diff --git a/.github/workflows/CargoAudit.yml b/.github/workflows/CargoAudit.yml
index e1fe144..2d5a8af 100644
--- a/.github/workflows/CargoAudit.yml
+++ b/.github/workflows/CargoAudit.yml
@@ -13,7 +13,7 @@ jobs:
   audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       # We are not using the common workflow here because it installs a bunch of tools we don't need.
       # TODO: Once the runner image is updated to include the necessary tools (without downloading), we can switch to the common workflow.
diff --git a/.github/workflows/CreateRelease.yml b/.github/workflows/CreateRelease.yml
index a713830..aa989b7 100644
--- a/.github/workflows/CreateRelease.yml
+++ b/.github/workflows/CreateRelease.yml
@@ -35,7 +35,7 @@ jobs:
       dry_run: ${{ steps.set-version.outputs.dry_run }}
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           fetch-depth: 0
           fetch-tags: true
@@ -64,7 +64,7 @@ jobs:
     if: ${{ needs.set-version.outputs.dry_run == 'false' }}
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - name: Create Release Branch
         shell: bash
diff --git a/.github/workflows/IssueLabelChecker.yml b/.github/workflows/IssueLabelChecker.yml
index fd4664b..b8e532e 100644
--- a/.github/workflows/IssueLabelChecker.yml
+++ b/.github/workflows/IssueLabelChecker.yml
@@ -11,7 +11,7 @@ jobs:
   labeler:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Check and Add label
       run: |
         # The cryptic head -c -1 is because otherwise gh always terminates output with a newline
diff --git a/.github/workflows/PRLabelChecker.yml b/.github/workflows/PRLabelChecker.yml
index 9e16fdb..bc84ed2 100644
--- a/.github/workflows/PRLabelChecker.yml
+++ b/.github/workflows/PRLabelChecker.yml
@@ -11,7 +11,7 @@ jobs:
   check-labels:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - name: Ensure exactly one "kind/*" label is applied
         run: |
           # Count the number of "kind/*" labels directly from the PR labels
diff --git a/.github/workflows/ValidatePullRequests.yml b/.github/workflows/ValidatePullRequests.yml
index b0881a2..37969eb 100644
--- a/.github/workflows/ValidatePullRequests.yml
+++ b/.github/workflows/ValidatePullRequests.yml
@@ -32,7 +32,7 @@ jobs:
     name: check license headers
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Check License Headers
       run: ./dev/check-license-headers.sh
 
@@ -54,6 +54,6 @@ jobs:
     name: Spell check with typos
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Spell Check Repo
       uses: crate-ci/typos@v1.47.2
diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml
index a7c4213..298468b 100644
--- a/.github/workflows/auto-merge-dependabot.yml
+++ b/.github/workflows/auto-merge-dependabot.yml
@@ -33,7 +33,7 @@ jobs:
           permission-actions: read
 
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
         with:
           token: ${{ steps.get-app-token.outputs.token }}
           persist-credentials: false
diff --git a/.github/workflows/cargo-publish.yml b/.github/workflows/cargo-publish.yml
index e27b1cd..d3da562 100644
--- a/.github/workflows/cargo-publish.yml
+++ b/.github/workflows/cargo-publish.yml
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           fetch-depth: 0
           fetch-tags: true
diff --git a/.github/workflows/dep_benchmarks.yml b/.github/workflows/dep_benchmarks.yml
index 0910e3e..03f5d62 100644
--- a/.github/workflows/dep_benchmarks.yml
+++ b/.github/workflows/dep_benchmarks.yml
@@ -50,7 +50,7 @@ jobs:
         github.run_attempt)) }}
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/dep_build.yml b/.github/workflows/dep_build.yml
index 236cae6..3f68d81 100644
--- a/.github/workflows/dep_build.yml
+++ b/.github/workflows/dep_build.yml
@@ -55,7 +55,7 @@ jobs:
         github.run_attempt)) }}
 
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index 121a959..972940a 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -59,7 +59,7 @@ jobs:
             build_name: win32-x64-msvc
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           fetch-depth: 0
 
@@ -122,7 +122,7 @@ jobs:
     # so it does not need self-hosted runners with KVM/Hyperlight.
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - name: Enable KVM
         run: |