Skip to content

Bump the gha group with 3 updates #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 1, 2025
Merged

Bump the gha group with 3 updates #137

merged 1 commit into from
Sep 1, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 1, 2025

Bumps the gha group with 3 updates: actions/checkout, actions/setup-java and gradle/actions.

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

Updates actions/setup-java from 4 to 5

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Bug Fixes

New Contributors

Full Changelog: actions/setup-java@v4...v5.0.0

v4.7.1

What's Changed

Documentation changes

Dependency updates:

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

What's Changed

... (truncated)

Commits

Updates gradle/actions from 4.4.1 to 4.4.2

Release notes

Sourced from gradle/actions's releases.

v4.4.2

This patch release updates a bunch of dependency versions

What's Changed

  • Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (gradle/actions#703)
  • Bumps the npm-dependencies group in /sources with 4 updates (gradle/actions#702)
  • Upgrade to gradle 9 in workflows and tests (gradle/actions#704)
  • Update known wrapper checksums (gradle/actions#701)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (gradle/actions#695)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (gradle/actions#696)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (gradle/actions#697)
  • Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (gradle/actions#693)
  • Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (gradle/actions#691)
  • Bump the npm-dependencies group in /sources with 5 updates (gradle/actions#692)
  • Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (gradle/actions#685)
  • Bump the npm-dependencies group across 1 directory with 8 updates (gradle/actions#684)
  • Run Gradle release candidate tests with JDK 17 (gradle/actions#690)
  • Update Develocity npm agent to version 1.0.1 (gradle/actions#687)
  • Update known wrapper checksums (gradle/actions#688)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (gradle/actions#683
  • Bump the github-actions group across 1 directory with 3 updates (gradle/actions#675)
  • Bump the gradle group across 3 directories with 2 updates (gradle/actions#674)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (gradle/actions#679)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (gradle/actions#682)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (gradle/actions#681)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (gradle/actions#680)
  • Update known wrapper checksums (gradle/actions#676)

Full Changelog: gradle/actions@v4.4.1...v4.4.2

Commits
  • 017a9ef Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group a...
  • d5397cf Merge branch 'main' into dependabot/github_actions/github-actions-12d2e1d0cf
  • 559dfbd Bump the npm-dependencies group in /sources with 4 updates (#702)
  • 075ee28 Merge branch 'main' into dependabot/npm_and_yarn/sources/npm-dependencies-fda...
  • c3e68c5 Upgrade to gradle 9 in workflows and tests (#704)
  • d7e674f Fix init script tests dependencies
  • 3e65128 Upgrade init script tests to Gradle 9
  • 896b9fa Run tests on Gradle release candidate and current with JDK 17 as required sin...
  • 431b3e3 Bump github/codeql-action in the github-actions group across 1 directory
  • 44c3664 Bump the npm-dependencies group in /sources with 4 updates
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the gha group with 3 updates
e8c2afe 
Bumps the gha group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-java](https://github.com/actions/setup-java) and [gradle/actions](https://github.com/gradle/actions).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

Updates `actions/setup-java` from 4 to 5
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v4...v5)

Updates `gradle/actions` from 4.4.1 to 4.4.2
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@ac638b0...017a9ef)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha
- dependency-name: gradle/actions
  dependency-version: 4.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gha
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 1, 2025
@psiinon
Copy link
Member

psiinon commented Sep 1, 2025

Logo
Checkmarx One – Scan Summary & Detailsd08085c5-b9e6-4e76-a75e-71ad64b193f7

Great job! No new security vulnerabilities introduced in this pull request

Communicate with Checkmarx by submitting a PR comment with @Checkmarx followed by one of the supported commands. Learn about the supported commands here.

@psiinon psiinon merged commit c32ee39 into main Sep 1, 2025
5 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/gha-995b32d706 branch September 1, 2025 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@psiinon psiinon psiinon approved these changes

@thc202 thc202 thc202 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@psiinon @thc202