Bump the gha-version group across 1 directory with 4 updates

[dependabot]

Bumps the gha-version group with 4 updates in the / directory: bridgecrewio/checkov-action, aws-actions/amazon-ecr-login, sonarsource/sonarqube-scan-action and govuk-one-login/devplatform-upload-action.

Updates bridgecrewio/checkov-action from 12.3104.0 to 12.3107.0

Commits

• fa9edf8 Bump checkov container version to 3.3.1
• a6a5c23 Bump checkov container version to 3.3.0
• dfb51ae Bump checkov container version to 3.2.533
• See full diff in compare view

Updates aws-actions/amazon-ecr-login from 2.1.5 to 2.1.6

Release notes

Sourced from aws-actions/amazon-ecr-login's releases.

v2.1.6

See the changelog for details about the changes included in this release.

Changelog

Sourced from aws-actions/amazon-ecr-login's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.1.6 (2026-06-10)

Bug Fixes

• use realpathSync for main module check (#955) (ba52b8c)

Dependency Updates

• deps: bump @​aws-sdk/client-ecr from 3.1043.0 to 3.1045.0 (#1057) (b0e05b3)
• deps: bump @​aws-sdk/client-ecr from 3.1045.0 to 3.1050.0 (#1071) (232323c)
• deps: bump @​aws-sdk/client-ecr from 3.1050.0 to 3.1054.0 (#1087) (c7e6a40)
• deps: bump @​aws-sdk/client-ecr from 3.1054.0 to 3.1061.0 (#1100) (c96b184)
• deps: bump @​aws-sdk/client-ecr from 3.1061.0 to 3.1065.0 (#1114) (cf74b49)
• deps: bump @​aws-sdk/client-ecr-public from 3.1043.0 to 3.1045.0 (#1054) (8f1dd37)
• deps: bump @​aws-sdk/client-ecr-public from 3.1045.0 to 3.1050.0 (#1072) (8e32190)
• deps: bump @​aws-sdk/client-ecr-public from 3.1050.0 to 3.1054.0 (#1086) (5b9998f)
• deps: bump @​aws-sdk/client-ecr-public from 3.1054.0 to 3.1061.0 (#1101) (93ad116)
• deps: bump @​aws-sdk/client-ecr-public from 3.1061.0 to 3.1065.0 (#1112) (48e2e44)
• deps: bump @​aws-sdk/credential-providers (#1055) (9a1166e)
• deps: bump @​aws-sdk/credential-providers (#1074) (ab879f0)
• deps: bump @​aws-sdk/credential-providers (#1085) (1a7efcf)
• deps: bump @​aws-sdk/credential-providers (#1099) (040ce46)
• deps: bump @​aws-sdk/credential-providers (#1115) (afa57de)
• deps: bump https-proxy-agent from 9.0.0 to 9.1.0 (#1113) (52a2eef)

2.1.5 (2026-05-06)

Dependency Updates

• bump @​aws-sdk/client-ecr from 3.1038.0 to 3.1043.0 (#1040)
• bump @​aws-sdk/client-ecr-public from 3.1034.0 to 3.1043.0 (#1032, #1041)
• bump @​aws-sdk/credential-providers (#1030, #1043)

2.1.4 (2026-04-22)

Dependency Updates

• bump @​actions/core from 3.0.0 to 3.0.1 (#1015)
• bump @​aws-sdk/client-ecr from 3.1030.0 to 3.1034.0 (#1017)
• bump @​aws-sdk/client-ecr-public from 3.1026.0 to 3.1034.0 (#1016)
• bump @​aws-sdk/credential-providers (#1014)

... (truncated)

Commits

• d539f09 chore(release): 2.1.6
• d27be98 chore: Update dist (#1123)
• afa57de chore(deps): bump @​aws-sdk/credential-providers (#1115)
• cf74b49 chore(deps): bump @​aws-sdk/client-ecr from 3.1061.0 to 3.1065.0 (#1114)
• ed78a08 chore: Update dist (#1119)
• 52a2eef chore(deps): bump https-proxy-agent from 9.0.0 to 9.1.0 (#1113)
• 48e2e44 chore(deps): bump @​aws-sdk/client-ecr-public from 3.1061.0 to 3.1065.0 (#1112)
• 9075999 chore(deps-dev): bump @​vercel/ncc from 0.38.4 to 0.44.0 (#1111)
• 737404b chore: Update dist (#1109)
• 93ad116 chore(deps): bump @​aws-sdk/client-ecr-public from 3.1054.0 to 3.1061.0 (#1101)
• Additional commits viewable in compare view

