Skip to content

build(deps): bump actions/checkout from 4 to 7#81

Open
dependabot[bot] wants to merge 6 commits into
pre-1.35.6from
dependabot/github_actions/actions/checkout-7
Open

build(deps): bump actions/checkout from 4 to 7#81
dependabot[bot] wants to merge 6 commits into
pre-1.35.6from
dependabot/github_actions/actions/checkout-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps actions/checkout from 4 to 7.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 19, 2026
Евгений Фрост and others added 3 commits June 22, 2026 11:45
Gate all Claude workflow invocations on author_association being one of
OWNER, MEMBER, or COLLABORATOR. Without this check any public user could
mention @claude, consuming the owner's Anthropic quota and injecting
untrusted content into the run.

Each event type carries author_association in a different field, so
every branch gets its own explicit check.

Also remove the separate claude-code-review.yml workflow — consolidated
into the main claude.yml.
ci(claude): restrict @claude trigger to trusted repo members
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-7 branch from 3031684 to 3f68028 Compare June 22, 2026 08:48
@phpclub phpclub changed the base branch from master to pre-1.35.6 July 7, 2026 06:43
@phpclub

phpclub commented Jul 7, 2026

Copy link
Copy Markdown

@gemini review

@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants