chore(deps): update hadolint/hadolint-action action to v3.2.0

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | patch | `v5.3.0` -> `v5.3.1` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v5.3.1`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.3.1)

[Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.0...v5.3.1)

##### What's Changed

- Fix the scanner-update script by [@&#8203;henryju](https://github.com/henryju) in [#&#8203;194](https://github.com/SonarSource/sonarqube-scan-action/pull/194)
- SQSCANGHA-100 NO-JIRA Bump actions/checkout from 4 to 5 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;197](https://github.com/SonarSource/sonarqube-scan-action/pull/197)
- SQSCANGHA-101 Add more input injection tests by [@&#8203;aleksandra-bozhinoska-sonarsource](https://github.com/aleksandra-bozhinoska-sonarsource) in [#&#8203;200](https://github.com/SonarSource/sonarqube-scan-action/pull/200)
- pin actions/cache to a full-length commit SHA by [@&#8203;daantimmer](https://github.com/daantimmer) in [#&#8203;199](https://github.com/SonarSource/sonarqube-scan-action/pull/199)

##### New Contributors

- [@&#8203;daantimmer](https://github.com/daantimmer) made their first contribution in [#&#8203;199](https://github.com/SonarSource/sonarqube-scan-action/pull/199)

**Full Changelog**: <https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.3.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44OC4yIiwidXBkYXRlZEluVmVyIjoiNDEuODguMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZS9kZXBlbmRlbmNpZXMiXX0=-->

Reviewed-on: #31
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>

.gitea/workflows/build-push-docker.yml

@@ -43,7 +43,7 @@ jobs:
           REPO: ${{ gitea.repository }}
 
       - name: Check out repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
           ref: ${{ inputs.release }}

.gitea/workflows/changelog.yaml

@@ -19,7 +19,7 @@ jobs:
       clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 

.gitea/workflows/ci-docker.yml

@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.2.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -24,7 +24,7 @@ jobs:
           no-fail: true
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-poetry-with-docker.yml

@@ -20,11 +20,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.2.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -66,7 +66,7 @@ jobs:
           sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-poetry.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 
@@ -57,7 +57,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-uv-with-docker.yml

@@ -19,12 +19,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 
       - name: Run Hadolint
-        uses: hadolint/hadolint-action@v3.1.0
+        uses: hadolint/hadolint-action@v3.2.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -63,7 +63,7 @@ jobs:
         run: uv cache prune --ci
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitea/workflows/ci-python-with-docker.yml

@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.2.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -58,7 +58,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 
@@ -51,7 +51,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/create-release.yml

@@ -19,7 +19,7 @@ jobs:
       clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 
@@ -72,7 +72,7 @@ jobs:
     needs: get_next_release
     steps:
       - name: Check out repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 

.gitea/workflows/docker-compose-deploy.yml

@@ -35,7 +35,7 @@ jobs:
           url_title: 'View Logs'
 
       - name: "[ON RUNNER] Checkout the repo"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       
       - name: "[ON RUNNER] Set project variables"
         run: |

.gitea/workflows/release-with-tag.yaml

@@ -19,7 +19,7 @@ jobs:
       clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
 

.github/workflows/build-push-attest-docker.yml

@@ -24,7 +24,7 @@ jobs:
       success: ${{ steps.set_flag.outputs.success }}
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.release }}
 
@@ -59,7 +59,7 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ inputs.release }}
 
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ghcr.io/${{ github.repository }}
           subject-digest: ${{ steps.push.outputs.digest }}

.github/workflows/ci-docker.yml

@@ -12,17 +12,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.2.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
           format: sonarqube
           no-fail: true
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python-poetry-with-docker.yml

@@ -22,10 +22,10 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.2.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -49,7 +49,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python-poetry.yml

@@ -22,7 +22,7 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
       - name: Setup Python
@@ -41,7 +41,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python-with-docker.yml

@@ -22,10 +22,10 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.1.0
+      - uses: hadolint/hadolint-action@v3.2.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -50,7 +50,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python.yml

@@ -22,7 +22,7 @@ jobs:
           PYTHON_VERSION=${{ inputs.python-version }}
           echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
       - name: Check out repository code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
       - name: Setup Python
@@ -44,7 +44,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/create-release.yml

@@ -17,7 +17,7 @@ jobs:
       release_name: ${{ steps.tag_version.outputs.new_tag }}
       success: ${{ steps.set_flag.outputs.success }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0