chore(deps): bump actions/checkout from 6 to 7

[dependabot]

Bumps actions/checkout from 6 to 7.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

• block checking out fork pr for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462
• getting ready for checkout v7 release by @​aiqiaoy in actions/checkout#2464
• update error wording by @​aiqiaoy in actions/checkout#2467

New Contributors

• @​aiqiaoy made their first contribution in actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462

v6.0.3

• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

... (truncated)

Commits

• 9c091bb update error wording (#2467)
• 1044a6d getting ready for checkout v7 release (#2464)
• f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
• d914b26 upgrade module to esm and update dependencies (#2463)
• 537c7ef Bump @​actions/core and @​actions/tool-cache and Remove uuid (#2459)
• 130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
• 7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
• 0f9f3aa Bump actions/publish-immutable-action (#2458)
• f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[qodo-for-releng]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: security

Failed stage: OWASP check [❌]

Failed test name: ""

Failure summary: The action failed during an OWASP Dependency-Check run because it could not update the NVD (National Vulnerability Database) data feed. - Dependency-Check repeatedly retried NVD API requests (at least 15–31 retries) and ultimately failed with NVD Returned Status Code: 503 (service unavailable). - This caused a fatal org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data (see stack trace around NvdApiDataSource.processApi(NvdApiDataSource.java:387)). - Dependency-Check then aborted the scan (Unable to continue dependency-check analysis) and exited with code 13.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 556: pythonLocation: /opt/hostedtoolcache/Python/3.10.20/x64 557: PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.10.20/x64/lib/pkgconfig 558: Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.10.20/x64 559: Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.10.20/x64 560: Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.10.20/x64 561: LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.10.20/x64/lib 562: GHA_PIP_AUDIT_SUMMARY: true 563: GHA_PIP_AUDIT_NO_DEPS: false 564: GHA_PIP_AUDIT_REQUIRE_HASHES: false 565: GHA_PIP_AUDIT_VULNERABILITY_SERVICE: PyPI 566: GHA_PIP_AUDIT_VIRTUAL_ENVIRONMENT: 567: GHA_PIP_AUDIT_LOCAL: false 568: GHA_PIP_AUDIT_INDEX_URL: 569: GHA_PIP_AUDIT_EXTRA_INDEX_URLS: 570: GHA_PIP_AUDIT_IGNORE_VULNS: 571: GHA_PIP_AUDIT_INTERNAL_BE_CAREFUL_ALLOW_FAILURE: false 572: GHA_PIP_AUDIT_INTERNAL_BE_CAREFUL_EXTRA_FLAGS: ... 726: inflating: dependency-check/lib/semver4j-5.8.0.jar 727: inflating: dependency-check/lib/slf4j-api-2.0.17.jar 728: inflating: dependency-check/lib/snakeyaml-2.5.jar 729: inflating: dependency-check/lib/spotbugs-annotations-4.9.8.jar 730: inflating: dependency-check/lib/toml4j-0.7.2.jar 731: inflating: dependency-check/lib/velocity-engine-core-2.4.1.jar 732: inflating: dependency-check/lib/xz-1.9.jar 733: inflating: dependency-check/LICENSE.txt 734: inflating: dependency-check/NOTICE.txt 735: inflating: dependency-check/licenses/commons-cli/LICENSE.txt 736: inflating: dependency-check/README.md 737: [WARN] '--disableRetireJS' is deprecated and may be removed in the next major release, please migrate to '--disableRetireJs' 738: [WARN] ossIndexPassword used on the command line, consider moving the password to a properties file using the key `analyzer.ossindex.password` and using the --propertyfile argument instead 739: [INFO] Checking for updates 740: [INFO] NVD API has 342,130 records in this update 741: [WARN] NVD API request failures are occurring; retrying request for the 15th time 742: [WARN] NVD API request failures are occurring; retrying request for the 16th time 743: [WARN] NVD API request failures are occurring; retrying request for the 17th time 744: [WARN] NVD API request failures are occurring; retrying request for the 18th time 745: [WARN] NVD API request failures are occurring; retrying request for the 19th time 746: [WARN] NVD API request failures are occurring; retrying request for the 20th time 747: [WARN] NVD API request failures are occurring; retrying request for the 21st time 748: [WARN] NVD API request failures are occurring; retrying request for the 22nd time 749: [WARN] NVD API request failures are occurring; retrying request for the 23rd time 750: [WARN] NVD API request failures are occurring; retrying request for the 24th time 751: [WARN] NVD API request failures are occurring; retrying request for the 25th time 752: [WARN] NVD API request failures are occurring; retrying request for the 26th time 753: [WARN] NVD API request failures are occurring; retrying request for the 27th time 754: [WARN] NVD API request failures are occurring; retrying request for the 28th time 755: [WARN] NVD API request failures are occurring; retrying request for the 29th time 756: [WARN] NVD API request failures are occurring; retrying request for the 30th time 757: [WARN] NVD API request failures are occurring; retrying request for the 31st time 758: [ERROR] Error updating the NVD Data 759: org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data 760: at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:387) ... 762: at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:887) 763: at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:692) 764: at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:619) 765: at org.owasp.dependencycheck.App.runScan(App.java:265) 766: at org.owasp.dependencycheck.App.run(App.java:197) 767: at org.owasp.dependencycheck.App.main(App.java:88) 768: Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiException: NVD Returned Status Code: 503 769: at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:445) 770: at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:356) 771: at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:343) 772: ... 7 common frames omitted 773: [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json 774: [INFO] Begin database defrag 775: [INFO] End database defrag (5671 ms) 776: [WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. 777: [ERROR] Unable to continue dependency-check analysis. 778: [ERROR] One or more fatal errors occurred 779: [ERROR] Error updating the NVD Data 780: [ERROR] No documents exist 781: ##[error]Process completed with exit code 13. 782: ##[group]Run actions/upload-artifact@v7