chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by dependabot[bot] · Pull Request #5876 · external-secrets/external-secrets

dependabot · 2026-01-26T08:41:25Z

Bumps actions/checkout from 6.0.1 to 6.0.2.

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

coderabbitai · 2026-01-26T08:41:45Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🔍 Trigger a full review

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Skarlso · 2026-01-28T09:29:50Z

@dependabot rebase

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8e8c483...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-01-28T09:31:56Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

…ets#5876) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8e8c483...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Nattapong Ekudomsuk <nuttapong_mos@hotmail.com>

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `1.2.1` → `1.3.2` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v1.3.2`](https://github.com/external-secrets/external-secrets/releases/tag/v1.3.2) [Compare Source](external-secrets/external-secrets@v1.3.1...v1.3.2) Image: `ghcr.io/external-secrets/external-secrets:v1.3.2` Image: `ghcr.io/external-secrets/external-secrets:v1.3.2-ubi` Image: `ghcr.io/external-secrets/external-secrets:v1.3.2-ubi-boringssl`  #### What's Changed ##### General - chore: release helm chart for v1.3.1 by [@Skarlso](https://github.com/Skarlso) in [#5860](external-secrets/external-secrets#5860) - chore(chart): Add missing tests for readinessProbe by [@jcpunk](https://github.com/jcpunk) in [#5769](external-secrets/external-secrets#5769) - docs: Update FluxCD example by [@umizoom](https://github.com/umizoom) in [#5862](external-secrets/external-secrets#5862) - fix(ci): Removed the unused check for Windows in Makefile by [@HauptJ](https://github.com/HauptJ) in [#5870](external-secrets/external-secrets#5870) - docs(release): Add actual dates for EOL of 1.x releases in stability and support page by [@n4zukker](https://github.com/n4zukker) in [#5889](external-secrets/external-secrets#5889) - docs: Passbolt provider maintenance ownership by [@stripthis](https://github.com/stripthis) in [#5886](external-secrets/external-secrets#5886) - chore: Update Passbolt MaintenanceStatus to MaintenanceStatusMaintained by [@stripthis](https://github.com/stripthis) in [#5887](external-secrets/external-secrets#5887) - fix(security): sanitize json.Unmarshal errors to prevent secret data … by [@moolen](https://github.com/moolen) in [#5884](external-secrets/external-secrets#5884) - fix: webhook initialization order by [@gusfcarvalho](https://github.com/gusfcarvalho) in [#5901](external-secrets/external-secrets#5901) - chore: Cleanup flags by [@evrardj-roche](https://github.com/evrardj-roche) in [#5845](external-secrets/external-secrets#5845) - fix: onepasswordsdk shared tenant by altering the provider in the client cache by [@Skarlso](https://github.com/Skarlso) in [#5921](external-secrets/external-secrets#5921) ##### Dependencies - chore(deps): bump github/codeql-action from 4.31.10 to 4.31.11 by [@dependabot](https://github.com/dependabot)\[bot] in [#5873](external-secrets/external-secrets#5873) - chore(deps): bump pymdown-extensions from 10.20 to 10.20.1 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5877](external-secrets/external-secrets#5877) - chore(deps): bump markdown from 3.10 to 3.10.1 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5880](external-secrets/external-secrets#5880) - chore(deps): bump ubi9/ubi from `22e9573` to `1f84f5c` by [@dependabot](https://github.com/dependabot)\[bot] in [#5871](external-secrets/external-secrets#5871) - chore(deps): bump actions/setup-python from 6.1.0 to 6.2.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5872](external-secrets/external-secrets#5872) - chore(deps): bump hashicorp/setup-terraform from [`93d5a27`](external-secrets/external-secrets@93d5a27) to [`dcc3150`](external-secrets/external-secrets@dcc3150) by [@dependabot](https://github.com/dependabot)\[bot] in [#5875](external-secrets/external-secrets#5875) - chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#5876](external-secrets/external-secrets#5876) - chore(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5878](external-secrets/external-secrets#5878) - chore(deps): bump anchore/sbom-action from 0.21.1 to 0.22.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5874](external-secrets/external-secrets#5874) - chore(deps): bump packaging from 25.0 to 26.0 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5879](external-secrets/external-secrets#5879) - chore(deps): bump golang from `d9b2e14` to `98e6cff` by [@dependabot](https://github.com/dependabot)\[bot] in [#5907](external-secrets/external-secrets#5907) - chore(deps): bump alpine from `865b95f` to `2510918` in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5914](external-secrets/external-secrets#5914) - chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5909](external-secrets/external-secrets#5909) - chore(deps): bump actions/cache from 5.0.2 to 5.0.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#5912](external-secrets/external-secrets#5912) - chore(deps): bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5910](external-secrets/external-secrets#5910) - chore(deps): bump hashicorp/setup-terraform from [`dcc3150`](external-secrets/external-secrets@dcc3150) to [`ce70bcf`](external-secrets/external-secrets@ce70bcf) by [@dependabot](https://github.com/dependabot)\[bot] in [#5911](external-secrets/external-secrets#5911) - chore(deps): bump ubi9/ubi from `1f84f5c` to `c8df11b` by [@dependabot](https://github.com/dependabot)\[bot] in [#5908](external-secrets/external-secrets#5908) - chore(deps): bump alpine from 3.23.2 to 3.23.3 in /e2e by [@dependabot](https://github.com/dependabot)\[bot] in [#5915](external-secrets/external-secrets#5915) - chore(deps): bump alpine from `865b95f` to `2510918` by [@dependabot](https://github.com/dependabot)\[bot] in [#5906](external-secrets/external-secrets#5906) - chore(deps): bump pathspec from 1.0.3 to 1.0.4 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5916](external-secrets/external-secrets#5916) - chore(deps): bump babel from 2.17.0 to 2.18.0 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5917](external-secrets/external-secrets#5917) - chore(deps): bump github/codeql-action from 4.31.11 to 4.32.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5913](external-secrets/external-secrets#5913) #### New Contributors - [@umizoom](https://github.com/umizoom) made their first contribution in [#5862](external-secrets/external-secrets#5862) - [@HauptJ](https://github.com/HauptJ) made their first contribution in [#5870](external-secrets/external-secrets#5870) - [@n4zukker](https://github.com/n4zukker) made their first contribution in [#5889](external-secrets/external-secrets#5889) - [@stripthis](https://github.com/stripthis) made their first contribution in [#5886](external-secrets/external-secrets#5886) **Full Changelog**: <external-secrets/external-secrets@v1.3.1...v1.3.2> ### [`v1.3.1`](https://github.com/external-secrets/external-secrets/releases/tag/v1.3.1) [Compare Source](external-secrets/external-secrets@v1.2.1...v1.3.1) Image: `ghcr.io/external-secrets/external-secrets:v1.3.1` Image: `ghcr.io/external-secrets/external-secrets:v1.3.1-ubi` Image: `ghcr.io/external-secrets/external-secrets:v1.3.1-ubi-boringssl`  For a Full release please referre to <https://github.com/external-secrets/external-secrets/releases/tag/v1.3.0>. This is a fix build for the docker publish flow. #### What's Changed ##### General - fix: ignore the in-toto manifest when promoting the docker build by [@Skarlso](https://github.com/Skarlso) in [#5859](external-secrets/external-secrets#5859) **Full Changelog**: <external-secrets/external-secrets@v1.3.0...v1.3.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://kubara.git.onstackit.cloud/STACKIT/kubara/pulls/250

