diff --git a/.github/workflows/api-extractor.yml b/.github/workflows/api-extractor.yml
index c46ca0eb66f..0ddcb0f070a 100644
--- a/.github/workflows/api-extractor.yml
+++ b/.github/workflows/api-extractor.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
diff --git a/.github/workflows/arethetypeswrong.yml b/.github/workflows/arethetypeswrong.yml
index a95d1bb3fc4..42bd5535d97 100644
--- a/.github/workflows/arethetypeswrong.yml
+++ b/.github/workflows/arethetypeswrong.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/change-prerelease-tag.yml b/.github/workflows/change-prerelease-tag.yml
index 7c6250d7424..3ab762dbda4 100644
--- a/.github/workflows/change-prerelease-tag.yml
+++ b/.github/workflows/change-prerelease-tag.yml
@@ -32,7 +32,7 @@ jobs:
       # Check out the repository, using the Github Actions Bot app's token so
       # that we can push later.
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
           # Checkout release branch entered when workflow was kicked off
diff --git a/.github/workflows/cleanup-checks.yml b/.github/workflows/cleanup-checks.yml
index 2924289a016..646fb6cf257 100644
--- a/.github/workflows/cleanup-checks.yml
+++ b/.github/workflows/cleanup-checks.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: add label
         uses: actions/github-script@v7.0.1
         with:
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
diff --git a/.github/workflows/compare-build-output.yml b/.github/workflows/compare-build-output.yml
index afe3a58d79b..bc74e25a50e 100644
--- a/.github/workflows/compare-build-output.yml
+++ b/.github/workflows/compare-build-output.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # Fetch entire git history so we have the parent commit to compare against
           fetch-depth: 0
diff --git a/.github/workflows/docmodel.yml b/.github/workflows/docmodel.yml
index 262c6b80627..c698982f820 100644
--- a/.github/workflows/docmodel.yml
+++ b/.github/workflows/docmodel.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
diff --git a/.github/workflows/exit-prerelease.yml b/.github/workflows/exit-prerelease.yml
index 7f313ee7bd6..e4ca5964826 100644
--- a/.github/workflows/exit-prerelease.yml
+++ b/.github/workflows/exit-prerelease.yml
@@ -27,7 +27,7 @@ jobs:
       # Check out the repository, using the Github Actions Bot app's token so
       # that we can push later.
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
           # Checkout release branch entered when workflow was kicked off
diff --git a/.github/workflows/knip.yml b/.github/workflows/knip.yml
index 63d7d737a68..90aff99e100 100644
--- a/.github/workflows/knip.yml
+++ b/.github/workflows/knip.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Ubuntu/Node v20
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-node@v4
       - name: Install dependencies (with cache)
         uses: bahmutov/npm-install@v1
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
index df8f9d3feee..513af1c0899 100644
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@@ -33,7 +33,7 @@ jobs:
       # Check out the repository, using the Github Actions Bot app's token so
       # that we can push later.
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
           # Fetch entire git history so  Changesets can generate changelogs
@@ -114,7 +114,7 @@ jobs:
           private-key: ${{ secrets.APOLLO_GITHUB_ACTIONS_BOT_PRIVATE_KEY }}
 
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.github-actions-bot-app-token.outputs.token }}
 
diff --git a/.github/workflows/publish-pr-releases.yml b/.github/workflows/publish-pr-releases.yml
index 8e1a2aac15c..d57de6c8e29 100644
--- a/.github/workflows/publish-pr-releases.yml
+++ b/.github/workflows/publish-pr-releases.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a9df4ad4ea5..ebcccbd84a7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
       publishedPackages: ${{ steps.changesets.outputs.publishedPackages }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # Fetch entire git history so  Changesets can generate changelogs
           # with the correct commits
diff --git a/.github/workflows/scheduled-test-canary.yml b/.github/workflows/scheduled-test-canary.yml
index f94dc74be0b..e4c4e710654 100644
--- a/.github/workflows/scheduled-test-canary.yml
+++ b/.github/workflows/scheduled-test-canary.yml
@@ -23,7 +23,7 @@ jobs:
         tag: ${{ fromJson(github.event_name == 'workflow_dispatch' && inputs.tags || '["canary", "experimental"]') }}
         branch: ${{ fromJson(github.event_name == 'workflow_dispatch' && inputs.branches || '["main", "release-3.13", "release-4.0"]') }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ matrix.branch }}
       - uses: actions/setup-node@v4
diff --git a/.github/workflows/size-limit.yml b/.github/workflows/size-limit.yml
index 15c2862771b..79cc54b14c9 100644
--- a/.github/workflows/size-limit.yml
+++ b/.github/workflows/size-limit.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/snapshot-release.yml b/.github/workflows/snapshot-release.yml
index a3bbc63f6e1..eb25f4d4d9b 100644
--- a/.github/workflows/snapshot-release.yml
+++ b/.github/workflows/snapshot-release.yml
@@ -65,7 +65,7 @@ jobs:
           exit 1
 
       - name: Checkout ref
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ## specify the owner + repository in order to checkout the fork
           ## for community PRs