diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index f83727c5..afd014a0 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -36,7 +36,7 @@ jobs:
         egress-policy: audit
 
     - name: 'Checkout'
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
         persist-credentials: false
diff --git a/.github/workflows/ci-manual-build-test-sign.yml b/.github/workflows/ci-manual-build-test-sign.yml
index 7bb636a6..91910171 100644
--- a/.github/workflows/ci-manual-build-test-sign.yml
+++ b/.github/workflows/ci-manual-build-test-sign.yml
@@ -42,7 +42,7 @@ jobs:
         egress-policy: audit
 
     - name: 'Checkout repository'
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
         persist-credentials: false
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9a046da2..9b0bbc49 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -45,7 +45,7 @@ jobs:
         egress-policy: audit
 
     - name: 'Checkout repository'
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
         persist-credentials: false
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index c90ee286..8d2595bb 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -19,7 +19,7 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/generate-publish-docs.yml b/.github/workflows/generate-publish-docs.yml
index 882322ea..2bc99624 100644
--- a/.github/workflows/generate-publish-docs.yml
+++ b/.github/workflows/generate-publish-docs.yml
@@ -38,7 +38,7 @@ jobs:
         egress-policy: audit
 
     - name: 'Checkout'
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
         persist-credentials: false
diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml
index 58d84cac..bc44d464 100644
--- a/.github/workflows/openssf-scorecard.yml
+++ b/.github/workflows/openssf-scorecard.yml
@@ -39,7 +39,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false