Skip to content

Bump actions/checkout from 4.3.1 to 6.0.2#158

Merged
DeepDiver1975 merged 1 commit into
masterfrom
dependabot/github_actions/actions/checkout-6
Jul 13, 2026
Merged

Bump actions/checkout from 4.3.1 to 6.0.2#158
DeepDiver1975 merged 1 commit into
masterfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 4.3.1 to 6.0.2.

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 12, 2026
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4.3.1...de0fac2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump actions/checkout from 4 to 6 Bump actions/checkout from 4.3.1 to 6.0.2 May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-6 branch from 46e8b5d to 1b8f9c8 Compare May 18, 2026 13:11

@dj4oC dj4oC left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump: actions/checkout 4.3.1 → 6.0.2 (GitHub Actions ecosystem, covered by .github/dependabot.yml, excluded from the minor-and-patch group since it's a major bump).

Findings

Stability (1 finding, not auto-merged)

  • This is a major version bump spanning two major versions (v4 → v6) — does not qualify for the Dependabot fast-lane. actions/checkout v5/v6 changed default Node runtime requirements and touched persist-credentials/fetch-depth defaults across major releases; this PR's diff doesn't show any corresponding config change in push-transifex.yml, so a human should confirm the workflow doesn't implicitly depend on v4 defaults (e.g. credential persistence behavior) before merging.
  • Security: no findings — no CVE, but actions/checkout handles credential persistence for the calling workflow, so a default-behavior change here is security-adjacent even without a CVE.
  • Performance: no findings.
  • Coverage: N/A — CI-only dependency bump, no Swift/UIKit code touched.

Note

Build verification skipped (Xcode not available in cloud review environment). Code analysis only.

Verdict

Commenting — holding for human review due to major version bump; no equivalent PR currently open in ios-app for cross-reference.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

dj4oC commented Jul 8, 2026

Copy link
Copy Markdown
  • Security: no findings
  • Stability: 1 finding — see review
  • Performance: no findings
  • Test coverage: N/A (CI-only dependency bump, no app code)
  • TODOs found: none
  • Dependency touched: yes — confirmed in .github/dependabot.yml (github-actions ecosystem)
  • CI status: all green (ran against the bumped version already)
  • Stale review: no

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

@DeepDiver1975 DeepDiver1975 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump; CI green. Approving.

@DeepDiver1975 DeepDiver1975 merged commit ecff6d3 into master Jul 13, 2026
2 checks passed
@DeepDiver1975 DeepDiver1975 deleted the dependabot/github_actions/actions/checkout-6 branch July 13, 2026 10:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants