SP-3565: Update dependencies

.github/workflows/check-dist.yml

@@ -58,7 +58,7 @@ jobs:
       - if: ${{ failure() && steps.diff.outcome == 'failure' }}
         name: Upload Artifact
         id: upload
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: dist
           path: dist/

.github/workflows/ci.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Setup Node.js
         id: setup-node

.node-version

@@ -1 +1 @@
-20.6.0
+24.15.0

CHANGELOG.md

@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.6.3] - 2026-05-18
+### Changed
+- Upgraded Node.js to 24
+- Upgraded eslint-plugin jest to 29.15.2
+- Upgraded @types/node to 25.3.5
+- Upgraded @actions/core to 3.0.0
+- Upgraded globals to 17.4.0
+- Upgraded actions/upload-artifact to 7
+- Added __mocks__/@actions/core.ts to mock @actions/core for tests
+- Updated actions/checkout to v6 in README.md
+### Fixed
+- Changed 'code-scan-action' to 'gha-code-scan' in README.md
+
 ## [1.6.2] - 2026-05-11
 ### Changed
 - Upgraded `scanoss.py` runtime container to v1.52.1

README.md

@@ -1,9 +1,9 @@
 # SCANOSS Code Scan Action
 
-[![GitHub Super-Linter](https://github.com/scanoss/code-scan-action/actions/workflows/linter.yml/badge.svg)](https://github.com/super-linter/super-linter)
-![CI](https://github.com/scanoss/code-scan-action/actions/workflows/ci.yml/badge.svg)
-[![Check dist/](https://github.com/scanoss/code-scan-action/actions/workflows/check-dist.yml/badge.svg)](https://github.com/scanoss/scanoss-code-scan-step/actions/workflows/check-dist.yml)
-[![CodeQL](https://github.com/scanoss/code-scan-action/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/scanoss/scanoss-code-scan-step/actions/workflows/codeql-analysis.yml)
+[![GitHub Super-Linter](https://github.com/scanoss/gha-code-scan/actions/workflows/linter.yml/badge.svg)](https://github.com/super-linter/super-linter)
+![CI](https://github.com/scanoss/gha-code-scan/actions/workflows/ci.yml/badge.svg)
+[![Check dist/](https://github.com/scanoss/gha-code-scan/actions/workflows/check-dist.yml/badge.svg)](https://github.com/scanoss/scanoss-code-scan-step/actions/workflows/check-dist.yml)
+[![CodeQL](https://github.com/scanoss/gha-code-scan/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/scanoss/scanoss-code-scan-step/actions/workflows/codeql-analysis.yml)
 ![Coverage](./badges/coverage.svg)
 
 The SCANOSS Code Scan Action enhances your software development process by automatically scanning your code for security
@@ -77,11 +77,11 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Run SCANOSS Code Scan
         id: scanoss-code-scan-step
-        uses: scanoss/code-scan-action@v1
+        uses: scanoss/gha-code-scan@v1
 ```
 
 For example workflow runs, check out our
@@ -178,7 +178,7 @@ When Dependency Track integration is enabled, you'll see these checks in your Gi
 #### Basic Configuration
 ```yaml
 - name: Run SCANOSS Code Scan with Dependency Track
-  uses: scanoss/code-scan-action@v1
+  uses: scanoss/gha-code-scan@v1
   with:
     deptrack.upload: true
     deptrack.url: 'https://your-dt-instance.com'
@@ -190,7 +190,7 @@ When Dependency Track integration is enabled, you'll see these checks in your Gi
 #### Advanced Configuration with Policies
 ```yaml
 - name: Run SCANOSS Code Scan with Full Dependency Track Integration
-  uses: scanoss/code-scan-action@v1
+  uses: scanoss/gha-code-scan@v1
   with:
     policies: copyleft, undeclared, dt  # Enable all policies including Dependency Track
     deptrack.upload: true
@@ -237,11 +237,11 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Run SCANOSS Code Scan
         id: scanoss-code-scan-step
-        uses: scanoss/code-scan-action@v1
+        uses: scanoss/gha-code-scan@v1
         with:
           policies: copyleft, undeclared, dt
           scanMode: 'delta'

__mocks__/@actions/core.ts

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: MIT
+/*
+   Copyright (c) 2026, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+ */
+
+export const debug = jest.fn();
+export const error = jest.fn();
+export const info = jest.fn();
+export const notice = jest.fn();
+export const warning = jest.fn();
+export const setFailed = jest.fn();
+export const setOutput = jest.fn();
+export const setSecret = jest.fn();
+export const getInput = jest.fn().mockReturnValue('');
+
+export const summary = {
+  addHeading: jest.fn().mockReturnThis(),
+  addRaw: jest.fn().mockReturnThis(),
+  addSeparator: jest.fn().mockReturnThis(),
+  addCodeBlock: jest.fn().mockReturnThis(),
+  write: jest.fn().mockResolvedValue(undefined)
+};

__tests__/dep-track-policy-check.test.ts

@@ -69,19 +69,12 @@ jest.mock('@actions/github', () => ({
 
 const mockGetExecOutput = jest.spyOn(exec, 'getExecOutput');
 
-// Mock core.warning at the module level
-jest.mock('@actions/core', () => ({
-  ...jest.requireActual('@actions/core'),
-  warning: jest.fn()
-}));
-
 const mockCoreWarning = core.warning as jest.MockedFunction<typeof core.warning>;
 
 describe('DepTrackPolicyCheck', () => {
   let depTrackPolicyCheck: DepTrackPolicyCheck;
   const appInput = jest.requireMock('../src/app.input');
-  const TEST_DIR = __dirname;
-  const TEST_REPO_DIR = path.join(TEST_DIR, 'data');
+  const TEST_REPO_DIR = path.join(__dirname, 'data');
 
   beforeEach(() => {
     appInput.REPO_DIR = TEST_REPO_DIR;

action.yml

@@ -120,5 +120,5 @@ outputs:
     description: 'Scanner command output'
 
 runs:
-  using: node20
+  using: node24
   main: dist/index.js