dependabot[bot] opened a new pull request, #15536: URL: https://github.com/apache/grails-core/pull/15536
Bumps [gradle/actions](https://github.com/gradle/actions) from 5.0.0 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases";>gradle/actions's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <blockquote> <p>[!IMPORTANT] The release of <code>gradle/actions@v6</code> contains important changes to the license terms. More details in <a href="https://blog.gradle.org/github-actions-for-gradle-v6";>this blog post</a>. <strong>TL;DR</strong>: By upgrading to v6, you accept the <a href="https://gradle.com/legal/terms-of-use/";>Terms of Use</a> for the <code>gradle-actions-caching</code> component.</p> </blockquote> <h2>Summary</h2> <p>The <a href="https://blog.gradle.org/github-actions-for-gradle-v6";>license changes in v6</a> introduced a <code>gradle-actions-caching</code> license notice that is printed in logs and in each job summary.</p> <p>With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.</p> <h2>What's Changed</h2> <ul> <li>Bump actions used in docs by <a href="https://github.com/Goooler";><code>@Goooler</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/792";>gradle/actions#792</a></li> <li>Add typing information for use by typesafegithub by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/910";>gradle/actions#910</a></li> <li>Mute license warning when terms are accepted by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/911";>gradle/actions#911</a></li> <li>Mention explicit license acceptance in notice by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/912";>gradle/actions#912</a></li> <li>Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group across 1 directory by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/907";>gradle/actions#907</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v6.0.0...v6.0.1";>https://github.com/gradle/actions/compare/v6.0.0...v6.0.1</a></p> <h2>v6.0.0</h2> <blockquote> <p>[!IMPORTANT] The release of <code>gradle/actions@v6</code> contains important changes to the license terms. More details in <a href="https://blog.gradle.org/github-actions-for-gradle-v6";>this blog post</a>. <strong>TL;DR</strong>: By upgrading to v6, you accept the <a href="https://gradle.com/legal/terms-of-use/";>Terms of Use</a> for the <code>gradle-actions-caching</code> component.</p> </blockquote> <h2>Summary</h2> <ul> <li>Caching functionality of 'gradle-actions' has been extracted into a separate <code>gradle-actions-caching</code> library, and is no longer open-source. See <a href="https://blog.gradle.org/github-actions-for-gradle-v6";>this blog post</a> for more context.</li> <li>Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in <code>gradle-actions-caching</code>.</li> <li>Dependencies updated to address security vulnerabilities</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <h4>Licensing notice</h4> <p>The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at <a href="https://gradle.com/legal/terms-of-use/";>https://gradle.com/legal/terms-of-use/</a>.</p> <p>The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.</p> <p>Use of the `gradle-actions-caching` component is subject to a separate license, available at <a href="https://gradle.com/legal/terms-of-use/";>https://gradle.com/legal/terms-of-use/</a>. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.</p> </blockquote> <h2>What's Changed</h2> <ul> <li>Bump the npm-dependencies group in /sources with 2 updates by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/866";>gradle/actions#866</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions";><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/868";>gradle/actions#868</a></li> <li>Dependency updates by <a href="https://github.com/bigdaz";><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/876";>gradle/actions#876</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions";><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/878";>gradle/actions#878</a></li> <li>Bump <code>@types/node</code> from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/877";>gradle/actions#877</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f";><code>39e147c</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/14ac3d6351602bece7e0af25de31edb909e02e87";><code>14ac3d6</code></a> Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to...</li> <li><a href="https://github.com/gradle/actions/commit/81fec7a823e3abd8459222ff970e1c73fa64a6c0";><code>81fec7a</code></a> Mention explicit license acceptance in notice (<a href="https://redirect.github.com/gradle/actions/issues/912";>#912</a>)</li> <li><a href="https://github.com/gradle/actions/commit/4ac5b012eaee72771cbc607a83a6172c335772f8";><code>4ac5b01</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/f64284c3331bad8afabcab31a8de532d8d509341";><code>f64284c</code></a> Mute license warning when terms are accepted (<a href="https://redirect.github.com/gradle/actions/issues/911";>#911</a>)</li> <li><a href="https://github.com/gradle/actions/commit/c2457a7fb283d2bfe1c94ac0c360c27a79bcffd4";><code>c2457a7</code></a> Update tagging instructions for release</li> <li><a href="https://github.com/gradle/actions/commit/82051144474b723e63a98f67b5e04e4e714f0ab1";><code>8205114</code></a> Update Gradle version compatibility information</li> <li><a href="https://github.com/gradle/actions/commit/6710000013efea00802ecf636afd397941ccbfc5";><code>6710000</code></a> Add typing information for use by typesafegithub (<a href="https://redirect.github.com/gradle/actions/issues/910";>#910</a>)</li> <li><a href="https://github.com/gradle/actions/commit/3d0e2a88dadc8577c2e0616f03a95b9b60f3410b";><code>3d0e2a8</code></a> Pin version for github actions</li> <li><a href="https://github.com/gradle/actions/commit/f663ed9f3df12f3ffa85c5933a22d9ed4089c04e";><code>f663ed9</code></a> Ignore internal action files for type validation</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/v5...39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
