Skip to content

build(deps): bump actions/checkout from 4 to 6#2

Merged
apet97 merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6
May 14, 2026
Merged

build(deps): bump actions/checkout from 4 to 6#2
apet97 merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump actions/checkout from 4 to 6
199f503 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 12, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

This was referenced May 12, 2026
Closed
Closed
Closed
Closed
apet97 added a commit that referenced this pull request May 13, 2026
@apet97
feat(sidebar): seed last-checked from server + flag pending webhook r…
29b0ade 
…efreshes

The sidebar previously only knew "when did I last run Check Compliance in
this tab?" — a freshly-opened sidebar showed no recency indicator at all,
and there was no signal that Clockify had fired webhooks the consumer
hadn't drained yet. Admins were left guessing whether the findings on
screen were stale.

Backend
- Add IngestionRunRepository.findFirstByWorkspaceIdAndStatusOrderByCompletedAtDesc.
- Add GET /api/ingest/runs/latest (declared before /api/ingest/runs/{runId}
  so Spring matches the literal first). Returns the workspace's most
  recent COMPLETED run, or 204 No Content when none exists. Scoped to the
  JWT workspace; available to any authenticated user (read-only).
- Three new IngestRunControllerTest cases cover: picks newest COMPLETED
  (RUNNING/FAILED rows must not shadow it), 204 when no COMPLETED run
  exists, cross-workspace isolation.

Sidebar
- On load, fetch /api/ingest/runs/latest and /api/refresh-signals in
  parallel alongside the existing /api/session + preset catalog calls.
  Both new fetches degrade silently on transient backend failure so the
  rest of the sidebar still boots.
- applyLatestRunSnapshot seeds state.lastRunAt / state.lastRunRange /
  state.lastRun.entriesProcessed from the latest run, so the existing
  "Last checked Xm ago" caption and the Refresh button's "re-run last
  range" affordance work without requiring a local Check Compliance.
- computePendingRefreshFromSignals picks the newest PENDING/CLAIMED
  refresh signal whose receivedAt is after the latest completed run, and
  a new amber "Pending refresh · webhook Xm ago" pill renders next to
  the "Last checked" caption when that signal exists. A successful
  runCompliance() clears the pill (any pending signals are now stale or
  consumed).
- The existing every-30s relative-time ticker now also refreshes the
  pending-refresh label; the visibilitychange handler refreshes both on
  return-from-hidden.

282 tests green (279 + 3 new).

Plan: ~/.claude/plans/all-you-re-picking-up-zesty-moth.md (item #2).
apet97 added a commit that referenced this pull request May 13, 2026
@apet97
feat(findings): CSV export endpoint + sidebar button
6712f6f 
Admins repeatedly screen-scraped the sidebar pivot to hand compliance
summaries to legal / HR. The data was always one fetch away — just
needed a delivery channel.

Backend
- New GET /api/findings/export?dateRangeStart=…&dateRangeEnd=…&format=csv
  returning text/csv with Content-Disposition: attachment;
  filename="break-compliance-<wsId>-<from>-<to>.csv". Same auth + workspace
  scope as GET /api/findings — read-only, no admin gate. Unknown formats
  return 400 instead of silently degrading.
- RFC 4180 escaping (quote-wrap on comma/quote/CR/LF; embedded quotes
  doubled). Columns: date, userId, userName, severity, code, message,
  workMinutes, breakMinutes, syntheticBreakMinutes, templateId,
  createdAt. Zero-valued evidence minutes collapse to empty cells so
  spreadsheets don't render a forest of zeros.
- No BOM — Content-Type carries the UTF-8 charset and BOM would
  pollute jq / csvkit / pandas output for non-Excel consumers.
- Four new FindingsControllerTest cases: header-only baseline, escape
  path with commas+quotes+newline in a seeded finding, 400 for unknown
  format, 401 for missing token.

Sidebar
- "⬇ Export CSV" link button rendered next to the Pivot/Checklist
  view-toggle (new .results-toolbar flex wrapper). Hidden until
  state.findings.length > 0; revealed by renderResults().
- Click handler authenticates via the existing x-addon-token header,
  blobs the response, and triggers a browser-native download with the
  server-supplied filename. ObjectURL revoked on next animation frame.
- Falls back to the live computeDateRange() if state.lastRunRange
  hasn't been seeded yet (item #2's /api/ingest/runs/latest wiring
  usually provides it; this is the cold-start safety net).

283 tests green (279 + 4 new).

Plan: ~/.claude/plans/all-you-re-picking-up-zesty-moth.md (item #3).
@apet97 apet97 merged commit cb6e8dc into main May 14, 2026
3 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/actions/checkout-6 branch May 14, 2026 01:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@apet97