dependabot[bot] opened a new pull request, #2616: URL: https://github.com/apache/groovy/pull/2616
Bumps [gradle/actions](https://github.com/gradle/actions) from 5.0.2 to 6.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases";>gradle/actions's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2>Highlights</h2> <p>This release brings significant behaviour improvements to <strong>Enhanced caching</strong>, improvements to the generated Job Summary, and a number of correctness and security fixes.</p> <ol> <li><strong>Improved cache-cleanup mechanism.</strong> Cleanup of stale files from the Gradle User Home is now faster, and no longer depends on Gradle or a JVM. It works by inspecting the local file state directly, removing the Gradle invocation from the post-build step.</li> <li><strong>More granular, more stable caching.</strong> The local build cache is stored as a separate cache entry, so it can be restored and invalidated independently of the main Gradle User Home entry. Transient Gradle housekeeping files are excluded from the cache, reducing its size and improving stability.</li> <li><strong>Hide obsolete Job summaries in PR commments</strong>: When a new Job summary comment is added to a PR, previous outdated Job summaries are now hidden.</li> <li><strong>Improved caching report in the job summary.</strong> The cache report now uses a single, consistent layout across all cache states and providers. Provider information is integrated directly into the report, and per-entry details are available in an expandable section. (<a href="https://redirect.github.com/gradle/actions/issues/985";>#985</a>)</li> <li><strong>Correctness and security fixes.</strong> A unique cache key is now used per run attempt, so re-runs no longer collide; the job summary shows the cache key string rather than an internal id; and bundled dependencies have been updated, including a ReDoS fix and a fast-xml CVE fix.</li> </ol> <h2>What's Changed</h2> <ul> <li>Remove unnecessary dependency overrides by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/981";>gradle/actions#981</a></li> <li>Scope CI-integ-test concurrency groups per-branch by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/983";>gradle/actions#983</a></li> <li>Improve typings by <a href="https://github.com/Vampire";><code>@Vampire</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/938";>gradle/actions#938</a></li> <li>Hide obsolete Job summaries by <a href="https://github.com/SimonMarquis";><code>@SimonMarquis</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/902";>gradle/actions#902</a></li> <li>CI: add requireable aggregate/no-op checks for branch protection by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/984";>gradle/actions#984</a></li> <li>Redesign the caching Job Summary by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/985";>gradle/actions#985</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Vampire";><code>@Vampire</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/938";>gradle/actions#938</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v6.1.1...v6.2.0";>https://github.com/gradle/actions/compare/v6.1.1...v6.2.0</a></p> <h2>v6.1.1</h2> <p>This release updates various dependency versions, resolving several reported security vulnerabilities. No functional changes are included</p> <h2>What's Changed</h2> <ul> <li>Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /sources/test/init-scripts by <a href="https://github.com/bot-githubaction";><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/961";>gradle/actions#961</a></li> <li>Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/gradle-plugin by <a href="https://github.com/bot-githubaction";><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/962";>gradle/actions#962</a></li> <li>Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/groovy-dsl by <a href="https://github.com/bot-githubaction";><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/963";>gradle/actions#963</a></li> <li>Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/java-toolchain by <a href="https://github.com/bot-githubaction";><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/964";>gradle/actions#964</a></li> <li>Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /.github/workflow-samples/kotlin-dsl by <a href="https://github.com/bot-githubaction";><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/965";>gradle/actions#965</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions";><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/937";>gradle/actions#937</a></li> <li>Bump the github-actions group across 2 directories with 8 updates by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/976";>gradle/actions#976</a></li> <li>Bump the npm-dependencies group across 1 directory with 14 updates by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/970";>gradle/actions#970</a></li> <li>Bump references to Develocity Gradle plugin from 4.4.0 to 4.4.2 by <a href="https://github.com/bot-githubaction";><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/973";>gradle/actions#973</a></li> <li>Bump the npm-dependencies group in /sources with 5 updates by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/977";>gradle/actions#977</a></li> <li>Update <code>@actions/cache</code> and <code>@actions/artifact</code>, stop ignoring them in Dependabot by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/978";>gradle/actions#978</a></li> <li>Resolve npm security vulnerabilities via dependency overrides by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/980";>gradle/actions#980</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v6.1.0...v6.1.1";>https://github.com/gradle/actions/compare/v6.1.0...v6.1.1</a></p> <h2>v6.1.0</h2> <h2>New: Basic Cache Provider</h2> <p>A new MIT-licensed <strong>Basic Caching</strong> provider is now available as an alternative to the proprietary <strong>Enhanced Caching</strong> provided by <code>gradle-actions-caching</code>. Choose Basic Caching by setting <code>cache-provider: basic</code> on <code>setup-gradle</code> or <code>dependency-submission</code> actions.</p> <ul> <li>Built on <code>@actions/cache</code> -- fully open source</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/3f131e8634966bd73d06cc69884922b02e6faf92";><code>3f131e8</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/97715a29bc75b4c8eeea944dee111d567bb582b5";><code>97715a2</code></a> Redesign the caching Job Summary (<a href="https://redirect.github.com/gradle/actions/issues/985";>#985</a>)</li> <li><a href="https://github.com/gradle/actions/commit/8b6cdb5f580ff6b19af985e0fa90cd86daf1d3e1";><code>8b6cdb5</code></a> CI: add requireable aggregate/no-op checks for branch protection (<a href="https://redirect.github.com/gradle/actions/issues/984";>#984</a>)</li> <li><a href="https://github.com/gradle/actions/commit/5852e0e5d82ffa89e04ed56eb37c14028a1ce459";><code>5852e0e</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/318eed703815f0482a7498a267b758f78fe7bcb9";><code>318eed7</code></a> Hide obsolete Job summaries (<a href="https://redirect.github.com/gradle/actions/issues/902";>#902</a>)</li> <li><a href="https://github.com/gradle/actions/commit/a7406612929c8997f724ceab900ed029936e3bf5";><code>a740661</code></a> Improve typings (<a href="https://redirect.github.com/gradle/actions/issues/938";>#938</a>)</li> <li><a href="https://github.com/gradle/actions/commit/7ae0d0208cc8604463cd30cf64c54d08ac84d13f";><code>7ae0d02</code></a> Update gradle-actions-caching library to v0.6.0 (<a href="https://redirect.github.com/gradle/actions/issues/982";>#982</a>)</li> <li><a href="https://github.com/gradle/actions/commit/e473973a5b07be6339cc6d3cf458bb1b30eb9b08";><code>e473973</code></a> Scope CI-integ-test concurrency groups per-branch</li> <li><a href="https://github.com/gradle/actions/commit/35a4a3f355e0599a8af664843f0d1a683e5b2230";><code>35a4a3f</code></a> Queue up integ-test runs</li> <li><a href="https://github.com/gradle/actions/commit/b6eebf33f1e928997bb7ff32e39933e3c015ccff";><code>b6eebf3</code></a> [bot] Update dist directory</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/0723195856401067f7a2779048b490ace7a47d7c...3f131e8634966bd73d06cc69884922b02e6faf92";>compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | gradle/actions | [>= 6.0.a, < 6.1] | | gradle/actions | [>= 6.1.a, < 6.2] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
