chore(deps): bump actions/checkout from 4.2.2 to 6.0.2 in the actions-core group

[dependabot]

Bumps the actions-core group with 1 update: actions/checkout.

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[lerian-studio]

🔍 PR Validation Summary

✅ PR Mergeable — no blocking failures

Check	Status	Blocking
Source Branch	✅ success	yes
PR Title	✅ success	yes
PR Description	✅ success	yes
PR Size	✅ success	no
Auto Labels	✅ success	no
PR Metadata	✅ success	no

---

_{🔍 View workflow run}

[lerian-studio]

🔍 Lint Analysis

Check	Files Scanned	Status
YAML Lint	6 file(s)	✅ success
Action Lint	6 file(s)	❌ failure
Pinned Actions	6 file(s)	❌ failure
Markdown Link Check	no changes	⏭️ skipped
Spelling Check	6 file(s)	✅ success
Shell Check	6 file(s)	✅ success
README Check	6 file(s)	✅ success
Composite Schema	no changes	⏭️ skipped
Deployment Matrix	no changes	⏭️ skipped

❌ Failures (2)

Action Lint

.github/workflows/dispatch-helm.yml

• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:8:27: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:7:12: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:6:46: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:5:61: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:4:12: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:3:32: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:13:138: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:11:50: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 335) — shellcheck reported issue in this script: SC2086:info:10:50: Double quote to prevent globbing and word splitting
• .github/workflows/dispatch-helm.yml (line 109) — shellcheck reported issue in this script: SC2086:info:171:46: Double quote to prevent globbing and word splitting

Pinned Actions

.github/workflows/go-ci.yml

• .github/workflows/go-ci.yml (line 149) — External action not pinned by SHA: uses: golangci/golangci-lint-action@v9 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 143) — External action not pinned by SHA: uses: actions/setup-go@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 140) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 129) — External action not pinned by SHA: uses: fgrosse/go-coverage-report@v1.3.0 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 124) — External action not pinned by SHA: uses: actions/download-artifact@v8 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 121) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 104) — External action not pinned by SHA: uses: actions/upload-artifact@v7 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 85) — External action not pinned by SHA: uses: actions/setup-go@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-ci.yml (line 82) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)

.github/workflows/dispatch-helm.yml

• .github/workflows/dispatch-helm.yml (line 103) — External action not pinned by SHA: uses: actions/checkout@v6.0.2 (use full commit SHA with a # vX.Y.Z comment)

---

_{🔍 View full scan logs}

[lerian-studio]

🛡️ CodeQL Analysis Results

Languages analyzed: actions

✅ No security issues found.

---

_{🔍 View full scan logs | 🛡️ Security tab}