Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump the github-action-dependencies group with 4 updates #473

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 9, 2024

Bumps the github-action-dependencies group with 4 updates: slackapi/slack-github-action, gradle/actions, codecov/codecov-action and mikepenz/action-junit-report.

Updates slackapi/slack-github-action from 1.26.0 to 2.0.0

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack Send v2.0.0

YAML! And more API methods! With improved erroring! And more!

Sending data to Slack can now be done with the YAML format, and that data can be sent to [a Slack API method][methods] or technique of choice with the provided payload. And additional configurations can improve error handling or customize values between steps.

Breaking changes happen with this update and recommended migration strategies are detailed below. Adding this step to new workflows might prefer to follow the README instead 📚

What's changed

Both inputs of payload variables, techniques for sending the payload, additional configurations, and expected outputs were changed:

... (truncated)

Commits
  • 485a9d4 Release
  • e598089 chore(release): tag version 2.0.0
  • e9b3a6b feat!: wrap payloads to send to a "method" with "token" or "webhook" (#333)
  • 74ae656 chore(release): tag version 1.27.1
  • bd0e281 build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#355)
  • e127529 build(deps): bump @​actions/core from 1.10.1 to 1.11.1 (#354)
  • 6b51022 build(deps-dev): bump eslint-plugin-jsdoc from 50.3.1 to 50.4.3 (#353)
  • 555e4ad build(deps-dev): bump eslint-plugin-import from 2.30.0 to 2.31.0 (#352)
  • 8d4500e build(deps): bump @​slack/web-api from 7.5.0 to 7.7.0 (#351)
  • d0dece6 build(deps-dev): bump mocha from 10.7.3 to 10.8.2 (#350)
  • Additional commits viewable in compare view

Updates gradle/actions from 3 to 4

Release notes

Sourced from gradle/actions's releases.

v4.0.0

Final release of v4.0.0 of the setup-gradle, dependency-submission and wrapper-validation actions provided under gradle/actions. This release is available under the v4 tag.

Major changes from the v3 release

The arguments parameter has been removed

Using the action to execute Gradle via the arguments parameter was deprecated in v3 and this parameter has been removed. See here for more details.

Cache cleanup enabled by default

After a number of fixes and improvements, this release enables cache-cleanup by default for all Jobs using the setup-gradle and dependency-submission actions.

Improvements and bugfixes related cache cleanup:

  • By default, cache cleanup is not run if any Gradle build fails (#71)
  • Cache cleanup is not run after configuration-cache reuse (#19)

This feature should help to minimize the size of entries written to the GitHub Actions cache, speeding up builds and reducing cache usage.

Wrapper validation enabled by default

In v3, the setup-gradle action was enhanced to support Gradle wrapper validation, removing the need to use a separate workflow file with the gradle/actions/wrapper-validation action.

With this release, wrapper validation has been significantly improved, and is now enabled by default (#12):

  • The allow-snapshot-wrappers makes it possible to validate snapshot wrapper jars using setup-gradle.
  • Checksums for nightly and snapshot Gradle versions are now validated (#281).
  • Valid wrapper checksums are cached in Gradle User Home, reducing the need to retrieve checksum values remotely (#172).
  • Reduce network calls in wrapper-validation for new Gradle versions: By only fetching wrapper checksums for Gradle versions that were not known when this action was released, this release reduces the likelihood that a network failure could cause failure in wrapper validation (#171)
  • Improved error message when wrapper-validation finds no wrapper jars (#284)

Wrapper validation is important for supply-chain integrity. Enabling this feature by default will increase the coverage of wrapper validation on projects using GitHub Actions.

