Skip to content

chore(deps): Bump actions/checkout from 4.3.1 to 6.0.2#95

Merged
damir-topic merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6.0.2
May 9, 2026
Merged

chore(deps): Bump actions/checkout from 4.3.1 to 6.0.2#95
damir-topic merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6.0.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 9, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 4.3.1 to 6.0.2.

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@34e1148...de0fac2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 9, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 9, 2026
@sonarqubecloud

sonarqubecloud Bot commented May 9, 2026

Copy link
Copy Markdown

@damir-topic damir-topic merged commit 23db570 into main May 9, 2026
1 of 5 checks passed
@damir-topic damir-topic deleted the dependabot/github_actions/actions/checkout-6.0.2 branch May 9, 2026 19:21
damir-topic added a commit that referenced this pull request Jun 7, 2026
…95 + #102) (#1572)

Folds the #95 SSRF / local-file guard (kr3s0) and the #102 content-upload on-ramp fix into one coherent change: the backend spec fetch is https-only (SSRF-guarded, streamed, 20 MiB-capped, relative-redirect-safe), and the CLI reads docs:/file:// spec sources client-side and uploads the bytes via a new SpecSource.content channel — so those on-ramps keep working without exposing the backend to local paths or non-https schemes.

Supersedes #1477. Closes evoila-bosnia/meho-internal#102. Refs evoila-bosnia/meho-internal#95.

Co-Authored-By: kr3s0 <tkreso@evoila.com>
Co-Authored-By: Claude <noreply@anthropic.com>
damir-topic added a commit that referenced this pull request Jun 8, 2026
Cut the v0.12.0 release section. Normalize the mixed per-task /
grouped [Unreleased] content into the house Added / Changed / Fixed /
Documentation groups (every existing bullet preserved verbatim), and
backfill the eight previously un-bulleted changes:

- SSE streamed through AuditMiddleware (#1389 / #1585)
- meho://retrieve/{query} MCP resource (#348 / #1576)
- https-only spec guard + CLI content-upload on-ramp (#95 + #102 / #1572)
- Keycloak path-traversal percent-encoding (#96 / #1476)
- call_operation broadcast secret-disclosure clamp (#93 / #1497)
- _API_KEY redaction label-set extension (#94 / #1498)
- uniform meho.docs.* audit op_id (#1549 / #1558)
- #1528 number added to the capability-gate bullet

Also fix the pre-existing release-body path drift the freshness gate
caught: doc_collections/{key} -> {collection_key}.

Dependabot bumps (#1466-#1473, #1494), the redis-py-8 type-only fix
(#1571), and the internal roadmap doc (#1573) are intentionally not
bulleted, per the no-deps CHANGELOG convention.

Verified: completeness audit clean (every shipped PR bulleted or an
issue-aliased merge PR), release-body path-freshness gate green
(7 cited paths resolve), main CI green at 0670d92.

Signed-off-by: damir-topic <89133183+damir-topic@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant