Releases: SonarSource/sonarqube-scan-action
v7.0.0
What's Changed
- SQSCANGHA-120 NO-JIRA Bump actions/setup-node from 4 to 5 by @dependabot[bot] in #211
- Update SonarScanner CLI to 7.3.0.5189 by @github-actions[bot] in #212
- SQSCANGHA-122 Include caveats for running SCA by @subdavis in #213
- SQSCANGHA-123 NO-JIRA Bump actions/setup-node from 5 to 6 by @dependabot[bot] in #214
- SQSCANGHA-126 Update SonarScanner CLI to 8.0.1.6346 by @github-actions[bot] in #218
New Contributors
Full Changelog: v6.0.0...v7.0.0
Contributors
Assets 2
v4.2.2
Full Changelog: v4.2.1...v4.2.2
v5.3.2
Full Changelog: v5.3.1...v5.3.2
v6.0.0
BREAKING CHANGE!
In order to prevent command-line injection, the actions has been rewritten from Bash to JS, and the args input is now parsed differently. When updating to v6, you might have to update your workflow to change how arguments are quoted.
For example, if you were previously passing:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
-Dsonar.projectName="My Project"you should now pass:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
"-Dsonar.projectName=My Project"For more args passing examples, please refer to the README file
What's Changed
- SQSCANGHA-106 Migrate from Bash to JS by @jeremy-davis-sonarsource in #208
Full Changelog: v5.3.1...v6.0.0
Contributors
Assets 2
v5.3.1
OVERLOOKED BREAKING CHANGE!
In order to prevent command-line injection, the way to parse the args input has been changed, but this is possibly a breaking change regarding support of quotes.
For example, if you were previously passing:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
-Dsonar.projectName="My Project"you should now pass:
- uses: SonarSource/sonarqube-scan-action@<action version>
with:
args: >
"-Dsonar.projectName=My Project"Edit: We have now released v6 that more accurately reflect this breaking change.
What's Changed
- SQSCANGHA-101 Add more input injection tests by @aleksandra-bozhinoska-sonarsource in #200
New Contributors
- @daantimmer made their first contribution in #199
Full Changelog: v5...v5.3.1
Contributors
Assets 2
v5.3.0
What's Changed
- SQSCANGHA-83 Avoid unbound variable error on parameter expansion by @aleksandra-bozhinoska-sonarsource in #192
- SQSCANGHA-97 Use /usr/bin/env for shebang by @eliandoran in #193
- SQSCANGHA-98 Update SonarScanner CLI to 7.2.0.5079 by @github-actions[bot] in #196
New Contributors
- @eliandoran made their first contribution in #193
Full Changelog: v5.2.0...v5.3.0
Contributors
Assets 2
v5.2.0
What's Changed
- SQSCANGHA-90 remove mend dead conf by @pierre-guillot-gh in #184
- SQSCANGHA-89 Attempt to fix command injection by @henryju in #186
- SQSCANGHA-93 Fix madhead/semver-utils' version by @csaba-feher-sonarsource in #187
- SQSCANGHA-94 Update version update logic by @csaba-feher-sonarsource in #188
- SQSCANGHA-92 Validate scanner version by @csaba-feher-sonarsource in #189
Full Changelog: v5...v5.2.0
Contributors
Assets 2
v5.1.0
What's Changed
- Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us by @github-actions in #183
Full Changelog: v5.0.0...v5.1.0
v5.0.0
What's Changed
- SQSCANGHA-81 Update SonarScanner CLI to 7.0.2.4839 by @github-actions in #175
Full Changelog: v4...v5.0.0
v4.2.1
What's Changed
- SQSCANGHA-77 Change title back to SonarQube Scan Action by @antonioaversa in #166
Full Changelog: v4.2.0...v4.2.1
