GoogleCloudPlatform
chore(deps): Update dependencies for github
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| actions/setup-java | action | minor | v5.0.0 -> v5.1.0 |
| github/codeql-action | action | minor | v4.30.7 -> v4.31.9 |
| graalvm/setup-graalvm | action | minor | v1.2.6 -> v1.4.4 |
| ossf/scorecard-action | action | patch | v2.4.0 -> v2.4.3 |
Release Notes
actions/setup-java (actions/setup-java)
v5.1.0
What's Changed
New Features
- Add support for
.sdkmanrcfile injava-version-fileparameter by @guicamest in #736 - Add support for Microsoft OpenJDK 25 builds by @the-mod in #927
Bug Fixes & Improvements
- Update Regex to Support All ASDF Versions for the supported distributions in tool-versions File by @aparnajyothi-y in #767
- Enhance error logging for network failures to include endpoint/IP details, add retry mechanism and update workflows to use macos-15-intel by @priya-kinthali in #946
- Update SapMachine URLs by @RealCLanger in #955
- Add GitHub Token Support for GraalVM and Refactor Code by @mahabaleshwars in #849
Documentation changes
- Update documentation to use checkout and Java v5 by @lmvysakh in #903
- Clarify JAVA_HOME and PATH setup in README by @chiranjib-swain in #841
Dependency updates
- Upgrade prettier from 2.8.8 to 3.6.2 and document breaking changes in v5 by @dependabot in #873
- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #912
New Contributors
- @lmvysakh made their first contribution in #903
- @chiranjib-swain made their first contribution in #841
- @the-mod made their first contribution in #927
- @priya-kinthali made their first contribution in #946
- @guicamest made their first contribution in #736
Full Changelog: https://github.com/actions/setup-java/compare/v5...v5.1.0
github/codeql-action (github/codeql-action)
v4.31.9
v4.31.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.8 - 11 Dec 2025
- Update default CodeQL bundle version to 2.23.8. #3354
See the full CHANGELOG.md for more information.
v4.31.7
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.7 - 05 Dec 2025
- Update default CodeQL bundle version to 2.23.7. #3343
See the full CHANGELOG.md for more information.
v4.31.6
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.6 - 01 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.5
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.5 - 24 Nov 2025
- Update default CodeQL bundle version to 2.23.6. #3321
See the full CHANGELOG.md for more information.
v4.31.4
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.4 - 18 Nov 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.3
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5. #3288
See the full CHANGELOG.md for more information.
v4.31.2
v4.31.1
v4.31.0
v4.30.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204
See the full CHANGELOG.md for more information.
v4.30.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
graalvm/setup-graalvm (graalvm/setup-graalvm)
v1.4.4
What's Changed
- Bump actions/checkout from 5.0.0 to 6.0.0 in the github-actions-updates group by @dependabot[bot] in #198
- Bump the npm-updates group with 10 updates by @dependabot[bot] in #197
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.4.3...v1.4.4
v1.4.3
What's Changed
- Bump the github-actions-updates group with 2 updates by @dependabot[bot] in #192
- Bump the npm-updates group with 16 updates by @dependabot[bot] in #191
- Support new GraalVM dev artifact names. by @ansalond in #196
- Bump js-yaml by @dependabot[bot] in #194
- Fix extraction issue on self-hosted Windows runners. by @fniephaus in #195
New Contributors
- @ansalond made their first contribution in #196
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.4.2...v1.4.3
v1.4.2
What's Changed
- Upgrade musl-toolchain to
1.2.5-oracle-00001. by @fniephaus in #189
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.4.1...v1.4.2
v1.4.1
v1.4.0
What's Changed
- Convert to ESM. by @fniephaus in #184
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.3.7...v1.4.0
v1.3.7
What's Changed
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #179
- Bump the npm-development group across 1 directory with 9 updates by @dependabot[bot] in #180
- Revise
dependabot.ymland pin GitHub Actions. by @fniephaus in #181 - Test against GraalVM 25 and update
README.md. by @fniephaus in #183
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1...v1.3.7
v1.3.6
What's Changed
- Bump the npm-development group with 6 updates by @dependabot[bot] in #174
- Bump jest and @types/jest by @dependabot[bot] in #175
- Bump @actions/cache from 4.0.3 to 4.0.5 in the npm-production group by @dependabot[bot] in #178
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.3.5...v1.3.6
v1.3.5
What's Changed
- Update dependencies by @fniephaus in #167
- Revise
README.md. by @fniephaus in #169 - Bump the npm-development group with 10 updates by @dependabot[bot] in #170
