From 3270b129340d0fa653195d192cbd96eadb3d0e79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 1 Feb 2026 16:10:44 +0000
Subject: [PATCH] Bump the gh-dependency group across 1 directory with 6
 updates

Bumps the gh-dependency group with 6 updates in the /.github/workflows directory:

| Package | From | To |
| --- | --- | --- |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |
| [actions/checkout](https://github.com/actions/checkout) | `5` | `6` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8` | `9` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `5` | `6` |
| [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `5` | `6` |



Updates `actions/upload-artifact` from 4 to 5
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

Updates `golangci/golangci-lint-action` from 8 to 9
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9)

Updates `actions/download-artifact` from 5 to 6
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

Updates `SonarSource/sonarqube-scan-action` from 5 to 6
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-dependency
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-dependency
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-dependency
- dependency-name: golangci/golangci-lint-action
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-dependency
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-dependency
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-dependency
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/cifuzz.yml         |  4 ++--
 .github/workflows/golangci-lint.yml  |  4 ++--
 .github/workflows/staticAnalysis.yml |  2 +-
 .github/workflows/test-for-fork.yml  |  2 +-
 .github/workflows/test.yml           | 12 ++++++------
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 3c2d41d4..3bfb30e4 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -30,7 +30,7 @@ jobs:
        output-sarif: true
 
    - name: Upload Crash
-     uses: actions/upload-artifact@v4
+     uses: actions/upload-artifact@v6
      if: failure() && steps.build.outcome == 'success'
      with:
        name: artifacts
@@ -38,7 +38,7 @@ jobs:
 
    - name: Upload Sarif
      if: always() && steps.build.outcome == 'success'
-     uses: github/codeql-action/upload-sarif@v3
+     uses: github/codeql-action/upload-sarif@v4
      with:
       # Path to SARIF file relative to the root of the repository
       sarif_file: cifuzz-sarif/results.sarif
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index 59ac58df..973aa760 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Go 1.20+
         uses: actions/setup-go@v6
@@ -27,7 +27,7 @@ jobs:
       - run: go version
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v8
+        uses: golangci/golangci-lint-action@v9
         with:
           version: v2.4.0
           args: --timeout=5m
diff --git a/.github/workflows/staticAnalysis.yml b/.github/workflows/staticAnalysis.yml
index 98512c80..0a0b4fec 100644
--- a/.github/workflows/staticAnalysis.yml
+++ b/.github/workflows/staticAnalysis.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Go 1.20+
         uses: actions/setup-go@v6
diff --git a/.github/workflows/test-for-fork.yml b/.github/workflows/test-for-fork.yml
index 91acb224..54143d8b 100644
--- a/.github/workflows/test-for-fork.yml
+++ b/.github/workflows/test-for-fork.yml
@@ -24,7 +24,7 @@ jobs:
 
       # Checks-out repository under $GITHUB_WORKSPACE
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       # Build everything
       - name: Run a build
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e870607c..c450e4fb 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -33,7 +33,7 @@ jobs:
 
       # Checks-out repository under $GITHUB_WORKSPACE with tags and history (needed by "SonarCloud Scan" step)
       - name: Full checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0 # Full clone for SonarCloud
 
@@ -60,7 +60,7 @@ jobs:
         shell: bash
 
       - name: Upload coverage and report files
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ hashFiles('./outputs') || 'none' }}
           path: ./outputs
@@ -73,12 +73,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
       - name: Download artifacts
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v7
         with:
           path: ./outputs
 
@@ -96,7 +96,7 @@ jobs:
           directory: .tmp/
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5
+        uses: SonarSource/sonarqube-scan-action@v7
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -119,7 +119,7 @@ jobs:
       - run: go version
 
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Run a build
         run: go build ./...