diff --git a/.github/workflows/format-code.yml b/.github/workflows/format-code.yml
index a55a4e09..5a82751b 100644
--- a/.github/workflows/format-code.yml
+++ b/.github/workflows/format-code.yml
@@ -8,7 +8,7 @@ jobs:
   format-code:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: ministryofjustice/github-actions/code-formatter@v14
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/management-account-apply.yml b/.github/workflows/management-account-apply.yml
index 74da638c..99c6dde1 100644
--- a/.github/workflows/management-account-apply.yml
+++ b/.github/workflows/management-account-apply.yml
@@ -20,7 +20,7 @@ jobs:
       run:
         working-directory: ./management-account/terraform
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           role-to-assume: arn:aws:iam::${{secrets.AWS_ROOT_ACCOUNT_ID}}:role/github-actions-apply
diff --git a/.github/workflows/management-account-plan.yml b/.github/workflows/management-account-plan.yml
index 13c1754d..6cd2f496 100644
--- a/.github/workflows/management-account-plan.yml
+++ b/.github/workflows/management-account-plan.yml
@@ -19,7 +19,7 @@ jobs:
       run:
         working-directory: ./management-account/terraform
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           role-to-assume: arn:aws:iam::${{secrets.AWS_ROOT_ACCOUNT_ID}}:role/github-actions-plan
diff --git a/.github/workflows/organisation-security-apply.yml b/.github/workflows/organisation-security-apply.yml
index 7b118316..12854036 100644
--- a/.github/workflows/organisation-security-apply.yml
+++ b/.github/workflows/organisation-security-apply.yml
@@ -20,7 +20,7 @@ jobs:
       run:
         working-directory: ./organisation-security/terraform
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           role-to-assume: arn:aws:iam::${{secrets.AWS_SECURITY_ACCOUNT_ID}}:role/github-actions-apply
diff --git a/.github/workflows/organisation-security-plan.yml b/.github/workflows/organisation-security-plan.yml
index ea076a02..25224f3f 100644
--- a/.github/workflows/organisation-security-plan.yml
+++ b/.github/workflows/organisation-security-plan.yml
@@ -19,7 +19,7 @@ jobs:
       run:
         working-directory: ./organisation-security/terraform
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           role-to-assume: arn:aws:iam::${{secrets.AWS_SECURITY_ACCOUNT_ID}}:role/github-actions-plan