chore(deps): bump actions/checkout from 4.2.2 to 7.0.0#149
chore(deps): bump actions/checkout from 4.2.2 to 7.0.0#149dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4.2.2...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
This is a major version bump for No security advisories or deprecation warnings are called out in the Dependabot PR body for this update. Generated by Claude Code |
FrancesCoronel
left a comment
There was a problem hiding this comment.
This is a major version bump (actions/checkout 4.2.2 → 7.0.0, spanning three major versions), so flagging for manual review before merge per policy.
No security advisories or deprecation warnings noted in the PR body. Worth a quick check that no workflow inputs/outputs or Node runtime requirements changed across the v4→v7 jump before merging, since this action is used across most of the CI workflows in this repo.
Generated by Claude Code
Dependabot PR ReviewSummary: Major version bump — CI Status
Not auto-approving/enabling auto-merge given the major version bump and the failing security-audit gate. Recommend manual review. Generated by Claude Code |
Dependabot PR ReviewSummary:
|
Dependabot PR ReviewSummary:
v7's headline breaking change is that it now blocks checking out a fork PR head for CI StatusAlso not clean: Not approving or enabling auto-merge — requesting manual review given the major version bump, though it looks low-risk based on how checkout is actually used here. Generated by Claude Code |
📸 Visual snapshotsScreenshots captured for this PR — view all artifacts.
|
Bumps actions/checkout from 4.2.2 to 7.0.0.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Commits
9c091bbupdate error wording (#2467)1044a6dgetting ready for checkout v7 release (#2464)f028218Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)d914b26upgrade module to esm and update dependencies (#2463)537c7efBump@actions/coreand@actions/tool-cacheand Remove uuid (#2459)130a169Bump js-yaml from 4.1.0 to 4.2.0 (#2461)7d09575Bump flatted from 3.3.1 to 3.4.2 (#2460)0f9f3aaBump actions/publish-immutable-action (#2458)f9e715ablock checking out fork pr for pull_request_target and workflow_run (#2454)df4cb1cUpdate changelog for v6.0.3 (#2446)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)