diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml
index ee4004f40e..ac13fe88f0 100644
--- a/.github/workflows/autobuild.yml
+++ b/.github/workflows/autobuild.yml
@@ -75,7 +75,7 @@ jobs:
         contents:                   write
     steps:
       - name:                       Checkout code
-        uses:                       actions/checkout@v3
+        uses:                       actions/checkout@v4
 
       - name:                       Determine release version, type and prerelease variables
         run:                        ./.github/autobuild/get_build_vars.py
@@ -312,7 +312,7 @@ jobs:
           git config --global --add safe.directory "${GITHUB_WORKSPACE}"
 
       - name:                       Checkout code
-        uses:                       actions/checkout@v3
+        uses:                       actions/checkout@v4
         with:
           submodules:               true
           fetch-depth:              ${{ matrix.config.checkout_fetch_depth || '1' }}
diff --git a/.github/workflows/bump-dependencies.yml b/.github/workflows/bump-dependencies.yml
index 6efc755b6b..831f98e857 100644
--- a/.github/workflows/bump-dependencies.yml
+++ b/.github/workflows/bump-dependencies.yml
@@ -80,7 +80,7 @@ jobs:
             local_version_regex: (.*["\/]asiosdk_)([^"]+?)(".*|\.zip.*)
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.BUMP_DEPENDENCIES_SSH_DEPLOY_KEY || 'fail-due-to-missing-ssh-key-as-secret' }}
           fetch-depth: '0'  # we create/compare new branches and therefore require full history
@@ -168,7 +168,7 @@ jobs:
       # This job runs via pull_request_target. Please check for any security
       # consequences when extending these steps:
       # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         # this checks out the upstream `main` and not the PR branch; this is fine for us
         # as we just need a proper config for git/gh to work with.
       - env:
diff --git a/.github/workflows/check-json-rpcs-docs.yml b/.github/workflows/check-json-rpcs-docs.yml
index cecf41731f..80009da170 100644
--- a/.github/workflows/check-json-rpcs-docs.yml
+++ b/.github/workflows/check-json-rpcs-docs.yml
@@ -13,7 +13,7 @@ jobs:
   check-json-rpc-docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: ./tools/generate_json_rpc_docs.py
       - run: |
           [[ -z "$(git status --porcelain=v1)" ]] && exit 0
diff --git a/.github/workflows/coding-style-check.yml b/.github/workflows/coding-style-check.yml
index 29c81771c5..316a55964f 100644
--- a/.github/workflows/coding-style-check.yml
+++ b/.github/workflows/coding-style-check.yml
@@ -30,7 +30,7 @@ jobs:
     # The clangFormatVersion is based on Ubuntu current LTS (jammy at time of writing).
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Check .cpp/.h/.mm with clang-format
       uses: DoozyX/clang-format-lint-action@a83a8fb7d371f66da7dd1c4f33a193023899494b
       with:
@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     # shellcheck is already pre-installed on ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Check .sh with shellcheck
       run: find -name '*.sh' -not -path './libs/*' -exec shellcheck --shell=bash {} +
     - name: Install shfmt
@@ -56,7 +56,7 @@ jobs:
     name: Verify Python coding style
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install pylint
       run: pip install --user "pylint < 3.0"
     - name: Check Python files with pylint
diff --git a/.github/workflows/translation-check.yml b/.github/workflows/translation-check.yml
index caf0c39b52..cbaebe455d 100644
--- a/.github/workflows/translation-check.yml
+++ b/.github/workflows/translation-check.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on:         ubuntu-latest
     steps:
       - name:        Checkout Code
-        uses:        actions/checkout@v3
+        uses:        actions/checkout@v4
       - name:        "Check Windows installer translations"
         run:         ./tools/check-wininstaller-translations.sh
       #- name:       "Check for duplicate hotkeys (will not fail)"
diff --git a/.github/workflows/update-copyright-notices.yml b/.github/workflows/update-copyright-notices.yml
index fcf4c39e7c..b248606288 100644
--- a/.github/workflows/update-copyright-notices.yml
+++ b/.github/workflows/update-copyright-notices.yml
@@ -19,7 +19,7 @@ jobs:
       pull-requests: write
       contents: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - run: ./tools/update-copyright-notices.sh
       - env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -51,7 +51,7 @@ jobs:
       pull-requests: write
       contents: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - env:
           pr_branch: ${{ github.event.pull_request.head.ref }}
         run: |