chore(deps): update actions/checkout action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v2 → v6

---

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

• Add worktree support for persist-credentials includeIf by @​ericsciple in #​2327

v6.0.0

Compare Source

• Persist creds to a separate file by @​ericsciple in #​2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in #​2248

v6

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

v5.0.1

Compare Source

• Port v6 cleanup to v5 by @​ericsciple in #​2301

v5.0.0

Compare Source

• Update actions checkout to use node 24 by @​salmanmkc in #​2226

v5

Compare Source

• Port v6 cleanup to v5 by @​ericsciple in #​2301

v4.3.1

Compare Source

• Port v6 cleanup to v4 by @​ericsciple in #​2305

v4.3.0

Compare Source

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

v4.1.1

Compare Source

• Correct link to GitHub Docs by @​peterbe in #​1511
• Link to release page from what's new section by @​cory-miller in #​1514

v4.1.0

Compare Source

• Add support for partial checkout filters

v4.0.0

Compare Source

• Support fetching without the --progress option
• Update to node20

v4

Compare Source

• Port v6 cleanup to v4 by @​ericsciple in #​2305

v3.6.0

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

Compare Source

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

Compare Source

• Fix api endpoint for GHES

v3.5.1

Compare Source

• Fix slow checkout on Windows

v3.5.0

Compare Source

• Add new public key for known_hosts

v3.4.0

Compare Source

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

Compare Source

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• Fix comment typos (that got added in #​770)

v3.2.0

Compare Source

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

Compare Source

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

Compare Source

• Add input set-safe-directory

v3.0.1

Compare Source

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

Compare Source

• Update to node 16

v3

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v2.7.0

Compare Source

What's Changed

• Add new public key for known_hosts (#​1237) by @​TingluoHuang in #​1238

Full Changelog: actions/checkout@v2.6.0...v2.7.0

v2.6.0

Compare Source

What's Changed

• Add backports to v2 branch by @​cory-miller in #​1040
  • Includes backports from the following changes: #​964, #​1002, #​1029
  • Upgraded the licensed version to match what is used in v3.

Full Changelog: actions/checkout@v2.5.0...v2.6.0

v2.5.0

Compare Source

What's Changed

• Update @​actions/core to 1.10.0 by @​rentziass in #​962

Full Changelog: actions/checkout@v2...v2.5.0

v2.4.2

Compare Source

What's Changed

• Add set-safe-directory input to allow customers to take control. (#​770) by @​TingluoHuang in #​776
• Prepare changelog for v2.4.2. by @​TingluoHuang in #​778

Full Changelog: actions/checkout@v2...v2.4.2

v2.4.1

Compare Source

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

v2.4.0

Compare Source

• Convert SSH URLs like org-<ORG_ID>@&#8203;github.com: to https://github.com/ - pr

v2.3.5

Compare Source

Update dependencies

v2.3.4

Compare Source

• Add missing awaits
• Swap to Environment Files

v2.3.3

Compare Source

• Remove Unneeded commit information from build logs
• Add Licensed to verify third party dependencies

v2.3.2

Compare Source

Add Third Party License Information to Dist Files

v2.3.1

Compare Source

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

Compare Source

• Fallback to the default branch

v2.2.0

Compare Source

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Compare Source

• Changes to support GHES (here and here)

v2.1.0

Compare Source

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hyperfokus	Error		Mar 27, 2026 4:45am

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​10.2.3
	tailwindcss-gradients@​3.0.0
	tailwindcss-skip-link@​1.0.1
	tailwindcss-touch@​1.0.1
	react-color@​2.19.3
	tailwind-heropatterns@​0.0.8
	smooth-scroll-into-view-if-needed@​1.1.32
	react@​0.0.0-experimental-6f3fcbd6f-20210730
	react-spring-bottom-sheet@​3.4.0
	husky@​6.0.0
	storybook-dark-mode@​1.0.8
	use-asset@​1.0.4
	prettier-package-json@​2.6.0
	localforage@​1.10.0
	reactfire@​2.0.3
	react-select@​4.3.1
	nanoid@​3.1.25
	tailwindcss@​1.9.6
	prettier@​2.3.2
	typescript@​4.4.2
	postcss@​8.3.6
	zustand@​3.5.10
	react-dom@​0.0.0-experimental-6f3fcbd6f-20210730
	postcss-preset-env@​6.7.0
	lint-staged@​11.1.2

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm buffer is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: ? → npm/next@10.2.3 → npm/@storybook/react@6.3.8 → npm/buffer@4.9.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/buffer@4.9.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm prettier is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/prettier@2.3.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/prettier@2.3.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report