chore(deps): bump SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0#216
chore(deps): bump SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0#216dependabot[bot] wants to merge 6 commits into
Conversation
Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 8.0.0 to 8.1.0. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](SonarSource/sonarqube-scan-action@59db25f...7006c44) --- updated-dependencies: - dependency-name: SonarSource/sonarqube-scan-action dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
![dependabot-automerge-petry[bot]](https://avatars.githubusercontent.com/u/258516906?s=60&v=4){kind=small}
…ube-scan-action-8.1.0
…ube-scan-action-8.1.0
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: c28b0bf758b60d74544c8e72a901f5b07e6489b4
Review mode: triage-approved (single reviewer)
Summary
Dependabot minor-version bump of SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0. The change is a single line in .github/workflows/sonarcloud.yml, SHA-pinned to 7006c4492b2e0ee0f816d36501671557c97f5995 (the upstream v8.1.0 commit referenced in Dependabot's release notes). Confirms the triage-tier assessment.
Linked issue analysis
No linked issue (Dependabot dependency update). Upstream release notes call out two changes: proxy support for the GPG keyserver (SQSCANGHA-146) and a SonarScanner CLI bump to 8.1.0.6389 (SQSCANGHA-148). Both are routine maintenance.
Findings
- ✅ SHA pin preserved; the new SHA matches the v8.1.0 release referenced by Dependabot.
- ✅ Action is gated behind
if: ${{ env.SONAR_TOKEN != '' }}, so no behavior change on forks/PRs without the secret. - ✅ Trusted publisher (SonarSource); minor version bump only.
- ✅ No other files touched; nothing else in the workflow shifts.
CI status
All checks green: CodeQL (Analyze actions, Analyze python, CodeQL job) — SUCCESS.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
…ube-scan-action-8.1.0
…ube-scan-action-8.1.0
2 participants
Bumps SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0.
Release notes
Sourced from SonarSource/sonarqube-scan-action's releases.
Commits
7006c44Update SonarScanner CLI to 8.1.0.6389edd319fNO-JIRA Bump actions/setup-node from 6.3.0 to 6.4.0 (#234)e050aa9NO-JIRA Bump actions/cache from 5.0.4 to 5.0.5 (#231)6cd3d8fNO-JIRA Bump madhead/semver-utils from 4.3.0 to 5.0.05656853SQSCANGHA-146 Add proxy support for GPG keyserver access (#244)c444753SQSCANGHA-140 Add the missing requirements in README.md (#243)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)