Skip to content

chore(deps): bump actions/checkout from 4 to 6#11

Closed
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/github_actions/actions/checkout-6
Closed

chore(deps): bump actions/checkout from 4 to 6#11
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 27, 2026

Copy link
Copy Markdown

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

@dependabot @github

dependabot Bot commented on behalf of github May 27, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

safenestdev and others added 2 commits June 3, 2026 09:43
Resolves Dependabot alert #6 (GHSA-5xrq-8626-4rwp / CVE-2026-47429,
vitest UI arbitrary file read). Practical exposure here is nil since
this repo only runs `vitest run` headlessly, but moving to 4.x clears
the alert and stays current.

vitest 4 requires Node ^20 || ^22 || >=24, so the CI test matrix drops
18.x and adds 24.x. `engines.node` stays at >=18 — the SDK runtime
itself doesn't need 20+, only the test toolchain does.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-6 branch from eb5debb to 5fdb93b Compare June 3, 2026 08:03
@safenestdev

Copy link
Copy Markdown
Contributor

Superseded by 47db6b2 on main: actions/checkout v4 → v6 across ci.yml, codeql.yml, and publish.yml.

@safenestdev safenestdev closed this Jun 3, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot
dependabot Bot deleted the dependabot/github_actions/actions/checkout-6 branch June 3, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant