Skip to content

chore(deps): bump SonarSource/sonarqube-scan-action from 4 to 6 in /.github/workflows#2888

Open
dependabot[bot] wants to merge 1 commit intoalphafrom
dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6
Open

chore(deps): bump SonarSource/sonarqube-scan-action from 4 to 6 in /.github/workflows#2888
dependabot[bot] wants to merge 1 commit intoalphafrom
dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 3, 2026
edited
Loading

Bumps SonarSource/sonarqube-scan-action from 4 to 6.

Release notes

Sourced from SonarSource/sonarqube-scan-action's releases.

v6.0.0

BREAKING CHANGE!

In order to prevent command-line injection, the actions has been rewritten from Bash to JS, and the args input is now parsed differently. When updating to v6, you might have to update your workflow to change how arguments are quoted. For example, if you were previously passing:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      -Dsonar.projectName="My Project"

you should now pass:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      "-Dsonar.projectName=My Project"

For more args passing examples, please refer to the README file

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v5.3.1...v6.0.0

v5.3.2

Full Changelog: SonarSource/sonarqube-scan-action@v5.3.1...v5.3.2

v5.3.1

OVERLOOKED BREAKING CHANGE!

In order to prevent command-line injection, the way to parse the args input has been changed, but this is possibly a breaking change regarding support of quotes.

For example, if you were previously passing:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      -Dsonar.projectName="My Project"

you should now pass:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      "-Dsonar.projectName=My Project"

... (truncated)

Commits
  • fd88b7d SQSCANGHA-119 New Readme structure
  • 27a157d SQSCANGHA-118 Update the README to document the breaking change for args parsing
  • e327da8 NO-JIRA Add documentation for contribution
  • ff001fd SQSCANGHA-107 Migrate install-build-wrapper
  • a88c96d SQSCANGHA-107 Make room for install-build-wrapper action
  • a642810 SQSCANGHA-112 SQSCANGHA-113 Fixes from review and keytool refactor
  • 60aee70 NO-JIRA Disable fail fast on matrix jobs
  • 502204e NO-JIRA Fix test assertion
  • 0b794a0 SQSCANGHA-112 Delete legacy shell script
  • ece10df SQSCANGHA-112 Extract installation step and other fixes
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6 branch from 5dd9eec to 7a90d4d Compare March 4, 2026 19:15
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6 branch from 7a90d4d to f8db67e Compare March 10, 2026 10:00
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6 branch from f8db67e to 0552ef1 Compare March 10, 2026 13:02
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6 branch from 0552ef1 to 48c49ee Compare March 13, 2026 16:33
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6 branch from 48c49ee to 2a7daf6 Compare March 16, 2026 16:59
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6 branch from 2a7daf6 to e6e4f16 Compare March 18, 2026 15:03
@dependabot
chore(deps): bump SonarSource/sonarqube-scan-action
9b12609 
Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 4 to 6.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](SonarSource/sonarqube-scan-action@v4...v6)

---
updated-dependencies:
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-version: '6'
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/SonarSource/sonarqube-scan-action-6 branch from e6e4f16 to 9b12609 Compare March 31, 2026 09:58
@dependabot dependabot Bot requested a review from a team as a code owner March 31, 2026 09:58
@maxgfr maxgfr removed the request for review from a team March 31, 2026 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants