Skip to content

build(dependabot): bump the dependencies group across 1 directory with 2 updates#744

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependencies-86fd361911
Open

build(dependabot): bump the dependencies group across 1 directory with 2 updates#744
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependencies-86fd361911

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 2 updates in the / directory: actions/checkout and SonarSource/sonarqube-scan-action.

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates SonarSource/sonarqube-scan-action from 7 to 8

Release notes

Sourced from SonarSource/sonarqube-scan-action's releases.

v8.0.0

What's Changed

Breaking change

Full Changelog: SonarSource/sonarqube-scan-action@v7...v8.0.0

v7.2.1

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.2.1

v7.2.0

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.2.0

v7.1.0

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.1.0

Commits
  • 7138816 SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)
  • 3581139 SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...
  • c9d327c SQSCANGHA-84 Remove outdated wget/curl references
  • b243e51 SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support
  • 375c3f5 SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...
  • 9c78323 SQSCANGHA-144 Add gate jobs to QA workflows for branch protection
  • 7006c44 Update SonarScanner CLI to 8.1.0.6389
  • edd319f NO-JIRA Bump actions/setup-node from 6.3.0 to 6.4.0 (#234)
  • e050aa9 NO-JIRA Bump actions/cache from 5.0.4 to 5.0.5 (#231)
  • 6cd3d8f NO-JIRA Bump madhead/semver-utils from 4.3.0 to 5.0.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(dependabot): bump the dependencies group across 1 directory wit…
fbcf559 
…h 2 updates

Bumps the dependencies group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action).


Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

Updates `SonarSource/sonarqube-scan-action` from 7 to 8
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](SonarSource/sonarqube-scan-action@v7...v8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 22, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 22, 2026 07:17
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 22, 2026
@pr-auditor

pr-auditor Bot commented Jun 22, 2026

Copy link
Copy Markdown

✅ Security Analysis Results

Great news! No security issues found in this pull request.

Analysis Summary:

  • 📁 Files reviewed: 6
  • ✅ No security vulnerabilities detected

💡 Trigger a new security scan by commenting @pr-auditor rescan on this PR.

Security analysis powered by Claude Sonnet 4.6 via pr-auditor | Questions? Contact #dx-team or check out this page

@gitstream-cm

gitstream-cm Bot commented Jun 22, 2026

Copy link
Copy Markdown

🥷 Code experts: No results found

No code experts were identified for the files in this pull request based on git blame analysis.

This may occur when:

  • Files are new or have limited commit history
  • Git authors aren't mapped to current team members
  • Analysis thresholds need adjustment

If you expected to see expert suggestions, consider:

  • Reviewing your config.user_mapping settings

  • Adjusting the gt/lt parameters in your action

  • Verifying files have sufficient commit history

To learn more about /:\gitStream - Visit our Docs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

5 min review dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants