diff --git a/.github/workflows/fix.yml b/.github/workflows/fix.yml
index eff8606..8a8a1cd 100644
--- a/.github/workflows/fix.yml
+++ b/.github/workflows/fix.yml
@@ -108,7 +108,7 @@ jobs:
         run: node lib/actions/fix-yaml-config.js
         working-directory: scripts
       - name: Upload YAML config
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ env.TF_WORKSPACE }}.yml
           path: github/${{ env.TF_WORKSPACE }}.yml
@@ -152,7 +152,7 @@ jobs:
         with:
           path: base
       - name: Download YAML configs
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: artifacts
       - name: Copy YAML configs
diff --git a/.github/workflows/plan.yml b/.github/workflows/plan.yml
index 9f106ef..24baecf 100644
--- a/.github/workflows/plan.yml
+++ b/.github/workflows/plan.yml
@@ -93,7 +93,7 @@ jobs:
           terraform plan -refresh=false -lock=false -out="${TF_WORKSPACE}.tfplan" -no-color
         working-directory: terraform
       - name: Upload terraform plan
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ env.TF_WORKSPACE }}_${{ github.event.pull_request.head.sha || github.sha }}.tfplan
           path: terraform/${{ env.TF_WORKSPACE }}.tfplan
@@ -130,7 +130,7 @@ jobs:
         run: terraform init
         working-directory: terraform
       - name: Download terraform plans
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: terraform
       - name: Show terraform plans
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e6bd77..d0497d6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - workflows: not to use deprecated GitHub Actions expressions anymore
 - tf: to prevent destroy of membership and repository resources
 - apply: find sha for plan using proper credentials
+- updated upload and download artifacts actions to v4
 
 ### Fixed
 - links to supported resources in HOWTOs
diff --git a/docs/HOWTOS.md b/docs/HOWTOS.md
index fe409de..2a85afc 100644
--- a/docs/HOWTOS.md
+++ b/docs/HOWTOS.md
@@ -91,7 +91,7 @@ I push my changes to a new branch and create a PR. An admin reviews the PR and m
 
 ### ...synchronize GitHub Management with GitHub?
 
-*NOTE*: Remember that the `Sync` operation modifies terraform state. Even if you run it from a branch, it modifies the global state that is shared with other branches. There is only one terraform state per organization.
+*NOTE*: Remember that the `Sync` operation modifes terraform state. Even if you run it from a branch, it modifies the global state that is shared with other branches. There is only one terraform state per organization.
 
 *NOTE*: `Sync` will force push changes directly to the branch you run it from.
 
diff --git a/docs/SETUP.md b/docs/SETUP.md
index f0b18b1..b36f8ba 100644
--- a/docs/SETUP.md
+++ b/docs/SETUP.md
@@ -158,7 +158,7 @@
 - [ ] Manually set values that are impossible to control this value via terraform currently
    - [ ] [Set read repository contents permissions for `GITHUB_TOKEN`](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository)
    - [ ] If the repository is public, [require approval for all outside collaborators](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-required-approval-for-workflows-from-public-forks)
-   - [ ] If the repository is private, [disable sending write tokens or secrets to workflows from fork pull requests](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks)
+   - [ ] If the repository is private, [disable sending write tokens or secrets to worfklows from fork pull requests](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks)
 - [ ] Pull remote changes to the default branch
 - [ ] Enable required PRs, peer reviews, status checks and branch up-to-date check on the repository by making sure [github/$ORGANIZATION_NAME.yml](github/$ORGANIZATION_NAME.yml) contains the following entry:
     ```yaml