Bump codecov/codecov-action from 6 to 7

[dependabot]

Bumps codecov/codecov-action from 6 to 7.

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

• ci: remove Enforce License Compliance workflow by @​thomasrockhu-codecov in codecov/codecov-action#1950
• chore(release): 7.0.0 by @​thomasrockhu-codecov in codecov/codecov-action#1957

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

• ci: remove Enforce License Compliance workflow by @​thomasrockhu-codecov in codecov/codecov-action#1950
• chore(release): 7.0.0 by @​thomasrockhu-codecov in codecov/codecov-action#1957

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

• fix: prevent template injection in run: steps (VULN-1652) by @​thomasrockhu-codecov in codecov/codecov-action#1947
• chore(release): 6.0.1 by @​thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Downstream Testing Results

The table below helps prevent breakage in downstream packages.
There are four possible results: Pass, Fail, Version Mismatch, and Error.

• Pass: this PR does not break the downstream package.
• Fail: this PR breaks the downstream package.
• Version Mismatch: the version in this PR is not accepted by the compat bounds of the downstream package (in the given version).
• Error: Something else went wrong outside of the tests (possibly workflow related).

If all packages Pass

In this case, it is safe to release a new bugfix version (e.g., from 1.2.3 to 1.2.4) or minor version (e.g., from 0.1.5 to 0.1.6 or from 1.2.3 to 1.3.0).

If some packages Fail and that's not expected

In this case, this PR has some issue that needs to be investigated.
Check the tests log, or try to reproduce and fix the error locally:

# Go to the downstream package folder
pkg> activate path/to/this/package
pkg> update
pkg> test

Make sure that the /path/to/this/package has this package with the PR branch checked out.

After fixing the error, you should have a Pass state, or eventually you might conclude that this Fail is expected.

If some packages Fail and that is expected

In this case, you're introducing changes in this PR that will inevitably break some package.
This is a BREAKING CHANGE, and thus you will need to release a new version of this package.
One recommendation would be to do it now, introducing a new commit with the update of the version in the Project.toml.
This should be a major update (e.g., from 0.1.5 to 0.2.0 or from 1.2.3 to 2.0.0).

If you do that, then most packages or all packages will have a Version Mismatch status.

If you have Version Mismatch

Any package with a Version Mismatch has compat bounds that don't include this version of this package.
This is not an error, just a warning, and it can happen either because the downstream package has not had its compat updated yet (consider using dependabot), or that this PR introduces a version change.

Disclaimer: The Version Mismatch might be wrong, because it's a catch-all over the develop and build steps of the workflow.
If the mismatch is completely unexpected, check the logs.

If you have an Error

You have to investigate what happened. This is a catch-all for any other issue that appears in the workflow.

Package name	Result