Skip to content

chore(deps): bump actions/checkout from 6 to 7#3407

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/github_actions/actions/checkout-7
Open

chore(deps): bump actions/checkout from 6 to 7#3407
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/github_actions/actions/checkout-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 6 to 7.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 04:18
@dependabot dependabot Bot requested review from emersonlaurentino and lemagnetic and removed request for a team July 1, 2026 04:18
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 1, 2026
@codesandbox-ci

codesandbox-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

@pkg-pr-new

pkg-pr-new Bot commented Jul 1, 2026

Copy link
Copy Markdown

Open in StackBlitz

@faststore/api

npm i https://pkg.pr.new/vtex/faststore/@faststore/api@46dd141

@faststore/cli

npm i https://pkg.pr.new/vtex/faststore/@faststore/cli@46dd141

@faststore/components

npm i https://pkg.pr.new/vtex/faststore/@faststore/components@46dd141

@faststore/core

npm i https://pkg.pr.new/vtex/faststore/@faststore/core@46dd141

@faststore/diagnostics

npm i https://pkg.pr.new/vtex/faststore/@faststore/diagnostics@46dd141

@faststore/lighthouse

npm i https://pkg.pr.new/vtex/faststore/@faststore/lighthouse@46dd141

@faststore/sdk

npm i https://pkg.pr.new/vtex/faststore/@faststore/sdk@46dd141

@faststore/ui

npm i https://pkg.pr.new/vtex/faststore/@faststore/ui@46dd141

commit: 46dd141

@sonar-workflows

Copy link
Copy Markdown

@renatomaurovtex renatomaurovtex left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the actions/checkout v6 → v7 bump across the four workflows (ci.yml, codeql-analysis.yml, packages-preview.yml, release.yml). This is a CI-only change — it does not touch any published package's runtime deps, so no Dependency Discipline sign-off is required.

💬 [ci] v7 breaking change does not apply here — safe

v7.0.0's only behavioral break is "block checking out fork PR for pull_request_target and workflow_run". None of the four bumped workflows use those triggers — they run on push / pull_request / schedule only, and release.yml runs on push to main/dev/3.x with an explicit token + fetch-depth: 0. So the guard has no impact on this repo. The rest of v7 is an ESM migration + internal npm dep bumps, transparent for plain checkout usage. Consistent with the recent v4→v6 bump in #3391.

💬 [ci] Red "FastStore" check is the Chromatic step, not this bump

The failing FastStore run dies inside chromaui/action@v17 (getOptionsError in optimistic validation: Cannot read properties of undefined (reading 'read')) because dependabot PRs don't receive the Chromatic project token secret. The @faststore/storybook:build right before it succeeds, and the sibling FastStore check (build + test), ci/codesandbox, faststore-node-ci-v2 and SonarQube are all green. This is the known dependabot-secrets pattern, not a checkout regression — safe to merge once a maintainer re-runs / confirms the UI Tests token path.

Verdict: Approved with comments

Blocking (🔴/🟠):

  • none

Non-blocking (🟡/💬):

  • v7's fork-PR guard doesn't affect these workflows (no pull_request_target/workflow_run).
  • The red FastStore check is Chromatic missing its token on dependabot PRs, not a regression from this bump.

Checks to confirm before merge: the two FastStore jobs (build+test already green; the Chromatic/UI Tests one only needs the token) — no pnpm size needed, nothing ships to the bundle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant