diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 8a69c6f0295e..3cf858477edb 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -6,7 +6,7 @@ jobs:
   audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: rustsec/audit-check@v1.4.1
+      - uses: actions/checkout@v4
+      - uses: rustsec/audit-check@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/auto-create-doc-issue-by-issue.yml b/.github/workflows/auto-create-doc-issue-by-issue.yml
index 6855636582e8..1f3c5e2cb6c0 100644
--- a/.github/workflows/auto-create-doc-issue-by-issue.yml
+++ b/.github/workflows/auto-create-doc-issue-by-issue.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Check if issue is done and labeled 'user-facing-changes'
         uses: dacbd/create-issue-action@main
         if: ${{ github.event.action == 'closed' && contains(github.event.issue.labels.*.name, 'user-facing-changes') }}
diff --git a/.github/workflows/auto-update-helm-and-operator-version-by-release.yml b/.github/workflows/auto-update-helm-and-operator-version-by-release.yml
index 1e4e6a8c9c1e..1cdc4250a94f 100644
--- a/.github/workflows/auto-update-helm-and-operator-version-by-release.yml
+++ b/.github/workflows/auto-update-helm-and-operator-version-by-release.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Helm Charts Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: 'risingwavelabs/helm-charts'
           token: ${{ secrets.PR_TOKEN }}
@@ -53,7 +53,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Risingwave Operator Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: 'risingwavelabs/risingwave-operator'
           token: ${{ secrets.PR_TOKEN }}
diff --git a/.github/workflows/connector-node-integration.yml b/.github/workflows/connector-node-integration.yml
index abc1942055fb..ddf9531a88f4 100644
--- a/.github/workflows/connector-node-integration.yml
+++ b/.github/workflows/connector-node-integration.yml
@@ -16,8 +16,8 @@ jobs:
         java: [ '11', '17' ]
     name: Java ${{ matrix.java }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: dorny/paths-filter@v2
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
         id: filter
         with:
           filters: |
diff --git a/.github/workflows/dashboard.yml b/.github/workflows/dashboard.yml
index c722d4704e00..759a9bb83885 100644
--- a/.github/workflows/dashboard.yml
+++ b/.github/workflows/dashboard.yml
@@ -11,11 +11,11 @@ jobs:
   dashboard-ui-deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: "18"
-      - uses: arduino/setup-protoc@v1
+          node-version: 18
+      - uses: arduino/setup-protoc@v3
         with:
           version: "3.x"
           repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/license_check.yml b/.github/workflows/license_check.yml
index 02442e990386..04b045cb17b5 100644
--- a/.github/workflows/license_check.yml
+++ b/.github/workflows/license_check.yml
@@ -16,6 +16,6 @@ jobs:
     runs-on: ubuntu-latest
     name: license-header-check
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Check License Header
       uses: apache/skywalking-eyes@775fe1ffda59b7e100aa144d0ef8d7beae17f97d
diff --git a/.github/workflows/nightly-rust.yml b/.github/workflows/nightly-rust.yml
index 5fa90ae1138c..9b42ccccdf2f 100644
--- a/.github/workflows/nightly-rust.yml
+++ b/.github/workflows/nightly-rust.yml
@@ -24,13 +24,13 @@ jobs:
           remove-docker-images: 'true'
           root-reserve-mb: 10240
           temp-reserve-mb: 10240
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         if: ${{ github.event_name == 'schedule' }}
         with:
           # For daily scheduled run, we use a fixed branch, so that we can apply patches to fix compile errors earlier.
           # We can also ensure the regression is due to new rust instead of new RisingWave code.
           ref: xxchan/latest-nightly-rust
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         if: ${{ !(github.event_name == 'schedule') }}
       - name: Setup Rust toolchain
         run: |
diff --git a/.github/workflows/pr-title-checker.yml b/.github/workflows/pr-title-checker.yml
index c089c71d6119..6124a8343609 100644
--- a/.github/workflows/pr-title-checker.yml
+++ b/.github/workflows/pr-title-checker.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     name: pr-title-checker
     steps:
-      - uses: thehanimo/pr-title-checker@v1.3.4
+      - uses: thehanimo/pr-title-checker@v1.4.2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           configuration_path: ".github/pr-title-checker-config.json"
diff --git a/.github/workflows/typo.yml b/.github/workflows/typo.yml
index 50f0ce89ac06..eb084f2c2500 100644
--- a/.github/workflows/typo.yml
+++ b/.github/workflows/typo.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout Actions Repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Check spelling of the entire repository
       uses: crate-ci/typos@v1.23.2