From 02efd9e342829d4e567e780a04cbf93119ec8c2a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jun 2026 07:16:55 +0000
Subject: [PATCH] chore(deps): Bump actions/checkout from 4 to 7

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yml                      | 4 ++--
 .github/workflows/commitlint.yml              | 2 +-
 .github/workflows/promote-prod.yml            | 2 +-
 .github/workflows/publish.yml                 | 4 ++--
 .github/workflows/regen.yml                   | 2 +-
 .github/workflows/release-please-validate.yml | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 374eaf8..af13632 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,7 +14,7 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           # diff-cover needs origin/main; hatch-vcs needs full history + tags for the version
           fetch-depth: 0
@@ -37,7 +37,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: test
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           # hatch-vcs derives the version from git history + tags; a shallow/tagless
           # checkout would build a bogus low version (e.g. 0.1.dev1).
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
index 1ccac23..ca94dca 100644
--- a/.github/workflows/commitlint.yml
+++ b/.github/workflows/commitlint.yml
@@ -8,6 +8,6 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with: { fetch-depth: 0 }
       - uses: wagoid/commitlint-github-action@v6
diff --git a/.github/workflows/promote-prod.yml b/.github/workflows/promote-prod.yml
index b9dc2e8..5ef9e50 100644
--- a/.github/workflows/promote-prod.yml
+++ b/.github/workflows/promote-prod.yml
@@ -240,7 +240,7 @@ jobs:
     outputs:
       version: ${{ steps.ver.outputs.version }}
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           # Check out the resolved release TAG (qualified as refs/tags/ so a same-named
           # branch can never be selected). Full history + tags so hatch-vcs stamps the
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index a940757..1bfcf38 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -42,7 +42,7 @@ jobs:
         run: |
           echo "$INPUT_TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$' \
             || { echo "::error::tag '${INPUT_TAG}' does not match ^v[0-9]+\\.[0-9]+\\.[0-9]+\$ — must be a plain vX.Y.Z tag"; exit 1; }
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         if: github.event.inputs.tag == ''
         with:
           # hatch-vcs derives the version from git history + tags. A shallow/tagless
@@ -50,7 +50,7 @@ jobs:
           # so .devN (main) / clean vX.Y.Z (tag) resolve correctly.
           fetch-depth: 0
           fetch-tags: true
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         if: github.event.inputs.tag != ''
         with:
           # Replay: check out the exact release tag so hatch-vcs stamps clean vX.Y.Z.
diff --git a/.github/workflows/regen.yml b/.github/workflows/regen.yml
index fc2dce9..04961ec 100644
--- a/.github/workflows/regen.yml
+++ b/.github/workflows/regen.yml
@@ -73,7 +73,7 @@ jobs:
           repositories: ${{ github.event.repository.name }},${{ secrets.SPEC_REPO }}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
         with:
           token: ${{ steps.app-token.outputs.token }}
           # The guard tests build the wheel (tests/build) via hatch-vcs, which derives
diff --git a/.github/workflows/release-please-validate.yml b/.github/workflows/release-please-validate.yml
index 1063c66..87b1c56 100644
--- a/.github/workflows/release-please-validate.yml
+++ b/.github/workflows/release-please-validate.yml
@@ -11,7 +11,7 @@ jobs:
   dry-run:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: googleapis/release-please-action@v5
         # Pure read-only validation: skip BOTH the release and the PR so the
         # action never attempts a write (tree/branch creation) with the