Bump actions/checkout from 4 to 5 (#32)

dependabot[bot] · web-flow · commit 571d27fbc539 · 2025-08-18T14:06:13.000-07:00
Signed-off-by: dependabot[bot] &lt;support@github.com&gt;
Co-authored-by: dependabot[bot] &lt;49699333+dependabot[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/api-compatibility.yml b/.github/workflows/api-compatibility.yml
@@ -22,7 +22,7 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
               with:
                   submodules: true
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -29,7 +29,7 @@ jobs:
             security-events: write
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
               with:
                   submodules: true
 
diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
@@ -24,7 +24,7 @@ jobs:
 
         steps:
             - name: Checkout code
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
 
             - name: Run Prettier on YAML files
               run: |
diff --git a/.github/workflows/ort.yml b/.github/workflows/ort.yml
@@ -29,7 +29,7 @@ jobs:
         env:
             ATTRIBUTIONS_FILE: THIRD_PARTY_LICENSES
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v5
               with:
                   submodules: true
 
@@ -55,7 +55,7 @@ jobs:
 
             - name: Checkout ORT Repository
               if: steps.cache-ort.outputs.cache-hit != 'true'
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
               with:
                   repository: oss-review-toolkit/ort
                   path: ./ort
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -37,6 +37,6 @@ jobs:
 
         steps:
             # Fetch project source with GitHub Actions Checkout.
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v5
             # Run the "semgrep ci" command on the command line of the docker image.
             - run: semgrep ci --config auto --no-suppress-errors --exclude-rule generic.secrets.security.detected-private-key.detected-private-key
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -44,7 +44,7 @@ jobs:
             host-matrix-output: ${{ steps.get-matrices.outputs.os-matrix-output }}
             version-matrix-output: ${{ steps.get-matrices.outputs.version-matrix-output }}
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v5
             - id: get-matrices
               uses: ./.github/workflows/create-test-matrices
               with:
@@ -64,7 +64,7 @@ jobs:
         runs-on: ${{ matrix.host.RUNNER }}
 
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v5
               with:
                   submodules: true
 
@@ -129,7 +129,7 @@ jobs:
             version-matrix-output: ${{ steps.get-matrices.outputs.version-matrix-output }}
 
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v5
             - id: get-matrices
               uses: ./.github/workflows/create-test-matrices
               with:
@@ -158,7 +158,7 @@ jobs:
                   yum install -y git tar findutils libicu
                   echo IMAGE=amazonlinux:latest | sed -r 's/:/-/g' >> $GITHUB_ENV
             # Replace `:` in the variable otherwise it can't be used in `upload-artifact`
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v5
               with:
                   submodules: true
 
@@ -200,7 +200,7 @@ jobs:
         timeout-minutes: 10
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v5
               with:
                   submodules: true
 
