diff --git a/.github/workflows/000-codeql.yaml b/.github/workflows/000-codeql.yaml
index 6ba7453..5bcc172 100644
--- a/.github/workflows/000-codeql.yaml
+++ b/.github/workflows/000-codeql.yaml
@@ -51,7 +51,7 @@ jobs:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/001-flawfinder.yaml b/.github/workflows/001-flawfinder.yaml
index db46f38..271d959 100644
--- a/.github/workflows/001-flawfinder.yaml
+++ b/.github/workflows/001-flawfinder.yaml
@@ -35,7 +35,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Prepare RISC OS source tree
         run: bash ${GITHUB_WORKSPACE}/.rocog/scripts/ux-src gen github ${GITHUB_WORKSPACE}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index c120929..5c03af2 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 7e34ce1..24d3d9c 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -36,7 +36,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/sync-from-template.yaml b/.github/workflows/sync-from-template.yaml
index 42d38d2..bb165f1 100644
--- a/.github/workflows/sync-from-template.yaml
+++ b/.github/workflows/sync-from-template.yaml
@@ -59,7 +59,7 @@ jobs:
           egress-policy: audit
 
       - name: Check out template repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           repository: ${{ env.REPO_TEMPLATE }}
           token: ${{ github.token }}
@@ -73,7 +73,7 @@ jobs:
 
       # Clone the target repository. Check out a branch
       - name: Check out ${{ github.repository }}
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           repository: ${{ github.repository }}
           token: ${{ github.token }}