diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml
index 2fbe4e3..73f0271 100644
--- a/.github/workflows/rebase.yml
+++ b/.github/workflows/rebase.yml
@@ -8,7 +8,7 @@ jobs:
     if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.3.5
         with:
           token: ${{ secrets.PAT_TOKEN }}
           fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
diff --git a/.github/workflows/sync-release-version.yml b/.github/workflows/sync-release-version.yml
index fc08992..215acb7 100644
--- a/.github/workflows/sync-release-version.yml
+++ b/.github/workflows/sync-release-version.yml
@@ -8,7 +8,7 @@ jobs:
   update-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.3.5
         with:
           fetch-depth: 0
       - name: Sync release version.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6fbd75c..02b5e68 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v2.3.5
         with:
           fetch-depth: 0  # otherwise, you will failed to push refs to dest repo
           persist-credentials: false  # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
diff --git a/.github/workflows/update-readme.yml b/.github/workflows/update-readme.yml
index 8e912ae..712ff85 100644
--- a/.github/workflows/update-readme.yml
+++ b/.github/workflows/update-readme.yml
@@ -9,7 +9,7 @@ jobs:
   sync-assets:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.3.5
         with:
           fetch-depth: 0