diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index 5d577cc..7ec73ac 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -6,7 +6,7 @@ jobs:
     name: golang lint
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2.3.3
+    - uses: actions/checkout@v2.3.4
     - uses: hazcod/action-golangci-lint@master
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -16,7 +16,7 @@ jobs:
     name: dockerfile lint
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2.3.3
+    - uses: actions/checkout@v2.3.4
     - name: hadolint
       uses: burdzwastaken/hadolint-action@1.9.0
       env:
@@ -27,7 +27,7 @@ jobs:
     name: docker build
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2.3.3
+    - uses: actions/checkout@v2.3.4
     - name: extract tag
       id: vars
       run: echo ::set-output name=nginx_version::$(grep '^FROM nginx' Dockerfile  | cut -d ' ' -f 2 | cut -d ':' -f 2)
@@ -38,7 +38,7 @@ jobs:
     name: docker security scan
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2.3.3
+    - uses: actions/checkout@v2.3.4
     - name: docker build
       run: docker build . --file Dockerfile --tag image
     - name: cached scan db
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index af44319..8f38d6a 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - 
-      uses: actions/checkout@v2.3.3
+      uses: actions/checkout@v2.3.4
     - 
       uses: go-semantic-release/action@v1
       id: version