chore(deps): bump actions/checkout from 4.2.2 to 6.0.2

[dependabot]

Bumps actions/checkout from 4.2.2 to 6.0.2.

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[kilo-code-bot]

SUGGESTION: Minor version bump (v6 → v6.0.2)

Semantically safe patch-level update. Consider standardizing all checkouts to v6.0.2 for consistency across the workspace.

[kilo-code-bot]

SUGGESTION: Minor version bump (v6 → v6.0.2)

Semantically safe patch-level update. Consider standardizing all checkouts to v6.0.2 for consistency across the workspace.

[kilo-code-bot]

SUGGESTION: Minor version bump (v6 → v6.0.2)

Semantically safe patch-level update. Consider standardizing all checkouts to v6.0.2 for consistency across the workspace.

[kilo-code-bot]

WARNING: Pinned to commit SHA instead of semantic version

Using @de0fac2e4500dabe0009e67214ff5f5447ce83dd makes it unclear what version is in use and is harder to maintain. Replace with @v6.0.2 to match semantic versioning.

[kilo-code-bot]

WARNING: Pinned to commit SHA instead of semantic version

Using @de0fac2e4500dabe0009e67214ff5f5447ce83dd makes it unclear what version is in use and is harder to maintain. Replace with @v6.0.2 to match semantic versioning.

[kilo-code-bot]

WARNING: Pinned to commit SHA instead of semantic version

Using @de0fac2e4500dabe0009e67214ff5f5447ce83dd makes it unclear what version is in use and is harder to maintain. Replace with @v6.0.2 to match semantic versioning.

[kilo-code-bot]

WARNING: Pinned to commit SHA instead of semantic version

Using @de0fac2e4500dabe0009e67214ff5f5447ce83dd makes it unclear what version is in use and is harder to maintain. Replace with @v6.0.2 to match semantic versioning.

[kilo-code-bot]

WARNING: Pinned to commit SHA instead of semantic version

Using @de0fac2e4500dabe0009e67214ff5f5447ce83dd makes it unclear what version is in use and is harder to maintain. Replace with @v6.0.2 to match semantic versioning.

[kilo-code-bot]

WARNING: Pinned to commit SHA instead of semantic version

Using @de0fac2e4500dabe0009e67214ff5f5447ce83dd makes it unclear what version is in use and is harder to maintain. Replace with @v6.0.2 to match semantic versioning.

[kilo-code-bot]

WARNING: Pinned to commit SHA instead of semantic version

Using @de0fac2e4500dabe0009e67214ff5f5447ce83dd makes it unclear what version is in use and is harder to maintain. Replace with @v6.0.2 to match semantic versioning.

[kilo-code-bot]

Code Review Summary

Status: 2 Issues Found | Recommendation: Changes Requested

Overview

Severity	Count
CRITICAL	0
WARNING	2
SUGGESTION	1
CONSIDER	1

Issue Details (click to expand)

WARNING

File	Line	Issue
.github/workflows/doc-links.yml	11	Pinned to commit SHA instead of semantic version
.github/workflows/fr-coverage.yml	11	Pinned to commit SHA instead of semantic version
.github/workflows/pages.yml	26	Pinned to commit SHA instead of semantic version
.github/workflows/quality-gate.yml	12	Pinned to commit SHA instead of semantic version
.github/workflows/release.yml	23	Pinned to commit SHA instead of semantic version
.github/workflows/scorecard.yml	26	Pinned to commit SHA instead of semantic version
.github/workflows/trufflehog.yml	14	Pinned to commit SHA instead of semantic version

SUGGESTION

File	Line	Issue
.github/workflows/cargo-audit.yml	25	Minor version bump (v6 → v6.0.2)
.github/workflows/codeql-rust.yml	27	Minor version bump (v6 → v6.0.2)
.github/workflows/codeql.yml	31	Minor version bump (v6 → v6.0.2)

CONSIDER

File	Line	Issue
.github/workflows/scorecard.yml	26	actions/checkout v6 requires minimum Actions Runner v2.327.1; persist-credentials: false is correctly set for this security-sensitive workflow

Other Observations (not in diff)

No issues found in unchanged code.

Files Reviewed (10 files)

• .github/workflows/cargo-audit.yml - version tag update
• .github/workflows/codeql-rust.yml - version tag update
• .github/workflows/codeql.yml - version tag update
• .github/workflows/doc-links.yml - commit SHA update
• .github/workflows/fr-coverage.yml - commit SHA update
• .github/workflows/pages.yml - commit SHA update
• .github/workflows/quality-gate.yml - commit SHA update
• .github/workflows/release.yml - commit SHA update
• .github/workflows/scorecard.yml - commit SHA update
• .github/workflows/trufflehog.yml - commit SHA update

---

Fix these issues in Kilo Cloud

---

_{Reviewed by step-3.5-flash · 295,085 tokens}