Bump the gha-version group across 1 directory with 5 updates

[dependabot]

Bumps the gha-version group with 5 updates in the / directory:

Package	From	To
actions/checkout	6.0.3	7.0.0
bridgecrewio/checkov-action	12.3104.0	12.3107.0
aws-actions/amazon-ecr-login	2.1.5	2.1.6
sonarsource/sonarqube-scan-action	8.1.0	8.2.0
govuk-one-login/devplatform-upload-action	3.14.0	4.1.0

Updates actions/checkout from 6.0.3 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

• block checking out fork pr for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462
• getting ready for checkout v7 release by @​aiqiaoy in actions/checkout#2464
• update error wording by @​aiqiaoy in actions/checkout#2467

New Contributors

• @​aiqiaoy made their first contribution in actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462

v6.0.3

• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

... (truncated)

Commits

• 9c091bb update error wording (#2467)
• 1044a6d getting ready for checkout v7 release (#2464)
• f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
• d914b26 upgrade module to esm and update dependencies (#2463)
• 537c7ef Bump @​actions/core and @​actions/tool-cache and Remove uuid (#2459)
• 130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
• 7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
• 0f9f3aa Bump actions/publish-immutable-action (#2458)
• f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
• See full diff in compare view

Updates bridgecrewio/checkov-action from 12.3104.0 to 12.3107.0

Commits

• fa9edf8 Bump checkov container version to 3.3.1
• a6a5c23 Bump checkov container version to 3.3.0
• dfb51ae Bump checkov container version to 3.2.533
• See full diff in compare view

Updates aws-actions/amazon-ecr-login from 2.1.5 to 2.1.6

Release notes

Sourced from aws-actions/amazon-ecr-login's releases.

v2.1.6

See the changelog for details about the changes included in this release.

Changelog

Sourced from aws-actions/amazon-ecr-login's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.1.6 (2026-06-10)

Bug Fixes

• use realpathSync for main module check (#955) (ba52b8c)

Dependency Updates

• deps: bump @​aws-sdk/client-ecr from 3.1043.0 to 3.1045.0 (#1057) (b0e05b3)
• deps: bump @​aws-sdk/client-ecr from 3.1045.0 to 3.1050.0 (#1071) (232323c)
• deps: bump @​aws-sdk/client-ecr from 3.1050.0 to 3.1054.0 (#1087) (c7e6a40)
• deps: bump @​aws-sdk/client-ecr from 3.1054.0 to 3.1061.0 (#1100) (c96b184)
• deps: bump @​aws-sdk/client-ecr from 3.1061.0 to 3.1065.0 (#1114) (cf74b49)
• deps: bump @​aws-sdk/client-ecr-public from 3.1043.0 to 3.1045.0 (#1054) (8f1dd37)
• deps: bump @​aws-sdk/client-ecr-public from 3.1045.0 to 3.1050.0 (#1072) (8e32190)
• deps: bump @​aws-sdk/client-ecr-public from 3.1050.0 to 3.1054.0 (#1086) (5b9998f)
• deps: bump @​aws-sdk/client-ecr-public from 3.1054.0 to 3.1061.0 (#1101) (93ad116)
• deps: bump @​aws-sdk/client-ecr-public from 3.1061.0 to 3.1065.0 (#1112) (48e2e44)
• deps: bump @​aws-sdk/credential-providers (#1055) (9a1166e)
• deps: bump @​aws-sdk/credential-providers (#1074) (ab879f0)
• deps: bump @​aws-sdk/credential-providers (#1085) (1a7efcf)
• deps: bump @​aws-sdk/credential-providers (#1099) (040ce46)
• deps: bump @​aws-sdk/credential-providers (#1115) (afa57de)
• deps: bump https-proxy-agent from 9.0.0 to 9.1.0 (#1113) (52a2eef)

2.1.5 (2026-05-06)

Dependency Updates

• bump @​aws-sdk/client-ecr from 3.1038.0 to 3.1043.0 (#1040)
• bump @​aws-sdk/client-ecr-public from 3.1034.0 to 3.1043.0 (#1032, #1041)
• bump @​aws-sdk/credential-providers (#1030, #1043)

2.1.4 (2026-04-22)

Dependency Updates

• bump @​actions/core from 3.0.0 to 3.0.1 (#1015)
• bump @​aws-sdk/client-ecr from 3.1030.0 to 3.1034.0 (#1017)
• bump @​aws-sdk/client-ecr-public from 3.1026.0 to 3.1034.0 (#1016)
• bump @​aws-sdk/credential-providers (#1014)

... (truncated)

