Skip to content

fix(deps): update actions/checkout action to v4.3.1 #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate-gsuquet wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update actions/checkout action to v4.3.1 #132

renovate-gsuquet wants to merge 1 commit into from

Conversation

@renovate-gsuquet
Copy link
Contributor

@renovate-gsuquet renovate-gsuquet bot commented Sep 16, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action minor v4.1.7 -> v4.3.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/checkout (actions/checkout)

v4.3.1

Compare Source

v4.3.0

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-gsuquet renovate-gsuquet bot requested a review from gsuquet September 16, 2025 10:17
@github-actions
Copy link
Contributor

github-actions bot commented Sep 16, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 34e114876b0b11c390a56381ad16ebd13914f8d5 🟢 6.3
Details
CheckScoreReason
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST🟢 8SAST tool detected but not run on all commits
actions/actions/checkout 34e114876b0b11c390a56381ad16ebd13914f8d5 🟢 6.3
Details
CheckScoreReason
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST🟢 8SAST tool detected but not run on all commits

Scanned Manifest Files

.github/workflows/security-codacy.yml
.github/workflows/security-ossf-scorecard.yml

@renovate-gsuquet
Copy link
Contributor Author

renovate-gsuquet bot commented Sep 16, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate-gsuquet
fix(deps): update actions/checkout action to v4.3.1
dd92a19 
| datasource  | package          | from   | to     |
| ----------- | ---------------- | ------ | ------ |
| github-tags | actions/checkout | v4.1.7 | v4.3.1 |


Signed-off-by: renovate-gsuquet[bot] <173481049+renovate-gsuquet[bot]@users.noreply.github.com>
@renovate-gsuquet renovate-gsuquet bot force-pushed the gsuquet/renovate/actions-checkout-4.x branch from b36768e to dd92a19 Compare November 18, 2025 05:13
@renovate-gsuquet renovate-gsuquet bot changed the title fix(deps): update actions/checkout action to v4.3.0 fix(deps): update actions/checkout action to v4.3.1 Nov 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gsuquet gsuquet Awaiting requested review from gsuquet

Assignees

@gsuquet gsuquet

Labels

ci deployment github_actions integration renovate security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gsuquet