yml
+++ b/.github/workflows/development_freeze.yml
@@ -63,7 +63,7 @@ jobs:
             core.exportVariable('pr_number', pr_number);
 
       - name: Repository checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
index 1a3615360591c..12e9725353021 100644
--- a/.github/workflows/differential-shellcheck.yml
+++ b/.github/workflows/differential-shellcheck.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Repository checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml
index c85795cbb5f1b..406c0b6741970 100644
--- a/.github/workflows/gather-pr-metadata.yml
+++ b/.github/workflows/gather-pr-metadata.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Repository checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml
index e57ac70bcdbd0..ad70b385e6ae2 100644
--- a/.github/workflows/issue_labeler.yml
+++ b/.github/workflows/issue_labeler.yml
@@ -20,7 +20,7 @@ jobs:
         template: [ bug_report.yml, feature_request.yml ]
 
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
 
       - name: Parse issue form
         uses: stefanbuck/github-issue-parser@c1a559d78bfb8dd05216dab9ffd2b91082ff5324
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index d1b363824e5fd..7f5f4701d1d3e 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Repo checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
         with:
           # We need a full repo clone
           fetch-depth: 0
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 778d795bca3fe..3510df679d724 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -75,7 +75,7 @@ jobs:
       SYSTEMD_LOG_LEVEL: debug
 
     steps:
-    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
     - uses: systemd/mkosi@adaa41512aa30c952daae5ba0abcf2622d66b93b
 
     - name: Configure
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 062a95af2faa9..43b3a440c3161 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index e2dd8c3da25a6..d4db467fc2060 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -30,7 +30,7 @@ jobs:
             cryptolib: gcrypt
     steps:
       - name: Repository checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
       - name: Install build dependencies
         run: |
           # Drop XDG_* stuff from /etc/environment, so we don't get the user