From a674843d317303b7d9ea2241b777d902454c8f0d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 11:05:28 +0000
Subject: [PATCH] chore(deps): bump actions/checkout from 5.0.0 to 6.0.1

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...8e8c483db84b4bee98b60c0593521ed34d9990e8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/_build.yaml                  |  2 +-
 .github/workflows/_build_docker.yaml           |  2 +-
 .github/workflows/_deploy-github-pages.yaml    |  2 +-
 .github/workflows/_generate-rebase.yaml        |  2 +-
 .github/workflows/build_base_image.yaml        |  2 +-
 .github/workflows/build_semgrep_wheel.yaml     |  2 +-
 .github/workflows/codeql-analysis.yaml         |  2 +-
 .github/workflows/pr-conventional-commits.yaml |  2 +-
 .github/workflows/release.yaml                 |  6 +++---
 .github/workflows/scorecards-analysis.yaml     |  2 +-
 .github/workflows/test_macaron_action.yaml     | 12 ++++++------
 11 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml
index 9949d0a0e..f4805905a 100644
--- a/.github/workflows/_build.yaml
+++ b/.github/workflows/_build.yaml
@@ -52,7 +52,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/_build_docker.yaml b/.github/workflows/_build_docker.yaml
index 06f836280..d1de6b528 100644
--- a/.github/workflows/_build_docker.yaml
+++ b/.github/workflows/_build_docker.yaml
@@ -27,7 +27,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/_deploy-github-pages.yaml b/.github/workflows/_deploy-github-pages.yaml
index bc56e33ee..4f70f0b09 100644
--- a/.github/workflows/_deploy-github-pages.yaml
+++ b/.github/workflows/_deploy-github-pages.yaml
@@ -30,7 +30,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml
index 79f1051b5..632fbe74c 100644
--- a/.github/workflows/_generate-rebase.yaml
+++ b/.github/workflows/_generate-rebase.yaml
@@ -36,7 +36,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
         token: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/build_base_image.yaml b/.github/workflows/build_base_image.yaml
index 7cd898f19..efd7632d4 100644
--- a/.github/workflows/build_base_image.yaml
+++ b/.github/workflows/build_base_image.yaml
@@ -19,7 +19,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/build_semgrep_wheel.yaml b/.github/workflows/build_semgrep_wheel.yaml
index 10bc39dbf..6da77c59e 100644
--- a/.github/workflows/build_semgrep_wheel.yaml
+++ b/.github/workflows/build_semgrep_wheel.yaml
@@ -26,7 +26,7 @@ jobs:
     #   change the version tag in the 'name' description
     #   change the 'ref' field to use the commit hash of that tag
     - name: Check out Semgrep v1.113.0 repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         repository: semgrep/semgrep.git
         ref: 4729a05d24bf9cee8face447e8a6d418037d61d8 # v1.113.0
diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
index f72b51262..0737be60a 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -35,7 +35,7 @@ jobs:
     steps:
 
     - name: Checkout repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Set up Python
       uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml
index 3ca285fdd..78530b420 100644
--- a/.github/workflows/pr-conventional-commits.yaml
+++ b/.github/workflows/pr-conventional-commits.yaml
@@ -25,7 +25,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e63867579..5d693bef6 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -39,7 +39,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
         token: ${{ secrets.REPO_ACCESS_TOKEN }}
@@ -115,7 +115,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         fetch-depth: 0
 
@@ -305,7 +305,7 @@ jobs:
   #   steps:
 
   #   - name: Check out repository
-  #     uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+  #     uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
   #     with:
   #       fetch-depth: 0
 
diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml
index 0162de5d7..68eea56a6 100644
--- a/.github/workflows/scorecards-analysis.yaml
+++ b/.github/workflows/scorecards-analysis.yaml
@@ -29,7 +29,7 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         persist-credentials: false
 
diff --git a/.github/workflows/test_macaron_action.yaml b/.github/workflows/test_macaron_action.yaml
index 5f3753a98..95c6d67cc 100644
--- a/.github/workflows/test_macaron_action.yaml
+++ b/.github/workflows/test_macaron_action.yaml
@@ -21,7 +21,7 @@ jobs:
     name: Analyzing and comparing different versions of an artifact
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8   # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8   # v6.0.1
 
     - name: Run Macaron (analyze arrow@1.3.0)
       uses: ./
@@ -45,7 +45,7 @@ jobs:
     name: Detecting malicious packages
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run Macaron (analyze django@5.0.6 without dependencies)
       uses: ./
       with:
@@ -94,7 +94,7 @@ jobs:
     name: How to detect vulnerable GitHub Actions
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Run Macaron (analyze repo - apache/logging-log4j2)
       uses: ./
@@ -124,7 +124,7 @@ jobs:
     name: Provenance discovery, extraction, and verification
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run Macaron (analyze semver 7.7.2)
       uses: ./
       with:
@@ -177,7 +177,7 @@ jobs:
     name: Detecting Java dependencies manually uploaded to Maven Central
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
     - name: Run Macaron (analyze example-maven-app with SBOM)
       uses: ./
       with:
@@ -197,7 +197,7 @@ jobs:
     name: Exclude and include checks in Macaron
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Run Macaron (analyze micronaut-core with default checks)
       uses: ./