From 93b41b6790676333685cc7a3bc4ae1652f2376d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 23:06:39 +0000 Subject: [PATCH] Bump the github-actions group across 2 directories with 5 updates Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [gradle/actions](https://github.com/gradle/actions) | `6.0.1` | `6.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.2` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `gradle/actions` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f...50e97c2cd7a37755bbfafc9c5b7cafaece252f6e) Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/actions/build-dist/action.yml | 2 +- .github/workflows/ci-check-and-unit-test.yml | 2 +- .github/workflows/ci-codeql.yml | 4 ++-- .github/workflows/ci-init-script-check.yml | 2 +- .github/workflows/ci-ossf-scorecard.yml | 2 +- .github/workflows/ci-validate-wrappers.yml | 2 +- .github/workflows/integ-test-build-scan-publish.yml | 2 +- .github/workflows/integ-test-caching-config.yml | 4 ++-- .github/workflows/integ-test-inject-develocity.yml | 6 +++--- .github/workflows/integ-test-provision-gradle-versions.yml | 6 +++--- .github/workflows/update-checksums-file.yml | 2 +- 11 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/actions/build-dist/action.yml b/.github/actions/build-dist/action.yml index 26dd48ed..14d7730e 100644 --- a/.github/actions/build-dist/action.yml +++ b/.github/actions/build-dist/action.yml @@ -23,7 +23,7 @@ runs: cp -r sources/dist . - name: Upload distribution - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: dist path: dist/ diff --git a/.github/workflows/ci-check-and-unit-test.yml b/.github/workflows/ci-check-and-unit-test.yml index c617b401..d7627c08 100644 --- a/.github/workflows/ci-check-and-unit-test.yml +++ b/.github/workflows/ci-check-and-unit-test.yml @@ -26,7 +26,7 @@ jobs: cache-dependency-path: sources/package-lock.json - name: Setup Gradle # Use a released version to avoid breakages - uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1 + uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 env: ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing with: diff --git a/.github/workflows/ci-codeql.yml b/.github/workflows/ci-codeql.yml index d083c1d5..5d2373bf 100644 --- a/.github/workflows/ci-codeql.yml +++ b/.github/workflows/ci-codeql.yml @@ -35,7 +35,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 + uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5 with: languages: ${{ matrix.language }} config: | @@ -43,4 +43,4 @@ jobs: - sources/src - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 + uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5 diff --git a/.github/workflows/ci-init-script-check.yml b/.github/workflows/ci-init-script-check.yml index c75ee036..c86a8e1c 100644 --- a/.github/workflows/ci-init-script-check.yml +++ b/.github/workflows/ci-init-script-check.yml @@ -30,7 +30,7 @@ jobs: java-version: 17 - name: Setup Gradle # Use a released version to avoid breakages - uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1 + uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 env: ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing - name: Run integration tests diff --git a/.github/workflows/ci-ossf-scorecard.yml b/.github/workflows/ci-ossf-scorecard.yml index 70c5a0ab..841bc536 100644 --- a/.github/workflows/ci-ossf-scorecard.yml +++ b/.github/workflows/ci-ossf-scorecard.yml @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: 'Upload artifact' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/ci-validate-wrappers.yml b/.github/workflows/ci-validate-wrappers.yml index 88261e33..9a1499d9 100644 --- a/.github/workflows/ci-validate-wrappers.yml +++ b/.github/workflows/ci-validate-wrappers.yml @@ -12,6 +12,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: gradle/actions/wrapper-validation@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1 + - uses: gradle/actions/wrapper-validation@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 with: allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 diff --git a/.github/workflows/integ-test-build-scan-publish.yml b/.github/workflows/integ-test-build-scan-publish.yml index 4b3b628c..f8256572 100644 --- a/.github/workflows/integ-test-build-scan-publish.yml +++ b/.github/workflows/integ-test-build-scan-publish.yml @@ -62,7 +62,7 @@ jobs: run: gradle help - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/integ-test-caching-config.yml b/.github/workflows/integ-test-caching-config.yml index df3dcded..1fe9cb6c 100644 --- a/.github/workflows/integ-test-caching-config.yml +++ b/.github/workflows/integ-test-caching-config.yml @@ -105,7 +105,7 @@ jobs: run: ./gradlew help - name: Check Build Scan url is captured if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('No Build Scan detected') @@ -129,7 +129,7 @@ jobs: run: ./gradlew help - name: Check Build Scan url is captured if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/integ-test-inject-develocity.yml b/.github/workflows/integ-test-inject-develocity.yml index b30e8488..dcc49cbd 100644 --- a/.github/workflows/integ-test-inject-develocity.yml +++ b/.github/workflows/integ-test-inject-develocity.yml @@ -72,7 +72,7 @@ jobs: run: gradle help - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('No Build Scan detected') @@ -129,7 +129,7 @@ jobs: run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)" - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('No Build Scan detected') @@ -225,7 +225,7 @@ jobs: run: gradle help - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/integ-test-provision-gradle-versions.yml b/.github/workflows/integ-test-provision-gradle-versions.yml index ba41227a..c905187e 100644 --- a/.github/workflows/integ-test-provision-gradle-versions.yml +++ b/.github/workflows/integ-test-provision-gradle-versions.yml @@ -77,7 +77,7 @@ jobs: run: gradle help - name: Check current version output parameter if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '9.') }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.gradle-current.outputs.gradle-version }}"') @@ -122,7 +122,7 @@ jobs: gradle-version: ${{ matrix.gradle }} - name: Check output parameter if: ${{ steps.setup-gradle.outputs.gradle-version != matrix.gradle }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.setup-gradle.outputs.gradle-version }}"') @@ -132,7 +132,7 @@ jobs: run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}" - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/update-checksums-file.yml b/.github/workflows/update-checksums-file.yml index a8878f9d..2876edba 100644 --- a/.github/workflows/update-checksums-file.yml +++ b/.github/workflows/update-checksums-file.yml @@ -48,7 +48,7 @@ jobs: # If there are no changes, this action will not create a pull request - name: Create or update pull request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: branch: bot/wrapper-checksums-update author: bot-githubaction