diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
index 3f1d690..3609653 100644
--- a/.github/workflows/dependabot-automerge.yml
+++ b/.github/workflows/dependabot-automerge.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
 
       - name: Fetch Dependabot metadata 🔍
         uses: dependabot/fetch-metadata@v3
diff --git a/.github/workflows/dependabot-validate.yml b/.github/workflows/dependabot-validate.yml
index 3518c6e..36ccb1c 100644
--- a/.github/workflows/dependabot-validate.yml
+++ b/.github/workflows/dependabot-validate.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
 
       - name: Validate dependabot config
         uses: marocchino/validate-dependabot@v3
diff --git a/.github/workflows/update-blog-posts.yml b/.github/workflows/update-blog-posts.yml
index 0533c0b..e2e40d1 100644
--- a/.github/workflows/update-blog-posts.yml
+++ b/.github/workflows/update-blog-posts.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
         with:
           # Push with GH_PAT so the authenticated pusher is in the ruleset
           # bypass list (CI team). The default GITHUB_TOKEN pushes as