diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 05eb976..8294804 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout branch
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ inputs.target }}
           submodules: recursive
diff --git a/.github/workflows/harden-ci-security.yml b/.github/workflows/harden-ci-security.yml
index 3c5de84..0a99d76 100644
--- a/.github/workflows/harden-ci-security.yml
+++ b/.github/workflows/harden-ci-security.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ inputs.target }}
       - name: Ensure all actions are pinned to a specific commit
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index c082c4f..7327ccf 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout branch
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           repository: ${{ inputs.repository }}
           ref: ${{ inputs.target }}