SQSCANGHA-134 Upgrade the libraries to latest version#227
Merged
Conversation
hashicorp-vault-sonar-prod
Bot
changed the title
claire-villard-sonarsource
force-pushed
the
claire/upgrade-libs
branch
2 times, most recently
from
335eaf6 to
8e7de7c
Compare
claire-villard-sonarsource
requested a review
from aleksandra-bozhinoska-sonarsource
SummaryThis PR upgrades core GitHub Actions dependencies to the latest versions and pins all external action calls with commit SHAs for supply chain security. Dependency upgrades:
These upgrades address 9 CVEs and fix Repox authentication. The large diff is mainly due to regenerated dist bundles (30KB new core module) after dependency updates. Workflow security hardening: Documentation: What reviewers should knowWhere to focus:
Things to watch for:
CI status:
|
![sonar-review-alpha[bot]](https://avatars.githubusercontent.com/in/3025063?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
claire-villard-sonarsource
force-pushed
the
claire/upgrade-libs
branch
from
495dc40 to
1fc347b
Compare
|
aleksandra-bozhinoska-sonarsource
approved these changes
Apr 14, 2026
aleksandra-bozhinoska-sonarsource
left a comment
aleksandra-bozhinoska-sonarsource
left a comment
Contributor
There was a problem hiding this comment.
Looks good!
luketainton
pushed a commit
to luketainton/repos_epage-go
that referenced
this pull request
Apr 28, 2026
…(#8) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v7.1.0` → `v7.2` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v7.2`](SonarSource/sonarqube-scan-action@v7.2.0...v7.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v7.2.0...v7.2.0) ### [`v7.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v7.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v7.1.0...v7.2.0) #### What's Changed - SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​226](SonarSource/sonarqube-scan-action#226) - SC-45750 Migrate to dateless license headers by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​229](SonarSource/sonarqube-scan-action#229) - SQSCANGHA-134 Upgrade the libraries to latest version by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​227](SonarSource/sonarqube-scan-action#227) - SQSCANGHA-138 Update dist and add ci test by [@​antoine-vinot-sonarsource](https://github.com/antoine-vinot-sonarsource) in [#​233](SonarSource/sonarqube-scan-action#233) - SQSCANGHA-140 Add OpenPGP signature verification for scanner downloads by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​235](SonarSource/sonarqube-scan-action#235) **Full Changelog**: <SonarSource/sonarqube-scan-action@v7...v7.2.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/epage-go/pulls/8 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
luketainton
pushed a commit
to luketainton/repos_pypilot
that referenced
this pull request
Apr 28, 2026
…(#440) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v7.1.0` → `v7.2` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v7.2`](SonarSource/sonarqube-scan-action@v7.2.0...v7.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v7.2.0...v7.2.0) ### [`v7.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v7.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v7.1.0...v7.2.0) #### What's Changed - SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​226](SonarSource/sonarqube-scan-action#226) - SC-45750 Migrate to dateless license headers by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​229](SonarSource/sonarqube-scan-action#229) - SQSCANGHA-134 Upgrade the libraries to latest version by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​227](SonarSource/sonarqube-scan-action#227) - SQSCANGHA-138 Update dist and add ci test by [@​antoine-vinot-sonarsource](https://github.com/antoine-vinot-sonarsource) in [#​233](SonarSource/sonarqube-scan-action#233) - SQSCANGHA-140 Add OpenPGP signature verification for scanner downloads by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​235](SonarSource/sonarqube-scan-action#235) **Full Changelog**: <SonarSource/sonarqube-scan-action@v7...v7.2.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/pypilot/pulls/440 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
luketainton
pushed a commit
to luketainton/repos_roboluke
that referenced
this pull request
Apr 28, 2026
…(#445) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v7.1.0` → `v7.2` | --- ### Release Notes <details> <summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary> ### [`v7.2`](SonarSource/sonarqube-scan-action@v7.2.0...v7.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v7.2.0...v7.2.0) ### [`v7.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v7.2.0) [Compare Source](SonarSource/sonarqube-scan-action@v7.1.0...v7.2.0) #### What's Changed - SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​226](SonarSource/sonarqube-scan-action#226) - SC-45750 Migrate to dateless license headers by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​229](SonarSource/sonarqube-scan-action#229) - SQSCANGHA-134 Upgrade the libraries to latest version by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​227](SonarSource/sonarqube-scan-action#227) - SQSCANGHA-138 Update dist and add ci test by [@​antoine-vinot-sonarsource](https://github.com/antoine-vinot-sonarsource) in [#​233](SonarSource/sonarqube-scan-action#233) - SQSCANGHA-140 Add OpenPGP signature verification for scanner downloads by [@​claire-villard-sonarsource](https://github.com/claire-villard-sonarsource) in [#​235](SonarSource/sonarqube-scan-action#235) **Full Changelog**: <SonarSource/sonarqube-scan-action@v7...v7.2.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/roboluke/pulls/445 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.