diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml
index 5615e7df9..26f9f0899 100644
--- a/.github/workflows/cve-check.yml
+++ b/.github/workflows/cve-check.yml
@@ -29,7 +29,7 @@ jobs:
     steps:
 
       - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
 
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index b7f9ee149..491d41960 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -28,7 +28,7 @@ jobs:
           -f description='Checking Licenses'
           -f context='fossa-license-analyze'
         continue-on-error: true
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           ref: ${{ github.event.workflow_run.head_sha }} # checkout commit that triggered this workflow
 
diff --git a/.github/workflows/java-ci-latest.yml b/.github/workflows/java-ci-latest.yml
index 848cdc380..185450f31 100644
--- a/.github/workflows/java-ci-latest.yml
+++ b/.github/workflows/java-ci-latest.yml
@@ -33,7 +33,7 @@ jobs:
 
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
 
       - name: Set up JDK ${{ matrix.java_version }}
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
diff --git a/.github/workflows/java-ci-windows.yaml b/.github/workflows/java-ci-windows.yaml
index 510565078..5ba3453f0 100644
--- a/.github/workflows/java-ci-windows.yaml
+++ b/.github/workflows/java-ci-windows.yaml
@@ -22,7 +22,7 @@ jobs:
 
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues
 
diff --git a/.github/workflows/java-ci.yaml b/.github/workflows/java-ci.yaml
index 7050ede9a..ae16e1e3d 100644
--- a/.github/workflows/java-ci.yaml
+++ b/.github/workflows/java-ci.yaml
@@ -20,7 +20,7 @@ jobs:
 
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues
 
@@ -77,7 +77,7 @@ jobs:
     timeout-minutes: 60
     needs: build
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
diff --git a/.github/workflows/javadoc.yml b/.github/workflows/javadoc.yml
index 077ce0c4a..781381bc9 100644
--- a/.github/workflows/javadoc.yml
+++ b/.github/workflows/javadoc.yml
@@ -14,7 +14,7 @@ jobs:
 
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
 
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
diff --git a/.github/workflows/mongodb.yml b/.github/workflows/mongodb.yml
index 3ae902fc8..c061b2fa6 100644
--- a/.github/workflows/mongodb.yml
+++ b/.github/workflows/mongodb.yml
@@ -15,7 +15,7 @@ jobs:
     env:
       TEST_MONGODB_CONNECTION_STRING: mongodb://test:example@localhost:27017/testdb?authSource=admin
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
 
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml
index ff2e980f8..a1aa6d722 100644
--- a/.github/workflows/publish-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -8,7 +8,7 @@ jobs:
   deploy:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           fetch-depth: 1
       - run: git config user.name 'github-actions[bot]' && git config user.email 'github-actions[bot]@users.noreply.github.com'
diff --git a/.github/workflows/publish-release-maven-central.yml b/.github/workflows/publish-release-maven-central.yml
index 97c5bdd88..d94c7145b 100644
--- a/.github/workflows/publish-release-maven-central.yml
+++ b/.github/workflows/publish-release-maven-central.yml
@@ -15,7 +15,7 @@ jobs:
   upload-maven-central:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
 
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3
diff --git a/.github/workflows/pull-request-snapshots.yml b/.github/workflows/pull-request-snapshots.yml
index 9c74a434a..b40851a26 100644
--- a/.github/workflows/pull-request-snapshots.yml
+++ b/.github/workflows/pull-request-snapshots.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
         with:
diff --git a/.github/workflows/release-preview-pr.yml b/.github/workflows/release-preview-pr.yml
index 43f0d97af..a12c70bc0 100644
--- a/.github/workflows/release-preview-pr.yml
+++ b/.github/workflows/release-preview-pr.yml
@@ -8,7 +8,7 @@ jobs:
       contents: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           fetch-depth: 0
       - name: Collect semantic-release-info
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
index 3d8db3abb..26df5bad6 100644
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
         with:
           ref: ${{ github.event.workflow_run.head_sha }} # checkout commit that triggered this workflow
           fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues
diff --git a/.github/workflows/spotless.yml b/.github/workflows/spotless.yml
index a7fc22cfd..208d74248 100644
--- a/.github/workflows/spotless.yml
+++ b/.github/workflows/spotless.yml
@@ -14,7 +14,7 @@ jobs:
 
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
 
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9