chore(deps): update sonarsource/sonarqube-scan-action action to v7

[marvin-serp-bot]

This PR contains the following updates:

Package	Type	Update	Change
sonarsource/sonarqube-scan-action	action	major	v5.1.0 -> v7.1.0

---

Release Notes

sonarsource/sonarqube-scan-action (sonarsource/sonarqube-scan-action)

v7.1.0

Compare Source

What's Changed

• SQSCANGHA-128 NO-JIRA Bump actions/cache from 4 to 5 by @​dependabot[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/2199
• SQSCANGHA-130 Bump rollup from 4.50.1 to 4.59.0 by @​dependabot[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/2211
• SQSCANGHA-131 Bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/2233
• SQSCANGHA-132 Upgrade Node to 24 by @​claire-villard-sonarsource in https://github.com/SonarSource/sonarqube-scan-action/pull/224

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.1.0

v7.0.0

Compare Source

What's Changed

• SQSCANGHA-120 NO-JIRA Bump actions/setup-node from 4 to 5 by @​dependabot[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/2111
• Update SonarScanner CLI to 7.3.0.5189 by @​github-actions[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/2122
• SQSCANGHA-122 Include caveats for running SCA by @​subdavis in https://github.com/SonarSource/sonarqube-scan-action/pull/213
• SQSCANGHA-123 NO-JIRA Bump actions/setup-node from 5 to 6 by @​dependabot[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/2144
• SQSCANGHA-126 Update SonarScanner CLI to 8.0.1.6346 by @​github-actions[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/2188

New Contributors

• @​subdavis made their first contribution in https://github.com/SonarSource/sonarqube-scan-action/pull/213

Full Changelog: SonarSource/sonarqube-scan-action@v6.0.0...v7.0.0

v6.0.0

Compare Source

BREAKING CHANGE!

In order to prevent command-line injection, the actions has been rewritten from Bash to JS, and the args input is now parsed differently. When updating to v6, you might have to update your workflow to change how arguments are quoted.
For example, if you were previously passing:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      -Dsonar.projectName="My Project"

you should now pass:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      "-Dsonar.projectName=My Project"

For more args passing examples, please refer to the README file

What's Changed

• SQSCANGHA-106 Migrate from Bash to JS by @​jeremy-davis-sonarsource in https://github.com/SonarSource/sonarqube-scan-action/pull/208

Full Changelog: SonarSource/sonarqube-scan-action@v5.3.1...v6.0.0

v5.3.2

Compare Source

Full Changelog: SonarSource/sonarqube-scan-action@v5.3.1...v5.3.2

v5.3.1

Compare Source

OVERLOOKED BREAKING CHANGE!

In order to prevent command-line injection, the way to parse the args input has been changed, but this is possibly a breaking change regarding support of quotes.

For example, if you were previously passing:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      -Dsonar.projectName="My Project"

you should now pass:

- uses: SonarSource/sonarqube-scan-action@<action version>
  with:
    args: >
      "-Dsonar.projectName=My Project"

Edit: We have now released v6 that more accurately reflect this breaking change.

What's Changed

• SQSCANGHA-101 Add more input injection tests by @​aleksandra-bozhinoska-sonarsource in https://github.com/SonarSource/sonarqube-scan-action/pull/200

New Contributors

• @​daantimmer made their first contribution in https://github.com/SonarSource/sonarqube-scan-action/pull/199

Full Changelog: SonarSource/sonarqube-scan-action@v5...v5.3.1

v5.3.0

Compare Source

What's Changed

• SQSCANGHA-83 Avoid unbound variable error on parameter expansion by @​aleksandra-bozhinoska-sonarsource in https://github.com/SonarSource/sonarqube-scan-action/pull/192
• SQSCANGHA-97 Use /usr/bin/env for shebang by @​eliandoran in https://github.com/SonarSource/sonarqube-scan-action/pull/193
• SQSCANGHA-98 Update SonarScanner CLI to 7.2.0.5079 by @​github-actions[bot] inhttps://github.com/SonarSource/sonarqube-scan-action/pull/1966

New Contributors

• @​eliandoran made their first contribution in https://github.com/SonarSource/sonarqube-scan-action/pull/193

Full Changelog: SonarSource/sonarqube-scan-action@v5.2.0...v5.3.0

v5.2.0

Compare Source

What's Changed

• SQSCANGHA-90 remove mend dead conf by @​pierre-guillot-gh in https://github.com/SonarSource/sonarqube-scan-action/pull/184
• SQSCANGHA-89 Attempt to fix command injection by @​henryju in https://github.com/SonarSource/sonarqube-scan-action/pull/186
• SQSCANGHA-93 Fix madhead/semver-utils' version by @​csaba-feher-sonarsource in https://github.com/SonarSource/sonarqube-scan-action/pull/187
• SQSCANGHA-94 Update version update logic by @​csaba-feher-sonarsource in https://github.com/SonarSource/sonarqube-scan-action/pull/188
• SQSCANGHA-92 Validate scanner version by @​csaba-feher-sonarsource in https://github.com/SonarSource/sonarqube-scan-action/pull/189

Full Changelog: SonarSource/sonarqube-scan-action@v5...v5.2.0

---

Configuration

📅 Schedule: Branch creation - At 10:00 PM through 11:59 PM and 12:00 AM through 04:59 AM, Monday through Friday ( * 22-23,0-4 * * 1-5 ) in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

✒️ PR Title Commitlint - ✔️ Lint success!