diff --git a/.github/workflows/build-autotriage.yml b/.github/workflows/build-autotriage.yml
index df57747056..5a288cbda2 100644
--- a/.github/workflows/build-autotriage.yml
+++ b/.github/workflows/build-autotriage.yml
@@ -19,7 +19,7 @@ jobs:
     name: Run Build Triage
     if: github.repository == 'adoptium/temurin-build'
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: "Run Build Auto Triage"
         run: bash "${PWD}/${TRIAGE_SCRIPT}" jdk8u jdk11u jdk17u jdk21u jdk22 jdk23head
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3d33e2bbe7..1fdc0596c0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -64,6 +64,7 @@ jobs:
             variant: bisheng
             image: adoptopenjdk/centos7_build_image
     steps:
+    # pinned at v3 to as Node.js 20.x is not supported on Centos 7
     - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
     - name: Build Linux
@@ -75,11 +76,11 @@ jobs:
         TARGET_OS: ${{ matrix.os }}
         FILENAME: OpenJDK.tar.gz
         # Don't set the OS as we use both linux and alpine-linux
-        PLATFORM_CONFIG_LOCATION: AdoptOpenJDK/openjdk-build/master/build-farm/platform-specific-configurations
+        PLATFORM_CONFIG_LOCATION: adoptium/temurin-build/master/build-farm/platform-specific-configurations
         BUILD_ARGS: --create-sbom
         CONFIGURE_ARGS: --with-native-debug-symbols=none
 
-    - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
       name: Collect and Archive Artifacts
       with:
         name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}
@@ -101,7 +102,7 @@ jobs:
         vendor_testRepos: "${{ github.event.pull_request.head.repo.html_url }}.git"
         vendor_testBranches: "${{ github.head_ref }}"
         vendor_testDirs: "/test/functional"
-    - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
       name: Collect and Archive SmokeTest Results
       if: failure()
       with:
@@ -118,11 +119,12 @@ jobs:
         version: [
           { name: jdk8u, distro: macos-11 },
           { name: jdk11u, distro: macos-13 },
+          { name: jdk17u, distro: macos-14 }
         ]
         variant: [temurin]
 
     steps:
-    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     # https://github.com/actions/runner-images/issues/6817
     - name: (Mac) Workaround for homebrew
@@ -144,7 +146,7 @@ jobs:
       run: |
         brew install automake bash binutils freetype gnu-sed nasm
 
-    - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
+    - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
       id: setup-java
       with:
         java-version: 7
@@ -259,14 +261,14 @@ jobs:
            wget,
            zip
 
-     - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
+     - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
        id: setup-java7
        with:
          distribution: 'zulu'
          java-version: 7
        if: matrix.version == 'jdk8u'
 
-     - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
+     - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
        id: setup-java11
        with:
          distribution: 'temurin'
@@ -342,7 +344,7 @@ jobs:
        shell: bash
        run: mkdir -p "$HOME" && git config --system core.autocrlf false && git config --global --add safe.directory '*'
 
-     - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          set-safe-directory: false
 
@@ -386,7 +388,7 @@ jobs:
          path: workspace/target/*
 
      - name: Restore build artifacts
-       uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+       uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
        with:
          name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}
          path: ~/${{matrix.version}}-${{matrix.os}}-${{matrix.variant}}
diff --git a/.github/workflows/ca-cert-updater.yml b/.github/workflows/ca-cert-updater.yml
index 9eb806418f..e5eb81e6a8 100644
--- a/.github/workflows/ca-cert-updater.yml
+++ b/.github/workflows/ca-cert-updater.yml
@@ -14,7 +14,7 @@ jobs:
     if: startsWith(github.repository, 'adoptium/')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index f1b9b5e560..658d69f166 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -42,7 +42,7 @@ jobs:
       # Checkout the code base #
       ##########################
       - name: Checkout Code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 73e2a452bb..6e5c8186c6 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -20,7 +20,7 @@ jobs:
       id-token: write
 
     steps:
-    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       with:
         persist-credentials: false
     - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
diff --git a/.github/workflows/signsbom.yml b/.github/workflows/signsbom.yml
index 9fdb4a0c42..050159ff1c 100644
--- a/.github/workflows/signsbom.yml
+++ b/.github/workflows/signsbom.yml
@@ -17,15 +17,11 @@ jobs:
   test_sbom_sign:
     name: sign_sbom
     runs-on: ubuntu-latest
-    container:
-      image: adoptopenjdk/centos7_build_image
-    strategy:
-      fail-fast: false
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       # Build with jdk17 to ensure TemurinSignSBOM meets min compatibility
-      - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
+      - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
         id: setup-java
         with:
           java-version: 17
diff --git a/.github/workflows/testsbom.yml b/.github/workflows/testsbom.yml
index b4aa1801a9..fa22df8b93 100644
--- a/.github/workflows/testsbom.yml
+++ b/.github/workflows/testsbom.yml
@@ -17,16 +17,12 @@ jobs:
   test_sbom_gen:
     name: gen_sbom
     runs-on: ubuntu-latest
-    container:
-      image: adoptopenjdk/centos7_build_image
-    strategy:
-      fail-fast: false
 
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       # Build with jdk8 to ensure TemurinGenSBOM meets min compatibility
-      - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
+      - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
         id: setup-java
         with:
           java-version: 8