From a120ad48dee3db254730b1d5208831f38a6f2172 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Jun 2026 09:23:19 +0000 Subject: [PATCH 1/2] chore(deps): bump actions/checkout from 6 to 7 Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/lfs-guard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 08f33ba4..1449c27b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -103,7 +103,7 @@ jobs: # under bead `ley-line-open-f10abb`. See bead `mache-802d2b`. runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: lfs: true diff --git a/.github/workflows/lfs-guard.yml b/.github/workflows/lfs-guard.yml index 1dfaaff2..312cafbb 100644 --- a/.github/workflows/lfs-guard.yml +++ b/.github/workflows/lfs-guard.yml @@ -29,7 +29,7 @@ jobs: name: assert .gitattributes adds no filter=lfs runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 # Explicit `lfs: false` so this job can run even when the org From 1c5d252ede5fe8ea5b3ea1787d9ee419b14d25af Mon Sep 17 00:00:00 2001 From: jamestexas <18285880+jamestexas@users.noreply.github.com> Date: Wed, 1 Jul 2026 15:20:38 -0600 Subject: [PATCH 2/2] ci(deps): SHA-pin actions/checkout@v7 in lfs-guard.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dependabot bumped the bare tag v6→v7 but left it unpinned. Pin to the same SHA used elsewhere in this PR so every actions/checkout ref is digest-pinned. --- .github/workflows/lfs-guard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lfs-guard.yml b/.github/workflows/lfs-guard.yml index 312cafbb..651f32fb 100644 --- a/.github/workflows/lfs-guard.yml +++ b/.github/workflows/lfs-guard.yml @@ -29,7 +29,7 @@ jobs: name: assert .gitattributes adds no filter=lfs runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 # Explicit `lfs: false` so this job can run even when the org