Skip to content

build(deps): bump actions/checkout from 6 to 7#1334

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions/checkout-7
Open

build(deps): bump actions/checkout from 6 to 7#1334
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions/checkout-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 6 to 7.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 1, 2026
@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR bumps actions/checkout from v6 to v7 across all three GitHub Actions workflow files. The v7 release includes a security hardening change that blocks checking out fork PRs when the workflow trigger is pull_request_target or workflow_run; none of the workflows here use those triggers, so there is no functional impact.

  • codeql.yml: Single checkout step updated; uses push/pull_request/schedule triggers.
  • diagram.yml: Single checkout step updated; uses workflow_dispatch/push triggers.
  • release.yml: Five checkout steps updated; uses push/pull_request/schedule/workflow_dispatch triggers.

Confidence Score: 5/5

Straightforward version bump with no functional impact on these workflows.

All seven checkout steps across three workflow files are updated consistently. The one notable behavioral change in v7 — blocking fork-PR checkout for pull_request_target and workflow_run triggers — does not apply here, as none of the workflows use those triggers. The update is mechanical and complete.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/codeql.yml Bumps actions/checkout from v6 to v7; workflow uses push/pull_request/schedule triggers, so v7's fork-PR blocking change does not apply.
.github/workflows/diagram.yml Bumps actions/checkout from v6 to v7; workflow only triggers on workflow_dispatch and push to the diagram branch, unaffected by v7's security change.
.github/workflows/release.yml Bumps actions/checkout from v6 to v7 across all five checkout steps; workflow uses push/pull_request/schedule/workflow_dispatch triggers, so v7's fork-PR restriction is not triggered.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR / Push / Schedule / workflow_dispatch] --> B{Workflow Trigger}
    B --> C[codeql.yml]
    B --> D[diagram.yml]
    B --> E[release.yml]
    C --> F["actions/checkout@v7\n(submodules: recursive)"]
    D --> G["actions/checkout@v7\n(submodules: recursive)"]
    E --> H["actions/checkout@v7\n(5 steps)"]
    F --> I[CodeQL Analysis]
    G --> J[Diagram Generation]
    H --> K[Build & Release Pipeline]
    style F fill:#d4edda
    style G fill:#d4edda
    style H fill:#d4edda
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[PR / Push / Schedule / workflow_dispatch] --> B{Workflow Trigger}
    B --> C[codeql.yml]
    B --> D[diagram.yml]
    B --> E[release.yml]
    C --> F["actions/checkout@v7\n(submodules: recursive)"]
    D --> G["actions/checkout@v7\n(submodules: recursive)"]
    E --> H["actions/checkout@v7\n(5 steps)"]
    F --> I[CodeQL Analysis]
    G --> J[Diagram Generation]
    H --> K[Build & Release Pipeline]
    style F fill:#d4edda
    style G fill:#d4edda
    style H fill:#d4edda
Loading

Reviews (1): Last reviewed commit: "build(deps): bump actions/checkout from ..." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants