diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 04fbbb10..39a729ac 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -4,8 +4,10 @@ name: CodeQL Security Analysis
 on:
   push:
     branches: [main, master]
+  # No `branches:` filter — a required check whose workflow is branch-gated is
+  # never created on a non-matching base and blocks merge forever at
+  # "Expected — Waiting for status to be reported" (cf. affinescript#645).
   pull_request:
-    branches: [main, master]
   schedule:
     - cron: '0 6 1 * *'
 
diff --git a/.github/workflows/hypatia-scan.yml b/.github/workflows/hypatia-scan.yml
index 5e8a5a67..16642946 100644
--- a/.github/workflows/hypatia-scan.yml
+++ b/.github/workflows/hypatia-scan.yml
@@ -7,8 +7,10 @@ name: Hypatia Security Scan
 on:
   push:
     branches: [main, master, develop]
+  # No `branches:` filter — a required check whose workflow is branch-gated is
+  # never created on a non-matching base and blocks merge forever at
+  # "Expected — Waiting for status to be reported" (cf. affinescript#645).
   pull_request:
-    branches: [main, master]
   schedule:
     - cron: '0 0 * * 0'
   workflow_dispatch: