chore(deps): bump actions/checkout from 6.0.2 to 6.0.3#13597
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
BagToad
left a comment
BagToad
left a comment
There was a problem hiding this comment.
Audit summary (generated)
Looked at how we use actions/checkout and at the actual v6.0.2 → v6.0.3 source diff. The release is narrowly scoped to SHA-256 git repo support:
- Accept 64-char SHA refs
- Detect repo object format from commit SHA or via a new
GET /repos/{owner}/{repo}/hash-algorithmcall - Run
git init --object-format=sha256only when the repo is SHA-256 - Expand the merge-commit regex to match 40- or 64-char hex
action.yml is unchanged (still node24) and there are no bundled dep changes.
Impact on us: None of our 13 invocations are affected. Both cli/cli and cli.github.com are SHA-1 repos, so the new git init --object-format path isn't taken, and the default checkout infers SHA-1 from \${{ github.sha }} without hitting the new API. The docs deployment's cross-repo checkout could call the new hash-algorithm endpoint, but failures fall back to SHA-1. None of the params we use (fetch-depth, path, token, persist-credentials, submodules) changed semantics.
LGTM.
1 participant
Bumps actions/checkout from 6.0.2 to 6.0.3.
Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
df4cb1cUpdate changelog for v6.0.3 (#2446)1cce339Fix checkout init for SHA-256 repositories (#2439)900f221fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)0c366fdUpdate changelog (#2357)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)