diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index b7c526ba3e..39f4b2d81e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - if: ${{ matrix.language == 'go' }}
       uses: actions/setup-go@v5.0.1
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 133a088e31..1288b6eee3 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -34,12 +34,12 @@ jobs:
             -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
             "${{ github.event.pull_request.statuses_url }}"
       if: github.event_name == 'pull_request'
-    - uses: actions/checkout@v3.3.0
+    - uses: actions/checkout@v4
       if: github.event_name == 'push' && steps.setup.outputs.has_token == 'true'
       with:
         fetch-depth: 0
         token: '${{ secrets.GO_TOKEN }}'
-    - uses: actions/checkout@v3.3.0
+    - uses: actions/checkout@v4
       if: github.event_name == 'pull_request' || steps.setup.outputs.has_token != 'true'
       with:
         fetch-depth: 0
diff --git a/.github/workflows/issue_reviver.yml b/.github/workflows/issue_reviver.yml
index 6d02eca9bf..a40a1466a1 100644
--- a/.github/workflows/issue_reviver.yml
+++ b/.github/workflows/issue_reviver.yml
@@ -9,7 +9,7 @@ jobs:
   issue_reviver:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       if: github.repository == 'google/gvisor'
     - run: make run TARGETS="//tools/github" ARGS="-path=. revive"
       if: github.repository == 'google/gvisor'