From f8d2bdac2a0f318e2c77445795cc75ed93b9d395 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 23:27:10 +0000 Subject: [PATCH] Bump the github-actions group across 3 directories with 7 updates Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [gradle/actions](https://github.com/gradle/actions) | `4.2.1` | `4.2.2` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `45.0.5` | `45.0.6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.9` | `3.28.1` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.5.0` | `4.6.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.0` | | [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `5.0.1` | `5.1.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.5` | `7.0.6` | Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/upload-artifact](https://github.com/actions/upload-artifact). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/setup-java](https://github.com/actions/setup-java). Updates `gradle/actions` from 4.2.1 to 4.2.2 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/cc4fc85e6b35bafd578d5ffbc76a5518407e1af0...0bdd871935719febd78681f197cd39af5b6e16a6) Updates `tj-actions/changed-files` from 45.0.5 to 45.0.6 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/bab30c2299617f6615ec02a68b9a40d10bd21366...d6e91a2266cdb9d62096cebf1e8546899c6aa18f) Updates `github/codeql-action` from 3.27.9 to 3.28.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df409f7d9260372bd5f19e5b04e83cb3c43714ae...b6a472f63d85b9c78a3ac5e89422239fc15e9b3c) Updates `actions/setup-java` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/8df1039502a15bceb9433410b1a100fbe190c53b...7a6d8a8234af8eb26422e24e3006232cccaa061b) Updates `actions/upload-artifact` from 4.4.3 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08) Updates `stefanzweifel/git-auto-commit-action` from 5.0.1 to 5.1.0 - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/8621497c8c39c72f3e2a999a26b4ca1b5058a842...e348103e9026cc0eee72ae06630dbe30c8bf7a79) Updates `peter-evans/create-pull-request` from 7.0.5 to 7.0.6 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/5e914681df9dc83aa4e4905692ca88beb2f9e91f...67ccf781d68cd99b580ae25a5c18a1cc84ffff1f) Updates `actions/upload-artifact` from 4.4.3 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08) Updates `actions/setup-java` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/8df1039502a15bceb9433410b1a100fbe190c53b...7a6d8a8234af8eb26422e24e3006232cccaa061b) --- updated-dependencies: - dependency-name: gradle/actions dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/actions/build-dist/action.yml | 2 +- .github/actions/init-integ-test/action.yml | 2 +- .github/workflows/ci-check-and-unit-test.yml | 2 +- .github/workflows/ci-check-no-dist-update.yml | 2 +- .github/workflows/ci-codeql.yml | 4 ++-- .github/workflows/ci-init-script-check.yml | 4 ++-- .github/workflows/ci-ossf-scorecard.yml | 4 ++-- .github/workflows/ci-update-dist.yml | 2 +- .github/workflows/ci-validate-wrappers.yml | 2 +- .github/workflows/integ-test-detect-toolchains.yml | 4 ++-- .github/workflows/integ-test-provision-gradle-versions.yml | 2 +- .github/workflows/update-checksums-file.yml | 2 +- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/actions/build-dist/action.yml b/.github/actions/build-dist/action.yml index 8dddc6e..83e191e 100644 --- a/.github/actions/build-dist/action.yml +++ b/.github/actions/build-dist/action.yml @@ -23,7 +23,7 @@ runs: cp -r sources/dist . - name: Upload distribution - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: dist path: dist/ diff --git a/.github/actions/init-integ-test/action.yml b/.github/actions/init-integ-test/action.yml index 0e7c21c..49174b2 100644 --- a/.github/actions/init-integ-test/action.yml +++ b/.github/actions/init-integ-test/action.yml @@ -4,7 +4,7 @@ runs: using: "composite" steps: - name: Setup Java - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: 'temurin' java-version: 11 diff --git a/.github/workflows/ci-check-and-unit-test.yml b/.github/workflows/ci-check-and-unit-test.yml index 2a573ff..6f9bece 100644 --- a/.github/workflows/ci-check-and-unit-test.yml +++ b/.github/workflows/ci-check-and-unit-test.yml @@ -25,7 +25,7 @@ jobs: cache-dependency-path: sources/package-lock.json - name: Setup Gradle # Use a released version to avoid breakages - uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 env: ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing with: diff --git a/.github/workflows/ci-check-no-dist-update.yml b/.github/workflows/ci-check-no-dist-update.yml index 23605ac..411b62a 100644 --- a/.github/workflows/ci-check-no-dist-update.yml +++ b/.github/workflows/ci-check-no-dist-update.yml @@ -21,7 +21,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366 # v45.0.5 + uses: tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f # v45.0.6 with: files: | dist/** diff --git a/.github/workflows/ci-codeql.yml b/.github/workflows/ci-codeql.yml index 8b0635c..b24851a 100644 --- a/.github/workflows/ci-codeql.yml +++ b/.github/workflows/ci-codeql.yml @@ -35,7 +35,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: ${{ matrix.language }} config: | @@ -43,4 +43,4 @@ jobs: - sources/src - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/ci-init-script-check.yml b/.github/workflows/ci-init-script-check.yml index 274fe98..bcf0430 100644 --- a/.github/workflows/ci-init-script-check.yml +++ b/.github/workflows/ci-init-script-check.yml @@ -24,13 +24,13 @@ jobs: - name: Checkout sources uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Java - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: temurin java-version: 11 - name: Setup Gradle # Use a released version to avoid breakages - uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 env: ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing - name: Run integration tests diff --git a/.github/workflows/ci-ossf-scorecard.yml b/.github/workflows/ci-ossf-scorecard.yml index f50245d..cb6ecb2 100644 --- a/.github/workflows/ci-ossf-scorecard.yml +++ b/.github/workflows/ci-ossf-scorecard.yml @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: 'Upload artifact' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -52,6 +52,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/ci-update-dist.yml b/.github/workflows/ci-update-dist.yml index c121c20..6b9f27a 100644 --- a/.github/workflows/ci-update-dist.yml +++ b/.github/workflows/ci-update-dist.yml @@ -48,7 +48,7 @@ jobs: # Important: The push event will not trigger any other workflows, see # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs - name: Commit & push changes - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 + uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0 with: commit_message: '[bot] Update dist directory' file_pattern: dist diff --git a/.github/workflows/ci-validate-wrappers.yml b/.github/workflows/ci-validate-wrappers.yml index 1d5f718..c6be22c 100644 --- a/.github/workflows/ci-validate-wrappers.yml +++ b/.github/workflows/ci-validate-wrappers.yml @@ -12,6 +12,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 with: allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 diff --git a/.github/workflows/integ-test-detect-toolchains.yml b/.github/workflows/integ-test-detect-toolchains.yml index c83f58b..82c3a67 100644 --- a/.github/workflows/integ-test-detect-toolchains.yml +++ b/.github/workflows/integ-test-detect-toolchains.yml @@ -65,12 +65,12 @@ jobs: uses: ./.github/actions/init-integ-test - name: Setup Java 20 - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: 'temurin' java-version: 20 - name: Setup Java 16 - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: 'temurin' java-version: 16 diff --git a/.github/workflows/integ-test-provision-gradle-versions.yml b/.github/workflows/integ-test-provision-gradle-versions.yml index 4417efe..add8416 100644 --- a/.github/workflows/integ-test-provision-gradle-versions.yml +++ b/.github/workflows/integ-test-provision-gradle-versions.yml @@ -100,7 +100,7 @@ jobs: uses: ./.github/actions/init-integ-test - name: Setup Java - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: distribution: temurin java-version: ${{ matrix.java-version }} diff --git a/.github/workflows/update-checksums-file.yml b/.github/workflows/update-checksums-file.yml index 1f79390..a28c7d7 100644 --- a/.github/workflows/update-checksums-file.yml +++ b/.github/workflows/update-checksums-file.yml @@ -39,7 +39,7 @@ jobs: # If there are no changes, this action will not create a pull request - name: Create or update pull request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: branch: bot/wrapper-checksums-update commit-message: Update known wrapper checksums