fix: bumps sonarscan action version

[pandeymangg]

Bumps Sonar scan GitHub Action from 5.2.0 to 6.0.0 to address security alert raised by dependabot:
https://github.com/formbricks/android/security/dependabot/1

[coderabbitai]

Walkthrough

The GitHub Actions workflow at .github/workflows/sonarcloud.yml updates the SonarCloud Scan action version from v5.2.0 to v6.0.0. No other steps, inputs, or workflow logic were changed.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "fix: bumps sonarscan action version" succinctly and accurately describes the primary change—updating the Sonar scan GitHub Action version—and matches the workflow modification in the PR.
Description Check	✅ Passed	The description explicitly states the action is being bumped from 5.2.0 to 6.0.0 to address a Dependabot security alert, which directly corresponds to the workflow file change and is therefore related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c7a280b and bda4ba9.

📒 Files selected for processing (1)

• .github/workflows/sonarcloud.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: SonarCloud
• GitHub Check: Analyze (java-kotlin)

🔇 Additional comments (2)

.github/workflows/sonarcloud.yml (2)

71-71: Good supply-chain hardening: pinned to immutable commit SHA.

Pinning the action to the v6.0.0 commit SHA removes tag‑rewrite risk and satisfies the Dependabot alert intent.

---

76-83: No change required — args format OK; quote entire -D assignment only if a value contains spaces.

Sonar v6 expects a folded scalar with space-separated -Dkey=value; if a property value contains spaces wrap the whole assignment in quotes (e.g. "-Dsonar.projectName=My Project") — the old -Dkey="value" form is not supported. Current flags contain no spaces.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6377c47 and c7a280b.

📒 Files selected for processing (1)

• .github/workflows/sonarcloud.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: SonarCloud
• GitHub Check: Analyze (java-kotlin)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[mattinannt]

Thank you for the fix; looks good :-)