From d46e40c0ea65529c656d23f9b41c71c51a512901 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Oct 2025 13:54:21 +0000 Subject: [PATCH] chore: bump the workflow-actions group across 1 directory with 5 updates Bumps the workflow-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) | `3.0.24` | `3.0.25` | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `5.0.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.7.1` | `5.0.0` | | [gradle/actions](https://github.com/gradle/actions) | `4.3.1` | `4.4.2` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.3.0` | `2.4.0` | Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 3.0.24 to 3.0.25 - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/2d6823da4039243036c86d76f503c84e2ded2517...fc87bb5b5a97953d987372e74478de634726b3e5) Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8) Updates `actions/setup-java` from 4.7.1 to 5.0.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/c5195efecf7bdfc987ee8bae7a71cb8b11521c00...dded0888837ed1f317902acf8a20df0ad188d165) Updates `gradle/actions` from 4.3.1 to 4.4.2 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/06832c7b30a0129d7fb559bcc6e43d26f6374244...017a9effdb900e5b5b2fddfb590a105619dca3c3) Updates `dependabot/fetch-metadata` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/d7267f607e9d3fb96fc2fbe83e0af444713e90b7...08eff52bf64351f401fb50d4972fa95b9f2c2d1b) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-version: 3.0.25 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: workflow-actions - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflow-actions - dependency-name: actions/setup-java dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflow-actions - dependency-name: gradle/actions dependency-version: 4.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflow-actions - dependency-name: dependabot/fetch-metadata dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflow-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 10 +++++----- .github/workflows/dependabot-auto-approve-pr.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e367ecc..e359628 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -20,15 +20,15 @@ jobs: - uses: 'hmarr/debug-action@cd1afbd7852b7ad7b1b7a9a1b03efebd3b0a1820' # v3.0.0 # https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions - - uses: 'zgosalvez/github-actions-ensure-sha-pinned-actions@2d6823da4039243036c86d76f503c84e2ded2517' # v3.0.24 + - uses: 'zgosalvez/github-actions-ensure-sha-pinned-actions@9e9574ef04ea69da568d6249bd69539ccc704e74' # v4.0.0 # https://github.com/actions/checkout - name: 'checkout' - uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # v4.2.2 + uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # v5.0.0 # https://github.com/actions/setup-java - name: 'Set up JDK' - uses: 'actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00' # v4.7.1 + uses: 'actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165' # v5.0.0 with: java-version: '17' distribution: 'temurin' @@ -36,7 +36,7 @@ jobs: # https://github.com/gradle/actions/tree/main/setup-gradle - name: 'Set up Gradle' - uses: 'gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244' # v4 + uses: 'gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2' # v4 with: gradle-version: 'wrapper' gradle-home-cache-includes: |- @@ -48,7 +48,7 @@ jobs: # https://github.com/gradle/actions/tree/main/dependency-submission - name: "Generate and submit dependency graph" - uses: "gradle/actions/dependency-submission@06832c7b30a0129d7fb559bcc6e43d26f6374244" # v4 + uses: "gradle/actions/dependency-submission@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2" # v4 env: DEPENDENCY_GRAPH_EXCLUDE_PROJECTS: "^:(build-logic|buildSrc|.*[Tt]test.*)" DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS: ".*[Tt]est.*Classpath" diff --git a/.github/workflows/dependabot-auto-approve-pr.yml b/.github/workflows/dependabot-auto-approve-pr.yml index ebe152c..d1ee079 100644 --- a/.github/workflows/dependabot-auto-approve-pr.yml +++ b/.github/workflows/dependabot-auto-approve-pr.yml @@ -14,7 +14,7 @@ jobs: # https://github.com/dependabot/fetch-metadata - name: Dependabot metadata id: dependabot-metadata - uses: "dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7" # v2.3.0 + uses: "dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b" # v2.4.0 - name: Automatically approve & merge Dependabot patch PRs if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}