diff --git a/.github/workflows/check-tag.yml b/.github/workflows/check-tag.yml
index 43c01e1..2f0739b 100644
--- a/.github/workflows/check-tag.yml
+++ b/.github/workflows/check-tag.yml
@@ -12,7 +12,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - name: Run checks
         run: |
           grep -P --color=always "\s+(?<=rev: )$GITHUB_REF_NAME$" README.md
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index f735db2..eb8c815 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -16,7 +16,7 @@ jobs:
       matrix:
         os: [macos-latest, ubuntu-latest]
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       # No caching as we're expected to run rarely
       - name: Install dependencies and run checks
         shell: bash
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index beb717e..3e62575 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -18,7 +18,7 @@ jobs:
       id-token: write
       security-events: write
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3