Update actions/checkout action to v7

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v6 → v7

---

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in #​2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in #​2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in #​2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in #​2459
• upgrade module to esm and update dependencies by @​aiqiaoy in #​2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​2462

v7

Compare Source

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in #​2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in #​2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in #​2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in #​2459
• upgrade module to esm and update dependencies by @​aiqiaoy in #​2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​2462

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[PeterDaveHello]

@codex review

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 files)

• .github/workflows/ci.yml

---

_{Reviewed by nex-n2-pro:free · 204,158 tokens}

[Copilot]

Pull request overview

Updates the GitHub Actions CI workflow to use the latest major version of actions/checkout, keeping the repository’s CI dependencies current.

Changes:

• Bump actions/checkout in CI from v6 to v7.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated CI workflow dependencies.

Walkthrough

The CI workflow file is updated to use actions/checkout@v7 instead of actions/checkout@v6 in the "Checkout repository" step. No other workflow logic, jobs, or steps are changed.

Changes

CI Checkout Action Version Bump

Layer / File(s)	Summary
Bump actions/checkout from v6 to v7 .github/workflows/ci.yml	The checkout step version is incremented from actions/checkout@v6 to actions/checkout@v7.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• PeterDaveHello/nrd-list-downloader#8: Modifies the same actions/checkout step in .github/workflows/ci.yml, bumping to a different major version (v6).

Suggested reviewers

• PeterDaveHello

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main change: updating the actions/checkout action from v6 to v7.
Description check	✅ Passed	The description is directly related to the changeset, providing detailed release notes and context for the actions/checkout v7 upgrade.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/actions-checkout-7.x

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch renovate/actions-checkout-7.x

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Bravo.

Reviewed commit: 3f0c9dde86

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Line 27: The `actions/checkout@v7` action is using a mutable version tag which
creates a supply-chain integrity risk. Replace the `@v7` tag with a pinned
full-length commit SHA to ensure consistent and secure action execution. You can
optionally add an inline comment after the commit SHA to indicate which version
it corresponds to for human readability.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9aa4615b-afff-43a5-9dff-eeca86aba813

📥 Commits

Reviewing files that changed from the base of the PR and between f5a0087 and 3f0c9dd.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/ci.yml

📄 CodeRabbit inference engine (AGENTS.md)

CI runs via GitHub Actions in .github/workflows/ci.yml

Files:

• .github/workflows/ci.yml

🪛 zizmor (1.25.2)

.github/workflows/ci.yml

[error] 27-27: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)