Skip to content

Bump actions/checkout from 4 to 6#21

Merged
jeffadair merged 2 commits into
mainfrom
dependabot/github_actions/actions/checkout-6
Apr 9, 2026
Merged

Bump actions/checkout from 4 to 6#21
jeffadair merged 2 commits into
mainfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 31, 2026
edited by github-actions Bot
Loading

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #2356
Resolves #2328
Resolves #2327
Resolves #2314
Resolves #2311
Resolves #2298
Resolves #2286
Resolves #2248
Resolves #2238
Resolves actions/checkout#2248
Resolves actions/checkout#2286
Resolves actions/checkout#2298
Resolves actions/checkout#2311
Resolves actions/checkout#2301
Resolves actions/checkout#2226
Resolves actions/checkout#2238
Resolves actions/checkout#2305
Resolves actions/checkout#1971
Resolves actions/checkout#1977
Resolves actions/checkout#2043
Resolves actions/checkout#2356
Resolves actions/checkout#2327
Resolves actions/checkout#2044
Resolves actions/checkout#2194
Resolves actions/checkout#2224
Resolves actions/checkout#2236
Resolves actions/checkout#1941
Resolves actions/checkout#1946
Resolves actions/checkout#1924
Resolves actions/checkout#1180
Resolves actions/checkout#1777
Resolves actions/checkout#1872
Resolves actions/checkout#1739
Resolves actions/checkout#1697
Resolves actions/checkout#1774
Resolves actions/checkout#1776
Resolves actions/checkout#1732

@dependabot
Bump actions/checkout from 4 to 6
e90d394 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 31, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 31, 2026

🤖 Claude Code Review

PR Code Review

Code Quality

Code style - Simple version bump follows conventions.

No commented-out code - N/A

Meaningful variable names - N/A

DRY principle - N/A

Defects - No bugs or logic errors. This is a straightforward dependency version bump.

CLAUDE.md - No issues with project configuration.

Testing

Unit/Integration tests - N/A for a workflow dependency bump.

Documentation

README - No update needed.

CHANGELOG.md - Not updated, but this is a minor CI dependency bump; acceptable to omit.

Markdown formatting - N/A

Security

No hardcoded credentials - Clean.

No sensitive data - Clean.

No license files - Clean.

⚠️ Dependency version concern - actions/checkout@v6 does not exist as of the knowledge cutoff (August 2025). The latest stable release is actions/checkout@v4. Bumping to a non-existent version will cause workflow failures. This should be verified before merging — if v6 has been released, pin to the specific commit SHA for security best practices (e.g., actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683).

Summary

One issue to address: Verify that actions/checkout@v6 actually exists. If it does not, revert to actions/checkout@v4. If it does exist, consider pinning to a commit SHA per security best practices for GitHub Actions.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 31, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 9, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@jeffadair jeffadair merged commit e684640 into main Apr 9, 2026
19 checks passed
@jeffadair jeffadair deleted the dependabot/github_actions/actions/checkout-6 branch April 9, 2026 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jeffadair jeffadair

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jeffadair