diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index 2bca0af56..18ffb3452 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -123,7 +123,7 @@ jobs:
     needs: call-docs-build-push
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.workflow_run.head_branch }}
       - uses: actions/setup-node@v4
diff --git a/.github/workflows/dot-org-content.yml b/.github/workflows/dot-org-content.yml
index 653562207..692274238 100644
--- a/.github/workflows/dot-org-content.yml
+++ b/.github/workflows/dot-org-content.yml
@@ -16,7 +16,7 @@ jobs:
       IS_CHANGES_DETECTED: ${{ steps.check_changes.outputs.changed }}
     steps: 
       - name: Checkout Repository
-        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
         with:
           fetch-depth: 0
       - name: Clone the nginx/nginx-org repository
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index 7d94f92bb..3b59e5672 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -22,7 +22,7 @@ jobs:
     if: ${{ github.event.repository.fork == false }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
 
       - name: Scan
         uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
index 38fecbc59..30c0547b4 100644
--- a/.github/workflows/mend.yml
+++ b/.github/workflows/mend.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
         with:
           ref: ${{ inputs.branch && inputs.branch || github.ref }}
 
diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml
index 79b6ee6f4..3ca73e038 100644
--- a/.github/workflows/ossf_scorecard.yml
+++ b/.github/workflows/ossf_scorecard.yml
@@ -29,7 +29,7 @@ jobs:
       checks: read # To detect SAST tools
     steps:
       - name: Check out the codebase
-        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.0
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 8f0343ed2..23c486e67 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -8,7 +8,7 @@ jobs:
   run-playwright-tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: actions/setup-node@v4
       with:
         node-version: lts/*