diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index e7bb76b2e11..c37cdce6096 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -33,6 +33,6 @@ jobs:
     env: ${{ matrix.env }}
     steps:
       - name: Repository checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Build check
         run: .github/workflows/build_test.sh
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 69970c2f3d4..212c56aba9e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index e1dc4de00c7..1545d592547 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -22,7 +22,7 @@ jobs:
       COVERITY_SCAN_NOTIFICATION_EMAIL: "${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}"
     steps:
       - name: Repository checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       # Reuse the setup phase of the unit test script to avoid code duplication
       - name: Install build dependencies
         run: sudo -E .github/workflows/unit_tests.sh SETUP
diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml
index e16e2cca039..18c3f25d85a 100644
--- a/.github/workflows/development_freeze.yml
+++ b/.github/workflows/development_freeze.yml
@@ -63,7 +63,7 @@ jobs:
             core.exportVariable('pr_number', pr_number);
 
       - name: Repository checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
index 6b85fd20743..7a6d3feb8ca 100644
--- a/.github/workflows/differential-shellcheck.yml
+++ b/.github/workflows/differential-shellcheck.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Repository checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml
index 406c0b67419..5b3c360d704 100644
--- a/.github/workflows/gather-pr-metadata.yml
+++ b/.github/workflows/gather-pr-metadata.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Repository checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml
index ad70b385e6a..d8ba0a5fd25 100644
--- a/.github/workflows/issue_labeler.yml
+++ b/.github/workflows/issue_labeler.yml
@@ -20,7 +20,7 @@ jobs:
         template: [ bug_report.yml, feature_request.yml ]
 
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Parse issue form
         uses: stefanbuck/github-issue-parser@c1a559d78bfb8dd05216dab9ffd2b91082ff5324
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 7f5f4701d1d..fd1a7a4994c 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Repo checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           # We need a full repo clone
           fetch-depth: 0
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 5056a49929e..31fd7fe1c6a 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -75,7 +75,7 @@ jobs:
       SYSTEMD_LOG_LEVEL: debug
 
     steps:
-    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
     - uses: systemd/mkosi@16e63baaeadf7a5b100c5b5bf780c61c29878cfc
 
     - name: Configure
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index d1f36e10ccc..e2a9f278775 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index d4db467fc20..d2164cc5763 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -30,7 +30,7 @@ jobs:
             cryptolib: gcrypt
     steps:
       - name: Repository checkout
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Install build dependencies
         run: |
           # Drop XDG_* stuff from /etc/environment, so we don't get the user