diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml
index 82d9786a5e..819b92cbbb 100644
--- a/.github/workflows/autobuild.yml
+++ b/.github/workflows/autobuild.yml
@@ -75,7 +75,7 @@ jobs:
         contents:                   write
     steps:
       - name:                       Checkout code
-        uses:                       actions/checkout@v4
+        uses:                       actions/checkout@v5
 
       - name:                       Determine release version, type and prerelease variables
         run:                        ./.github/autobuild/get_build_vars.py
@@ -310,7 +310,7 @@ jobs:
           git config --global --add safe.directory "${GITHUB_WORKSPACE}"
 
       - name:                       Checkout code
-        uses:                       actions/checkout@v4
+        uses:                       actions/checkout@v5
         with:
           # only Android needs the oboe submodule, so don't fetch it for other builds
           submodules:               ${{ matrix.config.target_os == 'android' }}
diff --git a/.github/workflows/bump-dependencies.yml b/.github/workflows/bump-dependencies.yml
index 017257ce56..b4a1af5ca4 100644
--- a/.github/workflows/bump-dependencies.yml
+++ b/.github/workflows/bump-dependencies.yml
@@ -83,7 +83,7 @@ jobs:
             local_version_regex: (.*["\/]asiosdk_)([^"]+?)(".*|\.zip.*)
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ssh-key: ${{ secrets.BUMP_DEPENDENCIES_SSH_DEPLOY_KEY || 'fail-due-to-missing-ssh-key-as-secret' }}
           fetch-depth: '0'  # we create/compare new branches and therefore require full history
@@ -171,7 +171,7 @@ jobs:
       # This job runs via pull_request_target. Please check for any security
       # consequences when extending these steps:
       # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         # this checks out the upstream `main` and not the PR branch; this is fine for us
         # as we just need a proper config for git/gh to work with.
       - env:
diff --git a/.github/workflows/check-json-rpcs-docs.yml b/.github/workflows/check-json-rpcs-docs.yml
index 80009da170..f14ffd43ce 100644
--- a/.github/workflows/check-json-rpcs-docs.yml
+++ b/.github/workflows/check-json-rpcs-docs.yml
@@ -13,7 +13,7 @@ jobs:
   check-json-rpc-docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - run: ./tools/generate_json_rpc_docs.py
       - run: |
           [[ -z "$(git status --porcelain=v1)" ]] && exit 0
diff --git a/.github/workflows/coding-style-check.yml b/.github/workflows/coding-style-check.yml
index b7660ac594..2f4c2e0585 100644
--- a/.github/workflows/coding-style-check.yml
+++ b/.github/workflows/coding-style-check.yml
@@ -30,7 +30,7 @@ jobs:
     # The clangFormatVersion is based on Ubuntu current LTS (jammy at time of writing).
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Check .cpp/.h/.mm with clang-format
       uses: DoozyX/clang-format-lint-action@bcb4eb2cb0d707ee4f3e5cc3b456eb075f12cf73
       with:
@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     # shellcheck is already pre-installed on ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Check .sh with shellcheck
       run: find -name '*.sh' -not -path './libs/*' -exec shellcheck --shell=bash {} +
     - name: Install shfmt
@@ -56,7 +56,7 @@ jobs:
     name: Verify Python coding style
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Install pylint
       run: pip install --user "pylint < 3.0"
     - name: Check Python files with pylint
diff --git a/.github/workflows/translation-check.yml b/.github/workflows/translation-check.yml
index cbaebe455d..5099864406 100644
--- a/.github/workflows/translation-check.yml
+++ b/.github/workflows/translation-check.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on:         ubuntu-latest
     steps:
       - name:        Checkout Code
-        uses:        actions/checkout@v4
+        uses:        actions/checkout@v5
       - name:        "Check Windows installer translations"
         run:         ./tools/check-wininstaller-translations.sh
       #- name:       "Check for duplicate hotkeys (will not fail)"
diff --git a/.github/workflows/update-copyright-notices.yml b/.github/workflows/update-copyright-notices.yml
index b248606288..fa1aab8bfd 100644
--- a/.github/workflows/update-copyright-notices.yml
+++ b/.github/workflows/update-copyright-notices.yml
@@ -19,7 +19,7 @@ jobs:
       pull-requests: write
       contents: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - run: ./tools/update-copyright-notices.sh
       - env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -51,7 +51,7 @@ jobs:
       pull-requests: write
       contents: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - env:
           pr_branch: ${{ github.event.pull_request.head.ref }}
         run: |