1.4.1

What's Changed

Bug Fixes

• PREQ-5981 Skip release/sign Maven profiles when deploy is false by @matemoln in #269

Improvements to the check-sca reusable workflow

• PREQ-5738: Adds maven-style project key extraction to check-sca by @bwalsh434 in #255
• BUILD-11393: Fix check-sca failures caused by local-ref by @bwalsh434 in #258
• PREQ-5794 Fix check-sca Gradle Kotlin DSL projectKey parsing by @SamirM-BE in #254
• PREQ-5827 fix(check-sca): declare environment: dev on verify-sca job by @axel-driowya-sonar in #259
• BUILD-11405: Changes the environment tag associated with the SCA Check by @bwalsh434 in #260
• BUILD-11394: Adds checking for manual setting of the SQ Project Key on check-sca by @bwalsh434 in #261
• BUILD-11438: Make SCA check look for issues on master, main, and active PR branches by @bwalsh434 in #268

Maintenance

• BUILD-10835 Use warp-custom-ubuntu-24-04 instead of github-ubuntu-latest-s by @hedinasr in #252
• BUILD-10835 Remove slack_notify reusable workflow by @hedinasr in #253
• BUILD-11388: Change pre-commit hook to koalaman/shellcheck-precommit by @bwalsh434 in #256
• Update dependency mise to 2026.5.9 by @renovate[bot] in #264
• Pin dependencies - gh-action_cache v1.5.0 by @renovate[bot] in #263
• Update GitHub actions (major) by @renovate[bot] in #111

New Contributors

• @axel-driowya-sonar made their first contribution in #259

Full Changelog: 1.4.0...1.4.1

1.4.0

What's Changed

Documentation

• BUILD-11270: Add README for check-sca action by @bwalsh434 in #251

Full Changelog: 1.3.35...1.4.0

1.3.35

What's Changed

New Features

• BUILD-11091: Adds check-sca action for enforcing that SCA is active by @bwalsh434 in #247

Improvements

• PREQ-5529 Update default maven scanner to version 5.6.0.6792 by @dorian-burihabwa-sonarsource in #250

Bug Fixes

• BUILD-10827: make config-npm skip path safe from template parsing error by @tomverin in #246
• BUILD-11091: Fix vault path in downstream repos for check-sca by changing trigger to pull_request by @bwalsh434 in #248
• PREQ-5497: Bump mise to 2026.4.23 to fix jfrog-cli registry lookup by @tomverin in #249

Full Changelog: 1.3.34...1.3.35

1.3.34

What's Changed

• PREQ-5070 Update dependency mise to 2026.3.17 by @renovate[bot] in #232

Full Changelog: 1.3.33...1.3.34

1.3.33

What's Changed

Improvements

• Update SonarSource/gh-action_cache action to v1.4.4 by @renovate[bot] in #242

Full Changelog: 1.3.32...1.3.33

1.3.32

What's Changed

Improvements

• PREQ-4918: Support unique artifact names for matrix jobs by @bwalsh434 in #240

Full Changelog: 1.3.31...1.3.32

1.3.31

What's Changed

Improvements

• PREQ-4933 Use plain poetry install to respect lock file by @tomverin in #241

Full Changelog: 1.3.30...1.3.31

1.3.30

What's Changed

Improvements

• Update GitHub actions by @renovate[bot] in #239

  Package	Type	Update	Change
  SonarSource/gh-action_cache	action	patch	v1.4.2 → v1.4.3

  This release sets AWS S3 as the default cache backend for gh-action_cache.
  Use CACHE_BACKEND env var to use GitHub cache backend.
  Use CACHE_IMPORT_GITHUB env var to opt-in/out migration scenario from GitHub to S3.

Full Changelog: 1.3.29...1.3.30

1.3.29

What's Changed

Improvements

• BUILD-10774: Pin gh-action_cache version to v1.4.2 by @bwalsh434 in #238

This release enables the fallback-to-default-branch flag on all build actions maintained by EngXP.

Full Changelog: 1.3.28...1.3.29

1.3.28

What's Changed

New Features

• BUILD-10591 Leverage setup-jfrog-cli summary in ci-github-actions by @julien-carsique-sonarsource in #233

Improvements

• BUILD-10586 Fix inconsistencies between actions inputs, outputs and behaviors by @julien-carsique-sonarsource in #231
• Update GitHub actions by @renovate[bot] in #234

  Package	Type	Update	Change
  SonarSource/gh-action_cache	action	minor	v1.2.3 → v1.4.1
  SonarSource/vault-action-wrapper	action	minor	3.3.0 → 3.4.0

Bug Fixes

• BUILD-10724 fix host paths by @julien-carsique-sonarsource in #237

Full Changelog: 1.3.27...1.3.28