dependabot[bot] opened a new pull request, #185: URL: https://github.com/apache/eventmesh-dashboard/pull/185
Bumps [gradle/actions](https://github.com/gradle/actions) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases";>gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>Final release of <code>v4.0.0</code> of the <code>setup-gradle</code>, <code>dependency-submission</code> and <code>wrapper-validation</code> actions provided under <code>gradle/actions</code>. This release is available under the <code>v4</code> tag.</p> <h2>Major changes from the <code>v3</code> release</h2> <h3>The <code>arguments</code> parameter has been removed</h3> <p>Using the action to execute Gradle via the <code>arguments </code>parameter was deprecated in <code>v3</code> and this parameter has been removed. <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/deprecation-upgrade-guide.md#using-the-action-to-execute-gradle-via-the-arguments-parameter-is-deprecated";>See here for more details</a>.</p> <h3>Cache cleanup enabled by default</h3> <p>After a number of fixes and improvements, this release enables <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/setup-gradle.md#configuring-cache-cleanup";>cache-cleanup</a> by default for all Jobs using the <code>setup-gradle</code> and <code>dependency-submission</code> actions.</p> <p>Improvements and bugfixes related cache cleanup:</p> <ul> <li>By default, cache cleanup is not run if any Gradle build fails (<a href="https://redirect.github.com/gradle/actions/issues/71";>#71</a>)</li> <li>Cache cleanup is not run after configuration-cache reuse (<a href="https://redirect.github.com/gradle/actions/issues/19";>#19</a>)</li> </ul> <p>This feature should help to minimize the size of entries written to the GitHub Actions cache, speeding up builds and reducing cache usage.</p> <h3>Wrapper validation enabled by default</h3> <p>In <code>v3</code>, the <code>setup-gradle</code> action was enhanced to support Gradle wrapper validation, removing the need to use a separate workflow file with the <code>gradle/actions/wrapper-validation</code> action.</p> <p>With this release, wrapper validation has been significantly improved, and is now enabled by default (<a href="https://redirect.github.com/gradle/actions/issues/12";>#12</a>):</p> <ul> <li>The <code>allow-snapshot-wrappers</code> makes it possible to validate snapshot wrapper jars using <code>setup-gradle</code>.</li> <li>Checksums for <a href="https://services.gradle.org/distributions-snapshots/";>nightly and snapshot Gradle versions</a> are now validated (<a href="https://redirect.github.com/gradle/actions/issues/281";>#281</a>).</li> <li>Valid wrapper checksums are cached in Gradle User Home, reducing the need to retrieve checksum values remotely (<a href="https://redirect.github.com/gradle/actions/issues/172";>#172</a>).</li> <li>Reduce network calls in <code>wrapper-validation</code> for new Gradle versions: By only fetching wrapper checksums for Gradle versions that were not known when this action was released, this release reduces the likelihood that a network failure could cause failure in wrapper validation (<a href="https://redirect.github.com/gradle/actions/issues/171";>#171</a>)</li> <li>Improved error message when <code>wrapper-validation</code> finds no wrapper jars (<a href="https://redirect.github.com/gradle/actions/issues/284";>#284</a>)</li> </ul> <p>Wrapper validation is important for supply-chain integrity. Enabling this feature by default will increase the coverage of wrapper validation on projects using GitHub Actions.</p> <h3>New input parameters for Dependency Graph generation</h3> <p>Some dependency-graph inputs that could previously only be configured via environment variables now have dedicated action inputs:</p> <ul> <li><code>dependency-graph-report-dir</code>: sets the location where dependency-graph reports will be generated</li> <li><code>dependency-graph-exclude-projects</code> and <code>dependency-graph-include-projects</code>: <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-projects-that-will-contribute-to-the-dependency-graph";>select which Gradle projects will contribute to the generated dependency graph</a>.</li> <li><code>dependency-graph-exclude-configurations</code> and <code>dependency-graph-include-configurations</code>: <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-configurations-that-will-contribute-to-the-dependency-graph";>select which Gradle configurations will contribute to the generated dependency graph</a>.</li> </ul> <h3>Other improvements</h3> <ul> <li>In Job summary, the action now provides an explanation when cache is set to <code>read-only</code> or <code>disabled</code> (<a href="https://redirect.github.com/gradle/actions/issues/255";>#255</a>)</li> <li>When <code>setup-gradle</code> requests a specific Gradle version, the action will no longer download and install that version if it is already available on the <code>PATH</code> of the runner (<a href="https://redirect.github.com/gradle/actions/issues/270";>#270</a>)</li> <li>To attempt to speed up builds, the <code>setup-gradle</code> and <code>dependency-submission</code> actions now attempt to use the <code>D:</code> drive for Gradle User Home if it is available (<a href="https://redirect.github.com/gradle/actions/issues/290";>#290</a>)</li> </ul> <h2>Deprecations and breaking changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/16bf8bc8fe830fa669c3c9f914d3eb147c629707";><code>16bf8bc</code></a> Rework docs for Develocity support</li> <li><a href="https://github.com/gradle/actions/commit/faf4eeacd591b33f52a260e1bb853c1cb4d24be8";><code>faf4eea</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/4b7cc6e1740b1954bf7f9e0742ee8af3dff763e7";><code>4b7cc6e</code></a> Differentiate Gradle 8.1 from 8.10 when checking version (<a href="https://redirect.github.com/gradle/actions/issues/358";>#358</a>)</li> <li><a href="https://github.com/gradle/actions/commit/0873530e604d54642039421329d25769ca6b76ad";><code>0873530</code></a> Increase Gradle version coverage for init-scripts</li> <li><a href="https://github.com/gradle/actions/commit/f67327f0c81cd8ad82b4aa2ba22a2563bc279c22";><code>f67327f</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/d32a10b3aeaab835b3228cb3b68b643ef7814649";><code>d32a10b</code></a> Dependency updates (<a href="https://redirect.github.com/gradle/actions/issues/356";>#356</a>)</li> <li><a href="https://github.com/gradle/actions/commit/e598a32529b1f3af9a004a9e686329c5e760a9d3";><code>e598a32</code></a> Quote version 8.10 in integ test</li> <li><a href="https://github.com/gradle/actions/commit/d6c8cf816c82712a051872d58983b9d39fc5d046";><code>d6c8cf8</code></a> Bump unzip-stream from 0.3.1 to 0.3.4 in /sources</li> <li><a href="https://github.com/gradle/actions/commit/79ea5b8f3e7dc5951058ad30e275c9a3583eabec";><code>79ea5b8</code></a> Bump org.junit.jupiter:junit-jupiter</li> <li><a href="https://github.com/gradle/actions/commit/d77a030aafa0d18b0f3023f6cc536876ec38eb56";><code>d77a030</code></a> Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/v3...v4";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org For additional commands, e-mail: dev-h...@eventmesh.apache.org
