chore(deps): update actions/checkout action to v5

chore(deps): update sonarsource/sonarqube-scan-action action to v5.3.1 (#31 )
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | patch | `v5.3.0` -> `v5.3.1` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v5.3.1`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.3.1) [Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.0...v5.3.1) ##### What's Changed - Fix the scanner-update script by [@henryju](https://github.com/henryju) in [#194](https://github.com/SonarSource/sonarqube-scan-action/pull/194) - SQSCANGHA-100 NO-JIRA Bump actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#197](https://github.com/SonarSource/sonarqube-scan-action/pull/197) - SQSCANGHA-101 Add more input injection tests by [@aleksandra-bozhinoska-sonarsource](https://github.com/aleksandra-bozhinoska-sonarsource) in [#200](https://github.com/SonarSource/sonarqube-scan-action/pull/200) - pin actions/cache to a full-length commit SHA by [@daantimmer](https://github.com/daantimmer) in [#199](https://github.com/SonarSource/sonarqube-scan-action/pull/199) ##### New Contributors - [@daantimmer](https://github.com/daantimmer) made their first contribution in [#199](https://github.com/SonarSource/sonarqube-scan-action/pull/199) **Full Changelog**: <https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.3.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: #31 Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
2025-08-29 18:39:36 +00:00 · 2025-08-29 20:18:29 +02:00 · 2025-08-29 20:18:03 +02:00 · 2025-08-12 22:09:29 +02:00
18 changed files with 31 additions and 31 deletions
--- a/.gitea/workflows/build-push-docker.yml
+++ b/.gitea/workflows/build-push-docker.yml
@@ -43,7 +43,7 @@ jobs:
          REPO: ${{ gitea.repository }}
      - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
          ref: ${{ inputs.release }}
--- a/.gitea/workflows/changelog.yaml
+++ b/.gitea/workflows/changelog.yaml
@@ -19,7 +19,7 @@ jobs:
      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
--- a/.gitea/workflows/ci-docker.yml
+++ b/.gitea/workflows/ci-docker.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
@@ -24,7 +24,7 @@ jobs:
          no-fail: true
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/ci-python-poetry-with-docker.yml
+++ b/.gitea/workflows/ci-python-poetry-with-docker.yml
@@ -20,7 +20,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
@@ -66,7 +66,7 @@ jobs:
          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/ci-python-poetry.yml
+++ b/.gitea/workflows/ci-python-poetry.yml
@@ -20,7 +20,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
@@ -57,7 +57,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/ci-python-uv-with-docker.yml
+++ b/.gitea/workflows/ci-python-uv-with-docker.yml
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
@@ -63,7 +63,7 @@ jobs:
        run: uv cache prune --ci
      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/ci-python-with-docker.yml
+++ b/.gitea/workflows/ci-python-with-docker.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
@@ -58,7 +58,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/ci-python.yml
+++ b/.gitea/workflows/ci-python.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
@@ -51,7 +51,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/create-release.yml
+++ b/.gitea/workflows/create-release.yml
@@ -19,7 +19,7 @@ jobs:
      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
@@ -72,7 +72,7 @@ jobs:
    needs: get_next_release
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
--- a/.gitea/workflows/docker-compose-deploy.yml
+++ b/.gitea/workflows/docker-compose-deploy.yml
@@ -35,7 +35,7 @@ jobs:
          url_title: 'View Logs'
      - name: "[ON RUNNER] Checkout the repo"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: "[ON RUNNER] Set project variables"
        run: |
--- a/.gitea/workflows/release-with-tag.yaml
+++ b/.gitea/workflows/release-with-tag.yaml
@@ -19,7 +19,7 @@ jobs:
      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
--- a/.github/workflows/build-push-attest-docker.yml
+++ b/.github/workflows/build-push-attest-docker.yml
@@ -24,7 +24,7 @@ jobs:
      success: ${{ steps.set_flag.outputs.success }}
    steps:
      - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          ref: ${{ inputs.release }}
@@ -59,7 +59,7 @@ jobs:
            ghcr.io/${{ github.repository }}:${{ inputs.release }}
      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
        with:
          subject-name: ghcr.io/${{ github.repository }}
          subject-digest: ${{ steps.push.outputs.digest }}
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
      - uses: hadolint/hadolint-action@v3.1.0
@@ -22,7 +22,7 @@ jobs:
          format: sonarqube
          no-fail: true
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python-poetry-with-docker.yml
+++ b/.github/workflows/ci-python-poetry-with-docker.yml
@@ -22,7 +22,7 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
      - uses: hadolint/hadolint-action@v3.1.0
@@ -49,7 +49,7 @@ jobs:
          poetry run coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python-poetry.yml
+++ b/.github/workflows/ci-python-poetry.yml
@@ -22,7 +22,7 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
      - name: Setup Python
@@ -41,7 +41,7 @@ jobs:
          poetry run coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python-with-docker.yml
+++ b/.github/workflows/ci-python-with-docker.yml
@@ -22,7 +22,7 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
