diff --git a/.github/workflows/definitions.yml b/.github/workflows/definitions.yml
index 1351ca1d..4c63eccb 100644
--- a/.github/workflows/definitions.yml
+++ b/.github/workflows/definitions.yml
@@ -9,7 +9,7 @@ jobs:
   scrape:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
     - run: npm ci
     - run: npm run scrape-definitions
     - run: npm run lint:lts -- --fix
@@ -34,7 +34,7 @@ jobs:
   lts:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
     - run: npm ci
     - run: npm run lint:lts -- --fix
     - if: failure()
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b3c5d182..18c0b6d4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,7 +22,7 @@ jobs:
     permissions: {contents: read, security-events: write}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       with: {fetch-depth: 0}
     - uses: redhat-plumbers-in-action/differential-shellcheck@b8c7b83d16cce15d13563f5d055b34b9e3360ed3 # v5.3.1
       with:
@@ -32,7 +32,7 @@ jobs:
   lts:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
     - run: npm ci
     - run: npm run lint:lts
 
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # FIXME workaround https://github.com/actions/checkout/issues/910
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       with: { fetch-depth: 0 }
     - run: npm ci
     - if: github.event_name == 'pull_request'
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index 44861c8c..fc1a9b0c 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -14,7 +14,7 @@ jobs:
   bump:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           fetch-depth: 0
           token: ${{ secrets.BOT_TOKEN }}