diff --git a/.github/workflows/build-core.yml b/.github/workflows/build-core.yml
index 80b6db74108..c40c58b7519 100644
--- a/.github/workflows/build-core.yml
+++ b/.github/workflows/build-core.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           fetch-depth: 0
diff --git a/.github/workflows/regression-safety-db-changes.yml b/.github/workflows/regression-safety-db-changes.yml
index 7dcc1873d8b..9b7627f910a 100644
--- a/.github/workflows/regression-safety-db-changes.yml
+++ b/.github/workflows/regression-safety-db-changes.yml
@@ -100,7 +100,7 @@ jobs:
       # SETUP
       # ============================================================
       - name: Checkout base commit (baseline)
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           repository: ${{ github.event.pull_request.base.repo.full_name }}
diff --git a/.github/workflows/verify-api-backward-compatibility.yml b/.github/workflows/verify-api-backward-compatibility.yml
index d1e3a4076d5..8a5e3e2ac79 100644
--- a/.github/workflows/verify-api-backward-compatibility.yml
+++ b/.github/workflows/verify-api-backward-compatibility.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout base branch for baseline
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           repository: ${{ github.event.pull_request.base.repo.full_name }}
@@ -29,7 +29,7 @@ jobs:
           path: baseline
 
       - name: Checkout base branch for merged PR
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           repository: ${{ github.event.pull_request.base.repo.full_name }}
diff --git a/.github/workflows/verify-commits.yml b/.github/workflows/verify-commits.yml
index 5e14d890017..1bba6240f0d 100644
--- a/.github/workflows/verify-commits.yml
+++ b/.github/workflows/verify-commits.yml
@@ -31,7 +31,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           persist-credentials: false
           fetch-depth: 0
diff --git a/.github/workflows/verify-liquibase-backward-compatibility.yml b/.github/workflows/verify-liquibase-backward-compatibility.yml
index fa88c641c42..8366d63d969 100644
--- a/.github/workflows/verify-liquibase-backward-compatibility.yml
+++ b/.github/workflows/verify-liquibase-backward-compatibility.yml
@@ -37,7 +37,7 @@ jobs:
 
     steps:
       - name: Checkout base commit
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           repository: ${{ github.event.pull_request.base.repo.full_name }}
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index 9c5c60124c9..bb78abb5033 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -46,7 +46,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false