chore(deps): update actions/checkout action to v5

chore(deps): update sonarsource/sonarqube-scan-action action to v5.3.1 (#31 )
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | patch | `v5.3.0` -> `v5.3.1` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v5.3.1`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.3.1) [Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.0...v5.3.1) ##### What's Changed - Fix the scanner-update script by [@henryju](https://github.com/henryju) in [#194](https://github.com/SonarSource/sonarqube-scan-action/pull/194) - SQSCANGHA-100 NO-JIRA Bump actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#197](https://github.com/SonarSource/sonarqube-scan-action/pull/197) - SQSCANGHA-101 Add more input injection tests by [@aleksandra-bozhinoska-sonarsource](https://github.com/aleksandra-bozhinoska-sonarsource) in [#200](https://github.com/SonarSource/sonarqube-scan-action/pull/200) - pin actions/cache to a full-length commit SHA by [@daantimmer](https://github.com/daantimmer) in [#199](https://github.com/SonarSource/sonarqube-scan-action/pull/199) ##### New Contributors - [@daantimmer](https://github.com/daantimmer) made their first contribution in [#199](https://github.com/SonarSource/sonarqube-scan-action/pull/199) **Full Changelog**: <https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.3.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: #31 Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk> Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
2025-08-29 18:39:36 +00:00 · 2025-08-29 20:18:29 +02:00 · 2025-08-29 20:18:03 +02:00
12 changed files with 12 additions and 12 deletions
--- a/.gitea/workflows/ci-docker.yml
+++ b/.gitea/workflows/ci-docker.yml
@@ -24,7 +24,7 @@ jobs:
          no-fail: true

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python-poetry-with-docker.yml
+++ b/.gitea/workflows/ci-python-poetry-with-docker.yml
@@ -66,7 +66,7 @@ jobs:
          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python-poetry.yml
+++ b/.gitea/workflows/ci-python-poetry.yml
@@ -57,7 +57,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python-uv-with-docker.yml
+++ b/.gitea/workflows/ci-python-uv-with-docker.yml
@@ -63,7 +63,7 @@ jobs:
        run: uv cache prune --ci

      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/ci-python-with-docker.yml
+++ b/.gitea/workflows/ci-python-with-docker.yml
@@ -58,7 +58,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python.yml
+++ b/.gitea/workflows/ci-python.yml
@@ -51,7 +51,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.github/workflows/build-push-attest-docker.yml
+++ b/.github/workflows/build-push-attest-docker.yml
@@ -59,7 +59,7 @@ jobs:
            ghcr.io/${{ github.repository }}:${{ inputs.release }}

      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
        with:
          subject-name: ghcr.io/${{ github.repository }}
          subject-digest: ${{ steps.push.outputs.digest }}
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -22,7 +22,7 @@ jobs:
          format: sonarqube
          no-fail: true
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python-poetry-with-docker.yml
+++ b/.github/workflows/ci-python-poetry-with-docker.yml
@@ -49,7 +49,7 @@ jobs:
          poetry run coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python-poetry.yml
+++ b/.github/workflows/ci-python-poetry.yml
@@ -41,7 +41,7 @@ jobs:
          poetry run coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python-with-docker.yml
+++ b/.github/workflows/ci-python-with-docker.yml
@@ -50,7 +50,7 @@ jobs:
          coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -44,7 +44,7 @@ jobs:
          coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}