From a35952a34622baf0b2609e7537cfd12e384e6f92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Sep 2025 21:05:12 +0000 Subject: [PATCH] chore(deps): bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ai-summary.yml | 2 +- .github/workflows/build.yml | 2 +- .github/workflows/pr-assignment.yml | 2 +- .github/workflows/pr-backmerge.yml | 2 +- .github/workflows/pr-static-checks.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/security.yml | 8 ++++---- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ai-summary.yml b/.github/workflows/ai-summary.yml index bbf080e..9310f43 100644 --- a/.github/workflows/ai-summary.yml +++ b/.github/workflows/ai-summary.yml @@ -43,7 +43,7 @@ jobs: # This is required to access repository files and configuration # though for this workflow we don't directly use repository content - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Step 2: Generate AI summary using GitHub's AI inference API # This step processes the issue title and body to create a concise summary diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3fc02a0..387ea36 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,7 +42,7 @@ jobs: # This step clones the repository code to the GitHub Actions runner # We set fetch-depth: 0 to get the complete history for versioning tools - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 # Fetch all history for all branches and tags diff --git a/.github/workflows/pr-assignment.yml b/.github/workflows/pr-assignment.yml index 2176345..869614b 100644 --- a/.github/workflows/pr-assignment.yml +++ b/.github/workflows/pr-assignment.yml @@ -112,7 +112,7 @@ jobs: # Step 1: Check out the repository to access CODEOWNERS file # We need the full repository content to properly analyze ownership rules - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 # Full history to ensure we have all necessary files diff --git a/.github/workflows/pr-backmerge.yml b/.github/workflows/pr-backmerge.yml index bfb674e..f7ac88d 100644 --- a/.github/workflows/pr-backmerge.yml +++ b/.github/workflows/pr-backmerge.yml @@ -35,7 +35,7 @@ jobs: steps: # Step 1: Check out the repository code with full history - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 # Fetch all history for proper branch comparison diff --git a/.github/workflows/pr-static-checks.yml b/.github/workflows/pr-static-checks.yml index dc3ba70..f52c791 100644 --- a/.github/workflows/pr-static-checks.yml +++ b/.github/workflows/pr-static-checks.yml @@ -40,7 +40,7 @@ jobs: # Step 1: Check out the repository code # This gets the latest code from the pull request for analysis - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Step 2: Set up Node.js environment # Using Node.js 20 for compatibility with modern JavaScript features diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 00194cc..c6b98cd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -46,7 +46,7 @@ jobs: # Step 1: Check out the repository code # This gets the latest code from the main branch - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Step 2: Fetch complete git history for accurate versioning # Auto requires full history to determine the correct version bump diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 4e10d6a..78bb075 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -107,7 +107,7 @@ jobs: steps: # Step 1: Check out the repository code for analysis - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Step 2: Initialize the CodeQL analysis engine # This sets up the CodeQL database and prepares for code scanning @@ -142,7 +142,7 @@ jobs: steps: # Step 1: Check out the repository code for scanning - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Step 2: Run Trivy scanner to identify vulnerabilities in dependencies # Trivy is a comprehensive vulnerability scanner that can detect issues in @@ -176,7 +176,7 @@ jobs: # Complete git history is required to detect secrets that may have been # committed in the past and still pose a security risk - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 # Full history needed for accurate secret detection across all commits # No need for --unshallow as fetch-depth: 0 already gets the complete history @@ -205,7 +205,7 @@ jobs: steps: # Step 1: Check out the repository code - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Step 2: Build the Docker image for scanning if a Dockerfile exists # This creates a local image that will be analyzed for vulnerabilities