October 2025 security updated and sonar cloud scanner version bump up#30
October 2025 security updated and sonar cloud scanner version bump up#30
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the Maven project/module versions and upgrades a few dependency versions (commons-io and BouncyCastle) for security maintenance, and adjusts the SonarCloud GitHub Actions workflow formatting/inputs.
Changes:
- Bump parent + module Maven version from
1.5.7to1.5.8 - Upgrade
commons-ioto2.16.1and BouncyCastle artifacts to1.80 - Tidy SonarCloud workflow YAML and change
argsformatting for the scan action
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
pom.xml |
Bumps project version and updates managed dependency versions (commons-io, BouncyCastle). |
mid-java-client-core/pom.xml |
Updates parent version reference to 1.5.8. |
mid-java-client-rest/pom.xml |
Updates parent version reference to 1.5.8. |
mid-java-client-soap/pom.xml |
Updates parent version reference to 1.5.8. |
mid-java-client-usage/pom.xml |
Updates parent version reference to 1.5.8. |
.github/workflows/sonarcloud.yml |
Re-formats workflow and adjusts how scanner args are passed. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: SonarQube Scan | ||
| uses: SonarSource/sonarqube-scan-action@v6.0.0 # Ex: v4.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan | ||
| env: |
There was a problem hiding this comment.
The PR title/description mention a SonarCloud scanner version bump, but this workflow still pins SonarSource/sonarqube-scan-action@v6.0.0 (no version change in this PR). Either update the action version to the intended target, or adjust the PR title/description to reflect that this is primarily a formatting/args change.
October 2025 security updated and sonar cloud scanner version bump up