Bump sonarsource/sonarqube-scan-action from 5.3.1 to 6.0.0 (#1501)

dependabot[bot] · web-flow · commit 563ad94861c7 · 2025-11-05T09:15:15.000-08:00
Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 5.3.1 to 6.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sonarsource/sonarqube-scan-action/releases">sonarsource/sonarqube-scan-action's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>BREAKING CHANGE!</h2> <p>In order to prevent command-line injection, the actions has been rewritten from Bash to JS, and the <code>args</code> input is now parsed differently. When updating to v6, you might have to update your workflow to change how arguments are quoted. For example, if you were previously passing:</p> <pre lang="yaml"><code>- uses: SonarSource/sonarqube-scan-action@&lt;action version&gt; with: args: &gt; -Dsonar.projectName=&quot;My Project&quot; </code></pre> <p>you should now pass:</p> <pre lang="yaml"><code>- uses: SonarSource/sonarqube-scan-action@&lt;action version&gt; with: args: &gt; &quot;-Dsonar.projectName=My Project&quot; </code></pre> <p>For more <code>args</code> passing examples, please refer to the <a href="https://github.com/SonarSource/sonarqube-scan-action/tree/master?tab=readme-ov-file#args">README</a> file</p> <h2>What's Changed</h2> <ul> <li>SQSCANGHA-106 Migrate from Bash to JS by <a href="https://github.com/jeremy-davis-sonarsource"><code>@​jeremy-davis-sonarsource</code></a> in <a href="https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/208">SonarSource/sonarqube-scan-action#208</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v6.0.0">https://github.com/SonarSource/sonarqube-scan-action/compare/v5.3.1...v6.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/fd88b7d7ccbaefd23d8f36f73b59db7a3d246602"><code>fd88b7d</code></a> SQSCANGHA-119 New Readme structure</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/27a157d2340e5fea28d60904924f01766fd66dfe"><code>27a157d</code></a> SQSCANGHA-118 Update the README to document the breaking change for args parsing</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/e327da8e7856f7924529230d1ff7c1487eaf757a"><code>e327da8</code></a> NO-JIRA Add documentation for contribution</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/ff001fd60075371d6a718f7bdb70514d38aeaa60"><code>ff001fd</code></a> SQSCANGHA-107 Migrate install-build-wrapper</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/a88c96d7e45f0b6ea8ff876b52043d5d1f14a804"><code>a88c96d</code></a> SQSCANGHA-107 Make room for install-build-wrapper action</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/a64281002cbd123eadac8e639a2c821a87660c41"><code>a642810</code></a> SQSCANGHA-112 SQSCANGHA-113 Fixes from review and keytool refactor</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/60aee7033be5cd8ea3b942e3d552dc74074fde62"><code>60aee70</code></a> NO-JIRA Disable fail fast on matrix jobs</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/502204eab40a6365f41dfd0ee96a1046116228b2"><code>502204e</code></a> NO-JIRA Fix test assertion</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/0b794a06fae2d7d391ae19b91eb1f2d9d08ccccd"><code>0b794a0</code></a> SQSCANGHA-112 Delete legacy shell script</li> <li><a href="https://github.com/SonarSource/sonarqube-scan-action/commit/ece10df5d76d338d13498c2fe5b93ab2d4e14494"><code>ece10df</code></a> SQSCANGHA-112 Extract installation step and other fixes</li> <li>Additional commits viewable in <a href="https://github.com/sonarsource/sonarqube-scan-action/compare/v5.3.1...v6.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sonarsource/sonarqube-scan-action&package-manager=github_actions&previous-version=5.3.1&new-version=6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -14,7 +14,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Sonarcloud Scan
-        uses: sonarsource/sonarqube-scan-action@v5.3.1
+        uses: sonarsource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -36,7 +36,7 @@ jobs:
           submodules: recursive
           fetch-depth: 0
       - name: Install Build Wrapper
-        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v5.3.1
+        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v6.0.0
       - name: Setup
         run: |
           sudo apt-get install llvm -y
@@ -48,7 +48,7 @@ jobs:
           cmake -S c -B build -DCODE_COVERAGE=ON -DCMAKE_C_FLAGS=--coverage -DCMAKE_CXX_FLAGS=--coverage &&
           build-wrapper-linux-x86-64 --out-dir ./bw-output cmake --build build -j4 --target ccov-all-export
       - name: SonarCloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.3.1
+        uses: SonarSource/sonarqube-scan-action@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