Updates sonarsource/sonarqube-scan-action from 8.1.0 to 8.2.0

Release notes

Sourced from sonarsource/sonarqube-scan-action's releases.

v8.2.0

What's Changed

• SQSCANGHA-149 Add scannerBinariesAuthHeader input by @​henryju in SonarSource/sonarqube-scan-action#246
• SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support by @​henryju in SonarSource/sonarqube-scan-action#249
• SQSCANGHA-84 Remove outdated wget/curl references by @​henryju in SonarSource/sonarqube-scan-action#248
• SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by @​henryju in SonarSource/sonarqube-scan-action#250
• SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by @​henryju in SonarSource/sonarqube-scan-action#251

Full Changelog: SonarSource/sonarqube-scan-action@v8...v8.2.0

Commits

• 7138816 SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)
• 3581139 SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...
• c9d327c SQSCANGHA-84 Remove outdated wget/curl references
• b243e51 SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support
• 375c3f5 SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...
• 9c78323 SQSCANGHA-144 Add gate jobs to QA workflows for branch protection
• See full diff in compare view

Updates govuk-one-login/devplatform-upload-action from 3.14.0 to 4.1.0

Release notes

Sourced from govuk-one-login/devplatform-upload-action's releases.

v4.1.0

What's Changed

devplatform-upload-action/terraform

DEPRECATION WARNING

The input parameter signing-profile-name is now deprecated although it can still be used (a warning will be issued). The signing-kms-key-arn input parameter is the preferred mechanism and documentation updated to reflect this.

• Deprecated signing profile name and added signing kms key by @​MikeDevine77 in govuk-one-login/devplatform-upload-action#49

New Contributors

• @​MikeDevine77 made their first contribution in govuk-one-login/devplatform-upload-action#49

Full Changelog: govuk-one-login/devplatform-upload-action@v4.0.0...v4.1.0

v4.0.0

What's Changed

devplatform-upload-action/sam

• PSREDEV-3467/update node actions by @​A-Ahmed100216 in govuk-one-login/devplatform-upload-action#43

devplatform-upload-action/terraform

• BREAKING CHANGE: input working-directory has been deprecated in favour of source-path for better clarity. If using devplatform-upload-action/terraform, please update inputs when upgrading to v4. Breaking change does not affect sam action.
• PSREDEV-3467/update node actions by @​A-Ahmed100216 in govuk-one-login/devplatform-upload-action#43
• Bump hashicorp/setup-terraform from 3 to 4 by @​dependabot[bot] in govuk-one-login/devplatform-upload-action#44
• PSREDEV-3478: Package terraform module dependencies by @​fpottingermarques-gds in govuk-one-login/devplatform-upload-action#42

New Contributors

• @​A-Ahmed100216 made their first contribution in govuk-one-login/devplatform-upload-action#43

Full Changelog: govuk-one-login/devplatform-upload-action@v3.14.0...v4.0.0

Commits

• 64e4613 Merge pull request #49 from govuk-one-login/PSREDEV-3401
• 4e877f3 Deprecated signing profile name and added kms key
• 245bad4 Merge pull request #42 from govuk-one-login/PSREDEV-3324-fix-module-download
• d43fdbe PSREDEV-3324: make checkout step optional
• f696c72 PSREDEV-3324: test download module feature
• 5f2e0cc PSREDEV-3478: update readme
• 8426f39 PSREDEV-3478: download terraform module dependencies
• e140b1a Merge pull request #44 from govuk-one-login/dependabot/github_actions/hashico...
• dd54ce0 Bump hashicorp/setup-terraform from 3 to 4
• 0493027 Merge pull request #43 from govuk-one-login/PSREDEV3467/update-node-actions
• Additional commits viewable in compare view

[sonarqubecloud]

Quality Gate passed for 'mobile-id-check-async-sts-mock'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.