bot: bump actions/checkout from 4 to 5

[dependabot]

Bumps actions/checkout from 4 to 5.

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236
• Prepare release v4.3.0 by @​salmanmkc in actions/checkout#2237

New Contributors

• @​motss made their first contribution in actions/checkout#1971
• @​mouismail made their first contribution in actions/checkout#1977
• @​benwells made their first contribution in actions/checkout#2043
• @​nebuk89 made their first contribution in actions/checkout#2194
• @​salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Commits

• 08c6903 Prepare v5.0.0 release (#2238)
• 9f26565 Update actions checkout to use node 24 (#2226)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @Klintrup.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[codara-ai-code-review]

Potential issues, bugs, and flaws that can introduce unwanted behavior.

1. Use of Specific Commit SHA:
   /github/workflows/sonarcloud.yml - The change from a version tag v4.2.2 to a specific commitSHA (ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493) can lead to instability or unexpected behavior if that commit has bugs or is not as stable as the tagged version. It is generally recommended to pin dependencies to versions (e.g., major.minor.patch) rather than to commit hashes for better stability.

2. Lack of Version Specifications for Checkout Actions:
   /github/workflows/codacy.yml, /github/workflows/lint.yml, /github/workflows/megalinter.yml, /github/workflows/tags.yml - The updates to checkout actions are using the latest (v5) which could introduce breaking changes. It is advisable to specify a version to ensure builds do not break unexpectedly due to upstream changes.

Code suggestions and improvements for better exception handling, logic, standardization, and consistency.

1. Standardize the Checkout Action Version Across All Workflows:
   /github/workflows/codacy.yml, /github/workflows/lint.yml, /github/workflows/megalinter.yml, /github/workflows/tags.yml - Instead of using v5, you might want to consider setting a specific version that you can test and validate during CI workflows. This practice avoids unexpected errors if a new version introduces breaking changes or bugs.

2. Consider Using the same Action Version for Features:
   /github/workflows/codacy.yml, /github/workflows/lint.yml, /github/workflows/megalinter.yml, /github/workflows/tags.yml - Align all actions using actions/checkout to the same version to minimize discrepancies in behavior during different workflows. This makes it easier to maintain and troubleshoot issues.

3. Add Comments on Checkout Version Selections:
   /github/workflows/sonarcloud.yml - Include comments to explain why a specific commit SHA or version was chosen for clarity. This aids future developers in understanding the decision-making process and the potential risks of using a specific commit.

4. Testing After Upgrades:
   All modified files - It would be beneficial to incorporate a step in your workflow after upgrading the action versions to verify that all required functionalities work correctly. Automated testing should confirm that any integration of new versions does not break existing functionality.

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ BASH	bash-exec	1		0	0	0.36s
✅ BASH	shellcheck	1		0	0	0.07s
✅ BASH	shfmt	1	0	0	0	0.01s
✅ COPYPASTE	jscpd	yes		no	no	1.26s
✅ MARKDOWN	markdownlint	2	0	0	0	0.57s
✅ MARKDOWN	markdown-table-formatter	3	0	0	0	0.2s
✅ REPOSITORY	gitleaks	yes		no	no	0.14s
✅ REPOSITORY	git_diff	yes		no	no	0.21s
✅ REPOSITORY	grype	yes		no	no	24.62s
✅ REPOSITORY	syft	yes		no	no	1.06s
✅ REPOSITORY	trivy	yes		no	no	6.65s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.09s
✅ REPOSITORY	trufflehog	yes		no	no	2.17s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.0.1 --custom-flavor-setup --custom-flavor-linters BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,COPYPASTE_JSCPD,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG

[Klintrup]

@dependabot merge

…

On Mon, Aug 25, 2025 at 6:04 PM github-actions[bot] < ***@***.***> wrote: *github-actions[bot]* left a comment (Klintrup/check_smartarray#40) <#40 (comment)> 🦙 MegaLinter <https://megalinter.io/8.8.0> status: ✅ SUCCESS <https://github.com/Klintrup/check_smartarray/actions/runs/17214077992> Descriptor Linter Files Fixed Errors Warnings Elapsed time ✅ BASH bash-exec <https://megalinter.io/8.8.0/descriptors/bash_bash_exec> 1 0 0 0.21s ✅ BASH shellcheck <https://megalinter.io/8.8.0/descriptors/bash_shellcheck> 1 0 0 0.08s ✅ BASH shfmt <https://megalinter.io/8.8.0/descriptors/bash_shfmt> 1 0 0 0 0.01s ✅ COPYPASTE jscpd <https://megalinter.io/8.8.0/descriptors/copypaste_jscpd> yes no no 1.25s ✅ MARKDOWN markdownlint <https://megalinter.io/8.8.0/descriptors/markdown_markdownlint> 2 0 0 0 0.55s ✅ MARKDOWN markdown-link-check <https://megalinter.io/8.8.0/descriptors/markdown_markdown_link_check> 3 0 0 3.93s ✅ MARKDOWN markdown-table-formatter <https://megalinter.io/8.8.0/descriptors/markdown_markdown_table_formatter> 3 0 0 0 0.18s ✅ REPOSITORY checkov <https://megalinter.io/8.8.0/descriptors/repository_checkov> yes no no 10.25s ✅ REPOSITORY gitleaks <https://megalinter.io/8.8.0/descriptors/repository_gitleaks> yes no no 0.06s ✅ REPOSITORY git_diff <https://megalinter.io/8.8.0/descriptors/repository_git_diff> yes no no 0.0s ✅ REPOSITORY grype <https://megalinter.io/8.8.0/descriptors/repository_grype> yes no no 26.47s ✅ REPOSITORY syft <https://megalinter.io/8.8.0/descriptors/repository_syft> yes no no 1.53s ✅ REPOSITORY trivy <https://megalinter.io/8.8.0/descriptors/repository_trivy> yes no no 5.05s ✅ REPOSITORY trivy-sbom <https://megalinter.io/8.8.0/descriptors/repository_trivy_sbom> yes no no 0.09s ✅ REPOSITORY trufflehog <https://megalinter.io/8.8.0/descriptors/repository_trufflehog> yes no no 2.13s See detailed report in MegaLinter reports <https://github.com/Klintrup/check_smartarray/actions/runs/17214077992> [image: MegaLinter is graciously provided by OX Security] <https://www.ox.security/?ref=megalinter> — Reply to this email directly, view it on GitHub <#40 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AENCFGPDC3GQB5UTTVA3B3L3PMXXZAVCNFSM6AAAAACEYIGIGGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTEMRQHA2TIMJYGY> . You are receiving this because your review was requested.Message ID: ***@***.***>

[Klintrup]

@dependabot recreate

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud