mParticle · dependabot · Jan 19, 2026
diff --git a/.github/workflows/android-kit-push.yml b/.github/workflows/android-kit-push.yml
@@ -20,7 +20,7 @@ jobs:
     name: "Unit Tests Maven"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: "Install JDK 17"
         uses: actions/setup-java@v4
         with:
@@ -44,13 +44,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           path: kit
           ref: ${{ inputs.branch_name }}
       - name: "Checkout Core"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: mParticle/android-sdk
           fetch-depth: 0
@@ -95,7 +95,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ inputs.branch_name }}
@@ -122,13 +122,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           path: kit
           ref: ${{ inputs.branch_name }}
       - name: "Checkout Core"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: mParticle/android-sdk
           fetch-depth: 0
@@ -173,7 +173,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ inputs.branch_name }}
@@ -200,13 +200,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           path: kit
           ref: ${{ inputs.branch_name }}
       - name: "Checkout Core"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: mParticle/android-sdk
           fetch-depth: 0

diff --git a/.github/workflows/android-kit-release.yml b/.github/workflows/android-kit-release.yml
@@ -28,7 +28,7 @@ jobs:
       GIT_COMMITTER_EMAIL: developers@mparticle.com
     steps:
       - name: "Checkout main branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           token: ${{ secrets.MP_INTEGRATIONS_SEMANTIC_RELEASE_BOT }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -60,7 +60,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout main branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           repository: ${{ github.repository }}

diff --git a/.github/workflows/daily-cron.yml b/.github/workflows/daily-cron.yml
@@ -36,7 +36,7 @@ jobs:
       image: returntocorp/semgrep
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: "Run Semgrep"
         run: "semgrep --config=auto ."

diff --git a/.github/workflows/data-plan-fetch.yml b/.github/workflows/data-plan-fetch.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Use Node.js
         uses: actions/setup-node@v1

diff --git a/.github/workflows/dependabot-rebase-development.yml b/.github/workflows/dependabot-rebase-development.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout development branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           token: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
           ref: development

diff --git a/.github/workflows/dependabot-rebase-main.yml b/.github/workflows/dependabot-rebase-main.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout main branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: main
       - name: "Rebase chore/dependabot branch"

diff --git a/.github/workflows/dependabot-save-pr-number.yml b/.github/workflows/dependabot-save-pr-number.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout PR branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           submodules: recursive
           fetch-depth: 0

diff --git a/.github/workflows/issue-comment-to-jira.yml b/.github/workflows/issue-comment-to-jira.yml
@@ -16,7 +16,7 @@ jobs:
       JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
     steps:
       - name: "Checkout Branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: "Login"
         uses: atlassian/gajira-login@master

diff --git a/.github/workflows/sdk-release-repo-branch-check.yml b/.github/workflows/sdk-release-repo-branch-check.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Git checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Branch Check
         run: |

diff --git a/.github/workflows/security-checks.yml b/.github/workflows/security-checks.yml
@@ -16,10 +16,10 @@ jobs:
       github.actor != 'dependabot[bot]'
     steps:
       - name: "Checkout this branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: "Checkout base branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.inputs.base_branch }}
 
@@ -54,7 +54,7 @@ jobs:
       ( contains(github.event.repository.name, 'android') || contains(github.event.repository.name, 'apple'))
     steps:
       - name: "Checkout repository"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: "Run mobsfscan"
         uses: MobSF/mobsfscan@main

diff --git a/.github/workflows/security-hardcoded-secrets.yml b/.github/workflows/security-hardcoded-secrets.yml
@@ -33,7 +33,7 @@ jobs:
           tar zxf "$path" -C "/tmp/bin"
 
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           fetch-depth: 0

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Branch"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           token: ${{ secrets.MP_INTEGRATIONS_SEMANTIC_RELEASE_BOT }}

diff --git a/.github/workflows/web-kit-pull-request.yml b/.github/workflows/web-kit-pull-request.yml
@@ -9,7 +9,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout
-              uses: actions/checkout@v4
+              uses: actions/checkout@v6
 
             - name: NPM install
               uses: actions/setup-node@v4

diff --git a/.github/workflows/web-run-test.yml b/.github/workflows/web-run-test.yml
@@ -23,7 +23,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout
-              uses: actions/checkout@v4
+              uses: actions/checkout@v6
               with:
                   repository: ${{ github.event.pull_request.head.repo.full_name }}
                   ref: ${{ inputs.branch_name }}