diff --git a/.github/workflows/add-push-artifacts.yml b/.github/workflows/add-push-artifacts.yml index 2391dca3522c08..4b745ae2afe573 100644 --- a/.github/workflows/add-push-artifacts.yml +++ b/.github/workflows/add-push-artifacts.yml @@ -11,7 +11,7 @@ jobs: name: Enumerate and diff features runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 # get the full repository checkout, not just the inciting commit persist-credentials: false diff --git a/.github/workflows/pr-review-companion.yml b/.github/workflows/pr-review-companion.yml index 9b3ba2c945b261..b3c88ec4c4144d 100644 --- a/.github/workflows/pr-review-companion.yml +++ b/.github/workflows/pr-review-companion.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/pr-reviewdog.yml b/.github/workflows/pr-reviewdog.yml index fc76303abe3519..4433a61e366c0c 100644 --- a/.github/workflows/pr-reviewdog.yml +++ b/.github/workflows/pr-reviewdog.yml @@ -64,7 +64,7 @@ jobs: - name: Checkout if: steps.identify-pr.outputs.number - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: browser-compat-data ref: main diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index bab9b1fa73f1d1..aa128895a0ddc9 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ env.REF }} diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index a7c1e1a65ef4fe..9c81afc624f24e 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 fetch-tags: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 86a71e9503f86c..7d95d48477c411 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout (BCD) - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 09b3a29bb53433..427da53870c911 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -86,7 +86,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -125,14 +125,14 @@ jobs: # Base - name: Checkout (base) - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ steps.base.outputs.ref }} path: base persist-credentials: false - name: Checkout (PR) - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: pr persist-credentials: false diff --git a/.github/workflows/update-browser-releases.yml b/.github/workflows/update-browser-releases.yml index 07d27eb7a670e5..2d35c747fe6555 100644 --- a/.github/workflows/update-browser-releases.yml +++ b/.github/workflows/update-browser-releases.yml @@ -18,7 +18,7 @@ jobs: env: RESULT: "" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 # get the full repository checkout, not just the inciting commit persist-credentials: false diff --git a/.github/workflows/update-mdn-urls.yml b/.github/workflows/update-mdn-urls.yml index fbc087c442d6fa..9b93b3f3396a67 100644 --- a/.github/workflows/update-mdn-urls.yml +++ b/.github/workflows/update-mdn-urls.yml @@ -19,12 +19,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.head_ref }} token: ${{ secrets.GH_TOKEN }} # Need credentials to push changes. persist-credentials: true + # Checking out this Dependabot PR is safe. + allow-unsafe-pr-checkout: true - name: Setup Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/update-web-features.yml b/.github/workflows/update-web-features.yml index 9db601ecdfec7b..9ad59463d4fb04 100644 --- a/.github/workflows/update-web-features.yml +++ b/.github/workflows/update-web-features.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.head_ref }} token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/update-webdriver-bidi-data.yml b/.github/workflows/update-webdriver-bidi-data.yml index 259057a27c8e9b..8e36b8e71e21b0 100644 --- a/.github/workflows/update-webdriver-bidi-data.yml +++ b/.github/workflows/update-webdriver-bidi-data.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false