diff --git a/.github/workflows/000-codeql.yaml b/.github/workflows/000-codeql.yaml
index 739a4a7..5ce18e0 100644
--- a/.github/workflows/000-codeql.yaml
+++ b/.github/workflows/000-codeql.yaml
@@ -51,7 +51,7 @@ jobs:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/001-flawfinder.yaml b/.github/workflows/001-flawfinder.yaml
index 8580cd0..029c43d 100644
--- a/.github/workflows/001-flawfinder.yaml
+++ b/.github/workflows/001-flawfinder.yaml
@@ -35,7 +35,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Prepare RISC OS source tree
         run: bash ${GITHUB_WORKSPACE}/.rocog/scripts/ux-src gen github ${GITHUB_WORKSPACE}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 5c03af2..7b0990b 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 8144869..ed78380 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -36,7 +36,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/sync-from-template.yaml b/.github/workflows/sync-from-template.yaml
index bb165f1..cbca7c5 100644
--- a/.github/workflows/sync-from-template.yaml
+++ b/.github/workflows/sync-from-template.yaml
@@ -59,7 +59,7 @@ jobs:
           egress-policy: audit
 
       - name: Check out template repository
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           repository: ${{ env.REPO_TEMPLATE }}
           token: ${{ github.token }}
@@ -73,7 +73,7 @@ jobs:
 
       # Clone the target repository. Check out a branch
       - name: Check out ${{ github.repository }}
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           repository: ${{ github.repository }}
           token: ${{ github.token }}