Skip to content

chore(deps): update actions/checkout action to v6 #494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update actions/checkout action to v6 #494

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 20, 2025

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v5 -> v6

Release Notes

actions/checkout (actions/checkout)

v6

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Nov 20, 2025

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ DOCKERFILE hadolint 1 0 0 0.03s
✅ GROOVY npm-groovy-lint 10 3 0 0 26.38s
✅ JAVASCRIPT prettier 99 99 0 0 3.4s
✅ JSON jsonlint 8 0 0 0.29s
✅ JSON npm-package-json-lint yes no no 0.52s
✅ JSON prettier 8 3 0 0 0.93s
✅ JSON v8r 8 0 0 10.2s
⚠️ MARKDOWN markdownlint 7 2 2 0 2.58s
✅ MARKDOWN markdown-table-formatter 7 5 0 0 0.63s
✅ REPOSITORY gitleaks yes no no 11.2s
✅ REPOSITORY git_diff yes no no 0.14s
❌ REPOSITORY grype yes 3 no 27.53s
✅ REPOSITORY secretlint yes no no 0.97s
❌ REPOSITORY trivy yes 1 no 7.22s
✅ REPOSITORY trufflehog yes no no 3.5s
✅ SPELL cspell 137 0 0 7.53s
⚠️ SPELL lychee 18 14 0 68.0s
✅ XML xmllint 1 0 0 0 0.2s
✅ YAML prettier 3 0 0 0 0.63s
✅ YAML v8r 3 0 0 6.62s
✅ YAML yamllint 3 0 0 0.78s

Detailed Issues

❌ REPOSITORY / grype - 3 errors 
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME          INSTALLED  FIXED IN  TYPE          VULNERABILITY        SEVERITY  EPSS          RISK   
glob          10.4.5     10.5.0    npm           GHSA-5j98-mcp5-4vw2  High      0.1% (27th)   < 0.1  
glob          11.0.3     11.1.0    npm           GHSA-5j98-mcp5-4vw2  High      0.1% (27th)   < 0.1  
logback-core  1.5.18     1.5.19    java-archive  GHSA-25qh-j22f-pwp8  Medium    < 0.1% (7th)  < 0.1
[0027] ERROR discovered vulnerabilities at or above the severity threshold
❌ REPOSITORY / trivy - 1 error 
2025-11-20T18:39:35Z	INFO	[vulndb] Need to update DB
2025-11-20T18:39:35Z	INFO	[vulndb] Downloading vulnerability DB...
2025-11-20T18:39:35Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
32.19 MiB / 75.44 MiB [-------------------------->__________________________________] 42.67% ? p/s ?71.20 MiB / 75.44 MiB [--------------------------------------------------------->___] 94.38% ? p/s ?75.44 MiB / 75.44 MiB [----------------------------------------------------------->] 100.00% ? p/s ?75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 72.00 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 72.00 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 72.00 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 67.36 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 67.36 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 67.36 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 63.01 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 63.01 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 63.01 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [---------------------------------------------->] 100.00% 58.95 MiB p/s ETA 0s75.44 MiB / 75.44 MiB [-------------------------------------------------] 100.00% 30.46 MiB p/s 2.7s2025-11-20T18:39:39Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-11-20T18:39:40Z	INFO	[vuln] Vulnerability scanning is enabled
2025-11-20T18:39:40Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-11-20T18:39:40Z	INFO	[misconfig] Need to update the checks bundle
2025-11-20T18:39:40Z	INFO	[misconfig] Downloading the checks bundle...
165.46 KiB / 165.46 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-11-20T18:39:42Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2025-11-20T18:39:42Z	INFO	Number of language-specific files	num=1
2025-11-20T18:39:42Z	INFO	[npm] Detecting vulnerabilities...
2025-11-20T18:39:42Z	INFO	Detected config files	num=1

Report Summary

┌───────────────────┬────────────┬─────────────────┬───────────────────┐
│      Target       │    Type    │ Vulnerabilities │ Misconfigurations │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ package-lock.json │    npm     │        2        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ Dockerfile        │ dockerfile │        -        │         0         │
└───────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.67/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


package-lock.json (npm)
=======================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ glob    │ CVE-2025-64756 │ HIGH     │ fixed  │ 10.4.5            │ 11.1.0, 10.5.0 │ glob CLI: Command injection via -c/--cmd executes matches │
│         │                │          │        │                   │                │ with shell:true                                           │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-64756                │
│         │                │          │        ├───────────────────┤                │                                                           │
│         │                │          │        │ 11.0.3            │                │                                                           │
│         │                │          │        │                   │                │                                                           │
│         │                │          │        │                   │                │                                                           │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

📣 Notices:
  - Version 0.67.2 of Trivy is now available, current version is 0.67.0

To suppress version checks, run Trivy scans with the --skip-version-check flag
⚠️ SPELL / lychee - 14 errors 
[WARN ] Error creating request: InvalidPathToUri("/lib/java/logback.xml")
[403] https://www.npmjs.com/package/amplitude | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
[403] https://npmjs.org/package/npm-groovy-lint | Network error: Forbidden
[403] https://www.npmjs.com/package/insight | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/analytics | Network error: Forbidden
[403] https://www.npmjs.com/package/amplitude | Error (cached)
[403] https://npmjs.org/package/npm-groovy-lint | Error (cached)
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/analytics | Error (cached)
[403] https://www.npmjs.com/package/insight | Error (cached)
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[IGNORED] git+https://github.com/nvuillam/npm-groovy-lint.git | Unsupported: Error creating request client: builder error for url (git+https://github.com/nvuillam/npm-groovy-lint.git)
[503] https://nvd.nist.gov/vuln/detail/CVE-2021-44832 | Network error: Service Unavailable
[503] https://nvd.nist.gov/vuln/detail/CVE-2021-44832 | Network error: Service Unavailable
📝 Summary
---------------------
🔍 Total..........326
✅ Successful.....303
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........8
❓ Unknown..........0
🚫 Errors..........14

Errors in README.md
[403] https://npmjs.org/package/npm-groovy-lint | Network error: Forbidden
[403] https://www.npmjs.com/package/amplitude | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden

Errors in docs/CHANGELOG.md
[403] https://www.npmjs.com/package/analytics | Error (cached)
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/insight | Error (cached)
[503] https://nvd.nist.gov/vuln/detail/CVE-2021-44832 | Network error: Service Unavailable

Errors in CHANGELOG.md
[503] https://nvd.nist.gov/vuln/detail/CVE-2021-44832 | Network error: Service Unavailable
[403] https://www.npmjs.com/package/analytics | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Error (cached)
[403] https://www.npmjs.com/package/insight | Network error: Forbidden

Errors in docs/index.md
[403] https://www.npmjs.com/package/amplitude | Error (cached)
[403] https://npmjs.org/package/npm-groovy-lint | Error (cached)
[403] https://www.npmjs.com/package/java-caller | Error (cached)
⚠️ MARKDOWN / markdownlint - 2 errors 
docs/index.md:38:65 MD059/descriptive-link-text Link text should be descriptive [Context: "[**here**]"]
README.md:38:65 MD059/descriptive-link-text Link text should be descriptive [Context: "[**here**]"]

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant