GitHub is moving to strengthen software supply chain security by updating « actions/checkout » to block pwn request attacks that exploit the risky use of the « pull_request_target workflow » trigger to run malicious code with the workflow’s full privileges.
Effective June 18, 2026, the latest version of « actions/checkout, » the official GitHub action for checking out a repository into the