diff --git a/.github/workflows/api-extractor.yml b/.github/workflows/api-extractor.yml
index 4c8539e6fb9..d70f8a97105 100644
--- a/.github/workflows/api-extractor.yml
+++ b/.github/workflows/api-extractor.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v5
diff --git a/.github/workflows/arethetypeswrong.yml b/.github/workflows/arethetypeswrong.yml
index a03328806e5..161acaec839 100644
--- a/.github/workflows/arethetypeswrong.yml
+++ b/.github/workflows/arethetypeswrong.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Node.js
         uses: actions/setup-node@v5
         with:
diff --git a/.github/workflows/change-prerelease-tag.yml b/.github/workflows/change-prerelease-tag.yml
index 6f1b1202adb..48aac2cdd57 100644
--- a/.github/workflows/change-prerelease-tag.yml
+++ b/.github/workflows/change-prerelease-tag.yml
@@ -32,7 +32,7 @@ jobs:
       # Check out the repository, using the Github Actions Bot app's token so
       # that we can push later.
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
           # Checkout release branch entered when workflow was kicked off
diff --git a/.github/workflows/cleanup-checks.yml b/.github/workflows/cleanup-checks.yml
index 3930f4821ab..6d1d09b3375 100644
--- a/.github/workflows/cleanup-checks.yml
+++ b/.github/workflows/cleanup-checks.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: add label
         uses: actions/github-script@v8.0.0
         with:
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v5
diff --git a/.github/workflows/compare-build-output.yml b/.github/workflows/compare-build-output.yml
index b37207b997d..d94f7028ce7 100644
--- a/.github/workflows/compare-build-output.yml
+++ b/.github/workflows/compare-build-output.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # Fetch entire git history so we have the parent commit to compare against
           fetch-depth: 0
diff --git a/.github/workflows/docmodel.yml b/.github/workflows/docmodel.yml
index 9df76b08835..fe5fc9299bb 100644
--- a/.github/workflows/docmodel.yml
+++ b/.github/workflows/docmodel.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v5
diff --git a/.github/workflows/exit-prerelease.yml b/.github/workflows/exit-prerelease.yml
index 3981935eeec..73a89649904 100644
--- a/.github/workflows/exit-prerelease.yml
+++ b/.github/workflows/exit-prerelease.yml
@@ -27,7 +27,7 @@ jobs:
       # Check out the repository, using the Github Actions Bot app's token so
       # that we can push later.
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
           # Checkout release branch entered when workflow was kicked off
diff --git a/.github/workflows/knip.yml b/.github/workflows/knip.yml
index 02e691d3fda..795e9fc3ca7 100644
--- a/.github/workflows/knip.yml
+++ b/.github/workflows/knip.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Ubuntu/Node v20
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-node@v5
       - name: Install dependencies (with cache)
         uses: bahmutov/npm-install@v1
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
index a06de611df1..72cfbf9b6b5 100644
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@@ -33,7 +33,7 @@ jobs:
       # Check out the repository, using the Github Actions Bot app's token so
       # that we can push later.
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
           # Fetch entire git history so  Changesets can generate changelogs
@@ -114,7 +114,7 @@ jobs:
           private-key: ${{ secrets.APOLLO_GITHUB_ACTIONS_BOT_PRIVATE_KEY }}
 
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
 
diff --git a/.github/workflows/publish-pr-releases.yml b/.github/workflows/publish-pr-releases.yml
index 11760a6da2a..12f36fee577 100644
--- a/.github/workflows/publish-pr-releases.yml
+++ b/.github/workflows/publish-pr-releases.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v5
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8bd82535879..5021f140463 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
       publishedPackages: ${{ steps.changesets.outputs.publishedPackages }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # Fetch entire git history so  Changesets can generate changelogs
           # with the correct commits
diff --git a/.github/workflows/scheduled-test-canary.yml b/.github/workflows/scheduled-test-canary.yml
index 674f16290bf..398c24ad59f 100644
--- a/.github/workflows/scheduled-test-canary.yml
+++ b/.github/workflows/scheduled-test-canary.yml
@@ -23,7 +23,7 @@ jobs:
         tag: ${{ fromJson(github.event_name == 'workflow_dispatch' && inputs.tags || '["canary", "experimental"]') }}
         branch: ${{ fromJson(github.event_name == 'workflow_dispatch' && inputs.branches || '["main", "release-3.13", "release-4.0"]') }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ matrix.branch }}
       - uses: actions/setup-node@v5
diff --git a/.github/workflows/size-limit.yml b/.github/workflows/size-limit.yml
index 4d7168b5f82..bce92f0284e 100644
--- a/.github/workflows/size-limit.yml
+++ b/.github/workflows/size-limit.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Node.js
         uses: actions/setup-node@v5
         with:
diff --git a/.github/workflows/snapshot-release.yml b/.github/workflows/snapshot-release.yml
index 10169f5d3f7..c41a2ff1c1c 100644
--- a/.github/workflows/snapshot-release.yml
+++ b/.github/workflows/snapshot-release.yml
@@ -65,7 +65,7 @@ jobs:
           exit 1
 
       - name: Checkout ref
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ## specify the owner + repository in order to checkout the fork
           ## for community PRs