From f1de57b7ec016569daa6107bd6f84ca4de59805c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jun 2026 23:47:13 +0000 Subject: [PATCH] build(deps): bump actions/checkout from 6.0.3 to 7.0.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 16 ++++++++-------- .github/workflows/codeql.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/mutation.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/storybook-debug.yml | 2 +- .github/workflows/tauri-build.yml | 2 +- .github/workflows/voice-nightly.yml | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b947d85..4cabc841 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,7 +40,7 @@ jobs: pull-requests: read steps: # QNBS-v3: fetch-depth:0 gives gitleaks access to parent commits (sha^) needed for PR diff scans; shallow clone causes "ambiguous argument" errors. - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: ./.github/actions/setup @@ -82,7 +82,7 @@ jobs: # QNBS-v3: Explicit versions — `node` (= 'current') breaks CI without code changes when Node N+1 is released. node-version: ['22', '24'] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup with: node-version: ${{ matrix.node-version }} @@ -163,7 +163,7 @@ jobs: attestations: write id-token: write steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup - name: Build application @@ -251,7 +251,7 @@ jobs: timeout-minutes: 50 needs: [quality] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup # QNBS-v3: cache Playwright browsers by version so re-runs don't re-download ~400 MB each time. @@ -304,7 +304,7 @@ jobs: needs: [quality] continue-on-error: true steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup - name: Cache Playwright browsers @@ -341,7 +341,7 @@ jobs: needs: [build] continue-on-error: false steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup - name: Download build artifact @@ -386,7 +386,7 @@ jobs: timeout-minutes: 25 needs: [quality] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup # QNBS-v3: Cache Playwright browsers between runs — saves ~60 s install time. @@ -443,7 +443,7 @@ jobs: timeout-minutes: 15 needs: [build] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup - name: Download dist artifact diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 333b35f2..ac7e3c34 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,7 +27,7 @@ jobs: language: [javascript-typescript] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialize CodeQL uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f0aec71e..c530b38d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,7 +23,7 @@ jobs: packages: write steps: # QNBS-v3: SHA-pinned to prevent supply-chain attacks via mutable tags - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml index 81a2fc4b..0e687851 100644 --- a/.github/workflows/mutation.yml +++ b/.github/workflows/mutation.yml @@ -63,7 +63,7 @@ jobs: contents: read steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 78415a9e..211c9e9b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -23,7 +23,7 @@ jobs: actions: read steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/storybook-debug.yml b/.github/workflows/storybook-debug.yml index 00b1b2d0..88b261c3 100644 --- a/.github/workflows/storybook-debug.yml +++ b/.github/workflows/storybook-debug.yml @@ -31,7 +31,7 @@ jobs: timeout-minutes: 35 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup - name: Build Storybook diff --git a/.github/workflows/tauri-build.yml b/.github/workflows/tauri-build.yml index 067fb63f..37dec35d 100644 --- a/.github/workflows/tauri-build.yml +++ b/.github/workflows/tauri-build.yml @@ -34,7 +34,7 @@ jobs: - os: macos-13 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # QNBS-v3: composite action handles pnpm/node setup + frozen install. - uses: ./.github/actions/setup diff --git a/.github/workflows/voice-nightly.yml b/.github/workflows/voice-nightly.yml index 611b7e47..047d3619 100644 --- a/.github/workflows/voice-nightly.yml +++ b/.github/workflows/voice-nightly.yml @@ -25,7 +25,7 @@ jobs: # Never gate anything — informational nightly signal only. continue-on-error: true steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/setup - name: Cache Playwright browsers