diff --git a/.github/workflows/check.buildifier.yml b/.github/workflows/check.buildifier.yml
index c268909..04d6d0e 100644
--- a/.github/workflows/check.buildifier.yml
+++ b/.github/workflows/check.buildifier.yml
@@ -37,7 +37,7 @@ jobs:
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
         with:
           egress-policy: audit
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: buildifier
         continue-on-error: true
         run: bazel run //.github/workflows:buildifier.check
diff --git a/.github/workflows/check.lint-yaml.yml b/.github/workflows/check.lint-yaml.yml
index d94d129..ac798ed 100644
--- a/.github/workflows/check.lint-yaml.yml
+++ b/.github/workflows/check.lint-yaml.yml
@@ -60,7 +60,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Lint: YAML"
         uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
         with:
@@ -84,7 +84,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Lint: YAML"
         uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
         with:
diff --git a/.github/workflows/check.scorecards.yml b/.github/workflows/check.scorecards.yml
index 1675ccd..7d75432 100644
--- a/.github/workflows/check.scorecards.yml
+++ b/.github/workflows/check.scorecards.yml
@@ -37,7 +37,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/deploy.docs.yml b/.github/workflows/deploy.docs.yml
index 511b836..45d04ac 100644
--- a/.github/workflows/deploy.docs.yml
+++ b/.github/workflows/deploy.docs.yml
@@ -33,7 +33,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Setup: Pages"
         uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3.0.6
       - name: "Build: Jekyll"
diff --git a/.github/workflows/module.build.yml b/.github/workflows/module.build.yml
index 7ed993f..fe39dc2 100644
--- a/.github/workflows/module.build.yml
+++ b/.github/workflows/module.build.yml
@@ -123,7 +123,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Setup: msbuild"
         uses: ilammy/msvc-dev-cmd@cec98b9d092141f74527d0afa6feb2af698cfe89 # v1.12.1
         if: ${{ contains(inputs.runner, 'windows') }}
@@ -193,7 +193,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Setup: msbuild"
         uses: ilammy/msvc-dev-cmd@cec98b9d092141f74527d0afa6feb2af698cfe89 # v1.12.1
         if: ${{ contains(inputs.runner, 'windows') }}
diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml
index d11c215..5f192b0 100644
--- a/.github/workflows/on.pr.yml
+++ b/.github/workflows/on.pr.yml
@@ -34,7 +34,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Report: Dependency Graph"
         continue-on-error: true
         uses: advanced-security/maven-dependency-submission-action@c5ad0fd6b977364190852883b46728f25a9617c3 # v3.0.2
@@ -48,7 +48,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Checkout Repository"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Dependency Review"
         uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v3.0.8
         with:
diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml
index 4a5e71c..274acdb 100644
--- a/.github/workflows/on.push.yml
+++ b/.github/workflows/on.push.yml
@@ -27,7 +27,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: "Report: Dependency Graph"
         continue-on-error: true
         uses: advanced-security/maven-dependency-submission-action@c5ad0fd6b977364190852883b46728f25a9617c3 # v3.0.2