diff --git a/.github/workflows/guard-couchdb-data.yml b/.github/workflows/guard-couchdb-data.yml
index 1c25c8e3..b33dc4dd 100644
--- a/.github/workflows/guard-couchdb-data.yml
+++ b/.github/workflows/guard-couchdb-data.yml
@@ -18,7 +18,7 @@ jobs:
     name: No unapproved data files
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
index 05c1e3a9..f2751cfd 100644
--- a/.github/workflows/secret-scan.yml
+++ b/.github/workflows/secret-scan.yml
@@ -21,7 +21,7 @@ jobs:
     name: Gitleaks
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0   # full history so the scan covers all commits
 
@@ -41,7 +41,7 @@ jobs:
     name: TruffleHog
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0