diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index 4e33ca2ab..b3d038325 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -16,7 +16,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up Python
         uses: actions/setup-python@v6
         with:
diff --git a/.github/workflows/cfn-nag.yml b/.github/workflows/cfn-nag.yml
index 8c2adb02a..dc7723892 100644
--- a/.github/workflows/cfn-nag.yml
+++ b/.github/workflows/cfn-nag.yml
@@ -24,7 +24,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Use Node.js
         uses: actions/setup-node@v6
         with:
@@ -41,7 +41,7 @@ jobs:
         run: |
           npm install -g aws-cdk
           cdk --version
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up Python
         uses: actions/setup-python@v6
         with:
diff --git a/.github/workflows/check-pytest-xfails.yml b/.github/workflows/check-pytest-xfails.yml
index 3392374ef..3551dc25e 100644
--- a/.github/workflows/check-pytest-xfails.yml
+++ b/.github/workflows/check-pytest-xfails.yml
@@ -15,6 +15,6 @@ jobs:
   Check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: check xfails
         run: if grep -ro "@pytest.mark.xfail()" tests/; then echo "xfails must catch a specific error, e.g. '@pytest.mark.xfail(raises=NotImplementedError)'" && exit 1; else echo "success" && exit 0; fi
\ No newline at end of file
diff --git a/.github/workflows/minimal-tests.yml b/.github/workflows/minimal-tests.yml
index a68f5dfc3..2af880c24 100644
--- a/.github/workflows/minimal-tests.yml
+++ b/.github/workflows/minimal-tests.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ${{ matrix.platform }}
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v6
         with:
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index ffa82de18..cea425bc5 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: hynek/build-and-inspect-python-package@v2
 
 
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 9081c78a1..072f870f7 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -14,7 +14,7 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/python-3.12@master
         continue-on-error: true  # To make sure that SARIF upload gets called
diff --git a/.github/workflows/static-checking.yml b/.github/workflows/static-checking.yml
index e4c57d696..40221075b 100644
--- a/.github/workflows/static-checking.yml
+++ b/.github/workflows/static-checking.yml
@@ -21,7 +21,7 @@ jobs:
         python-version: [3.9]
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v6
         with: