Skip to content

chore(deps): bump actions/checkout from 4.2.2 to 6.0.2 in the actions-core group across 1 directory#366

Open
dependabot[bot] wants to merge 2 commits into
developfrom
dependabot/github_actions/develop/actions-core-e6ee9d7de3
Open

chore(deps): bump actions/checkout from 4.2.2 to 6.0.2 in the actions-core group across 1 directory#366
dependabot[bot] wants to merge 2 commits into
developfrom
dependabot/github_actions/develop/actions-core-e6ee9d7de3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Bumps the actions-core group with 1 update in the / directory: actions/checkout.

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Dependency updates (usually opened by Dependabot) github-actions Updates to GitHub Actions dependencies (Dependabot ecosystem) labels May 14, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 14, 2026 15:03
@dependabot dependabot Bot added dependencies Dependency updates (usually opened by Dependabot) github-actions Updates to GitHub Actions dependencies (Dependabot ecosystem) labels May 14, 2026
@lerian-studio lerian-studio added size/XS PR changes < 50 lines workflow Changes to one or more reusable workflow files typescript Changes to TypeScript or Frontend workflows golang Changes to Go-related workflows and removed dependencies Dependency updates (usually opened by Dependabot) labels May 14, 2026
@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented May 14, 2026
edited
Loading

🔍 PR Validation Summary

✅ PR Mergeable — no blocking failures

Check Status Blocking
Source Branch ✅ success yes
PR Title ✅ success yes
PR Description ✅ success yes
PR Size ✅ success no
Auto Labels ✅ success no
PR Metadata ✅ success no

🔍 View workflow run

@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented May 14, 2026
edited
Loading

🔍 Lint Analysis

Check Files Scanned Status
YAML Lint 6 file(s) ✅ success
Action Lint 6 file(s) ❌ failure
Pinned Actions 6 file(s) ❌ failure
Markdown Link Check no changes ⏭️ skipped
Spelling Check 6 file(s) ✅ success
Shell Check 6 file(s) ✅ success
README Check 6 file(s) ✅ success
Composite Schema no changes ⏭️ skipped
Deployment Matrix no changes ⏭️ skipped
❌ Failures (2)

Action Lint

.github/workflows/dispatch-helm.yml

  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:8:27: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:7:12: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:6:46: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:5:61: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:4:12: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:3:32: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:13:138: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:11:50: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:10:50: Double quote to prevent globbing and word splitting
  • .github/workflows/dispatch-helm.yml (line 109) — shellcheck reported issue in this script: SC2086:info:171:46: Double quote to prevent globbing and word splitting

Pinned Actions

.github/workflows/go-ci.yml

  • .github/workflows/go-ci.yml (line 149) — External action not pinned by SHA: uses: golangci/golangci-lint-action@v9 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 143) — External action not pinned by SHA: uses: actions/setup-go@v6 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 140) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 129) — External action not pinned by SHA: uses: fgrosse/go-coverage-report@v1.3.0 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 124) — External action not pinned by SHA: uses: actions/download-artifact@v8 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 121) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 104) — External action not pinned by SHA: uses: actions/upload-artifact@v7 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 85) — External action not pinned by SHA: uses: actions/setup-go@v6 (use full commit SHA with a # vX.Y.Z comment)
  • .github/workflows/go-ci.yml (line 82) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)

.github/workflows/dispatch-helm.yml

  • .github/workflows/dispatch-helm.yml (line 103) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)

🔍 View full scan logs

@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented May 14, 2026
edited
Loading

🛡️ CodeQL Analysis Results

Languages analyzed: actions

✅ No security issues found.

🔍 View full scan logs | 🛡️ Security tab

@dependabot
chore(deps): bump actions/checkout
b65ad1e 
Bumps the actions-core group with 1 update in the / directory: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 4.2.2 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v4.2.2...v6.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-core
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump actions/checkout from 4.2.2 to 6.0.2 in the actions-core group chore(deps): bump actions/checkout from 4.2.2 to 6.0.2 in the actions-core group across 1 directory May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/develop/actions-core-e6ee9d7de3 branch from 3829418 to b65ad1e Compare May 18, 2026 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

github-actions Updates to GitHub Actions dependencies (Dependabot ecosystem) golang Changes to Go-related workflows size/XS PR changes < 50 lines typescript Changes to TypeScript or Frontend workflows workflow Changes to one or more reusable workflow files

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lerian-studio @bedatty