chore(deps): bump codecov/codecov-action from 4 to 6

[dependabot]

Bumps codecov/codecov-action from 4 to 6.

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in codecov/codecov-action#1929
• Th/6.0.0 by @​thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in codecov/codecov-action#1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in codecov/codecov-action#1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in codecov/codecov-action#1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

What's Changed

• check gpg only when skip-validation = false by @​maxweng-sentry in codecov/codecov-action#1894
• chore: disable_search alignment by @​freemanzMrojo in codecov/codecov-action#1881
• chore(release): 5.5.2 by @​thomasrockhu-codecov in codecov/codecov-action#1902

New Contributors

• @​maxweng-sentry made their first contribution in codecov/codecov-action#1894
• @​freemanzMrojo made their first contribution in codecov/codecov-action#1881

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

v5.5.1

What's Changed

• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in codecov/codecov-action#1833
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​dependabot[bot] in codecov/codecov-action#1861
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in codecov/codecov-action#1867
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in codecov/codecov-action#1868
• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• e79a696 chore(release): 6.0.1 (#1949)
• 51e6422 fix: prevent template injection in run: steps (VULN-1652) (#1947)
• 57e3a13 Th/6.0.0 (#1928)
• f67d33d Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0""...
• 75cd116 chore(release): 5.5.4 (#1927)
• 87d39f4 Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" (#1926)
• 1af5884 chore(release): bump to 5.5.3 (#1922)
• c143300 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#1874)
• 671740a chore(release): 5.5.2 (#1902)
• 96b38e9 chore: disable_search alignment (#1881)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated CI/CD tooling dependencies.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request upgrades the Codecov GitHub Actions workflow step from version 4 to version 6, updating the action invoked during the "Upload coverage reports to Codecov" stage in the test workflow.

Changes

Codecov Action Version Upgrade

Layer / File(s)	Summary
Codecov action version upgrade .github/workflows/test.yml	The codecov/codecov-action step is upgraded from v4 to v6 in the CI workflow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• hiranyasemindi
• iamvirul

Poem

🐰 A hop from v4 to v6 so bright,
Coverage reports now fly in flight,
One line changed, but oh what cheer,
The Codecov rabbit's upgrade is here! 📊✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating the codecov/codecov-action dependency from version 4 to version 6 in the GitHub Actions workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/github_actions/codecov/codecov-action-6

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/test.yml:
- Line 37: Update the GitHub Actions step that references the Codecov action
(the uses line currently set to codecov/codecov-action@v6) to pin it to the
immutable commit SHA by replacing the tag with
codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354; ensure the uses
entry exactly matches that SHA to prevent CI supply-chain drift.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: ba604bfb-1ec1-4852-a1a3-8f797e8243c7

📥 Commits

Reviewing files that changed from the base of the PR and between 1fee58b and a540854.

📒 Files selected for processing (1)

• .github/workflows/test.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read-only verification: resolve current commit behind codecov/codecov-action v6 tag
gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

🏁 Script executed:

gh api repos/codecov/codecov-action/git/ref/tags/v6 | jq -r '.object.sha'

Repository: OpenDevFlow/md-latex

Length of output: 105

---

Pin Codecov action to an immutable commit SHA
.github/workflows/test.yml Line 37 uses the mutable tag codecov/codecov-action@v6; pin it to codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 to prevent CI supply-chain drift.

🔒 Suggested change

-      uses: codecov/codecov-action@v6
+      uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: codecov/codecov-action@v6
	uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354

🧰 Tools

🪛 zizmor (1.25.2)

[error] 37-37: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/test.yml at line 37, Update the GitHub Actions step that
references the Codecov action (the uses line currently set to
codecov/codecov-action@v6) to pin it to the immutable commit SHA by replacing
the tag with codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354;
ensure the uses entry exactly matches that SHA to prevent CI supply-chain drift.