Commits

• d539f09 chore(release): 2.1.6
• d27be98 chore: Update dist (#1123)
• afa57de chore(deps): bump @​aws-sdk/credential-providers (#1115)
• cf74b49 chore(deps): bump @​aws-sdk/client-ecr from 3.1061.0 to 3.1065.0 (#1114)
• ed78a08 chore: Update dist (#1119)
• 52a2eef chore(deps): bump https-proxy-agent from 9.0.0 to 9.1.0 (#1113)
• 48e2e44 chore(deps): bump @​aws-sdk/client-ecr-public from 3.1061.0 to 3.1065.0 (#1112)
• 9075999 chore(deps-dev): bump @​vercel/ncc from 0.38.4 to 0.44.0 (#1111)
• 737404b chore: Update dist (#1109)
• 93ad116 chore(deps): bump @​aws-sdk/client-ecr-public from 3.1054.0 to 3.1061.0 (#1101)
• Additional commits viewable in compare view

Updates sonarsource/sonarqube-scan-action from 8.1.0 to 8.2.0

Release notes

Sourced from sonarsource/sonarqube-scan-action's releases.

v8.2.0

What's Changed

• SQSCANGHA-149 Add scannerBinariesAuthHeader input by @​henryju in SonarSource/sonarqube-scan-action#246
• SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support by @​henryju in SonarSource/sonarqube-scan-action#249
• SQSCANGHA-84 Remove outdated wget/curl references by @​henryju in SonarSource/sonarqube-scan-action#248
• SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by @​henryju in SonarSource/sonarqube-scan-action#250
• SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by @​henryju in SonarSource/sonarqube-scan-action#251

Full Changelog: SonarSource/sonarqube-scan-action@v8...v8.2.0

Commits

• 7138816 SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)
• 3581139 SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...
• c9d327c SQSCANGHA-84 Remove outdated wget/curl references
• b243e51 SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support
• 375c3f5 SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...
• 9c78323 SQSCANGHA-144 Add gate jobs to QA workflows for branch protection
• See full diff in compare view

Updates govuk-one-login/devplatform-upload-action from 3.14.0 to 4.1.0

Release notes

Sourced from govuk-one-login/devplatform-upload-action's releases.

v4.1.0

What's Changed

devplatform-upload-action/terraform

DEPRECATION WARNING

The input parameter signing-profile-name is now deprecated although it can still be used (a warning will be issued). The signing-kms-key-arn input parameter is the preferred mechanism and documentation updated to reflect this.

• Deprecated signing profile name and added signing kms key by @​MikeDevine77 in govuk-one-login/devplatform-upload-action#49

New Contributors

• @​MikeDevine77 made their first contribution in govuk-one-login/devplatform-upload-action#49

Full Changelog: govuk-one-login/devplatform-upload-action@v4.0.0...v4.1.0

v4.0.0

What's Changed

devplatform-upload-action/sam

• PSREDEV-3467/update node actions by @​A-Ahmed100216 in govuk-one-login/devplatform-upload-action#43

devplatform-upload-action/terraform

• BREAKING CHANGE: input working-directory has been deprecated in favour of source-path for better clarity. If using devplatform-upload-action/terraform, please update inputs when upgrading to v4. Breaking change does not affect sam action.
• PSREDEV-3467/update node actions by @​A-Ahmed100216 in govuk-one-login/devplatform-upload-action#43
• Bump hashicorp/setup-terraform from 3 to 4 by @​dependabot[bot] in govuk-one-login/devplatform-upload-action#44
• PSREDEV-3478: Package terraform module dependencies by @​fpottingermarques-gds in govuk-one-login/devplatform-upload-action#42

New Contributors

• @​A-Ahmed100216 made their first contribution in govuk-one-login/devplatform-upload-action#43

Full Changelog: govuk-one-login/devplatform-upload-action@v3.14.0...v4.0.0

Commits

• 64e4613 Merge pull request #49 from govuk-one-login/PSREDEV-3401
• 4e877f3 Deprecated signing profile name and added kms key
• 245bad4 Merge pull request #42 from govuk-one-login/PSREDEV-3324-fix-module-download
• d43fdbe PSREDEV-3324: make checkout step optional
• f696c72 PSREDEV-3324: test download module feature
• 5f2e0cc PSREDEV-3478: update readme
• 8426f39 PSREDEV-3478: download terraform module dependencies
• e140b1a Merge pull request #44 from govuk-one-login/dependabot/github_actions/hashico...
• dd54ce0 Bump hashicorp/setup-terraform from 3 to 4
• 0493027 Merge pull request #43 from govuk-one-login/PSREDEV3467/update-node-actions
• Additional commits viewable in compare view

[sonarqubecloud]

Quality Gate passed for 'mobile-id-check-async-sts-mock'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud