From f341b198fae6d6cfe0c00847516d765f8557450b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 23:43:11 +0000 Subject: [PATCH 1/2] chore(deps): bump actions/checkout from 5.0.1 to 6.0.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v5.0.1...v6.0.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cargo-audit.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/commitlint.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/gitleaks.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/smoke.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index 29d3ea4..d41307b 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -36,7 +36,7 @@ jobs: # changes are reviewed, not silently picked up from latest-stable). CARGO_AUDIT_VERSION: "0.22.1" steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - name: Install cargo-audit diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e927464..7adbf8d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Install Rust toolchain (from rust-toolchain.toml) uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable @@ -48,7 +48,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1 # v2 with: command: check diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index 630cda2..4e21830 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -13,7 +13,7 @@ jobs: name: commitlint runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5ce62ad..02d7ff4 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,7 +22,7 @@ jobs: name: Dependency review runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4 with: diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 779187b..ee7eeaf 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -29,7 +29,7 @@ jobs: name: gitleaks (secret scan) runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 with: fetch-depth: 0 # full history so commit-range scan covers the whole tree - name: Install gitleaks diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0ba98ad..3745e10 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 5a57f7f..48e6431 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Install Rust toolchain (from rust-toolchain.toml) uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable From 90af797aad5e114782bcafa5f23f0c9f73eee753 Mon Sep 17 00:00:00 2001 From: satyakwok Date: Tue, 26 May 2026 08:41:03 +0200 Subject: [PATCH 2/2] chore(ci): pin checkout v6 refs --- .github/workflows/ci.yml | 4 ++-- .github/workflows/gitleaks.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/smoke.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7adbf8d..41efb70 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Rust toolchain (from rust-toolchain.toml) uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable @@ -48,7 +48,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1 # v2 with: command: check diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index ee7eeaf..6a78be4 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -29,7 +29,7 @@ jobs: name: gitleaks (secret scan) runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # full history so commit-range scan covers the whole tree - name: Install gitleaks diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3745e10..0ab15e8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 48e6431..41f3c2b 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Rust toolchain (from rust-toolchain.toml) uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable