fix(bot): bump the dependencies group across 1 directory with 4 updates

dependabot[bot] · web-flow · commit ded3901ea0b2 · 2026-01-25T14:15:07.000Z
Bumps the dependencies group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action). Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v5) Updates `actions/download-artifact` from 4 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v6) Updates `SonarSource/sonarqube-scan-action` from 6 to 7 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](SonarSource/sonarqube-scan-action@v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: SonarSource/sonarqube-scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/ci-standard-checks-workflow.yaml b/.github/workflows/ci-standard-checks-workflow.yaml
@@ -24,7 +24,7 @@ jobs:
     runs-on: 'ubuntu-latest'
     steps:
       - name: Check Out Source Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - uses: actions/setup-node@v6
diff --git a/.github/workflows/create-github-release.yaml b/.github/workflows/create-github-release.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - uses: go-semantic-release/action@v1
         with:
diff --git a/.github/workflows/deep-purple-checks.yml b/.github/workflows/deep-purple-checks.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Verify Jenkins credentials
         continue-on-error: false
diff --git a/.github/workflows/frontend-deploy-workflow.yml b/.github/workflows/frontend-deploy-workflow.yml
@@ -149,7 +149,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       
       - name: Setup Node with Cache
         uses: Typeform/.github/shared-actions/setup-node-with-cache@v1
@@ -183,7 +183,7 @@ jobs:
         run: echo "name=build-${{ github.run_id }}" >> $GITHUB_OUTPUT
       
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: build-${{ github.run_id }}
           path: ${{ inputs.build-output-dir }}
@@ -219,7 +219,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           token: ${{ secrets.GH_TOKEN }}
           fetch-depth: 0
diff --git a/.github/workflows/frontend-library-pr-release-workflow.yml b/.github/workflows/frontend-library-pr-release-workflow.yml
@@ -82,7 +82,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Required for SonarCloud and semantic-release
       
@@ -113,7 +113,7 @@ jobs:
       
       - name: SonarCloud Scan
         if: inputs.run-sonarcloud
-        uses: SonarSource/sonarqube-scan-action@v6
+        uses: SonarSource/sonarqube-scan-action@v7
         with:
           args: >
             -Dsonar.projectKey=${{ inputs.sonar-project-key != '' && inputs.sonar-project-key || format('{0}_{1}', github.repository_owner, github.event.repository.name) }}
diff --git a/.github/workflows/frontend-pr-workflow.yml b/.github/workflows/frontend-pr-workflow.yml
@@ -195,7 +195,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       
       - name: Setup Node with Cache
         uses: Typeform/.github/shared-actions/setup-node-with-cache@v1
@@ -234,7 +234,7 @@ jobs:
       
       - name: Upload build artifacts
         if: ${{ !env.ACT }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: build-${{ github.run_id }}
           path: ${{ inputs.build-output-dir }}
@@ -250,7 +250,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       
       - name: Setup Node with Cache
         uses: Typeform/.github/shared-actions/setup-node-with-cache@v1
@@ -278,7 +278,7 @@ jobs:
       
       - name: Upload coverage
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: coverage-${{ github.run_id }}
           path: coverage/
@@ -294,7 +294,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       
       - name: Setup Node with Cache
         uses: Typeform/.github/shared-actions/setup-node-with-cache@v1
@@ -332,7 +332,7 @@ jobs:
       
       - name: Upload test results
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: integration-test-results-${{ github.run_id }}
           path: playwright-report/
@@ -351,7 +351,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       
       - name: Setup Node with Cache
         uses: Typeform/.github/shared-actions/setup-node-with-cache@v1
diff --git a/.github/workflows/go-lint-workflow.yaml b/.github/workflows/go-lint-workflow.yaml
@@ -52,10 +52,10 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Check out repository containing linter config
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           repository: ${{ inputs.golangci-lint-config-repo }}
           ref: ${{ inputs.golangci-lint-config-repo-ref }}
diff --git a/.github/workflows/graphql-generate-persisted-operations.yml b/.github/workflows/graphql-generate-persisted-operations.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Node.js
         uses: actions/setup-node@v6
diff --git a/.github/workflows/image-multiarch.yaml b/.github/workflows/image-multiarch.yaml
@@ -59,7 +59,7 @@ jobs:
     runs-on: [ self-hosted, "${{ inputs.runner }}" ]
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker context for Buildx
diff --git a/.github/workflows/plantuml.yml b/.github/workflows/plantuml.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           # Checkout the Pull Request branch, so that we are not in a detached head state.
           # and can push the re-generated diagrams to the HEAD of the same branch.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Update major version tag
         run: |
           git config --global user.email "security@typeform.com"
diff --git a/.github/workflows/sonarcloud-scan.yml b/.github/workflows/sonarcloud-scan.yml
@@ -54,7 +54,7 @@ jobs:
     
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Required for SonarCloud to analyze git history
       
@@ -67,14 +67,14 @@ jobs:
       
       - name: Download coverage artifacts
         if: inputs.coverage-artifact-name != ''
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v7
         with:
           name: ${{ inputs.coverage-artifact-name }}
           path: coverage/
         continue-on-error: true
       
       - name: SonarCloud Scan
-        uses: SonarSource/sonarqube-scan-action@v6
+        uses: SonarSource/sonarqube-scan-action@v7
         with:
           args: >
             -Dsonar.projectVersion=${{ github.run_id }}
