From 4a015851f215f411619e0b34e688a19d3b4a5c27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Dec 2025 12:23:43 +0000 Subject: [PATCH] chore(deps): bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/monorepo.yml | 4 ++-- .github/workflows/zizmor.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/monorepo.yml b/.github/workflows/monorepo.yml index 570012b8..2e186b24 100644 --- a/.github/workflows/monorepo.yml +++ b/.github/workflows/monorepo.yml @@ -26,7 +26,7 @@ jobs: && github.event.action == 'closed' && github.event.pull_request.merged == true }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: persist-credentials: true fetch-depth: 0 @@ -130,7 +130,7 @@ jobs: max-parallel: 1 steps: - name: Checkout repository to use composite action - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: main # Only use composite action from main to prevent malicious PRs persist-credentials: false diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 6b3b4e93..e735750b 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone Repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: persist-credentials: false