From db5f0903db1d92644875ddd912f8cfa13804bd74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Jul 2026 18:21:26 +0000 Subject: [PATCH] chore(ci): bump actions/checkout from 5 to 7 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 10 +++++----- .github/workflows/release.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 78e8230..1f7b3ba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: matrix: node: [18, 20, 22] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: ${{ matrix.node }} @@ -29,7 +29,7 @@ jobs: name: Lint & format (Biome) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 22 @@ -43,7 +43,7 @@ jobs: name: ShellCheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 # Fail only on errors; the guards trip style/warning false-positives (e.g. SC2034 on # vars used cross-file via the sourced _guardlib.sh). - run: shellcheck --severity=error $(git ls-files '*.sh') @@ -52,7 +52,7 @@ jobs: name: Assert zero runtime dependencies runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - run: node -e "process.exit(Object.keys(require('./package.json').dependencies||{}).length)" - run: npm pack --dry-run @@ -61,7 +61,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 # Advisory: needs the repo's Dependency graph enabled (Settings → Security & analysis). # continue-on-error keeps the CHECK green until then — this project has zero runtime deps. - uses: actions/dependency-review-action@v5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ce37646..ed7515a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: contents: write # create the GitHub release id-token: write # npm provenance (OIDC) steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 22