diff --git a/.github/workflows/check_changelog.yml b/.github/workflows/check_changelog.yml
index 08421fba..0e33fba8 100644
--- a/.github/workflows/check_changelog.yml
+++ b/.github/workflows/check_changelog.yml
@@ -13,7 +13,7 @@ jobs:
     if: (!contains(github.event.pull_request.labels.*.name, 'skip changelog'))
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Check that CHANGELOG is touched
         run: |
           git fetch origin ${{ github.base_ref }} --depth 1 || exit 1
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4cffd319..2f1fde0f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ jobs:
           - 9
           - 10
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-java@v5
         with:
           distribution: zulu
@@ -38,7 +38,7 @@ jobs:
           - 9
           - 10
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-java@v5
         with:
           distribution: zulu
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
index f8445c71..9109e506 100644
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -32,7 +32,7 @@ jobs:
           private-key: ${{ secrets.LINGUIST_GH_PRIVATE_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           # We always want the version bump/changelog and resultant PR to target main, not the branch of the workflow_dispatch.
           ref: main
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b4afd9c4..10108e4c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,7 +34,7 @@ jobs:
           private-key: ${{ secrets.LINGUIST_GH_PRIVATE_KEY }}
 
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           # Using the GH application token here will configure the local git config for this repo with credentials
           # that can be used to make signed commits that are attributed to the GH application user
diff --git a/.github/workflows/update-project-version-tomcat.yml b/.github/workflows/update-project-version-tomcat.yml
index dddc5d36..90a88579 100644
--- a/.github/workflows/update-project-version-tomcat.yml
+++ b/.github/workflows/update-project-version-tomcat.yml
@@ -25,7 +25,7 @@ jobs:
           app-id: ${{ vars.LINGUIST_GH_APP_ID }}
           private-key: ${{ secrets.LINGUIST_GH_PRIVATE_KEY }}
 
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           ref: ${{ inputs.branch || github.event.pull_request.head.ref }}
           token: ${{ steps.generate-token.outputs.token }}