Originally created by: dependabot[bot]
Bumps the actions group with 3 updates in the / directory: step-security/harden-runner, actions/checkout and zizmorcore/zizmor-action.
Updates step-security/harden-runner from 2.19.3 to 2.19.4
Sourced from step-security/harden-runner's releases.
v2.19.4
What's Changed
- Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner
Full Changelog: https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4
9af89fc Merge pull request #667](https://github.com/href="https://redirect.github.com/step-security/harden-runner/issues/667">/issues/667) from step-security/update-agent-v1.8.6485dce8 Update agent to v1.8.6Updates actions/checkout from 6.0.2 to 7.0.0
Sourced from actions/checkout's releases.
v7.0.0
What's Changed
- block checking out fork pr for pull_request_target and workflow_run by
@aiqiaoyin actions/checkout#2454](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout/issues/2454)- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by
@dependabot[bot] in actions/checkout#2458](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout/issues/2458)- Bump flatted from 3.3.1 to 3.4.2 by
@dependabot[bot] in actions/checkout#2460](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout/issues/2460)- Bump js-yaml from 4.1.0 to 4.2.0 by
@dependabot[bot] in actions/checkout#2461](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout/issues/2461)- Bump
@actions/coreand@actions/tool-cacheand Remove uuid by@dependabot[bot] in actions/checkout#2459](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout/issues/2459)- upgrade module to esm and update dependencies by
@aiqiaoyin actions/checkout#2463](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout/issues/2463)- Bump the minor-npm-dependencies group across 1 directory with 3 updates by
@dependabot[bot] in actions/checkout#2462](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout/issues/2462)- getting ready for checkout v7 release by
@aiqiaoyin actions/checkout#2464](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2464">actions/checkout/issues/2464)- update error wording by
@aiqiaoyin actions/checkout#2467](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2467">actions/checkout/issues/2467)New Contributors
@aiqiaoymade their first contribution in actions/checkout#2454](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout/issues/2454)Full Changelog: https://github.com/actions/checkout/compare/v6.0.3...v7.0.0
v6.0.3
What's Changed
- Update changelog by
@ericsciplein actions/checkout#2357](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout/issues/2357)- fix: expand merge commit SHA regex and add SHA-256 test cases by
@yaananthin actions/checkout#2414](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout/issues/2414)- Fix checkout init for SHA-256 repositories by
@yaananthin actions/checkout#2439](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout/issues/2439)- Update changelog for v6.0.3 by
@yaananthin actions/checkout#2446](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout/issues/2446)New Contributors
@yaananthmade their first contribution in actions/checkout#2414](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout/issues/2414)Full Changelog: https://github.com/actions/checkout/compare/v6...v6.0.3
Sourced from actions/checkout's changelog.
Changelog
v7.0.0
- Block checking out fork PR for pull_request_target and workflow_run by
@aiqiaoyin actions/checkout#2454](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout/issues/2454)- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by
@dependabot[bot] in actions/checkout#2458](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout/issues/2458)- Bump flatted from 3.3.1 to 3.4.2 by
@dependabot[bot] in actions/checkout#2460](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout/issues/2460)- Bump js-yaml from 4.1.0 to 4.2.0 by
@dependabot[bot] in actions/checkout#2461](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout/issues/2461)- Bump
@actions/coreand@actions/tool-cacheand Remove uuid by@dependabot[bot] in actions/checkout#2459](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout/issues/2459)- upgrade module to esm and update dependencies by
@aiqiaoyin actions/checkout#2463](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout/issues/2463)- Bump the minor-npm-dependencies group across 1 directory with 3 updates by
@dependabot[bot] in actions/checkout#2462](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout/issues/2462)v6.0.3
- Fix checkout init for SHA-256 repositories by
@yaananthin actions/checkout#2439](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout/issues/2439)- fix: expand merge commit SHA regex and add SHA-256 test cases by
@yaananthin actions/checkout#2414](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout/issues/2414)v6.0.2
- Fix tag handling: preserve annotations and explicit fetch-tags by
@ericsciplein actions/checkout#2356](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout/issues/2356)v6.0.1
- Add worktree support for persist-credentials includeIf by
@ericsciplein actions/checkout#2327](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout/issues/2327)v6.0.0
- Persist creds to a separate file by
@ericsciplein actions/checkout#2286](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout/issues/2286)- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout/issues/2248)v5.0.1
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout/issues/2301)v5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout/issues/2226)v4.3.1
- Port v6 cleanup to v4 by
@ericsciplein actions/checkout#2305](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout/issues/2305)v4.3.0
- docs: update README.md by
@motssin actions/checkout#1971](https://github.com/href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout/issues/1971)- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977](https://github.com/href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout/issues/1977)- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout/issues/2043)- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout/issues/2044)- Update README.md by
@nebuk89in actions/checkout#2194](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout/issues/2194)- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout/issues/2224)- Update package dependencies by
@salmanmkcin actions/checkout#2236](https://github.com/href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout/issues/2236)v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941](https://github.com/href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout/issues/1941)- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946](https://github.com/href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout/issues/1946)v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924](https://github.com/href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout/issues/1924)
... (truncated)
9c091bb update error wording (#2467](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2467">/issues/2467))1044a6d getting ready for checkout v7 release (#2464](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2464">/issues/2464))f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2462">/issues/2462))d914b26 upgrade module to esm and update dependencies (#2463](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2463">/issues/2463))537c7ef Bump @actions/core and @actions/tool-cache and Remove uuid (#2459](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2459">/issues/2459))130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2461">/issues/2461))7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2460">/issues/2460))0f9f3aa Bump actions/publish-immutable-action (#2458](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2458">/issues/2458))f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2454">/issues/2454))df4cb1c Update changelog for v6.0.3 (#2446](https://github.com/href="https://redirect.github.com/actions/checkout/issues/2446">/issues/2446))Updates zizmorcore/zizmor-action from 0.5.4 to 0.5.7
Sourced from zizmorcore/zizmor-action's releases.
v0.5.7
1.26.1 is now available via the action 1.26.1 is now the default version of zizmor used by the action
v0.5.6
- 1.25.2 is now available via the action
- 1.25.2 is now the default version of zizmor used by the action
v0.5.5
This is a no-op release.
192e21d Sync zizmor versions (#127](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/127">/issues/127))2720f26 Update README.md with new actions/checkout version (#126](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/126">/issues/126))40b41b8 chore(deps): bump the github-actions group with 2 updates (#123](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/123">/issues/123))a687b25 chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the github-ac...64a6900 add note to explain that the default value for online-checks is different t...14050ab chore(deps): bump the github-actions group with 2 updates (#118](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/118">/issues/118))ee9b419 chore(deps): bump github/codeql-action in the github-actions group (#116](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/116">/issues/116))fddf2b4 Bump pins in README (#115](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/115">/issues/115))5f14fd0 Sync zizmor versions (#114](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/114">/issues/114))a16621b Bump pins in README (#112](https://github.com/href="https://redirect.github.com/zizmorcore/zizmor-action/issues/112">/issues/112))
Originally posted by: vercel[bot]
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
| Project | Deployment | Actions | Updated (UTC) | | :--- | :----- | :------ | :------ | | [daloyjs-dev](https://vercel.com/devlin-duldulaos-projects/daloyjs-dev) |  [Ignored](https://vercel.com/devlin-duldulaos-projects/daloyjs-dev/8Ah44dhi71xA4S1HbLJmSnagPLvF) | [Preview](https://daloyjs-dev-git-dependabot-git-bcf004-devlin-duldulaos-projects.vercel.app) | Jun 22, 2026 8:56pm |<picture>
</picture>