Bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: actions/checkout, SonarSource/sonarqube-scan-action and chromaui/action.

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774

... (truncated)

Commits

• df4cb1c Update changelog for v6.0.3 (#2446)
• 1cce339 Fix checkout init for SHA-256 repositories (#2439)
• 900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
• 0c366fd Update changelog (#2357)
• See full diff in compare view

Updates SonarSource/sonarqube-scan-action from 8.1.0 to 8.2.0

Release notes

Sourced from SonarSource/sonarqube-scan-action's releases.

v8.2.0

What's Changed

• SQSCANGHA-149 Add scannerBinariesAuthHeader input by @​henryju in SonarSource/sonarqube-scan-action#246
• SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support by @​henryju in SonarSource/sonarqube-scan-action#249
• SQSCANGHA-84 Remove outdated wget/curl references by @​henryju in SonarSource/sonarqube-scan-action#248
• SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4-part version by @​henryju in SonarSource/sonarqube-scan-action#250
• SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows by @​henryju in SonarSource/sonarqube-scan-action#251

Full Changelog: SonarSource/sonarqube-scan-action@v8...v8.2.0

Commits

• 7138816 SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)
• 3581139 SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...
• c9d327c SQSCANGHA-84 Remove outdated wget/curl references
• b243e51 SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support
• 375c3f5 SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...
• 9c78323 SQSCANGHA-144 Add gate jobs to QA workflows for branch protection
• See full diff in compare view

Updates chromaui/action from 16.9.1 to 17.3.0

Changelog

Sourced from chromaui/action's changelog.

v17.4.1 (Thu Jun 11 2026)

🐛 Bug Fix

• fix: e2e build command ignores arguments when used with npm #1385 (@​sentience @​AriPerkkio @​jmhobbs)

Authors: 3

• Ari Perkkiö (@​AriPerkkio)
• John Hobbs (@​jmhobbs)
• Kevin Yank (@​sentience)

---

v17.4.0 (Tue Jun 09 2026)

🚀 Enhancement

• Add additional bail details to invalidChangedFiles #1355 (@​codykaup)

🐛 Bug Fix

• Update Codecov to fix GPG issue #1387 (@​codykaup)

Authors: 1

• Cody Kaup (@​codykaup)

---

v17.3.0 (Fri Jun 05 2026)

🚀 Enhancement

• 🔧 Add a configuration parameter that controls git timeout. #1371 (@​jwir3)

🐛 Bug Fix

• Remove unused subdir directory #1381 (@​codykaup)
• Increase Sentry message length #1380 (@​codykaup)
• Bump typescript-eslint to fix TypeScript warning #1373 (@​codykaup)
• Drop slash dependency for internal helper #1374 (@​codykaup)
• react-native-build: Don't overwrite artifacts without permission. #1364 (@​jmhobbs)
• Set patch label for Dependabot PRs #1370 (@​codykaup)
• Update Dependabot to skip test fixture dependencies #1363 (@​codykaup)

Authors: 3

• Cody Kaup (@​codykaup)
• John Hobbs (@​jmhobbs)

... (truncated)

Commits

• 05812ac v17.3.0
• d92ea1c v17.2.0
• 8ad69a4 v17.1.0
• 0b8c883 v17.0.1
• 7aca53e v17.0.0
• 1bbb581 v16.10.1
• e3eb8ec v16.10.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions