From 43e1a0a72f652e6c3cec90d39e958c74e8766624 Mon Sep 17 00:00:00 2001 From: the-simian Date: Wed, 17 Jun 2026 17:09:16 -0500 Subject: [PATCH] ci(deps): bump checkout to v6.0.3 and codecov-action to v7.0.0 Pinned SHAs were already at checkout v6.0.2 and codecov v6.0.1 while the version comments read v4.2.2 and v5.5.0; correct both comments to the bumped versions across all five checkout pins and the codecov pin. - checkout de0fac2 (v6.0.2) -> df4cb1c (v6.0.3) - codecov-action e79a696 (v6.0.1) -> fb8b358 (v7.0.0) --- .github/workflows/ci.yml | 6 +++--- .github/workflows/deploy-demo.yml | 2 +- .github/workflows/link-check.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6a50619a..2843ad5e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: name: Lint, Typecheck, Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup Bun uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.0.1 @@ -69,7 +69,7 @@ jobs: if: > github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v5.5.0 + uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage/lcov.info @@ -107,7 +107,7 @@ jobs: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml index 359d5d62..9429257a 100644 --- a/.github/workflows/deploy-demo.yml +++ b/.github/workflows/deploy-demo.yml @@ -27,7 +27,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup Bun uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.0.1 diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml index d54e0b32..e026d4f6 100644 --- a/.github/workflows/link-check.yml +++ b/.github/workflows/link-check.yml @@ -21,7 +21,7 @@ jobs: name: Check markdown links runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Link check (lychee) uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 01fe2bcc..70b980ef 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false