Bump actions/checkout from 5 to 6

[dependabot]

Bumps actions/checkout from 5 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

V5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695

... (truncated)

Commits

• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #2311
Resolves #2298
Resolves #2286
Resolves #2248
Resolves actions/checkout#2248
Resolves actions/checkout#2286
Resolves actions/checkout#2298
Resolves actions/checkout#2311
Resolves actions/checkout#2301
Resolves actions/checkout#2226
Resolves actions/checkout#2305
Resolves actions/checkout#1971
Resolves actions/checkout#1977
Resolves actions/checkout#2043
Resolves actions/checkout#2044
Resolves actions/checkout#2194
Resolves actions/checkout#2224
Resolves actions/checkout#2236
Resolves actions/checkout#1941
Resolves actions/checkout#1946
Resolves actions/checkout#1924
Resolves actions/checkout#1180
Resolves actions/checkout#1777
Resolves actions/checkout#1872
Resolves actions/checkout#1739
Resolves actions/checkout#1697
Resolves actions/checkout#1774
Resolves actions/checkout#1776
Resolves actions/checkout#1732
Resolves actions/checkout#1703
Resolves actions/checkout#1694
Resolves actions/checkout#1696
Resolves actions/checkout#1695

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Review Results

Code Quality

✅ Code follows style guide - This is a GitHub Actions workflow update, not application code. The YAML formatting is correct and follows standard GitHub Actions conventions.

✅ No commented-out code - The change is clean with no commented code.

✅ Meaningful variable names - Not applicable; this is a version bump of a GitHub Action.

✅ DRY principle followed - Not applicable to this change.

✅ Identify Defects - No bugs, logic errors, or security vulnerabilities introduced. The upgrade from actions/checkout@v5 to actions/checkout@v6 is a standard dependency update that improves the workflow with the latest features and security patches from GitHub.

File: .github/workflows/pylint.yaml:19

Testing

✅ Unit tests for new functions - Not applicable; no new functions added.

✅ Integration tests for new endpoints - Not applicable; no new endpoints.

✅ Edge cases covered - Not applicable; this is a dependency version bump.

✅ Test coverage > 80% - Not applicable; the change doesn't affect test coverage.

Documentation

✅ Readme updated if needed - Not needed; this is an internal workflow dependency update that doesn't change user-facing functionality.

✅ API docs updated - Not applicable; no API changes.

✅ Inline comments for complex logic - Not needed; the change is self-explanatory.

⚠️ CHANGELOG.md updated - Cannot verify if CHANGELOG needs updating without seeing it, but typically patch-level workflow dependency updates don't require CHANGELOG entries unless your project policy requires documenting all dependency updates.

Security

✅ No hardcoded credentials - No credentials in this change.

✅ Input validation implemented - Not applicable to this change.

✅ Proper error handling - Not applicable to this change.

✅ No sensitive data in logs - No sensitive data introduced.

✅ No license files (.lic) or AQAAAD strings - None present in this change.

---

Summary

Overall Assessment: ✅ APPROVED

This is a safe, routine maintenance update upgrading the GitHub Actions checkout action from v5 to v6. The change:

• Follows GitHub's recommended practice of keeping actions up-to-date
• Maintains the existing configuration (persist-credentials: false)
• Introduces no functional changes to the application code
• Poses no security risks

Recommendation: Approve and merge. This is a low-risk dependency update that keeps the workflow current with GitHub's latest action version.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide

• This is a GitHub Actions workflow configuration change (.github/workflows/pylint.yaml:19)
• The change updates the actions/checkout version from v5 to v6
• Workflow YAML follows standard GitHub Actions formatting conventions
• No code style issues present

✅ No commented-out code

• No commented code found in the diff

✅ Meaningful variable names

• N/A - This change only updates a version number in a workflow dependency

✅ DRY principle followed

• N/A - Single line version bump, no duplication concerns

✅ No defects identified

• This is a straightforward dependency version update
• The actions/checkout@v6 action is a stable, official GitHub action
• The persist-credentials: false configuration is maintained, which is good for security
• No bugs, logic errors, edge cases, race conditions, memory leaks, or security vulnerabilities introduced
• The change is compatible with the Python versions being tested (3.8, 3.9, 3.10)

Testing

✅ Tests not required for this change

• This is an infrastructure/CI configuration change to a GitHub Actions workflow
• The workflow itself tests the codebase via pylint
• Unit tests, integration tests, edge cases, and coverage requirements don't apply to workflow version bumps
• The workflow will validate itself on execution

Documentation

✅ Documentation appropriate

• .github/workflows/pylint.yaml:19 - Workflow files are self-documenting
• README updates not needed for internal CI dependency updates
• API docs not applicable
• CHANGELOG.md - Recommendation: Consider adding an entry if your project documents infrastructure changes, though dependency bumps in CI workflows are often excluded from changelogs

Security

✅ No hardcoded credentials

• No credentials present; persist-credentials: false is explicitly set (security best practice)

✅ Input validation implemented

• N/A - No user input handling in this change

✅ Proper error handling

• N/A - GitHub Actions handles workflow execution errors

✅ No sensitive data in logs

• No logging changes; no sensitive data introduced

✅ No license files or AQAAAD strings

• No .lic files or AQAAAD strings present in the diff

---

Summary

APPROVED ✅

This is a clean, low-risk dependency update from actions/checkout@v5 to actions/checkout@v6 in the pylint workflow. The change:

• Maintains existing security configuration (persist-credentials: false)
• Updates to the latest stable version of a core GitHub Action
• Introduces no code quality, security, or functionality concerns
• Requires no additional testing or documentation

Minor Recommendation: If your CHANGELOG.md tracks infrastructure updates, consider adding a brief entry. Otherwise, this change is ready to merge.

Automated code review analyzing defects and coding standards