New input parameters for Dependency Graph generation

Some dependency-graph inputs that could previously only be configured via environment variables now have dedicated action inputs:

Other improvements

  • In Job summary, the action now provides an explanation when cache is set to read-only or disabled (#255)
  • When setup-gradle requests a specific Gradle version, the action will no longer download and install that version if it is already available on the PATH of the runner (#270)
  • To attempt to speed up builds, the setup-gradle and dependency-submission actions now attempt to use the D: drive for Gradle User Home if it is available (#290)

Deprecations and breaking changes

... (truncated)

Commits
  • cc4fc85 Bump @​vercel/ncc in /sources in the npm-dependencies group
  • e6a8146 Bump the github-actions group with 3 updates
  • e55599f Adapt build-result-capture script for GE plugin 3.17+
  • d85b006 [bot] Update dist directory
  • a09a310 Develocity injection fixes (#448)
  • 333e9d9 Do not ignore input parameters when build-scan-publish is enabled
  • 2aa49bf Set the correct env var for develocity-ccud-plugin-version
  • 9ab6ee6 Bump to version 2.0.2 of CCUDGP
  • fb5165d Add note about cache-encryption-key being required
  • 0e27ea7 Improve local development script
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 4 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Commits

Updates mikepenz/action-junit-report from 4 to 5

Release notes

Sourced from mikepenz/action-junit-report's releases.

v5

  • no changes

v5.0.0-rc01

🚀 Features

  • Improve parsing logic for nested suites
  • Configuration to enable grouping by TestSuite in the Detail Summary

💬 Other

  • Slight code cleanup

Contributors:

v5.0.0-b01

🚀 Features

  • Upgrade dependencies to latest major version
  • Add new API to skip annotations all-to-gether
  • Introduce flag to fail_on_parse_error

Contributors:

v5.0.0-a03

🚀 Features

  • Improve transformer performance
  • Provide optimised class detection skipping globber if not required

🐛 Fixes

  • Require pull_request trigger to attach comment

📦 Dependencies

... (truncated)

Commits
  • 992d97d - add retried to README
  • 1e85223 Merge pull request #1238 from saturninoabril/set-output-retried
  • 319aaf3 - rebase and update testcase with new inputs
  • eb88944 set-output name=retried
  • 0bec6a4 Merge pull request #1254 from mikepenz/feature/ugprade_dependencies_20241128
  • ca9f44b - upgrade all dev dependencies to their latest release versions
  • 9ffe999 Merge pull request #1253 from mikepenz/fix/1251
  • 80a45f1 - update test arguments
  • a8076ea - split logic between include passed and annotate notice, so we can skip file...
  • 66cd029 - ensure we don't lookup in root
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 9, 2024
@dependabot dependabot bot requested a review from a team December 9, 2024 11:25
Copy link

github-actions bot commented Dec 9, 2024

Sample app builds 📱

Below you will find the list of the latest versions of the sample apps. It's recommended to always download the latest builds of the sample apps to accurately test the pull request.


Copy link

github-actions bot commented Dec 9, 2024

  • java_layout: Build failed. See CI job logs to determine the issue and try re-building.

Copy link

github-actions bot commented Dec 9, 2024

  • kotlin_compose: Build failed. See CI job logs to determine the issue and try re-building.

Bumps the github-action-dependencies group with 4 updates: [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action), [gradle/actions](https://github.com/gradle/actions), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report).


Updates `slackapi/slack-github-action` from 1.26.0 to 2.0.0
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@v1.26.0...v2.0.0)

Updates `gradle/actions` from 3 to 4
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@v3...v4)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

Updates `mikepenz/action-junit-report` from 4 to 5
- [Release notes](https://github.com/mikepenz/action-junit-report/releases)
- [Commits](mikepenz/action-junit-report@v4...v5)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: mikepenz/action-junit-report
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-action-dependencies-e16b394200 branch from fd25b78 to 7e35f40 Compare December 23, 2024 11:36
Copy link

  • java_layout: Build failed. See CI job logs to determine the issue and try re-building.

Copy link

  • kotlin_compose: Build failed. See CI job logs to determine the issue and try re-building.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants