diff --git a/.github/workflows/definitions.yml b/.github/workflows/definitions.yml
index 0d1ab82d..b070683e 100644
--- a/.github/workflows/definitions.yml
+++ b/.github/workflows/definitions.yml
@@ -9,7 +9,7 @@ jobs:
   scrape:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - run: npm ci
     - run: npm run scrape-definitions
     - run: npm run lint:lts -- --fix
@@ -34,7 +34,7 @@ jobs:
   lts:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - run: npm ci
     - run: npm run lint:lts -- --fix
     - if: failure()
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0171332c..391067d0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,7 +22,7 @@ jobs:
     permissions: {contents: read, security-events: write}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with: {fetch-depth: 0}
     - uses: redhat-plumbers-in-action/differential-shellcheck@cc6721c45a8800cc666de45493545a07a638d121 # v5.4.0
       with:
@@ -32,7 +32,7 @@ jobs:
   lts:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - run: npm ci
     - run: npm run lint:lts
 
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # FIXME workaround https://github.com/actions/checkout/issues/910
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with: { fetch-depth: 0 }
     - run: npm ci
     - if: github.event_name == 'pull_request'
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index 44861c8c..586b96ac 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -14,7 +14,7 @@ jobs:
   bump:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
           token: ${{ secrets.BOT_TOKEN }}