…ets#5876) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8e8c483...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 26, 2026

github-project-automation bot added this to External Secrets Jan 26, 2026

dependabot bot added the github_actions Pull requests that update GitHub Actions code label Jan 26, 2026

github-actions bot added area/deps kind/chore Categorizes Pull Requests for chore activities (like bumping versions) kind/dependency dependabot and upgrades component/github-actions size/s labels Jan 26, 2026

eso-service-account-app bot previously approved these changes Jan 26, 2026

View reviewed changes

dependabot bot dismissed eso-service-account-app[bot]’s stale review via eb58466 January 28, 2026 09:30

dependabot bot force-pushed the dependabot/github_actions/actions/checkout-6.0.2 branch from b02f952 to eb58466 Compare January 28, 2026 09:30

eso-service-account-app bot approved these changes Jan 28, 2026

View reviewed changes

eso-service-account-app bot merged commit 7038a1e into main Jan 28, 2026
21 checks passed

eso-service-account-app bot deleted the dependabot/github_actions/actions/checkout-6.0.2 branch January 28, 2026 09:31

github-project-automation bot moved this to Done in External Secrets Jan 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump actions/checkout from 6.0.1 to 6.0.2#5876

chore(deps): bump actions/checkout from 6.0.1 to 6.0.2#5876
eso-service-account-app[bot] merged 1 commit intomainfrom
dependabot/github_actions/actions/checkout-6.0.2

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading

Uh oh!

coderabbitai bot commented Jan 26, 2026 •

edited

Loading

Review skipped

Uh oh!

Skarlso commented Jan 28, 2026

Uh oh!

Uh oh!

sonarqubecloud bot commented Jan 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.2

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

Uh oh!

coderabbitai bot commented Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

Skarlso commented Jan 28, 2026

Uh oh!

Uh oh!

sonarqubecloud bot commented Jan 28, 2026

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading

coderabbitai bot commented Jan 26, 2026 •

edited

Loading