diff --git a/.github/workflows/build-sdist.yml b/.github/workflows/build-sdist.yml
index 298c14a087..a8a72c0b0e 100644
--- a/.github/workflows/build-sdist.yml
+++ b/.github/workflows/build-sdist.yml
@@ -32,7 +32,7 @@ jobs:
         sha: ${{ github.sha }}
         context: ${{ env.STATUS_CHECK_MESSAGE }}
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         submodules: recursive
         fetch-depth: 0
diff --git a/.github/workflows/decide-to-run-integration-tests.yml b/.github/workflows/decide-to-run-integration-tests.yml
index e17b58f3d4..a6c68a532c 100644
--- a/.github/workflows/decide-to-run-integration-tests.yml
+++ b/.github/workflows/decide-to-run-integration-tests.yml
@@ -32,7 +32,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         # Get all commits
         fetch-depth: 0
diff --git a/.github/workflows/dev-workflow.yml b/.github/workflows/dev-workflow.yml
index ea90485c15..c807a53931 100644
--- a/.github/workflows/dev-workflow.yml
+++ b/.github/workflows/dev-workflow.yml
@@ -47,7 +47,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/doc-tests.yml b/.github/workflows/doc-tests.yml
index 9c40a6ab4e..2d2b1f8fc7 100644
--- a/.github/workflows/doc-tests.yml
+++ b/.github/workflows/doc-tests.yml
@@ -41,7 +41,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         submodules: recursive
     - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
diff --git a/.github/workflows/fast-forward-merge.yml b/.github/workflows/fast-forward-merge.yml
index 51c605c271..ecbb1dffe3 100644
--- a/.github/workflows/fast-forward-merge.yml
+++ b/.github/workflows/fast-forward-merge.yml
@@ -31,7 +31,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
         with:
           # Fetch the whole history to prevent unrelated history errors
           fetch-depth: '0'
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index a951b155e0..24772df84c 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -22,7 +22,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         submodules: recursive
     - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml
index 8506132b25..b37d7b5ef6 100644
--- a/.github/workflows/smoke-tests.yml
+++ b/.github/workflows/smoke-tests.yml
@@ -72,7 +72,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         submodules: recursive
         fetch-depth: 0
@@ -109,7 +109,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         submodules: recursive
         fetch-depth: 0
@@ -208,7 +208,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         submodules: recursive
 
@@ -246,7 +246,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         submodules: recursive
 
@@ -365,7 +365,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
     - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
       with:
         python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }}
@@ -399,7 +399,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
     - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
       with:
         python-version: ${{ env.LOWEST_SUPPORTED_PY_VERSION }}
diff --git a/.github/workflows/stage-workflow.yml b/.github/workflows/stage-workflow.yml
index ae828f1dcf..be426ed743 100644
--- a/.github/workflows/stage-workflow.yml
+++ b/.github/workflows/stage-workflow.yml
@@ -54,7 +54,7 @@ jobs:
         oidc-audience: ${{ vars.OIDC_AUDIENCE }}
 
     - name: Get workflow code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         sparse-checkout: |
           .github
diff --git a/.github/workflows/test-artifact.yml b/.github/workflows/test-artifact.yml
index c66d58ad64..2f779acd40 100644
--- a/.github/workflows/test-artifact.yml
+++ b/.github/workflows/test-artifact.yml
@@ -117,7 +117,7 @@ jobs:
         sha: ${{ github.sha }}
         context: ${{ env.STATUS_CHECK_MESSAGE }}
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         ref: ${{ inputs.rev-of-integration-tests }}
         # Make sure we don't accidentally build from source via the repo
diff --git a/.github/workflows/update-manylinux-openssl-image.yml b/.github/workflows/update-manylinux-openssl-image.yml
index fd7702d779..f282556ef6 100644
--- a/.github/workflows/update-manylinux-openssl-image.yml
+++ b/.github/workflows/update-manylinux-openssl-image.yml
@@ -34,7 +34,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         sparse-checkout: |
           .github/workflows
diff --git a/.github/workflows/update-version.yml b/.github/workflows/update-version.yml
index 6c1a6fb3a5..555ff4359a 100644
--- a/.github/workflows/update-version.yml
+++ b/.github/workflows/update-version.yml
@@ -34,7 +34,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
         token: ${{ secrets.CLIENT_BOT_PAT }}
         fetch-depth: 0