Skip to content

Update actions/checkout action to v7#104

Merged
claytono merged 1 commit into
mainfrom
renovate/actions-checkout-7.x
Jul 12, 2026
Merged

Update actions/checkout action to v7#104
claytono merged 1 commit into
mainfrom
renovate/actions-checkout-7.x

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v6v7

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "after 2am and before 8am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the renovate Renovate dependency updates label Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/actions-checkout-7.x branch 3 times, most recently from 90aac59 to 1a00dc7 Compare July 6, 2026 17:54
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

actions/checkout (github-action) v6.0.3 -> v7.0.0

Risk: 🟢 Safe

The Deep Dive

Update Scope

Updates the five checkout pins in the PR diff from actions/checkout v6.0.3 at df4cb1c069e1874edd31b4311f1884172cec0e10 to actions/checkout v7.0.0 at 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0. No workflow logic or checkout inputs change in the changed workflow files, and both the v6.0.3 action metadata and v7.0.0 action metadata use node24, so this PR does not add a new runner runtime floor beyond the existing v6 requirement.

Security

Security impact is risk-reducing:

Newer Versions

  • v7.0.0 is the latest entry in the actions/checkout release list, and the tag API maps both v7.0.0 and v7 to 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0; there is no newer checkout release to prefer for a v7 regression or v7-introduced CVE.

Hazards & Risks

None identified. The only workflow-facing v7 behavior change is the fork pull request checkout guard, which requires allow-unsafe-pr-checkout: true only for fork pull request code in pull_request_target or pull-request-derived workflow_run; the changed workflows use push, pull_request, workflow_dispatch, or schedule checkout paths instead.

Sources


🟢 Verdict: Safe

renovate:safe: this PR only retargets the checkout action pins in the workflow diff, and the local workflows do not use the privileged event contexts affected by the new fork pull request guard. The update reduces bundled runtime dependency exposure, and v7.0.0 is currently the latest checkout release.

@renovate renovate Bot force-pushed the renovate/actions-checkout-7.x branch from 1a00dc7 to f72af65 Compare July 9, 2026 22:40
@claytono claytono merged commit 72af622 into main Jul 12, 2026
10 checks passed
@claytono claytono deleted the renovate/actions-checkout-7.x branch July 12, 2026 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant