chore(deps): bump actions/checkout from 4.2.2 to 7.0.0

[dependabot]

Bumps actions/checkout from 4.2.2 to 7.0.0.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

• block checking out fork pr for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462
• getting ready for checkout v7 release by @​aiqiaoy in actions/checkout#2464
• update error wording by @​aiqiaoy in actions/checkout#2467

New Contributors

• @​aiqiaoy made their first contribution in actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298

... (truncated)

Commits

• 9c091bb update error wording (#2467)
• 1044a6d getting ready for checkout v7 release (#2464)
• f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
• d914b26 upgrade module to esm and update dependencies (#2463)
• 537c7ef Bump @​actions/core and @​actions/tool-cache and Remove uuid (#2459)
• 130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
• 7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
• 0f9f3aa Bump actions/publish-immutable-action (#2458)
• f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
• df4cb1c Update changelog for v6.0.3 (#2446)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Bump actions/checkout to v7.0.0 across all CI workflows

Updates the pinned commit hash for actions/checkout in all GitHub Actions workflow files. The release-attestation.yml workflow is also updated from the floating @v7 tag to the explicit @v7.0.0 pin.

^{Macroscope summarized 405413b.}

[dependabot]

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[sonarqubecloud]

❌ The last analysis has failed.

See analysis details on SonarQube Cloud

[kilo-code-bot]

WARNING: Inaccurate version annotation - comment says # v4 but the pinned SHA corresponds to v7.0.0

This inline annotation is now stale after the major version bump. It could mislead future maintainers reviewing the action version in use. Consider updating the comment to # v7 or removing the annotation entirely.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

WARNING: Inaccurate version annotation - comment says # v4 but the pinned SHA corresponds to v7.0.0

This inline annotation is now stale after the major version bump. It could mislead future maintainers reviewing the action version in use. Consider updating the comment to # v7 or removing the annotation entirely.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

WARNING: Inaccurate version annotation - comment says # v4 but the pinned SHA corresponds to v7.0.0

This inline annotation is now stale after the major version bump. It could mislead future maintainers reviewing the action version in use. Consider updating the comment to # v7 or removing the annotation entirely.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

WARNING: Inaccurate version annotation - comment says # v4 but the pinned SHA corresponds to v7.0.0

This inline annotation is now stale after the major version bump. It could mislead future maintainers reviewing the action version in use. Consider updating the comment to # v7 or removing the annotation entirely.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

WARNING: Inaccurate version annotation - comment says # v4 but the pinned SHA corresponds to v7.0.0

This inline annotation is now stale after the major version bump. It could mislead future maintainers reviewing the action version in use. Consider updating the comment to # v7 or removing the annotation entirely.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

WARNING: Inaccurate version annotation - comment says # v4 but the pinned SHA corresponds to v7.0.0

This inline annotation is now stale after the major version bump. It could mislead future maintainers reviewing the action version in use. Consider updating the comment to # v7 or removing the annotation entirely.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

Code Review Summary

Status: 6 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
WARNING	6

Issue Details (click to expand)

WARNING

File	Line	Issue
.github/workflows/cargo-machete.yml	24	Inaccurate version annotation - comment says # v4 but pinned SHA corresponds to v7.0.0
.github/workflows/cargo-semver-checks.yml	19	Inaccurate version annotation - comment says # v4 but pinned SHA corresponds to v7.0.0
.github/workflows/doc-links.yml	17	Inaccurate version annotation - comment says # v4 but pinned SHA corresponds to v7.0.0
.github/workflows/fr-coverage.yml	17	Inaccurate version annotation - comment says # v4 but pinned SHA corresponds to v7.0.0
.github/workflows/quality-gate.yml	18	Inaccurate version annotation - comment says # v4 but pinned SHA corresponds to v7.0.0
.github/workflows/scorecard.yml	29	Inaccurate version annotation - comment says # v4 but pinned SHA corresponds to v7.0.0

Files Reviewed (7 files)

• .github/workflows/cargo-machete.yml - 1 issue
• .github/workflows/cargo-semver-checks.yml - 1 issue
• .github/workflows/doc-links.yml - 1 issue
• .github/workflows/fr-coverage.yml - 1 issue
• .github/workflows/quality-gate.yml - 1 issue
• .github/workflows/release-attestation.yml
• .github/workflows/scorecard.yml - 1 issue

Fix these issues in Kilo Cloud

---

_{Reviewed by step-3.7-flash-20260528 · Input: 53.9K · Output: 7.9K · Cached: 158.3K}