- Bump eslint-plugin-jest from 28.12.0 to 29.0.1 by @dependabot[bot] in #171
- Bump form-data from 2.5.3 to 2.5.5 by @dependabot[bot] in #172
- Bump version to
1.3.5. by @fniephaus in #173
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.3.4...v1.3.5
v1.3.4
What's Changed
- Add about arm runners by @alina-yur in #153
- Test against GraalVM for JDK 24 and 25 EA builds. by @fniephaus in #155
- Bump the npm-development group with 11 updates by @dependabot in #156
- Bump the npm-production group with 2 updates by @dependabot in #157
- Bump the npm-development group with 11 updates by @dependabot in #160
- Bump @octokit/types from 13.10.0 to 14.0.0 by @dependabot in #161
- Bump @octokit/types from 14.0.0 to 14.1.0 by @dependabot in #165
- Bump the npm-development group with 11 updates by @dependabot in #163
- Bump undici from 5.28.5 to 5.29.0 by @dependabot in #162
New Contributors
- @alina-yur made their first contribution in #153
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1...v1.3.4
v1.3.3
What's Changed
- SBOM: Ensure 'java-version' is persisted to post-run phase by @rudsberg in #151
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.3.2...v1.3.3
v1.3.2
What's Changed
- Bump @octokit/request-error from 5.1.0 to 5.1.1 by @dependabot in #140
- Bump @octokit/endpoint from 9.0.5 to 9.0.6 by @dependabot in #141
- Bump @octokit/request from 8.4.0 to 8.4.1 by @dependabot in #142
- Bump @octokit/plugin-paginate-rest from 9.2.1 to 9.2.2 by @dependabot in #148
- Bump the npm-development group across 1 directory with 10 updates by @dependabot in #149
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.3.1...v1.3.2
v1.3.1
What's Changed
- Bump the npm-development group with 5 updates by @dependabot in #135
- Bump eslint-config-prettier from 9.1.0 to 10.0.1 by @dependabot in #131
- Bump @octokit/types from 12.6.0 to 13.8.0 by @dependabot in #132
- Bump semver from 7.6.3 to 7.7.1 by @dependabot in #136
- Convert back to CJS and use ncc. by @fniephaus in #139
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.3.0...v1.3.1
v1.3.0
What's Changed
- Start testing on
ubuntu-22.04-arm. by @fniephaus in #127 - Bump the npm-development group with 5 updates by @dependabot in #128
- Convert to ESM and use rollup. by @fniephaus in #134
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.2.8...v1.3.0
v1.2.8
What's Changed
- Update
@actions/cacheand other dependencies. by @fniephaus in #121 - Integrate Native Image SBOM with GitHub's Dependency Submission API by @rudsberg in #119
- Add
dependabot.yml. by @fniephaus in #122 - Bump actions/upload-artifact from 3 to 4 by @dependabot in #123
- Bump the npm-development group with 5 updates by @dependabot in #124
New Contributors
- @rudsberg made their first contribution in #119
Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.2.6...v1.2.8
v1.2.7
ossf/scorecard-action (ossf/scorecard-action)
v2.4.3
What's Changed
This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.
Documentation
- docs: clarify
GITHUB_TOKENpermissions needed for private repos by @pankajtaneja5 in #1574 - :book: Fix recommended command to test the image in development by @deivid-rodriguez in #1583
Other
- add missing top-level token permissions to workflows by @timothyklee in #1566
- setup codeowners for requesting reviews by @spencerschrock in #1576
- :seedling: Improve printing options by @deivid-rodriguez in #1584
New Contributors
- @timothyklee made their first contribution in #1566
- @pankajtaneja5 made their first contribution in #1574
- @deivid-rodriguez made their first contribution in #1584
Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3
v2.4.2
What's Changed
This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.
Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2
v2.4.1
What's Changed
- This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
- Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
- use Scorecard library entrypoint instead of Cobra hooking by @spencerschrock in #1423
- Some errors were made into annotations to make them more visible
- There is now an optional
file_modeinput which controls how repository files are fetched from GitHub. The default isarchive, butgitproduces the most accurate results for repositories with.gitattributesfiles at the cost of analysis speed.- add input for specifying
--file-modeby @spencerschrock in #1509
- add input for specifying
- The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.
- :seedling: publish docker images to GitHub Container Registry by @spencerschrock in #1453
Docs
- Installation docs update by @JeremiahAHoward in #1416
New Contributors
- @JeremiahAHoward made their first contribution in #1416
- @jsoref made their first contribution in #1459 Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
