Update actions/checkout action to v6 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v3 → v6
actions/checkout	action	major	v2 → v6

---

Release Notes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6-beta

Compare Source

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

v4.1.1

Compare Source

• Correct link to GitHub Docs by @​peterbe in #​1511
• Link to release page from what's new section by @​cory-miller in #​1514

v4.1.0

Compare Source

• Add support for partial checkout filters

v4.0.0

Compare Source

• Support fetching without the --progress option
• Update to node20

v4

Compare Source

v3.6.0

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

Compare Source

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

Compare Source

• Fix api endpoint for GHES

v3.5.1

Compare Source

• Fix slow checkout on Windows

v3.5.0

Compare Source

• Add new public key for known_hosts

v3.4.0

Compare Source

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

Compare Source

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• Fix comment typos (that got added in #​770)

v3.2.0

Compare Source

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

Compare Source

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

Compare Source

• Add input set-safe-directory

v3.0.1

Compare Source

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

A new update is available for your PR checks! 📥

I've aggregated the results of the automated checks for this PR below.

⚖️ License Check

Checking the terms and conditions of your code. 📝

❌ License violations detected (53 packages) — review required before merging.

Dependency                          License Name                                            License Type         Misc                                    
ovos-ddg-plugin                     Error                                                   Error                                                        

License Type                        Found                                                  
Error                               1

License distribution: 15× MIT License, 9× MIT, 7× Apache Software License, 6× Apache-2.0, 2× BSD-3-Clause, 2× ISC License (ISCL), 2× PSF-2.0, 2× Python Software Foundation License, +8 more

Full breakdown — 53 packages

Package	Version	License	URL
annotated-types	0.7.0	MIT License	link
audioop-lts	0.2.2	PSF-2.0	link
build	1.4.3	MIT	link
certifi	2026.2.25	Mozilla Public License 2.0 (MPL 2.0)	link
charset-normalizer	3.4.7	MIT	link
click	8.3.2	BSD-3-Clause	link
combo_lock	0.3.1	Apache-2.0	link
dateparser	1.4.0	BSD License	link
filelock	3.29.0	MIT	link
idna	3.12	BSD-3-Clause	link
importlib_metadata	9.0.0	Apache-2.0	link
json-database	0.10.1	MIT	link
kthread	0.2.3	MIT License	link
langcodes	3.5.1	MIT License	link
markdown-it-py	4.0.0	MIT License	link
mdurl	0.1.2	MIT License	link
memory-tempfile	2.2.3	MIT License	link
ovos-config	1.2.2	Apache-2.0	link
ovos-date-parser	0.6.5	Apache Software License	link
ovos-ddg-plugin ⚠️	1.0.0a1	Apache-2.0	link
ovos-number-parser	0.5.1	Apache Software License	link
ovos-plugin-manager	2.4.0a1	Apache-2.0	link
ovos-utils	0.8.5	Apache-2.0	link
ovos_bus_client	1.5.0	Apache Software License	link
packaging	26.1	Apache-2.0 OR BSD-2-Clause	link
padacioso	1.0.0	apache-2.0	link
pexpect	4.9.0	ISC License (ISCL)	link
ptyprocess	0.7.0	ISC License (ISCL)	link
pydantic	2.13.3	MIT	link
pydantic_core	2.46.3	MIT	link
pyee	12.1.1	MIT License	link
Pygments	2.20.0	BSD-2-Clause	link
pyproject_hooks	1.2.0	MIT License	link
python-dateutil	2.9.0.post0	Apache Software License; BSD License	link
pytz	2026.1.post1	MIT License	link
PyYAML	6.0.3	MIT License	link
quebra-frases	0.3.7	Apache Software License	link
regex	2026.4.4	Apache-2.0 AND CNRI-Python	link
requests	2.33.1	Apache Software License	link
rich	13.9.4	MIT License	link
rich-click	1.9.7	MIT License

Copyright (c) 2022 Phil Ewels

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
| link |
| simplematch | 1.4 | MIT License | link |
| six | 1.17.0 | MIT License | link |
| standard-aifc | 3.13.0 | Python Software Foundation License | link |
| standard-chunk | 3.13.0 | Python Software Foundation License | link |
| typing-inspection | 0.4.2 | MIT | link |
| typing_extensions | 4.15.0 | PSF-2.0 | link |
| tzlocal | 5.3.1 | MIT License | link |
| unicode-rbnf | 2.4.0 | MIT License | |
| urllib3 | 2.6.3 | MIT | link |
| watchdog | 6.0.0 | Apache Software License | link |
| websocket-client | 1.9.0 | Apache Software License | link |
| zipp | 3.23.1 | MIT | link |

Policy: Apache 2.0 (universal donor). StrongCopyleft / NetworkCopyleft / WeakCopyleft / Other / Error categories fail. MPL allowed.

🔒 Security (pip-audit)

Ensuring our dependency tree is clean of rot. 🌳

✅ No known vulnerabilities found (72 packages scanned).

🔍 Lint

I've finished the analysis you requested. 💡

❌ ruff: issues found — see job log

📋 Repo Health

A routine checkup to keep the repo running smoothly. 🏥

✅ All required files present.

Latest Version: 1.0.0a1

✅ ovos_ddg_plugin/version.py — Version file
✅ README.md — README
✅ LICENSE — License file
✅ pyproject.toml — pyproject.toml
⚠️ setup.py — setup.py
✅ CHANGELOG.md — Changelog
✅ ovos_ddg_plugin/version.py has valid version block markers

🔌 Plugin Detection

Ensuring the plugin's 'license' matches the manager's expectations. ⚖️

ℹ️ Not an OVOS plugin — OPM check skipped.

🔨 Build Tests

Checking if the code is ready for prime time. 📺

Python	Build	Install	Tests
3.10	✅	✅	⚠️
3.11	✅	✅	✅
3.12	✅	✅	✅
3.13	✅	✅	✅
3.14	✅	✅	✅

---

❌ 3.10: Install OK, tests failed
Check job logs for details.

📊 Coverage

Ensuring the code doesn't have any blind spots. 🕶️

✅ 86.9% total coverage

Per-file coverage (2 files)

File	Coverage	Missing lines
ovos_ddg_plugin/version.py	0.0%	5
ovos_ddg_plugin/__init__.py	89.2%	20

Full report: download the coverage-report artifact.

---

Delivered by the OVOS Automated Messenger 🕊️