Dayclone · dependabot · Jan 30, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
@@ -40,7 +40,7 @@ jobs:
         node-version: ['20', '22']
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
@@ -67,7 +67,7 @@ jobs:
     needs: [lint, test]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
@@ -100,7 +100,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         uses: actions/setup-node@v4

diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -31,7 +31,7 @@ jobs:
       PROTECTED_BRANCHES: "main,master,production,prod,staging,develop"
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Determine branch name and mode
         id: config

diff --git a/.github/workflows/compliance-check-reference.yml b/.github/workflows/compliance-check-reference.yml
@@ -214,7 +214,7 @@ jobs:
       # This prevents malicious PRs from injecting code into the AI prompt.
       - name: Checkout base branch (for trusted prompt)
         if: github.event_name != 'issue_comment' || steps.validate.outputs.should_proceed == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # Initialize bot credentials and OpenCode API access
       - name: Bot Setup
@@ -373,7 +373,7 @@ jobs:
       # The prompt is already secured in /tmp
       - name: Checkout PR Head for Diff Generation
         if: github.event_name != 'issue_comment' || steps.validate.outputs.should_proceed == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ steps.pr_info.outputs.head_sha }}
           fetch-depth: 0  # Full history needed for diff

diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
@@ -11,7 +11,7 @@ jobs:
     if: github.event.pull_request.draft == false
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Check PR title format
         run: |
@@ -37,7 +37,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/pr-review-reference.yml b/.github/workflows/pr-review-reference.yml
@@ -95,7 +95,7 @@ jobs:
 
       - name: Checkout repository
         if: github.event_name != 'issue_comment' || steps.validate.outputs.should_proceed == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Bot Setup
         if: github.event_name != 'issue_comment' || steps.validate.outputs.should_proceed == 'true'
@@ -524,7 +524,7 @@ jobs:
 
       - name: Checkout PR head
         if: github.event_name != 'issue_comment' || steps.validate.outputs.should_proceed == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ env.PR_HEAD_SHA }}
           token: ${{ steps.setup.outputs.token }}

diff --git a/.github/workflows/release-manager.yml b/.github/workflows/release-manager.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
@@ -44,7 +44,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         uses: actions/setup-node@v4