From 46fdb4373de358cf8be89e9747ee6046a83580aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jun 2026 09:13:52 +0000 Subject: [PATCH] build(deps): Bump actions/checkout from 6 to 7 Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/glyphcheck.yml | 2 +- .github/workflows/kit-autobump.yml | 2 +- .github/workflows/publish.yml | 4 ++-- .github/workflows/validate.yml | 2 +- .github/workflows/vulncheck.yml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/glyphcheck.yml b/.github/workflows/glyphcheck.yml index 9f18c92..72edcc6 100644 --- a/.github/workflows/glyphcheck.yml +++ b/.github/workflows/glyphcheck.yml @@ -34,7 +34,7 @@ jobs: glyphcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: "${{ env.GO_VERSION }}" } - name: linter self-test (stdlib only, offline) diff --git a/.github/workflows/kit-autobump.yml b/.github/workflows/kit-autobump.yml index 021384f..741785c 100644 --- a/.github/workflows/kit-autobump.yml +++ b/.github/workflows/kit-autobump.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: # Bot token so the PR triggers validate.yml (which gates auto-merge). - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: token: ${{ secrets.KIT_RELEASE_TOKEN }} - uses: actions/setup-go@v6 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d1eaa1d..5ef631c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -39,7 +39,7 @@ jobs: # outputs the arcade re-verifies server-side anyway). dirs: ${{ steps.changed.outputs.dirs }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 # full history for the changed-dirs diff persist-credentials: false # this job compiles untrusted code — no token on disk @@ -183,7 +183,7 @@ jobs: contents: write # cut releases pull-requests: write # upsert the verified:false comment on the merged PR steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 # all tags for N derivation + CHANGELOG notes persist-credentials: false # gh uses GH_TOKEN from env; git stays read-only diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 8b33ccb..87fc95a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -22,7 +22,7 @@ jobs: submissions: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: { fetch-depth: 0 } - name: changed game dirs diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml index d6ac231..cffc950 100644 --- a/.github/workflows/vulncheck.yml +++ b/.github/workflows/vulncheck.yml @@ -38,7 +38,7 @@ jobs: go-games: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: { go-version: "${{ env.GO_VERSION }}" } - name: govulncheck every Go game @@ -59,7 +59,7 @@ jobs: rust-games: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: cargo-audit every Rust game run: | cargo install cargo-audit --locked --version "${CARGO_AUDIT_VERSION}"