chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1

[dependabot]

Bumps codecov/codecov-action from 6.0.0 to 6.0.1.

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.1

What's Changed

• fix: prevent template injection in run: steps (VULN-1652) by @​thomasrockhu-codecov in codecov/codecov-action#1947
• chore(release): 6.0.1 by @​thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• e79a696 chore(release): 6.0.1 (#1949)
• 51e6422 fix: prevent template injection in run: steps (VULN-1652) (#1947)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

This PR bumps codecov/codecov-action from v6.0.0 to v6.0.1 in the CI workflow. The patch release contains a security fix for template injection in run: steps (VULN-1652).

• The action reference remains SHA-pinned (e79a6962e0d4c0c17b229090214935d2e33f8354), which is the correct security practice for third-party GitHub Actions.
• No functional changes to the workflow beyond the version bump; all inputs (token, files) remain unchanged.

Confidence Score: 5/5

Safe to merge — this is a one-line dependency bump with a SHA-pinned reference and no workflow logic changes.

The change is minimal: one line updated to a newer, SHA-pinned version of the Codecov action. The new version ships a security patch (template injection fix) with no breaking changes. The rest of the workflow is untouched.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Single-line bump of codecov/codecov-action from v6.0.0 to v6.0.1 (SHA-pinned); includes a security fix for template injection in run steps (VULN-1652).

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions CI
    participant Test as go test
    participant Codecov as codecov/codecov-action@v6.0.1

    GH->>Test: Run tests with coverage profile
    Test-->>GH: coverage.txt
    GH->>Codecov: Upload coverage (token + files)
    Note over Codecov: v6.0.1 includes VULN-1652 fix<br/>(template injection prevention)
    Codecov-->>GH: Coverage report posted

Loading

_{Reviews (1): Last reviewed commit: "chore(deps): bump codecov/codecov-action..." | Re-trigger Greptile}