build(deps): bump actions/checkout from 2 to 6

[dependabot]

Bumps actions/checkout from 2 to 6.

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

What: Consider updating the configuration to enforce HTTP Strict Transport Security (HSTS) headers in your server settings if applicable.

Why: Implementing HSTS improves security by protecting against man-in-the-middle attacks, ensuring that user connections are only made over secure HTTPS connections.

How: If this is part of a server configuration for your application, ensure that HSTS headers are set by adding a header line in your server's configuration file, for example:

Strict-Transport-Security: max-age=63072000; includeSubDomains

[github-actions]

What: Ensure the use of secure dependencies; specifically, verify the versions of Storybook and any other libraries to mitigate vulnerability risks.

Why: Security vulnerabilities in dependencies can potentially lead to data breaches or exploitation of your application. Regularly updating ensures that any vulnerabilities can be patched in accordance with the security advisories.

How: Review the changelog and security advisory for each dependency and ensure your project is referencing secure versions in your package configuration files.

[github-actions]

What: Refactor the way aliases are defined for better clarity and maintainability.

Why: Defining complex path resolutions and aliases in a single block can make it harder to manage as your project grows. It could lead to confusion and potential errors if paths change in the future.

How: Create a manage aliases function that returns your aliases. This can also clearly document what each alias is resolving to, like so:

function createAliases() {
  return {
    '@/icons': path.resolve(__dirname, '..', 'src/ui/icons.jsx'),
    '@/utilities': path.resolve(__dirname, '..', 'src/utilities'),
    '@/components': path.resolve(__dirname, '..', 'src/components'),
    '@': path.resolve(__dirname, '..', 'src')
  }; 
}
const aliases = createAliases();

Then use the aliases variable when setting your config.

[github-actions]

What: Consider revisiting plugin management to ensure that all used plugins are necessary.

Why: Loading unnecessary plugins can negatively impact your application's performance. Checking for and removing unused plugins can enhance loading time and execution efficiency.

How: Analyze the list of plugins currently in use. If any are not required for your application, remove them from the plugins array to streamline performance.

[github-actions]

What: The import statements have been modified with unnecessary new line characters inserted in the changes, this can lead to confusing diffs in versions control.

Why: Creating clear, coherent diffs helps maintain clarity in version control history. Avoiding such changes aids in readability and reduces confusion when reviewing logs or changes made in the repository.

How: Remove the extra newline characters after the import statements to maintain a clean and continuous flow of code. Ensure following the same conventions to keep consistency.

[github-actions]

What: The decorators and parameters appear logical, but consider documenting their configuration, such as why certain rules are disabled or specific matchers are used.

Why: Documentation helps other developers (and your future self) understand the reasoning behind specific configurations, especially in collaborative environments. This is important for maintainability and troubleshooting.

How: Add comments above the configuration parts to briefly explain the purpose of the rules being disabled or matchers utilized in your parameters. This aids in later reviews or when onboarding new developers.

[github-actions]

What: Consider using more descriptive classNames in the JSX of the decorators to increase the maintainability and readability of the code.

Why: Descriptive classNames improve the understanding of the content styling purpose at a glance, which can be particularly useful when developing larger components or making changes down the line.

How: Instead of using utility-first class styles directly, consider separating complex constructions into named CSS classes or maintaining a style guide that maps specific names to Tailwind utility groups.

[github-actions]

What: The code is introducing new features related to accessibility testing, specifically concerning the configuration of Axe rules for the Storybook context, which is generally a good practice, but lacks explicit handling of potential errors that may arise during these asynchronous operations.

Why: Error handling is crucial in asynchronous programming, especially when interacting with external libraries like Axe. Failure to handle potential rejections from promises may lead to unhandled promise rejections which can crash the process and hinder debugging efforts.

How: Consider wrapping the asynchronous code in 'postVisit' within try-catch blocks. This allows for more graceful handling of issues, and logging error details for easier debugging. If there’s a need to continue execution even when certain actions fail, you can log the error and handle the failure appropriately.

[github-actions]

What: The conditional checks for the accessibility testing configuration use optional chaining (?.). While this is a concise syntax, it may obscure errors if the expected object paths do not exist, which could lead to silent failures if not properly monitored.

Why: Using optional chaining without sufficient null checks can lead to missed critical errors during execution, which, depending on the setup of the accessibility parameters, could render the tests ineffective or cause unexpected behavior.

How: Consider validating the existence of the required properties and providing meaningful fallback values or logging if critical parameters are not set. This could help diagnose issues when the a11y testing configuration is not being applied as expected.