chore(deps): Bump actions/checkout from 4 to 6#97
Conversation
dependabot
bot
added
dependencies
|
You have reached your Codex rate limits. Please try again later. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/ui/src/integrations/apps-sdk-wrapper/index.tsx">
<violation number="1" location="packages/ui/src/integrations/apps-sdk-wrapper/index.tsx:24">
P2: All changed lines use tab indentation, but the project's `biome.json` and `.editorconfig` both mandate 2-space indentation for `.tsx` files. This will fail CI formatting checks. Re-format with `biome format --write` or your editor's formatter.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
1 issue found across 4 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/astudio-make-template/package.json">
<violation number="1" location="packages/astudio-make-template/package.json:14">
P2: Incomplete rename: dependency changed to `@design-studio/astudio-icons` but the guidelines files in this package still reference the old `@design-studio/icons` name. Since `guidelines/` is a published artifact, users following the template will get broken import examples.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
2 issues found across 3 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="docs/design-system/COVERAGE_MATRIX.json">
<violation number="1" location="docs/design-system/COVERAGE_MATRIX.json:822">
P2: The renamed `card` entry lost the `widget_used: true` tracking that the previous `Card` entry had. If the Card component is still used in the widget surface, this should be preserved to keep the coverage matrix accurate.</violation>
</file>
<file name="docs/design-system/COVERAGE_MATRIX.md">
<violation number="1" location="docs/design-system/COVERAGE_MATRIX.md:62">
P2: 16 duplicate component entries introduced with conflicting metadata. For example, both `Accordion` (Source: radix_fallback, Fallback: radix) and `accordion` (Source: local_primitive, Fallback: -) now exist in the matrix. This applies to Accordion, Avatar, Badge, Breadcrumb, Button, Checkbox, Dialog, Label, Popover, Select, Separator, Sheet, Slider, Switch, Tabs, and Tooltip. Since this file is generated by `scripts/generate-coverage-matrix.ts`, the generator script likely needs to deduplicate or normalize component names to avoid these conflicting entries.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
1 issue found across 3 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="docs/design-system/COVERAGE_MATRIX.json">
<violation number="1" location="docs/design-system/COVERAGE_MATRIX.json:764">
P2: Bug: `status` field incorrectly set to `"widget_used"` instead of `"active"`. This looks like the field name from the adjacent `widget_used` boolean leaked into the `status` value. Every other component in the matrix has `"status": "active"`. The intended change was likely only to flip `widget_used` to `true` while keeping the status as `"active"`.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
|
Automation triage update: resolved actionable review comments (including wrapper formatting and matrix data-quality feedback), repaired lockfile, and fixed matrix generation path failures on this branch. Remaining blocker is CI \ failing in \ with broad repo-baseline errors (TS6307 + missing icon/apps-sdk exports) unrelated to the checkout-action bump itself.\n\nManual next step: merge a baseline typecheck stabilization change to , then update/re-run this Dependabot PR. |
|
Blocker note: build (ubuntu-latest) fails at Type-check packages with broad baseline errors (TS6307 project file-list, missing icon exports, missing integrations/apps-sdk types). These are repo-wide and not isolated to this Dependabot bump. Next step: land a dedicated baseline typecheck stabilization PR on main, then update and rerun PR #97. |
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
jscraik
force-pushed
the
dependabot/github_actions/actions/checkout-6
branch
from
eb0972f to
71d8f11
Compare
|
The latest updates on your projects. Learn more about Argos notifications ↗︎
|
1 participant
Bumps actions/checkout from 4 to 6.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by cubic
Bumped actions/checkout to v6 in the CodeQL workflow to support Node.js 24 and use safer persisted credentials.
Written for commit 71d8f11. Summary will update on new commits.