action-allowlist-review: bump JetBrains/qodana-action from 2026.1.0 to 2026.1.3 in /.github/actions/for-dependabot-triggered-reviews

[dependabot]

Bumps JetBrains/qodana-action from 2026.1.0 to 2026.1.3.

Release notes

Sourced from JetBrains/qodana-action's releases.

v2026.1.3

Changelog

• b0eaa86 ⬆️ Bump Kotlin to 2.3.0
• c91a70c ✨ Add Maven plugin for Qodana
• ca746a1 🐛 QD-14658 Fix Maven integration test with reliable Python issue detection
• 1ca399e 🧱 Update vsts/QodanaScan/index.js
• 6975b5c ✅ QD-14666 Update GitHub Action tests to use new CLI arguments (#597)
• ab64602 ⬆️ Update qodana to v2026.1.1 (#595)
• ac6b2a1 🐛 QD-14655 fix cache copy error and update the component
• f44cbf3 🐛 QD-14679 Append native cache key as prefix, not suffix
• cfac2b9 :feature: QD-14680 Switch auto-push of dist changes to local pre-commit check
• c3af492 🐛 QD-15013 Fix azure-dev-release workflow failure due to missing husky (#602)
• 4861e01 ⬆️ Update qodana to v2026.1.3 (#603)

Commits

• 4861e01 ⬆️ Update qodana to v2026.1.3 (#603)
• c3af492 🐛 QD-15013 Fix azure-dev-release workflow failure due to missing husky (#...
• cfac2b9 :feature: QD-14680 Switch auto-push of dist changes to local pre-commit check
• f44cbf3 🐛 QD-14679 Append native cache key as prefix, not suffix
• ac6b2a1 🐛 QD-14655 fix cache copy error and update the component
• ab64602 ⬆️ Update qodana to v2026.1.1 (#595)
• 6975b5c ✅ QD-14666 Update GitHub Action tests to use new CLI argumen...
• 1ca399e 🧱 Update vsts/QodanaScan/index.js
• ca746a1 🐛 QD-14658 Fix Maven integration test with reliable Python issue detection
• c91a70c ✨ Add Maven plugin for Qodana
• Additional commits viewable in compare view

[potiuk]

Context on the in-tree binary finding here: the flagged gradle/wrapper/gradle-wrapper.jar is Gradle build tooling, not action-runtime code — #951 exempts it, and this PR's verify check goes green once that merges. Separately, I've opened JetBrains/qodana-action#605 asking upstream to follow @snazy's suggestion and drop the committed wrapper jar (jar-free Gradle wrapper approach).

[potiuk]

Closing in favor of #960, which pins the current v2026.1.3 commit.

Heads-up: JetBrains moved the v2026.1.3 tag after this PR opened. The annotated tag now resolves to 4861e015da555e86a72b862892aba6c2b93e6891, whereas this PR pins the old d7b5ec2fbec32197ef447c450e00589ed5f34fd5. #960 (human PR by @lukaszlenart) has the correct hash and also updates actions.yml directly with a proper expiry on the prior version.

(Both still need #951 to clear the gradle/wrapper/gradle-wrapper.jar in-tree-binary false positive.)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[potiuk]

Correction to my earlier comment: I was wrong that the v2026.1.3 tag had moved. This PR pinned 4861e015 for v2026.1.3 — the same correct commit as #960; the d7b5ec2f I cited is the old v2026.1.0 hash, which I misread as this PR's new pin. The tag did not move and the hash here was correct. Closing as a duplicate of #960 still stands (it edits actions.yml directly and sets the prior version's expiry), but my stated reason was mistaken — apologies for the noise.