diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index 0e8c15b56..b99c1c487 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -16,7 +16,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
diff --git a/.github/workflows/cfn-nag.yml b/.github/workflows/cfn-nag.yml
index 6daa1a1c0..b95f735d2 100644
--- a/.github/workflows/cfn-nag.yml
+++ b/.github/workflows/cfn-nag.yml
@@ -24,7 +24,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
@@ -41,7 +41,7 @@ jobs:
         run: |
           npm install -g aws-cdk
           cdk --version
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
diff --git a/.github/workflows/check-pytest-xfails.yml b/.github/workflows/check-pytest-xfails.yml
index 1399c4991..3392374ef 100644
--- a/.github/workflows/check-pytest-xfails.yml
+++ b/.github/workflows/check-pytest-xfails.yml
@@ -15,6 +15,6 @@ jobs:
   Check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: check xfails
         run: if grep -ro "@pytest.mark.xfail()" tests/; then echo "xfails must catch a specific error, e.g. '@pytest.mark.xfail(raises=NotImplementedError)'" && exit 1; else echo "success" && exit 0; fi
\ No newline at end of file
diff --git a/.github/workflows/minimal-tests.yml b/.github/workflows/minimal-tests.yml
index 955b11dac..1f95b17e3 100644
--- a/.github/workflows/minimal-tests.yml
+++ b/.github/workflows/minimal-tests.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ${{ matrix.platform }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v5
         with:
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index b0fee8806..4188b4ae1 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -14,7 +14,7 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/python-3.8@master
         continue-on-error: true  # To make sure that SARIF upload gets called
diff --git a/.github/workflows/static-checking.yml b/.github/workflows/static-checking.yml
index 79bc4fbc8..cebdd0731 100644
--- a/.github/workflows/static-checking.yml
+++ b/.github/workflows/static-checking.yml
@@ -21,7 +21,7 @@ jobs:
         python-version: [3.9]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v5
         with: