diff --git a/.github/workflows/container_image.yaml b/.github/workflows/container_image.yaml
index c315a3e50..8a85be043 100644
--- a/.github/workflows/container_image.yaml
+++ b/.github/workflows/container_image.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
       with:
         # Required for git describe to generate correct output for populating
         # build variables
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index da07b7eee..bee7d240f 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-${{ matrix.ubuntu_version }}
 
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
 
     - name: Deploy devstack
       uses: gophercloud/devstack-action@60ca1042045c0c9e3e001c64575d381654ffcba1
diff --git a/.github/workflows/ensure-labels.yaml b/.github/workflows/ensure-labels.yaml
index d4cea7346..21a654236 100644
--- a/.github/workflows/ensure-labels.yaml
+++ b/.github/workflows/ensure-labels.yaml
@@ -13,7 +13,7 @@ jobs:
   ensure:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
       - uses: micnncim/action-label-syncer@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/generate.yaml b/.github/workflows/generate.yaml
index c87b2dbfb..9bb3e7515 100644
--- a/.github/workflows/generate.yaml
+++ b/.github/workflows/generate.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
 
       - run: |
           make generate
diff --git a/.github/workflows/go-lint.yaml b/.github/workflows/go-lint.yaml
index 37236a59e..1ab6ece29 100644
--- a/.github/workflows/go-lint.yaml
+++ b/.github/workflows/go-lint.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
 
       - name: Calculate go version
         id: vars
diff --git a/.github/workflows/label-pr.yaml b/.github/workflows/label-pr.yaml
index 1df1d4e5d..9e796850f 100644
--- a/.github/workflows/label-pr.yaml
+++ b/.github/workflows/label-pr.yaml
@@ -13,7 +13,7 @@ jobs:
   semver:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
       with:
         fetch-depth: 0
         ref: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/pr-dependabot.yaml b/.github/workflows/pr-dependabot.yaml
index a111be029..e7c805ec0 100644
--- a/.github/workflows/pr-dependabot.yaml
+++ b/.github/workflows/pr-dependabot.yaml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check out code into the Go module directory
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v4.2.2
+      uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # tag=v4.2.2
     - name: Calculate go version
       id: vars
       run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/release_image.yaml b/.github/workflows/release_image.yaml
index 98c855442..791f42d5e 100644
--- a/.github/workflows/release_image.yaml
+++ b/.github/workflows/release_image.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v6.0.2
       with:
         # Required for git describe to generate correct output for populating
         # build variables
diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
index b74657d8e..0f6481873 100644
--- a/.github/workflows/unit.yml
+++ b/.github/workflows/unit.yml
@@ -17,7 +17,7 @@ jobs:
           - '1'
 
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v6.0.2
 
       - name: Calculate go version
         id: vars
diff --git a/.github/workflows/website.yaml b/.github/workflows/website.yaml
index 5ae350748..0ca6fd644 100644
--- a/.github/workflows/website.yaml
+++ b/.github/workflows/website.yaml
@@ -17,7 +17,7 @@ jobs:
     name: Publish to Cloudflare Pages
     steps:
     - name: Checkout
-      uses: actions/checkout@v6.0.1
+      uses: actions/checkout@v6.0.2
 
     - name: Pip install
       run: pip install -Ur website/requirements.txt
diff --git a/.github/workflows/weekly-security-scan.yaml b/.github/workflows/weekly-security-scan.yaml
index abf76392d..0b21bfaae 100644
--- a/.github/workflows/weekly-security-scan.yaml
+++ b/.github/workflows/weekly-security-scan.yaml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check out code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v4.2.2
+      uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # tag=v4.2.2
       with:
         ref: ${{ matrix.branch }}
     - name: Calculate go version