From 2c3850834dddbf914c066993d9903d60ca8232ac Mon Sep 17 00:00:00 2001
From: "Renovate [BOT]" <renovate-bot@git.tainton.uk>
Date: Thu, 18 Sep 2025 21:45:53 +0200
Subject: [PATCH] chore(deps): update sonarsource/sonarqube-scan-action action
 to v6 (#35)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | major | `v5.3.1` -> `v6.0.0` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v6.0.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v6.0.0)

[Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v6.0.0)

##### BREAKING CHANGE!

In order to prevent command-line injection, the actions has been rewritten from Bash to JS, and the `args` input is now parsed differently. When updating to v6, you might have to update your workflow to change how arguments are quoted.
For example, if you were previously passing:

```yaml
- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      -Dsonar.projectName="My Project"
```

you should now pass:

```yaml
- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      "-Dsonar.projectName=My Project"
```

For more `args` passing examples, please refer to the [README](https://github.com/SonarSource/sonarqube-scan-action/tree/master?tab=readme-ov-file#args) file

##### What's Changed

- SQSCANGHA-106 Migrate from Bash to JS by [@&#8203;jeremy-davis-sonarsource](https://github.com/jeremy-davis-sonarsource) in [#&#8203;208](https://github.com/SonarSource/sonarqube-scan-action/pull/208)

**Full Changelog**: <https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v6.0.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMTYuNyIsInVwZGF0ZWRJblZlciI6IjQxLjExNi43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==-->

Reviewed-on: https://git.tainton.uk/actions/gha-workflows/pulls/35
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
---
 .gitea/workflows/ci-docker.yml                     | 2 +-
 .gitea/workflows/ci-python-poetry-with-docker.yml  | 2 +-
 .gitea/workflows/ci-python-poetry.yml              | 2 +-
 .gitea/workflows/ci-python-uv-with-docker.yml      | 2 +-
 .gitea/workflows/ci-python-with-docker.yml         | 2 +-
 .gitea/workflows/ci-python.yml                     | 2 +-
 .github/workflows/ci-docker.yml                    | 2 +-
 .github/workflows/ci-python-poetry-with-docker.yml | 2 +-
 .github/workflows/ci-python-poetry.yml             | 2 +-
 .github/workflows/ci-python-with-docker.yml        | 2 +-
 .github/workflows/ci-python.yml                    | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.gitea/workflows/ci-docker.yml b/.gitea/workflows/ci-docker.yml
index b887627..46bb702 100644
--- a/.gitea/workflows/ci-docker.yml
+++ b/.gitea/workflows/ci-docker.yml
@@ -24,7 +24,7 @@ jobs:
           no-fail: true
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml
index fb2baad..5b576db 100644
--- a/.gitea/workflows/ci-python-poetry-with-docker.yml
+++ b/.gitea/workflows/ci-python-poetry-with-docker.yml
@@ -66,7 +66,7 @@ jobs:
           sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
diff --git a/.gitea/workflows/ci-python-poetry.yml b/.gitea/workflows/ci-python-poetry.yml
index e1bb5d9..83b478a 100644
--- a/.gitea/workflows/ci-python-poetry.yml
+++ b/.gitea/workflows/ci-python-poetry.yml
@@ -57,7 +57,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
diff --git a/.gitea/workflows/ci-python-uv-with-docker.yml b/.gitea/workflows/ci-python-uv-with-docker.yml
index b626682..cb441b0 100644
--- a/.gitea/workflows/ci-python-uv-with-docker.yml
+++ b/.gitea/workflows/ci-python-uv-with-docker.yml
@@ -63,7 +63,7 @@ jobs:
         run: uv cache prune --ci
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.gitea/workflows/ci-python-with-docker.yml b/.gitea/workflows/ci-python-with-docker.yml
index ab2d040..9077009 100644
--- a/.gitea/workflows/ci-python-with-docker.yml
+++ b/.gitea/workflows/ci-python-with-docker.yml
@@ -58,7 +58,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
diff --git a/.gitea/workflows/ci-python.yml b/.gitea/workflows/ci-python.yml
index 2c36a85..9836871 100644
--- a/.gitea/workflows/ci-python.yml
+++ b/.gitea/workflows/ci-python.yml
@@ -51,7 +51,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml
index 2ef51bb..5b76826 100644
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -22,7 +22,7 @@ jobs:
           format: sonarqube
           no-fail: true
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/ci-python-poetry-with-docker.yml b/.github/workflows/ci-python-poetry-with-docker.yml
index 4257db3..29de7cc 100644
--- a/.github/workflows/ci-python-poetry-with-docker.yml
+++ b/.github/workflows/ci-python-poetry-with-docker.yml
@@ -49,7 +49,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/ci-python-poetry.yml b/.github/workflows/ci-python-poetry.yml
index e3a3f3a..75b0fe1 100644
--- a/.github/workflows/ci-python-poetry.yml
+++ b/.github/workflows/ci-python-poetry.yml
@@ -41,7 +41,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/ci-python-with-docker.yml b/.github/workflows/ci-python-with-docker.yml
index b532c8c..a3309cf 100644
--- a/.github/workflows/ci-python-with-docker.yml
+++ b/.github/workflows/ci-python-with-docker.yml
@@ -50,7 +50,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml
index 88a51c6..84a4d09 100644
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -44,7 +44,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}