Skip to content

Bump actions/checkout from 6 to 6.0.2#401

Merged
github-actions[bot] merged 2 commits into
mainfrom
dependabot/github_actions/actions/checkout-6.0.2
Jun 3, 2026
Merged

Bump actions/checkout from 6 to 6.0.2#401
github-actions[bot] merged 2 commits into
mainfrom
dependabot/github_actions/actions/checkout-6.0.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 6 to 6.0.2.

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump actions/checkout from 6 to 6.0.2
5570621 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v6.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner June 3, 2026 14:09
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 3, 2026
senzingdevops
senzingdevops approved these changes Jun 3, 2026
View reviewed changes

@senzingdevops senzingdevops left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions github-actions Bot enabled auto-merge (squash) June 3, 2026 14:11
@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

🤖 Claude Code Review

PR Code Review

This PR bumps actions/checkout from v6 to v6.0.2 across all GitHub Actions workflow files.

Code Quality

  • Style guide: CI configuration changes, not applicable to Python style guide.
  • No commented-out code: None present.
  • Meaningful variable names: N/A.
  • DRY principle: The change is consistent across all 11 workflow files. No consolidation opportunity missed given GitHub Actions' per-file structure.
  • Defects: No logic errors. Pinning to an explicit patch version (v6.0.2) instead of a mutable tag (v6) is a security improvement — it prevents tag mutation attacks where a tag could be silently redirected to a different commit.
  • CLAUDE.md: No changes to project configuration files.

Testing

  • ✅ No new code paths introduced; CI workflow version bump requires no unit/integration tests.

Documentation

  • README: No update needed.
  • API docs: N/A.
  • Inline comments: N/A.
  • CHANGELOG.md: Minor dependency bump — no changelog entry required, though some projects track this. Not a blocker.
  • Markdown formatting: No markdown files changed.

Security

  • No hardcoded credentials: None present.
  • Input validation: N/A.
  • Error handling: N/A.
  • Sensitive data in logs: N/A.
  • License files: No .lic files or AQAAAD-prefixed strings present.

Summary

This is a clean, low-risk maintenance PR. Pinning to v6.0.2 is strictly better than the mutable v6 tag from a supply-chain security standpoint. All 11 affected workflow files are updated consistently. Approved.

Automated code review analyzing defects and coding standards

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj self-assigned this Jun 3, 2026
senzingdevops
senzingdevops approved these changes Jun 3, 2026
View reviewed changes

@senzingdevops senzingdevops left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

🤖 Claude Code Review

PR Code Review

This PR updates actions/checkout from v6 to v6.0.2 across all GitHub Actions workflow files.

Code Quality

  • Style guide: CI/workflow changes only — no Python code modified.
  • No commented-out code: N/A
  • Meaningful variable names: N/A
  • DRY principle: The change is consistent across all 11 workflow files.
  • No defects: Pinning to a specific patch version (v6.0.2) is a security best practice — it prevents unexpected behavior from future minor/patch updates under the floating v6 tag.
  • CLAUDE.md: No changes to project configuration.

Testing

  • ✅ N/A — workflow infrastructure change only, no application logic modified.

Documentation

  • README: No update needed.
  • API docs: N/A
  • Inline comments: N/A
  • ⚠️ CHANGELOG.md: Not updated. Minor infrastructure dependency bumps are sometimes excluded from changelogs, but worth confirming this project's convention.
  • Markdown formatting: N/A — no Markdown files changed.

Security

  • No hardcoded credentials
  • No sensitive data
  • No license files
  • Security posture improved: Pinning to v6.0.2 instead of the mutable v6 tag reduces supply-chain risk by locking to a known-good version. Note: for maximum security, pinning to a full SHA commit hash (e.g., actions/checkout@<sha>) is the gold standard, but version tags are acceptable for most projects.

Summary

This is a clean, low-risk dependency bump. The change is consistent across all 11 workflow files and improves version pinning. The only minor open question is whether CHANGELOG.md should be updated per project convention.

Recommendation: Approve.

Automated code review analyzing defects and coding standards

@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions github-actions Bot merged commit 5d6e560 into main Jun 3, 2026
72 checks passed
@github-actions github-actions Bot deleted the dependabot/github_actions/actions/checkout-6.0.2 branch June 3, 2026 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@senzingdevops senzingdevops senzingdevops approved these changes

Assignees

@docktermj docktermj

@kernelsam kernelsam

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@senzingdevops @docktermj @kernelsam