Skip to content

chore(deps): bump actions/checkout from 6.0.2 to 7.0.0#522

Merged
izadoesdev merged 3 commits into
stagingfrom
dependabot/github_actions/staging/actions/checkout-7.0.0
Jul 1, 2026
Merged

chore(deps): bump actions/checkout from 6.0.2 to 7.0.0#522
izadoesdev merged 3 commits into
stagingfrom
dependabot/github_actions/staging/actions/checkout-7.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 6.0.2 to 7.0.0.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by cubic

Bump actions/checkout from 6.0.2 to 7.0.0 across all GitHub Actions workflows for security hardening and upstream changes. Updated workflow references and comments; no functional changes.

  • Migration
    • v7 blocks checking out fork code in pull_request_target and workflow_run. If your workflow depends on this, switch to pull_request or adjust permissions/logic.
    • No changes needed for standard CI on push or pull_request.

Written for commit 3d77e88. Summary will update on new commits.

Review in cubic

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 1, 2026
@dependabot
dependabot Bot requested a review from izadoesdev as a code owner July 1, 2026 04:14
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 1, 2026
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dashboard Ready Ready Preview, Comment Jul 1, 2026 8:01am
databuddy-status Ready Ready Preview, Comment Jul 1, 2026 8:01am
documentation Ready Ready Preview, Comment Jul 1, 2026 8:01am

@unkey-deploy

unkey-deploy Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Unkey Deploy

Name Status Preview Inspect Updated (UTC)
api (preview) Ready Visit Preview Inspect Jul 1, 2026 7:59am

@izadoesdev

Copy link
Copy Markdown
Member

Reviewed for staging merge.

  • Verified actions/checkout tag v7.0.0 resolves to 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0, matching the pinned SHA.
  • Updated the branch onto current staging; net diff is the checkout pin across 8 workflow files.
  • Fixed the inline comments from # v6 to # v7 in all 15 checkout call sites so the breadcrumbs match the pinned major.
  • Checked for pull_request_target / workflow_run workflows; none are present, so the v7 behavior change there does not apply.
  • Fresh checks are green: Lint, Check Types, Test, Dashboard Playwright, API/Basket/Insights Health Check, CodeQL/Analyze, Socket, and Vercel previews.
  • Subagent review agreed this is clean and mergeable.

Merging to staging.

@izadoesdev izadoesdev left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved after updating onto current staging, aligning checkout version comments with v7, and confirming all fresh checks are green.

@izadoesdev
izadoesdev merged commit 592efa7 into staging Jul 1, 2026
15 checks passed
@izadoesdev
izadoesdev deleted the dependabot/github_actions/staging/actions/checkout-7.0.0 branch July 1, 2026 08:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant