chore(deps): update actions/checkout action to v7 by renovate[bot] · Pull Request #90 · netresearch/composer-agent-skill-plugin

renovate · 2026-06-18T21:38:49Z

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	`v6.0.3` → `v7.0.0`

Release Notes

actions/checkout (actions/checkout)

`v7.0.0`

Compare Source

Block checking out fork PR for pull_request_target and workflow_run by @aiqiaoy in #2454
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in #2458
Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in #2460
Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in #2461
Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in #2459
upgrade module to esm and update dependencies by @aiqiaoy in #2463
Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #2462

`v7`

Compare Source

Block checking out fork PR for pull_request_target and workflow_run by @aiqiaoy in #2454
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in #2458
Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in #2460
Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in #2461
Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in #2459
upgrade module to esm and update dependencies by @aiqiaoy in #2463
Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #2462

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2026-06-18T21:39:26Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

actions/actions/checkout

9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0

🟢 5.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	⚠️ 2	3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 9	security policy file detected
SAST	🟢 8	SAST tool detected but not run on all commits
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches

Scanned Files

.github/workflows/ci.yml

sonarqubecloud · 2026-06-18T21:39:47Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

codecov · 2026-06-18T21:40:15Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.71%. Comparing base (98ffca2) to head (7d7e9b1).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main      #90   +/-   ##
=========================================
  Coverage     66.71%   66.71%           
  Complexity      807      807           
=========================================
  Files            45       45           
  Lines          2289     2289           
=========================================
  Hits           1527     1527           
  Misses          762      762

Flag	Coverage Δ
unittests	`66.71% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

chore(deps): update actions/checkout action to v7

7d7e9b1

github-actions Bot approved these changes Jun 18, 2026

View reviewed changes

github-actions Bot merged commit 3f329fc into main Jun 18, 2026
30 checks passed

github-actions Bot added the ci label Jun 18, 2026

renovate Bot deleted the renovate/actions-checkout-7.x branch June 18, 2026 21:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update actions/checkout action to v7#90

chore(deps): update actions/checkout action to v7#90
github-actions[bot] merged 1 commit into
mainfrom
renovate/actions-checkout-7.x

renovate Bot commented Jun 18, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jun 18, 2026

Uh oh!

sonarqubecloud Bot commented Jun 18, 2026

Uh oh!

codecov Bot commented Jun 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

renovate Bot commented Jun 18, 2026

Release Notes

v7.0.0

v7

Configuration

Uh oh!

Uh oh!

github-actions Bot commented Jun 18, 2026

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

sonarqubecloud Bot commented Jun 18, 2026

Quality Gate passed

Uh oh!

codecov Bot commented Jun 18, 2026

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v7.0.0`

`v7`