diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml
index 385feee..0f72838 100644
--- a/.github/workflows/build-release.yaml
+++ b/.github/workflows/build-release.yaml
@@ -29,7 +29,7 @@ jobs:
           - { GOOS: darwin, GOARCH: arm64 }
           - { GOOS: freebsd, GOARCH: amd64 }
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
@@ -51,7 +51,7 @@ jobs:
     name: Create Containerized Release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: docker/metadata-action@v6
         id: meta
         with:
diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml
index 950955c..aabe0ac 100644
--- a/.github/workflows/dependabot.yaml
+++ b/.github/workflows/dependabot.yaml
@@ -14,7 +14,7 @@ jobs:
       version: ${{ steps.bump.outputs.new_version }}
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           ref: main
           fetch-depth: 0
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 387e16e..7e57828 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,7 +14,7 @@ jobs:
     outputs:
       version: ${{ steps.real.outputs.version || steps.fake.outputs.version }}
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - name: Output real version
         if: github.event_name == 'release'
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 1de3c74..49cdc38 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -11,7 +11,7 @@ jobs:
     name: Unit tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
@@ -24,7 +24,7 @@ jobs:
     name: Documentation tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
@@ -37,7 +37,7 @@ jobs:
     name: Editorconfig check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: editorconfig-checker/action-editorconfig-checker@main
       - run: editorconfig-checker
         shell: bash
@@ -46,7 +46,7 @@ jobs:
     name: Validate dependabot
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - run: pipx install check-jsonschema
         shell: bash
       - run: check-jsonschema --builtin-schema vendor.dependabot .github/dependabot.yml
@@ -55,7 +55,7 @@ jobs:
   workflow-validate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: asdf-vm/actions/install@v4
         with:
           tool_versions: |
@@ -68,7 +68,7 @@ jobs:
     name: No 'fix me's check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - run: grep -RHin $(printf Zml4bWUK | base64 -d) . && exit 1 || exit 0 # had to hide the `f i x m e` inside of base64 to not trigger it here too
 
   tests-succeeded:
diff --git a/.github/workflows/upgrade-go.yaml b/.github/workflows/upgrade-go.yaml
index 898bfe1..abf1127 100644
--- a/.github/workflows/upgrade-go.yaml
+++ b/.github/workflows/upgrade-go.yaml
@@ -12,7 +12,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - name: Create token
         id: app-token