From 0ea04ca9bbe219944b70ec3e0b36772102ef308e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 07:26:43 +0000 Subject: [PATCH 1/2] build(dependabot): bump the dependencies group with 8 updates Bumps the dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `1` | `4` | | [actions/setup-node](https://github.com/actions/setup-node) | `3` | `6` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4` | `6` | | [Renato66/auto-label](https://github.com/renato66/auto-label) | `2` | `3` | | [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `5` | `7` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `1` | `4` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `github/codeql-action` from 1 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v4) Updates `actions/setup-node` from 3 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `aws-actions/configure-aws-credentials` from 4 to 6 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v4...v6) Updates `Renato66/auto-label` from 2 to 3 - [Release notes](https://github.com/renato66/auto-label/releases) - [Commits](https://github.com/renato66/auto-label/compare/v2...v3) Updates `SonarSource/sonarqube-scan-action` from 5 to 7 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/v5...v7) Updates `peter-evans/repository-dispatch` from 1 to 4 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/v1...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: aws-actions/configure-aws-credentials dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: Renato66/auto-label dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: SonarSource/sonarqube-scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: peter-evans/repository-dispatch dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 8 +++---- .github/workflows/dependabot-automerge.yml | 2 +- .github/workflows/deploy-aws.yml | 8 +++---- .github/workflows/issue.yml | 2 +- .github/workflows/pull-request.yml | 22 +++++++++---------- .github/workflows/release.yml | 6 ++--- .github/workflows/trigger-external-update.yml | 4 ++-- .github/workflows/visual.yml | 6 ++--- 8 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c2de8e90..35612fe3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,11 +35,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index acc4e39f..75374404 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/deploy-aws.yml b/.github/workflows/deploy-aws.yml index 2eae085b..487f2806 100644 --- a/.github/workflows/deploy-aws.yml +++ b/.github/workflows/deploy-aws.yml @@ -15,17 +15,17 @@ jobs: id-token: write steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event.release.tag_name }} - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: 22 - name: Get yarn cache - uses: actions/cache@v4 + uses: actions/cache@v5 id: yarn-cache with: path: | @@ -56,7 +56,7 @@ jobs: - run: git checkout HEAD -- package.json # do not save jarvis dependency to package.json because it is private # Authenticate to AWS - - uses: aws-actions/configure-aws-credentials@v4 + - uses: aws-actions/configure-aws-credentials@v6 with: aws-region: 'us-east-1' mask-aws-account-id: true diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index d7f79008..e88eae5f 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -6,7 +6,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: Renato66/auto-label@v2 + - uses: Renato66/auto-label@v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} default-labels: '["new"]' diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 505781b4..2602a14e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -14,15 +14,15 @@ jobs: name: build-lint-test - node ${{ matrix.node_version }} steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: ${{ matrix.node_version }} - name: Get yarn cache - uses: actions/cache@v4 + uses: actions/cache@v5 id: yarn-cache with: path: | @@ -43,7 +43,7 @@ jobs: run: find . | grep coverage - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@v5 + uses: SonarSource/sonarqube-scan-action@v7 with: args: > -Dsonar.projectVersion=${{ github.run_id }} @@ -56,15 +56,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: 22 - name: Get yarn cache - uses: actions/cache@v4 + uses: actions/cache@v5 id: yarn-cache with: path: | @@ -88,15 +88,15 @@ jobs: id-token: write steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: 22 - name: Get yarn cache - uses: actions/cache@v4 + uses: actions/cache@v5 id: yarn-cache with: path: | @@ -122,7 +122,7 @@ jobs: - run: git checkout HEAD -- package.json # do not save jarvis dependency to package.json because it is private (the file is committed by semantic-release to bump version) # authenticate to AWS - - uses: aws-actions/configure-aws-credentials@v4 + - uses: aws-actions/configure-aws-credentials@v6 with: aws-region: 'us-east-1' mask-aws-account-id: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 77ca64fe..da977ea6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: id-token: write steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Use custom token from repo secrets to allow semantic release to push commit: @@ -22,12 +22,12 @@ jobs: token: ${{ secrets.GH_TOKEN }} - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: 22 - name: Get yarn cache - uses: actions/cache@v4 + uses: actions/cache@v5 id: yarn-cache with: path: | diff --git a/.github/workflows/trigger-external-update.yml b/.github/workflows/trigger-external-update.yml index c76017d2..6da93e06 100644 --- a/.github/workflows/trigger-external-update.yml +++ b/.github/workflows/trigger-external-update.yml @@ -10,14 +10,14 @@ jobs: if: "!contains(github.event.head_commit.message, '[skip ci]')" steps: - name: update_embed_demos - uses: peter-evans/repository-dispatch@v1 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ secrets.GH_TOKEN }} repository: Typeform/embed-demo event-type: update_embed_demos - name: update_embed_docs - uses: peter-evans/repository-dispatch@v1 + uses: peter-evans/repository-dispatch@v4 with: token: ${{ secrets.GH_TOKEN }} repository: Typeform/developers diff --git a/.github/workflows/visual.yml b/.github/workflows/visual.yml index 66632af0..85f12218 100644 --- a/.github/workflows/visual.yml +++ b/.github/workflows/visual.yml @@ -13,15 +13,15 @@ jobs: if: ${{ !github.event.pull_request || github.event.pull_request.head.repo.full_name == github.repository }} steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: 22 - name: Get yarn cache - uses: actions/cache@v4 + uses: actions/cache@v5 id: yarn-cache with: path: | From 95a76692841ff786d541ece1e761dafab720b106 Mon Sep 17 00:00:00 2001 From: Roberto Espejo Date: Mon, 23 Feb 2026 16:36:48 +0100 Subject: [PATCH 2/2] ci(NOJIRA-1234): Updated how parameters are passed to sonar action --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 2602a14e..dc797960 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -46,7 +46,7 @@ jobs: uses: SonarSource/sonarqube-scan-action@v7 with: args: > - -Dsonar.projectVersion=${{ github.run_id }} + "-Dsonar.projectVersion=${{ github.run_id }}" env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_TOKEN }}