chore(ci): upgrade checkout to v6

[rejected-l]

Update checkout action to v6. Better credential handling in containers.

https://github.com/actions/checkout/releases/tag/v6.0.0

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions checkout dependency to the latest version across CI workflows for improved compatibility and reliability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

@rejected-l is attempting to deploy a commit to the EFP Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

This pull request updates the GitHub Actions checkout action from version 5 to version 6 across three CI workflow files. All changes are version bumps with no modifications to logic, configuration parameters, or control flow.

Changes

Cohort / File(s)	Summary
Checkout Action Upgrade ​.github/workflows/ai-on-demand.yaml, ​.github/workflows/ai-review.yaml, ​.github/workflows/checks.yml	Bumps actions/checkout from v5 to v6 across all three workflow files. No changes to fetch-depth, subsequent steps, or control flow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Automation #358: Introduces the ai-on-demand.yaml and ai-review.yaml workflow files that are now being updated with the checkout action version bump.
• chore(ci): upgrade checkout to v5 #383: Previously upgraded actions/checkout across workflows (v4→v5), establishing the pattern of maintaining consistent checkout action versions.

Suggested reviewers

• encryptedDegen

Poem

🐰 A little bump here, a version there,
From v5 to v6, with utmost care!
Workflows now checkout with grace anew,
Three files updated, fresh and true! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the primary change: upgrading the GitHub Actions checkout action from v5 to v6 across multiple CI workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ec97f2f and 0a12e0e.

📒 Files selected for processing (3)

• .github/workflows/ai-on-demand.yaml (1 hunks)
• .github/workflows/ai-review.yaml (1 hunks)
• .github/workflows/checks.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Socket Security: Pull Request Alerts
• GitHub Check: checks

🔇 Additional comments (3)

.github/workflows/ai-on-demand.yaml (1)

30-30: Version upgrade approved.

The upgrade to v6 introduces credential persistence improvements, which aligns with the PR's stated goal of better credential handling. The configuration parameters (fetch-depth setting) and all subsequent steps remain unchanged, ensuring continuity of the workflow behavior.

.github/workflows/ai-review.yaml (1)

18-18: Version upgrade approved.

The upgrade from v5 to v6 maintains all existing workflow parameters, including the fetch-depth: 0 setting needed for comprehensive code review context. The change is consistent with similar updates across other CI workflows in this PR.

.github/workflows/checks.yml (1)

29-29: Version upgrade approved.

The checkout action upgrade is straightforward with no configuration changes. The workflow will use default checkout settings, which are compatible with v6.

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	server-only@​0.0.1
	next-themes@​0.3.0
	eslint-config-next@​15.5.6
	typescript-eslint@​8.47.0
	ethereum-identity-kit@​0.2.61
	update-browserslist-db@​1.1.4
	wagmi@​2.19.5
	tailwindcss-themer@​4.1.1
	tailwindcss-animate@​1.0.7
	typed-query-selector@​2.12.0
	web-push@​3.6.7
	lokijs@​1.5.12
	sonner@​1.7.4
	next@​15.2.4
	postcss@​8.5.6
	utf-8-validate@​6.0.5
	i18next-http-backend@​2.7.3
	eslint-plugin-react@​7.37.5
	tailwindcss@​4.1.17
	react@​19.0.0
	globals@​15.15.0
	tailwind-merge@​2.6.0
	i18next-browser-languagedetector@​8.2.0
	valibot@​0.27.1
	pino-pretty@​10.3.1
	puppeteer@​24.31.0
	eslint-config-prettier@​10.1.8
	ioredis@​5.8.2
	typescript@​5.7.3
	i18next@​23.16.8
	puppeteer-core@​24.31.0
See 8 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: ? → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report