From 3544289544cf2c6c7280c8b62b5ce4b1a3c0593f Mon Sep 17 00:00:00 2001
From: "ferrlabs-renovate[bot]"
 <282300760+ferrlabs-renovate[bot]@users.noreply.github.com>
Date: Mon, 8 Jun 2026 00:07:16 +0000
Subject: [PATCH] chore(deps): update github actions

---
 .github/workflows/reusable-ci-go.yml          | 4 ++--
 .github/workflows/reusable-ci-node.yml        | 4 ++--
 .github/workflows/reusable-ci-rust.yml        | 4 ++--
 .github/workflows/reusable-sonarqube-scan.yml | 6 +++---
 workflow-templates/release.yml                | 2 +-
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/reusable-ci-go.yml b/.github/workflows/reusable-ci-go.yml
index 99ea77b..bfe7f20 100644
--- a/.github/workflows/reusable-ci-go.yml
+++ b/.github/workflows/reusable-ci-go.yml
@@ -180,7 +180,7 @@ jobs:
           fail_ci_if_error: false
       - name: Hand coverage to the SonarQube job
         if: inputs.enable-sonar && inputs.enable-coverage
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v7
         with:
           name: sonar-coverage-${{ inputs.sonar-project-key || github.event.repository.name }}
           path: ${{ inputs.working-directory }}/coverage.out
@@ -192,7 +192,7 @@ jobs:
       # SF: rebase is needed — Sonar resolves them against projectBaseDir directly.
       - name: Upload coverage for repo-level scan
         if: inputs.coverage-upload-as != '' && inputs.enable-coverage
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ inputs.coverage-upload-as }}
           path: ${{ inputs.working-directory }}/coverage.out
diff --git a/.github/workflows/reusable-ci-node.yml b/.github/workflows/reusable-ci-node.yml
index 2f7abca..af2c585 100644
--- a/.github/workflows/reusable-ci-node.yml
+++ b/.github/workflows/reusable-ci-node.yml
@@ -173,7 +173,7 @@ jobs:
           working-directory: ${{ inputs.working-directory }}
       - name: Hand lcov to the SonarQube job
         if: inputs.enable-sonar && inputs.enable-test
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v7
         with:
           name: sonar-coverage-${{ inputs.sonar-project-key || github.event.repository.name }}
           path: ${{ inputs.working-directory }}/${{ inputs.sonar-lcov-path }}
@@ -202,7 +202,7 @@ jobs:
           ' "$LCOV" > "${{ runner.temp }}/sonarcov/${{ inputs.coverage-upload-as }}.lcov"
       - name: Upload rebased lcov
         if: inputs.coverage-upload-as != '' && inputs.enable-test
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ inputs.coverage-upload-as }}
           path: ${{ runner.temp }}/sonarcov/${{ inputs.coverage-upload-as }}.lcov
diff --git a/.github/workflows/reusable-ci-rust.yml b/.github/workflows/reusable-ci-rust.yml
index cc85bd0..446aeab 100644
--- a/.github/workflows/reusable-ci-rust.yml
+++ b/.github/workflows/reusable-ci-rust.yml
@@ -300,7 +300,7 @@ jobs:
           working-directory: ${{ inputs.working-directory }}
       - name: Hand coverage to the SonarQube job
         if: inputs.enable-sonar
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v7
         with:
           name: sonar-coverage-${{ inputs.sonar-project-key || github.event.repository.name }}
           path: ${{ inputs.working-directory }}/${{ inputs.coverage-tool == 'llvm-cov' && 'lcov.info' || 'cobertura.xml' }}
@@ -328,7 +328,7 @@ jobs:
           ' lcov.info > "${{ runner.temp }}/sonarcov/${{ inputs.coverage-upload-as }}.lcov"
       - name: Upload rebased lcov
         if: inputs.coverage-upload-as != '' && inputs.coverage-tool == 'llvm-cov'
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ inputs.coverage-upload-as }}
           path: ${{ runner.temp }}/sonarcov/${{ inputs.coverage-upload-as }}.lcov
diff --git a/.github/workflows/reusable-sonarqube-scan.yml b/.github/workflows/reusable-sonarqube-scan.yml
index 2dca1a2..8f625d1 100644
--- a/.github/workflows/reusable-sonarqube-scan.yml
+++ b/.github/workflows/reusable-sonarqube-scan.yml
@@ -57,7 +57,7 @@ jobs:
       # to projectBaseDir) and the lcov's own SF: paths both resolve correctly.
       - name: Download coverage report
         if: inputs.coverage-artifact != ''
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         continue-on-error: true
         with:
           name: ${{ inputs.coverage-artifact }}
@@ -65,7 +65,7 @@ jobs:
 
       - name: Download coverage reports (multi-component)
         if: inputs.coverage-artifact-pattern != ''
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         continue-on-error: true
         with:
           pattern: ${{ inputs.coverage-artifact-pattern }}
@@ -73,7 +73,7 @@ jobs:
           path: ${{ inputs.working-directory }}/.sonarcov
 
       - name: SonarQube scan
-        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6
+        uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL || 'https://sonar.ferrlabs.com' }}
diff --git a/workflow-templates/release.yml b/workflow-templates/release.yml
index ca127fc..bb188da 100644
--- a/workflow-templates/release.yml
+++ b/workflow-templates/release.yml
@@ -26,7 +26,7 @@ jobs:
       (github.event_name == 'push' && github.ref == 'refs/heads/main' && !startsWith(github.event.head_commit.message, 'chore(release):')) ||
       github.event_name == 'workflow_dispatch'
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
           persist-credentials: false