-
Notifications
You must be signed in to change notification settings - Fork 0
Commit 38e6810
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
fix(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 (#39)
Bumps
[SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action)
from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sonarsource/sonarqube-scan-action/releases">SonarSource/sonarqube-scan-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>BREAKING CHANGE!</h2>
<p>In order to prevent command-line injection, the actions has been
rewritten from Bash to JS, and the <code>args</code> input is now parsed
differently. When updating to v6, you might have to update your workflow
to change how arguments are quoted.
For example, if you were previously passing:</p>
<pre lang="yaml"><code>- uses:
SonarSource/sonarqube-scan-action@<action version>
with:
args: >
-Dsonar.projectName="My Project"
</code></pre>
<p>you should now pass:</p>
<pre lang="yaml"><code>- uses:
SonarSource/sonarqube-scan-action@<action version>
with:
args: >
"-Dsonar.projectName=My Project"
</code></pre>
<p>For more <code>args</code> passing examples, please refer to the <a
href="https://github.com/SonarSource/sonarqube-scan-action/tree/master?tab=readme-ov-file#args">README</a>
file</p>
<h2>What's Changed</h2>
<ul>
<li>SQSCANGHA-106 Migrate from Bash to JS by <a
href="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/jeremy-davis-sonarsource"><code>@jeremy-davis-sonarsource</code></a>
in <a
href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/208">SonarSource/sonarqube-scan-action#208</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v6.0.0">https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v6.0.0</a></p>
<h2>v5.3.2</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v5.3.2">https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v5.3.2</a></p>
<h2>v5.3.1</h2>
<h2>OVERLOOKED BREAKING CHANGE!</h2>
<p>In order to prevent command-line injection, the way to parse the
<code>args</code> input has been changed, but this is possibly a
breaking change regarding support of quotes.</p>
<p>For example, if you were previously passing:</p>
<pre lang="yaml"><code>- uses:
SonarSource/sonarqube-scan-action@<action version>
with:
args: >
-Dsonar.projectName="My Project"
</code></pre>
<p>you should now pass:</p>
<pre lang="yaml"><code>- uses:
SonarSource/sonarqube-scan-action@<action version>
with:
args: >
"-Dsonar.projectName=My Project"
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/fd88b7d7ccbaefd23d8f36f73b59db7a3d246602"><code>fd88b7d</code></a>
SQSCANGHA-119 New Readme structure</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/27a157d2340e5fea28d60904924f01766fd66dfe"><code>27a157d</code></a>
SQSCANGHA-118 Update the README to document the breaking change for args
parsing</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/e327da8e7856f7924529230d1ff7c1487eaf757a"><code>e327da8</code></a>
NO-JIRA Add documentation for contribution</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/ff001fd60075371d6a718f7bdb70514d38aeaa60"><code>ff001fd</code></a>
SQSCANGHA-107 Migrate install-build-wrapper</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/a88c96d7e45f0b6ea8ff876b52043d5d1f14a804"><code>a88c96d</code></a>
SQSCANGHA-107 Make room for install-build-wrapper action</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/a64281002cbd123eadac8e639a2c821a87660c41"><code>a642810</code></a>
SQSCANGHA-112 SQSCANGHA-113 Fixes from review and keytool refactor</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/60aee7033be5cd8ea3b942e3d552dc74074fde62"><code>60aee70</code></a>
NO-JIRA Disable fail fast on matrix jobs</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/502204eab40a6365f41dfd0ee96a1046116228b2"><code>502204e</code></a>
NO-JIRA Fix test assertion</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/0b794a06fae2d7d391ae19b91eb1f2d9d08ccccd"><code>0b794a0</code></a>
SQSCANGHA-112 Delete legacy shell script</li>
<li><a
href="https://github.com/SonarSource/sonarqube-scan-action/commit/ece10df5d76d338d13498c2fe5b93ab2d4e14494"><code>ece10df</code></a>
SQSCANGHA-112 Extract installation step and other fixes</li>
<li>Additional commits viewable in <a
href="https://github.com/sonarsource/sonarqube-scan-action/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexis Saettler <[email protected]>1 parent 0e2806f commit 38e6810Copy full SHA for 38e6810
File tree
Expand file treeCollapse file tree
1 file changed
+1
-1
lines changedOpen diff view settings
Filter options
- .github/workflows
Expand file treeCollapse file tree
1 file changed
+1
-1
lines changedOpen diff view settings
Collapse file
.github/workflows/reporting.yml
Copy file name to clipboardExpand all lines: .github/workflows/reporting.yml+1-1Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
64 | 64 | | |
65 | 65 | | |
66 | 66 | | |
67 | | - | |
| 67 | + | |
68 | 68 | | |
69 | 69 | | |
70 | 70 | | |
| |||
0 commit comments