diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index cd7d583..1451e54 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -31,7 +31,7 @@ jobs:
     steps:
       # we want the head of the branch that triggered this, not the reference of the commit, this is so we get updated go versions etc.
       - name: Check out [${{ inputs.branch || github.ref }}]
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.branch || github.ref }}
       - name: Update Go env version
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6f3d2cb..cc51bda 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Checkout with full history for to allow compare with base branch
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: actions/setup-python@v4
@@ -49,7 +49,7 @@ jobs:
     - uses: actions/setup-python@v4
     - name: Install tools
       run: pip install detect-secrets==1.0.3 && pip list
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
     # FIXME: GitLeaks requires a licence now
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
index 613f28f..6bf3008 100644
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -21,7 +21,7 @@ jobs:
     needs: update-utils
     steps:
       # Checkout with full history for to allow compare with base branch
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: actions/setup-python@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index efaad1d..a750d8d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,7 +19,7 @@ jobs:
     outputs:
       changes: ${{ steps.check.outputs.changes }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Check if changes directory contains files
         id: check
         run: |
@@ -33,7 +33,7 @@ jobs:
     needs: [ check-for-changes ]
     if: needs.check-for-changes.outputs.changes
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # Get the full history as this is required by goreleaser
           fetch-depth: 0
diff --git a/.github/workflows/update-utils.yml b/.github/workflows/update-utils.yml
index dd2bec4..874c1f8 100644
--- a/.github/workflows/update-utils.yml
+++ b/.github/workflows/update-utils.yml
@@ -19,7 +19,7 @@ jobs:
     name: Update Go
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         # So that we have correct GIT_TOKEN to push back to branch as we need workflow permissions
         token: ${{ secrets.GIT_SECRET }}
@@ -35,7 +35,7 @@ jobs:
       run: |
         cd-license-files
     - name: Checkout Update Go action
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Arm-Debug/update-go-action
         ref: refs/tags/latest
diff --git a/changes/20231026105824.bugfix b/changes/20231026105824.bugfix
new file mode 100644
index 0000000..5e0417a
--- /dev/null
+++ b/changes/20231026105824.bugfix
@@ -0,0 +1 @@
+Dependency upgrade: checkout-4