diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2410061a..e0cf7cab 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,7 +22,7 @@ jobs:
           - { name: LTS,     version: lts/* }
     steps:
       - name: Check out the code
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           submodules: true
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index edede884..eb225f61 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -36,7 +36,7 @@ jobs:
             objects.githubusercontent.com:443
 
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 464962f6..3388a6e0 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -26,7 +26,7 @@ jobs:
             github.com:443
 
       - name: Check out the source code
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Review dependencies
         uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index cb63ef2f..356ccd48 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get metadata
         id: meta
diff --git a/.github/workflows/package-audit.yml b/.github/workflows/package-audit.yml
index 8cffbc0a..f9991a49 100644
--- a/.github/workflows/package-audit.yml
+++ b/.github/workflows/package-audit.yml
@@ -52,7 +52,7 @@ jobs:
             tuf-repo-cdn.sigstore.dev:443
 
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node.js environment
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
diff --git a/.github/workflows/sonarscan.yml b/.github/workflows/sonarscan.yml
index d1da62f4..f31c382d 100644
--- a/.github/workflows/sonarscan.yml
+++ b/.github/workflows/sonarscan.yml
@@ -44,7 +44,7 @@ jobs:
             storage.googleapis.com:443
 
       - name: Check out the code
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
           submodules: true