dependabot[bot]
|
efa51de7e4
|
Bump gradle/wrapper-validation-action from 2 to 3 (#20305)
Bumps
[gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/wrapper-validation-action/releases">gradle/wrapper-validation-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update various NPM dependencies</li>
<li>Update wrapper checksums to include Gradle 8.7</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2.1.2...v2.1.3">https://github.com/gradle/wrapper-validation-action/compare/v2.1.2...v2.1.3</a></p>
<h2>v2.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update various NPM dependencies</li>
<li>Update wrapper checksums</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2.1.1...v2.1.2">https://github.com/gradle/wrapper-validation-action/compare/v2.1.1...v2.1.2</a></p>
<h2>v2.1.1</h2>
<h2>Changelog</h2>
<ul>
<li>[FIX] Add hardcoded checksum for Gradle 7.6.4</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2...v2.1.1">https://github.com/gradle/wrapper-validation-action/compare/v2...v2.1.1</a></p>
<h2>v2.1.0</h2>
<p>This release should vastly reduce the number of network requests made
by the <code>wrapper-validation-action</code>, by hardcoding the
checksums of all known Gradle wrapper jars at time of release. With this
improvement, a number of long-standing issues should be addressed (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/164">#164</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/162">#162</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/57">#57</a>).</p>
<p>The action should now only make network requests to validate the
checksums of an unknown <code>gradle-wrapper.jar</code>. This can happen
if:</p>
<ul>
<li>The Gradle version was published after this action was released</li>
<li>The <code>gradle-wrapper.jar</code> is truly invalid</li>
</ul>
<h2>Changelog</h2>
<ul>
<li>[NEW] Hardcode list of known checksums to avoid network requests in
most cases (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/161">#161</a>)</li>
</ul>
<p>Huge thanks to <a
href="https://github.com/Marcono1234"><code>@Marcono1234</code></a> for
contributing this long-awaited improvement.</p>
<h2>v2.0.1</h2>
<p>This patch release fixes error reporting when failing to retrieve the
checksums from services.gradle.org</p>
<ul>
<li>[FIX] After migration from v1 to v2 silently fails (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/174">#174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="460a3ca55f"><code>460a3ca</code></a>
Delegate to 'gradle/actions/wrapper-validation' (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/200">#200</a>)</li>
<li>See full diff in <a
href="https://github.com/gradle/wrapper-validation-action/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2024-04-16 14:20:51 -07:00 |
|
dependabot[bot]
|
18f76bd25d
|
Bump gradle/wrapper-validation-action from 1 to 2 (#19412)
Bumps
[gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action)
from 1 to 2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/wrapper-validation-action/releases">gradle/wrapper-validation-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h2>What's Changed</h2>
<p>The version of the Node.js runtime was updated to 20, and the
majority of dependencies were updated to the latest versions.
From now on, the <code>wrapper-validation-action</code> will require a
Node.js 20 runtime environment.</p>
<p>There are no functional changes in this release.
This release is tagged with the <code>v2</code> version label.</p>
<ul>
<li>[NEW] Update Node.js runtime to version 20 (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/170">#170</a>)</li>
</ul>
<h2>v2.0.0-rc.1</h2>
<p>This is a release candidate for <code>v2.0.0</code>. It is also
available under the <code>v2</code> version label.</p>
<h2>What's Changed</h2>
<p>The version of the Node.js runtime was updated to 20, and the
majority of dependencies were updated to the latest versions.
From now on, the <code>wrapper-validation-action</code> will require a
Node.js 20 runtime environment.</p>
<p>There are no functional changes in this release.</p>
<ul>
<li>[NEW] Update Node.js runtime to version 20 (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/170">#170</a>)</li>
</ul>
<h2>v1.1.0</h2>
<p>The action now adds the path of the failed wrapper Jar as a
<code>failed-wrapper</code> Step output parameter.
This makes the value available for reporting in later Steps/Jobs.</p>
<h2>v1.0.6</h2>
<h1>Gradle Wrapper Validation</h1>
<ul>
<li>Security vulnerability: <a
href="959bfac6da">Bump
json5 from 1.0.1 to 1.0.2</a></li>
<li>Security vulnerability: <a
href="ffa46e5c87">Bump
qs from 6.10.1 to 6.11.0</a></li>
</ul>
<h2>v1.0.5</h2>
<h1>Gradle Wrapper Validation</h1>
<ul>
<li>Update dependencies for Node 16 (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/53">#53</a>)</li>
<li>Update dependencies with security vulnerabilities (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/67">#67</a>)</li>
<li>Update various other dependencies (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/45">#45</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/47">#47</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/48">#48</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/54">#54</a>)</li>
</ul>
<h2>v1.0.4</h2>
<h1>Gradle Wrapper Validation</h1>
<ul>
<li>Retry connections to the server on failure (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/39">#39</a>)</li>
<li>Update dependencies (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/38">#38</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/37">#37</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/36">#36</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/34">#34</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/31">#31</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/30">#30</a>,
<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/29">#29</a>)</li>
</ul>
<h2>v1.0.3</h2>
<h1>Gradle Wrapper Validation</h1>
<p>Update <code>minimist</code> version to <code>1.2.5</code></p>
<h2>v1.0.2</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="27152f6fa0"><code>27152f6</code></a>
Update to Node 20 (<a
href="https://redirect.github.com/gradle/wrapper-validation-action/issues/170">#170</a>)</li>
<li><a
href="d8758a98d1"><code>d8758a9</code></a>
Build output</li>
<li><a
href="e916071cca"><code>e916071</code></a>
Update NPM dependencies</li>
<li><a
href="d9359e465a"><code>d9359e4</code></a>
Add asdf config file</li>
<li><a
href="77d43de170"><code>77d43de</code></a>
Update upload-artifact version</li>
<li><a
href="2f8436d9bb"><code>2f8436d</code></a>
Use setup-node@v4 instead of pinning to a revision</li>
<li><a
href="bfa0fe410a"><code>bfa0fe4</code></a>
Consistently use npm cache for workflows</li>
<li><a
href="8be8473276"><code>8be8473</code></a>
Update workflows and action to NodeJS 20</li>
<li><a
href="c8fad9e3f8"><code>c8fad9e</code></a>
Bump <code>@babel/traverse</code> from 7.14.7 to 7.23.2</li>
<li><a
href="342dbebe72"><code>342dbeb</code></a>
Update README to use <code>actions/checkout@v4</code></li>
<li>See full diff in <a
href="https://github.com/gradle/wrapper-validation-action/compare/v1...v2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2024-02-13 15:59:24 -08:00 |
|