      - uses: hadolint/hadolint-action@v3.1.0
@@ -50,7 +50,7 @@ jobs:
          coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -22,7 +22,7 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
      - name: Setup Python
@@ -44,7 +44,7 @@ jobs:
          coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -17,7 +17,7 @@ jobs:
      release_name: ${{ steps.tag_version.outputs.new_tag }}
      success: ${{ steps.set_flag.outputs.success }}
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
Author	SHA1	Message	Date
Renovate [BOT]	d7b6e6ba46	chore(deps): update actions/checkout action to v5	2025-08-29 18:39:36 +00:00
Renovate [BOT]	cdc2daf1d1	chore(deps): update sonarsource/sonarqube-scan-action action to v5.3.1 (#31 ) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) \| action \| patch \| `v5.3.0` -> `v5.3.1` \| --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v5.3.1`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.3.1) [Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.0...v5.3.1) ##### What's Changed - Fix the scanner-update script by [@henryju](https://github.com/henryju) in [#194](https://github.com/SonarSource/sonarqube-scan-action/pull/194) - SQSCANGHA-100 NO-JIRA Bump actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#197](https://github.com/SonarSource/sonarqube-scan-action/pull/197) - SQSCANGHA-101 Add more input injection tests by [@aleksandra-bozhinoska-sonarsource](https://github.com/aleksandra-bozhinoska-sonarsource) in [#200](https://github.com/SonarSource/sonarqube-scan-action/pull/200) - pin actions/cache to a full-length commit SHA by [@daantimmer](https://github.com/daantimmer) in [#199](https://github.com/SonarSource/sonarqube-scan-action/pull/199) ##### New Contributors - [@daantimmer](https://github.com/daantimmer) made their first contribution in [#199](https://github.com/SonarSource/sonarqube-scan-action/pull/199) Full Changelog: <https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.3.1> </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44OC4yIiwidXBkYXRlZEluVmVyIjoiNDEuODguMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZS9kZXBlbmRlbmNpZXMiXX0=--> Reviewed-on: #31 Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>	2025-08-29 20:18:29 +02:00
Renovate [BOT]	7621301358	chore(deps): update actions/attest-build-provenance action to v3 (#30 ) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) \| action \| major \| `v2` -> `v3` \| --- ### Release Notes <details> <summary>actions/attest-build-provenance (actions/attest-build-provenance)</summary> ### [`v3`](https://github.com/actions/attest-build-provenance/compare/v2...v3) [Compare Source](https://github.com/actions/attest-build-provenance/compare/v2...v3) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44OC4yIiwidXBkYXRlZEluVmVyIjoiNDEuODguMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZS9kZXBlbmRlbmNpZXMiXX0=--> Reviewed-on: #30 Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>	2025-08-29 20:18:03 +02:00
Renovate [BOT]	8596fba7fb	chore(deps): update actions/checkout action to v4.3.0 (#28 ) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [actions/checkout](https://github.com/actions/checkout) \| action \| minor \| `v4.2.2` -> `v4.3.0` \| --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.3.0`](https://github.com/actions/checkout/releases/tag/v4.3.0) [Compare Source](https://github.com/actions/checkout/compare/v4.2.2...v4.3.0) #### What's Changed - docs: update README.md by [@motss](https://github.com/motss) in https://github.com/actions/checkout/pull/1971 - Add internal repos for checking out multiple repositories by [@mouismail](https://github.com/mouismail) in https://github.com/actions/checkout/pull/1977 - Documentation update - add recommended permissions to Readme by [@benwells](https://github.com/benwells) in https://github.com/actions/checkout/pull/2043 - Adjust positioning of user email note and permissions heading by [@joshmgross](https://github.com/joshmgross) in https://github.com/actions/checkout/pull/2044 - Update README.md by [@nebuk89](https://github.com/nebuk89) in https://github.com/actions/checkout/pull/2194 - Update CODEOWNERS for actions by [@TingluoHuang](https://github.com/TingluoHuang) in https://github.com/actions/checkout/pull/2224 - Update package dependencies by [@salmanmkc](https://github.com/salmanmkc) in https://github.com/actions/checkout/pull/2236 - Prepare release v4.3.0 by [@salmanmkc](https://github.com/salmanmkc) in https://github.com/actions/checkout/pull/2237 #### New Contributors - [@motss](https://github.com/motss) made their first contribution in https://github.com/actions/checkout/pull/1971 - [@mouismail](https://github.com/mouismail) made their first contribution in https://github.com/actions/checkout/pull/1977 - [@benwells](https://github.com/benwells) made their first contribution in https://github.com/actions/checkout/pull/2043 - [@nebuk89](https://github.com/nebuk89) made their first contribution in https://github.com/actions/checkout/pull/2194 - [@salmanmkc](https://github.com/salmanmkc) made their first contribution in https://github.com/actions/checkout/pull/2236 Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0 </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS42MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuNjEuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZS9kZXBlbmRlbmNpZXMiXX0=--> Reviewed-on: #28 Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>	2025-08-12 22:09:29 +02:00