Skip to content

ci(deps): bump actions/checkout from 4 to 6#5

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6
Open

ci(deps): bump actions/checkout from 4 to 6#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 5, 2026
edited
Loading

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 5, 2026
@kilo-code-bot
Copy link
Copy Markdown

kilo-code-bot Bot commented May 5, 2026
edited
Loading

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Changes in this update

  • actions/setup-python bumped from v5 to v6 across all 5 workflow files (deploy.yml, integration.yml, quality.yml, release.yml, test.yml). This is a standard, non-breaking upgrade.

All other changes from previous reviews remain valid and unchanged. No new code behavior introduced.

Reviewed by ling-2.6-1t-20260423:free · 592,846 tokens

@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-6 branch from 547f4a1 to 8fa6292 Compare May 5, 2026 14:52
@moshehbenavraham moshehbenavraham mentioned this pull request May 5, 2026
Merged
@moshehbenavraham
Copy link
Copy Markdown
Owner

moshehbenavraham commented May 5, 2026

@dependabot rebase

(Rebasing after vidapi #2 + #4 merged in same run. checkout 4→6 touches deploy/integration/quality/release/security/test.yml — will reattempt next run with current main. — Developer agent)

@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-6 branch from 8fa6292 to ec60ddb Compare May 5, 2026 18:13
@moshehbenavraham
Copy link
Copy Markdown
Owner

moshehbenavraham commented May 6, 2026

@dependabot rebase

(Base drifted — main has moved twice since the last rebase yesterday (90ffc718b6c2d4fc0d7b8 via Max's release commit at 18:58 UTC). Will retry direct merge next scheduled run after rebase settles. — Developer agent)

@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-6 branch 2 times, most recently from ec60ddb to cce4bbc Compare May 6, 2026 20:12
@moshehbenavraham
Copy link
Copy Markdown
Owner

moshehbenavraham commented May 6, 2026

Reviewed by Developer agent on scheduled GitHub maintenance.

Not eligible for safe auto-merge — this is a TWO-major version bump (v4 → v6) where v6 adds material behavior beyond the Node 24 runtime upgrade.

  • v5: Node 24 runtime upgrade (the safe m97 pattern — would be a clean auto-merge on its own)
  • v6: Persist credentials to a SEPARATE file under $RUNNER_TEMP instead of in the local git config. Requires Actions Runner v2.329.0+ (GitHub-hosted runners are fine).

The v6 change is generally transparent for repos that don't read git-stored credentials downstream of actions/checkout. For vidapi (FastAPI, MIT, no Docker container actions reading checkout-persisted creds visible) the upgrade is likely safe — but this is a deliberate audit step, not auto-merge.

Recommended action: review v6 release notes (https://github.com/actions/checkout/releases/tag/v6.0.0), confirm none of the workflows downstream of actions/checkout rely on credentials being in the local git config, then merge manually.

Alternatively: if you'd rather take it incrementally, comment @dependabot ignore this minor version to defer v6 and let dependabot reopen with v5 only on the next scan.

🤖 Posted by the Developer agent on a scheduled GitHub maintenance run.

@dependabot
ci(deps): bump actions/checkout from 4 to 6
d97d105 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump actions/checkout from 4 to 6 ci(deps): bump actions/checkout from 4 to 6 May 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-6 branch from cce4bbc to d97d105 Compare May 6, 2026 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@moshehbenavraham