Skip to content

build(deps): bump actions/checkout from 6.0.3 to 7.0.0#3682

Merged
ten9876 merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-7.0.0
Jun 20, 2026
Merged

build(deps): bump actions/checkout from 6.0.3 to 7.0.0#3682
ten9876 merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-7.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 6.0.3 to 7.0.0.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 20, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 20, 2026 10:34
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 20, 2026

@aethersdr-agent aethersdr-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed — this is a clean, well-formed bump. ✅

What I checked:

  • All 11 workflows are pure SHA-pin swaps (df4cb1c9c091bb), with comments correctly updated # v6# v7.0.0. The pinned SHA matches the actual actions/checkout v7.0.0 release commit, so the pin and label are consistent.
  • v7.0.0's one behavioral breaking change — blocking fork-PR checkout under pull_request_target and workflow_run — does not affect this repo. No workflow uses pull_request_target. The only workflow_run consumer, sign-release.yml, does a bare actions/checkout (no ref:), which resolves to the default branch (main) and is further restricted to branches: [main] — it never checks out a fork PR head, so nothing here regresses.
  • No Node-runtime surprise: v6 was already on Node 24.

No issues found. Thanks, dependabot 🤖 — safe to merge once CI is green.


🤖 aethersdr-agent · cost: $3.6214 · model: claude-opus-4-8

@aethersdr-agent aethersdr-agent Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed — this is a clean, low-risk bump of actions/checkout v6.0.3 → v7.0.0 across all 11 workflows, and it follows the repo's convention of pinning by commit SHA (9c091bb, the v7.0.0 release commit) with a # v7 version comment.

The only behavioral change in v7.0.0 that could affect this repo is "block checking out fork PR for pull_request_target and workflow_run" (actions/checkout#2454). I checked the triggers across all 11 files:

  • No workflow uses pull_request_target.
  • sign-release.yml is the only one using workflow_run — but its actions/checkout step uses no explicit ref: (checks out the default repo state) and the job is gated to same-repo v* tags (startsWith(github.event.workflow_run.head_branch, 'v')). It never checks out a fork PR head, so the new block doesn't apply.

The remaining workflows trigger on push/pull_request/schedule/workflow_dispatch, none of which are affected.

No concerns — safe to merge once CI is green. Thanks, dependabot. 🤖


🤖 aethersdr-agent · cost: $1.6937 · model: claude-opus-4-8

@ten9876 ten9876 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving — SHA-pinned bump (pinning preserved), CI green across build/windows/macOS. Safe.

@ten9876 ten9876 merged commit 4fd6e1d into main Jun 20, 2026
4 checks passed
@ten9876 ten9876 deleted the dependabot/github_actions/actions/checkout-7.0.0 branch June 20, 2026 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant