diff --git a/.github/workflows/guard-couchdb-data.yml b/.github/workflows/guard-couchdb-data.yml
index b33dc4dd..7c84da13 100644
--- a/.github/workflows/guard-couchdb-data.yml
+++ b/.github/workflows/guard-couchdb-data.yml
@@ -18,7 +18,7 @@ jobs:
     name: No unapproved data files
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
index f2751cfd..82f8b2dc 100644
--- a/.github/workflows/secret-scan.yml
+++ b/.github/workflows/secret-scan.yml
@@ -21,7 +21,7 @@ jobs:
     name: Gitleaks
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           fetch-depth: 0   # full history so the scan covers all commits
 
@@ -41,7 +41,7 @@ jobs:
     name: TruffleHog
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           fetch-depth: 0