diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
index a21ca74..1394635 100644
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -25,7 +25,7 @@ jobs:
   actionlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
 
       - name: Run actionlint
         env:
diff --git a/.github/workflows/auto-release-notes.yml b/.github/workflows/auto-release-notes.yml
index dc52850..5246dd4 100644
--- a/.github/workflows/auto-release-notes.yml
+++ b/.github/workflows/auto-release-notes.yml
@@ -15,7 +15,7 @@ jobs:
   generate-notes:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index bfe7c99..b2338f2 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Dependency Review
         uses: actions/dependency-review-action@v4
         with:
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
index 65f5fed..3e48da3 100644
--- a/.github/workflows/secrets-scan.yml
+++ b/.github/workflows/secrets-scan.yml
@@ -19,7 +19,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: Run gitleaks
diff --git a/.github/workflows/skill-validate.yml b/.github/workflows/skill-validate.yml
index 502009a..935a335 100644
--- a/.github/workflows/skill-validate.yml
+++ b/.github/workflows/skill-validate.yml
@@ -29,7 +29,7 @@ jobs:
   validate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
 
       # PyYAML is NOT guaranteed to be preinstalled on the runner image, so set
       # up Python explicitly and install the dependency to keep validation green.
diff --git a/.github/workflows/weekly-triage.yml b/.github/workflows/weekly-triage.yml
index c938c0f..fbfd719 100644
--- a/.github/workflows/weekly-triage.yml
+++ b/.github/workflows/weekly-triage.yml
@@ -19,7 +19,7 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
 
       - name: Fetch open issues
         id: issues