diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml
index d0b72c9c..0fbc8c0b 100644
--- a/.github/workflows/npm-release.yml
+++ b/.github/workflows/npm-release.yml
@@ -21,7 +21,7 @@ jobs:
       id-token: write # to enable use of OIDC for npm provenance
     steps:
       - name: Checkout the repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 1
 
diff --git a/.github/workflows/snapit.yml b/.github/workflows/snapit.yml
index 0f94d527..3ad85f90 100644
--- a/.github/workflows/snapit.yml
+++ b/.github/workflows/snapit.yml
@@ -17,7 +17,7 @@ jobs:
     steps:
       # This action can be executed by users with write permission to this repo
       - name: Checkout current branch
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Force snapshot
         run: |
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index ccddae5d..ab2b8aae 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repo
-      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Setup node and npm
       uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1
       with: