Skip to content

Update actions/checkout action to v7#135

Open
protocols-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/major-renovatebot-gha-updates
Open

Update actions/checkout action to v7#135
protocols-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/major-renovatebot-gha-updates

Conversation

@protocols-renovate

@protocols-renovate protocols-renovate Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v6v7

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.


Note

Low Risk
Scope is dependency pin bumps only; checkout inputs are unchanged, though the v7 major may affect edge cases involving fork PRs on privileged triggers.

Overview
Renovate bumps pinned actions/checkout from v6 (de0fac2…) to v7 (9c091bb…) everywhere this repo checks out code.

That covers two workflows (renovatebot, docker image sanitize tests) and every composite action that first checks out Consensys/github-actions into .github-actions (docs, docker scan/push, trivy, renovatebot, slack, security scanner, etc.). Step with: blocks are unchanged; only the action ref moves.

v7 adds stricter behavior around checking out fork PRs on pull_request_target / workflow_run (per upstream release notes), which is relevant for security-sensitive workflows but should not alter normal same-repo checkouts.

Reviewed by Cursor Bugbot for commit 9bfaedf. Bugbot is set up for automated code reviews on this repo. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants