diff --git a/.github/workflows/automation-open-pull-request.yaml b/.github/workflows/automation-open-pull-request.yaml
index f16518f621..4eafcea686 100644
--- a/.github/workflows/automation-open-pull-request.yaml
+++ b/.github/workflows/automation-open-pull-request.yaml
@@ -8,7 +8,7 @@ jobs:
   open-pull-request:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: "open a pull request"
         id: open-pr
diff --git a/.github/workflows/automation-release.yaml b/.github/workflows/automation-release.yaml
index 0cc2d31dfa..0b40d3b531 100644
--- a/.github/workflows/automation-release.yaml
+++ b/.github/workflows/automation-release.yaml
@@ -17,7 +17,7 @@ jobs:
       latest_tag: ${{ steps.version-number.outputs.latest_tag }}
       should_update_azurerm: ${{ steps.results.outputs.should_update_azurerm }}
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
@@ -53,7 +53,7 @@ jobs:
     outputs:
       has_changes_to_push: ${{ steps.update-azurerm-provider.outputs.has_changes_to_push }}
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/pr-acceptance-tests.yml b/.github/workflows/pr-acceptance-tests.yml
index e9b6656101..20668ae2cd 100644
--- a/.github/workflows/pr-acceptance-tests.yml
+++ b/.github/workflows/pr-acceptance-tests.yml
@@ -33,7 +33,7 @@ jobs:
     if: needs.secrets-check.outputs.available == 'true'
     steps:
       - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Azure CLI login
         run: az login --allow-no-subscriptions --output none --service-principal --tenant="${{ secrets.ARM_TENANT_ID }}" --username="${{ secrets.ARM_CLIENT_ID }}" --password="${{ secrets.ARM_CLIENT_SECRET }}"
diff --git a/.github/workflows/pr-unit-tests.yaml b/.github/workflows/pr-unit-tests.yaml
index 23f3307c09..f68e17a7db 100644
--- a/.github/workflows/pr-unit-tests.yaml
+++ b/.github/workflows/pr-unit-tests.yaml
@@ -8,7 +8,7 @@ jobs:
   unit-test:
     runs-on: custom-linux-medium
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
diff --git a/.github/workflows/pr-validate-go-get.yaml b/.github/workflows/pr-validate-go-get.yaml
index 5f3d1f69e2..cfc0340a72 100644
--- a/.github/workflows/pr-validate-go-get.yaml
+++ b/.github/workflows/pr-validate-go-get.yaml
@@ -8,7 +8,7 @@ jobs:
   validate-go-get:
     runs-on: custom-linux-medium
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with: