diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 138445b..a4c84ea 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -35,7 +35,7 @@ jobs:
     steps:
     - name: Checkout repository
       # Pinned SHA (v4.2.2 equivalent)
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd 
 
     - name: Initialize CodeQL
       # Pinned SHA (v3 equivalent)
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
index f685fde..42b06b4 100644
--- a/.github/workflows/devskim.yml
+++ b/.github/workflows/devskim.yml
@@ -23,7 +23,7 @@ jobs:
     steps:
       - name: Checkout code
         # Pinned to specific SHA for immutable security
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6
diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml
index 0ec991c..9cb8a8f 100644
--- a/.github/workflows/njsscan.yml
+++ b/.github/workflows/njsscan.yml
@@ -25,7 +25,7 @@ jobs:
     name: njsscan code scanning
     steps:
     - name: Checkout the code
-      uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
     - name: nodejsscan scan
       id: njsscan
       uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
index f14dde0..a1135a6 100644
--- a/.github/workflows/node.js.yml
+++ b/.github/workflows/node.js.yml
@@ -22,7 +22,7 @@ jobs:
         node-version: [22.x, 24.x]
 
     steps:
-    - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
     - name: Use Node.js ${{ matrix.node-version }}
       uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
       with:
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 649f2ef..caae6f1 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/snyk-infrastructure.yml b/.github/workflows/snyk-infrastructure.yml
index 0d67901..82bb340 100644
--- a/.github/workflows/snyk-infrastructure.yml
+++ b/.github/workflows/snyk-infrastructure.yml
@@ -20,7 +20,7 @@ jobs:
     
     steps:
       - name: Checkout Code
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd 
 
       - name: Setup Node.js
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238