diff --git a/.github/workflows/ansible-cicd.yml b/.github/workflows/ansible-cicd.yml
index c63c3270e..77d48a36f 100644
--- a/.github/workflows/ansible-cicd.yml
+++ b/.github/workflows/ansible-cicd.yml
@@ -59,12 +59,12 @@ jobs:
       dry_run: ${{ steps.set-dry-run.outputs.dry_run }}
     steps:
       - name: Checkout (pull_request)
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         if: github.event_name == 'pull_request'
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Checkout (workflow_dispatch || push)
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         if: github.event_name != 'pull_request'
       - name: Fetch main branch
         run: git fetch origin main
@@ -113,7 +113,7 @@ jobs:
       ANSIBLE_COLLECTIONS_PATH: ${{ github.workspace }}/ansible/collections
     steps:
       - name: Checkout
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       # Configure 1Password Service Account
       - name: Configure 1Password Service Account
         uses: 1Password/load-secrets-action/configure@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2
diff --git a/.github/workflows/cdktf-cicd.yml b/.github/workflows/cdktf-cicd.yml
index 8848bdaee..8e1ce1065 100644
--- a/.github/workflows/cdktf-cicd.yml
+++ b/.github/workflows/cdktf-cicd.yml
@@ -35,7 +35,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           persist-credentials: false
       # Configure 1Password Service Account
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index b4fdcd552..b72461f52 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -69,7 +69,7 @@ jobs:
     steps:
       - name: Checkout repository
         if: needs.check.outputs.enabled == 'true'
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 062fc7a30..7a587b8f2 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -44,7 +44,7 @@ jobs:
     steps:
       - name: "Checkout Repository"
         if: needs.check.outputs.enabled == 'true'
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: "Dependency Review"
         if: needs.check.outputs.enabled == 'true'
         uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4
diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml
index 21c5ca33c..0d5c23582 100644
--- a/.github/workflows/eslint.yml
+++ b/.github/workflows/eslint.yml
@@ -31,7 +31,7 @@ jobs:
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     steps:
       - name: Checkout code
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Install ESLint
         run: |
diff --git a/.github/workflows/gitguardian.yaml b/.github/workflows/gitguardian.yaml
index 0ae0ff82e..d21d84eec 100644
--- a/.github/workflows/gitguardian.yaml
+++ b/.github/workflows/gitguardian.yaml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           fetch-depth: 0 # fetch all history so multiple commits can be scanned
       # Configure 1Password Service Account
diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index f108b8113..0277f1089 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -6,7 +6,7 @@ jobs:
     name: DefaultLabelsActions
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - uses: lannonbr/issue-label-manager-action@e8dbcd8198e86a1e98d5372e55db976fed9ba6f7 # 4.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index efe61e297..29e5f06fa 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: Get changes
         uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
         id: filter
diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml
index 0bd548e0f..1f4200dc5 100644
--- a/.github/workflows/manual.yml
+++ b/.github/workflows/manual.yml
@@ -53,7 +53,7 @@ jobs:
       dry_run: ${{ steps.setup.outputs.dry_run }}
     steps:
       - name: Checkout
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: Setup
         id: setup
         run: |
diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml
index 71820dac9..5f56dd163 100644
--- a/.github/workflows/njsscan.yml
+++ b/.github/workflows/njsscan.yml
@@ -58,7 +58,7 @@ jobs:
     steps:
       - name: Checkout the code
         if: needs.check.outputs.enabled == 'true'
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: nodejsscan scan
         if: needs.check.outputs.enabled == 'true'
         id: njsscan
diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml
index 3cbd25992..0624499ac 100644
--- a/.github/workflows/ossar.yml
+++ b/.github/workflows/ossar.yml
@@ -62,7 +62,7 @@ jobs:
     steps:
       - name: Checkout repository
         if: needs.check.outputs.enabled == 'true'
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       # Ensure a compatible version of dotnet is installed.
       # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet.
diff --git a/.github/workflows/template-sync.yml b/.github/workflows/template-sync.yml
index 265e510a8..1186d1bff 100644
--- a/.github/workflows/template-sync.yml
+++ b/.github/workflows/template-sync.yml
@@ -21,7 +21,7 @@ jobs:
     steps:
       # To use this repository's private action, you must check out the repository
       - name: Checkout
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       # Only run if sync workflows is true
       # Configure 1Password Service Account
       - name: Configure 1Password Service Account