diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml
index 5b7410e4d0..ea1e5b30e7 100644
--- a/.github/workflows/actionlint.yaml
+++ b/.github/workflows/actionlint.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     name: lint github workflows
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
       - name: Add problem matchers
         run: |
           # https://github.com/rhysd/actionlint/blob/3a2f2c7/docs/usage.md#problem-matchers
diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
index 50d40cbd8a..3a503c78b8 100644
--- a/.github/workflows/check-licenses.yaml
+++ b/.github/workflows/check-licenses.yaml
@@ -20,6 +20,6 @@ jobs:
     runs-on: ubuntu-latest
     needs: getChangedChart
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
       - run: pip install yq
       - run: ./.github/scripts/scan-for-licenses.sh ${{ needs.getChangedChart.outputs.chart }}
diff --git a/.github/workflows/create-release-prs.yaml b/.github/workflows/create-release-prs.yaml
index 525956072f..b646efde0f 100644
--- a/.github/workflows/create-release-prs.yaml
+++ b/.github/workflows/create-release-prs.yaml
@@ -19,7 +19,7 @@ jobs:
           config-file: .github/release-please/config.json
           manifest-file: .github/release-please/manifest.json
         id: release-please
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         if: ${{ steps.release-please.outputs.prs_created == 'true' }}
       - name: Set PRs to auto-merge
         if: ${{ steps.release-please.outputs.prs_created == 'true' }}
diff --git a/.github/workflows/get-all-charts.yaml b/.github/workflows/get-all-charts.yaml
index 1134fc4158..473dde2f20 100644
--- a/.github/workflows/get-all-charts.yaml
+++ b/.github/workflows/get-all-charts.yaml
@@ -16,7 +16,7 @@ jobs:
     outputs:
       charts: ${{ steps.getCharts.outputs.charts }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
       - run: pip install yq
       - name: Get all charts
         id: getCharts
diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml
index 955208c689..78ba4aea78 100644
--- a/.github/workflows/linter.yaml
+++ b/.github/workflows/linter.yaml
@@ -24,7 +24,7 @@ jobs:
       CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }}
       CHART: ${{ matrix.chart }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/pr-comment-diff.yaml b/.github/workflows/pr-comment-diff.yaml
index e9ef3296b2..04287d17f0 100644
--- a/.github/workflows/pr-comment-diff.yaml
+++ b/.github/workflows/pr-comment-diff.yaml
@@ -22,7 +22,7 @@ jobs:
       CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }}
       GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
       - run: pip install yq
       - name: Install sponge
         run: sudo apt-get -yq install moreutils
diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml
index 2c9724e031..7f228497c4 100644
--- a/.github/workflows/release-chart.yaml
+++ b/.github/workflows/release-chart.yaml
@@ -32,7 +32,7 @@ jobs:
     env:
       CHART: ${{ matrix.chart }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
 
       - run: helm package --dependency-update "${CHART}"
       - run: helm registry login ghcr.io --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release-update-metadata.yaml b/.github/workflows/release-update-metadata.yaml
index 74f4575f06..860f3c4a18 100644
--- a/.github/workflows/release-update-metadata.yaml
+++ b/.github/workflows/release-update-metadata.yaml
@@ -29,7 +29,7 @@ jobs:
         run: |
           echo 'No chart has been changed?' >&2
           exit 1
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           fetch-depth: 0
           token: ${{ secrets.ACTIONS_BOT_TOKEN }}
diff --git a/.github/workflows/scan-for-cves.yaml b/.github/workflows/scan-for-cves.yaml
index 9c93229a31..d961e2073b 100644
--- a/.github/workflows/scan-for-cves.yaml
+++ b/.github/workflows/scan-for-cves.yaml
@@ -21,7 +21,7 @@ jobs:
       matrix:
         chart: ${{ fromJson(needs.getAllCharts.outputs.charts) }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
 
       - run: /home/linuxbrew/.linuxbrew/bin/brew install trivy
       - run: pip install yq
diff --git a/.github/workflows/update-artifacthub-images.yaml b/.github/workflows/update-artifacthub-images.yaml
index 705c92042e..948d0f2178 100644
--- a/.github/workflows/update-artifacthub-images.yaml
+++ b/.github/workflows/update-artifacthub-images.yaml
@@ -11,7 +11,7 @@ jobs:
     outputs:
       charts: ${{ steps.getCharts.outputs.charts }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
 
       - name: Get all charts
         id: getCharts
@@ -34,7 +34,7 @@ jobs:
       matrix:
         chart: ${{ fromJson(needs.getAllCharts.outputs.charts) }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           token: ${{ secrets.ACTIONS_BOT_TOKEN }}
 
diff --git a/.github/workflows/update-codeowners.yaml b/.github/workflows/update-codeowners.yaml
index 0cd1b00e6d..569dd77d8c 100644
--- a/.github/workflows/update-codeowners.yaml
+++ b/.github/workflows/update-codeowners.yaml
@@ -12,7 +12,7 @@ jobs:
   generateCodeowners:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
 
       - name: generate CODEOWNERS
         run: ./.github/scripts/sync-codeowners.sh > .github/CODEOWNERS
diff --git a/.github/workflows/validate-pullrequest.yaml b/.github/workflows/validate-pullrequest.yaml
index 1d76c0e3e9..7700c2862d 100644
--- a/.github/workflows/validate-pullrequest.yaml
+++ b/.github/workflows/validate-pullrequest.yaml
@@ -19,7 +19,7 @@ jobs:
     name: Validate commits
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}