dependabot[bot]
efa51de7e4
Bump gradle/wrapper-validation-action from 2 to 3 ( #20305 )
...
Bumps
[gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action )
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/wrapper-validation-action/releases ">gradle/wrapper-validation-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update various NPM dependencies</li>
<li>Update wrapper checksums to include Gradle 8.7</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2.1.2...v2.1.3 ">https://github.com/gradle/wrapper-validation-action/compare/v2.1.2...v2.1.3 </a></p>
<h2>v2.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update various NPM dependencies</li>
<li>Update wrapper checksums</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2.1.1...v2.1.2 ">https://github.com/gradle/wrapper-validation-action/compare/v2.1.1...v2.1.2 </a></p>
<h2>v2.1.1</h2>
<h2>Changelog</h2>
<ul>
<li>[FIX] Add hardcoded checksum for Gradle 7.6.4</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2...v2.1.1 ">https://github.com/gradle/wrapper-validation-action/compare/v2...v2.1.1 </a></p>
<h2>v2.1.0</h2>
<p>This release should vastly reduce the number of network requests made
by the <code>wrapper-validation-action</code>, by hardcoding the
checksums of all known Gradle wrapper jars at time of release. With this
improvement, a number of long-standing issues should be addressed (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/164 ">#164</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/162 ">#162</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/57 ">#57</a>).</p>
<p>The action should now only make network requests to validate the
checksums of an unknown <code>gradle-wrapper.jar</code>. This can happen
if:</p>
<ul>
<li>The Gradle version was published after this action was released</li>
<li>The <code>gradle-wrapper.jar</code> is truly invalid</li>
</ul>
<h2>Changelog</h2>
<ul>
<li>[NEW] Hardcode list of known checksums to avoid network requests in
most cases (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/161 ">#161</a>)</li>
</ul>
<p>Huge thanks to <a
href="https://github.com/Marcono1234 "><code>@Marcono1234</code></a> for
contributing this long-awaited improvement.</p>
<h2>v2.0.1</h2>
<p>This patch release fixes error reporting when failing to retrieve the
checksums from services.gradle.org</p>
<ul>
<li>[FIX] After migration from v1 to v2 silently fails (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/174 ">#174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="460a3ca55fhttps://redirect.github.com/gradle/wrapper-validation-action/issues/200 ">#200</a>)</li>
<li>See full diff in <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2...v3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-16 14:20:51 -07:00
dependabot[bot]
18f76bd25d
Bump gradle/wrapper-validation-action from 1 to 2 ( #19412 )
...
Bumps
[gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action )
from 1 to 2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/wrapper-validation-action/releases ">gradle/wrapper-validation-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h2>What's Changed</h2>
<p>The version of the Node.js runtime was updated to 20, and the
majority of dependencies were updated to the latest versions.
From now on, the <code>wrapper-validation-action</code> will require a
Node.js 20 runtime environment.</p>
<p>There are no functional changes in this release.
This release is tagged with the <code>v2</code> version label.</p>
<ul>
<li>[NEW] Update Node.js runtime to version 20 (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/170 ">#170</a>)</li>
</ul>
<h2>v2.0.0-rc.1</h2>
<p>This is a release candidate for <code>v2.0.0</code>. It is also
available under the <code>v2</code> version label.</p>
<h2>What's Changed</h2>
<p>The version of the Node.js runtime was updated to 20, and the
majority of dependencies were updated to the latest versions.
From now on, the <code>wrapper-validation-action</code> will require a
Node.js 20 runtime environment.</p>
<p>There are no functional changes in this release.</p>
<ul>
<li>[NEW] Update Node.js runtime to version 20 (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/170 ">#170</a>)</li>
</ul>
<h2>v1.1.0</h2>
<p>The action now adds the path of the failed wrapper Jar as a
<code>failed-wrapper</code> Step output parameter.
This makes the value available for reporting in later Steps/Jobs.</p>
<h2>v1.0.6</h2>
<h1>Gradle Wrapper Validation</h1>
<ul>
<li>Security vulnerability: <a
href="959bfac6daffa46e5c87https://redirect.github.com/gradle/wrapper-validation-action/issues/53 ">#53</a>)</li>
<li>Update dependencies with security vulnerabilities (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/67 ">#67</a>)</li>
<li>Update various other dependencies (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/45 ">#45</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/47 ">#47</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/48 ">#48</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/54 ">#54</a>)</li>
</ul>
<h2>v1.0.4</h2>
<h1>Gradle Wrapper Validation</h1>
<ul>
<li>Retry connections to the server on failure (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/39 ">#39</a>)</li>
<li>Update dependencies (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/38 ">#38</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/37 ">#37</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/36 ">#36</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/34 ">#34</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/31 ">#31</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/30 ">#30</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/29 ">#29</a>)</li>
</ul>
<h2>v1.0.3</h2>
<h1>Gradle Wrapper Validation</h1>
<p>Update <code>minimist</code> version to <code>1.2.5</code></p>
<h2>v1.0.2</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="27152f6fa0https://redirect.github.com/gradle/wrapper-validation-action/issues/170 ">#170</a>)</li>
<li><a
href="d8758a98d1e916071ccad9359e465a77d43de1702f8436d9bbbfa0fe410a8be8473276c8fad9e3f8342dbebe72https://github.com/gradle/wrapper-validation-action/compare/v1...v2 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 15:59:24 -08:00
