chore(deps): Update build deps and github actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/upload-artifact	action	patch	v3.1.0 -> v3.1.3
gradle (source)		minor	8.4 -> 8.7
gradle/gradle-build-action	action	minor	v2.2.0 -> v2.12.0
gradle/wrapper-validation-action	action	minor	v1.0.4 -> v1.1.0
io.micronaut.test-resources	plugin	minor	4.1.2 -> 4.4.0
io.micronaut.aot	plugin	minor	4.2.0 -> 4.4.0
io.micronaut.docker	plugin	minor	4.1.2 -> 4.4.0
io.micronaut.application	plugin	minor	4.1.2 -> 4.4.0
io.micronaut.library	plugin	minor	4.1.2 -> 4.4.0

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v3.1.3

Compare Source

What's Changed

• chore(github): remove trailing whitespaces by @​ljmf00 in https://github.com/actions/upload-artifact/pull/313
• Bump @​actions/artifact version to v1.1.2 by @​bethanyj28 in https://github.com/actions/upload-artifact/pull/436

Full Changelog: actions/upload-artifact@v3...v3.1.3

v3.1.2

Compare Source

• Update all @actions/* NPM packages to their latest versions- #​374
• Update all dev dependencies to their most recent versions - #​375

v3.1.1

Compare Source

• Update actions/core package to latest version to remove set-output deprecation warning #​351

gradle/gradle (gradle)

v8.7

Compare Source

v8.6

Compare Source

v8.5: 8.5

Compare Source

The Gradle team is excited to announce Gradle 8.5.

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Ahmed Ehab,
Alex Landau,
Aurimas,
Björn Kautler,
bodhili,
Daniel Le Berre,
davidburstrom,
Franz Wimmer,
Jongwoo Han,
Ken,
Leonardo Silveira,
Martin Bonnin,
Matthew Von-Maszewski,
Nik Clayton,
noeppi_noeppi,
Philip Wedemann,
Philipp Schneider,
Tomas Bjerre

Upgrade instructions

Switch your build to use Gradle 8.5 by updating your wrapper:

./gradlew wrapper --gradle-version=8.5

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

gradle/gradle-build-action (gradle/gradle-build-action)

v2.12.0

Compare Source

Adds a new option to clear a previously submitted dependency-graph.

steps:
- uses: gradle/gradle-build-action@v2
  with:
    dependency-graph: clear

This may prove useful when migrating to a workflow using the upcoming gradle/actions/dependency-submission action.

Full-changelog: gradle/gradle-build-action@v2.11.1...v2.12.0

v2.11.1

Compare Source

This patch release fixes an issue that prevented the gradle-build-action from executing with Gradle 1.12, and improves error reporting for dependency submission failures.

Changelog

• [FIX] Poor error reporting for dependency-submission failure #​1008
• [FIX] Error with gradle-build-action v2.11.0 and Gradle 1.12: unable to resolve class PluginManager #​1007

Full-changelog: gradle/gradle-build-action@v2.11.0...v2.11.1

v2.11.0

Compare Source

In addition to a number of dependency updates, this release:

• Allows a custom Plugin Repository to be specified when resolving the github-dependency-graph-gradle-plugin. See the documentation for details.
• Brings increased resilience when failures occur collecting build results or cleaning the Gradle User Home. Such failures should no longer prevent the caching of Gradle User Home or lead to build failures.

Changelog

• [NEW] Allow a custom plugin repository to be used to resolve dependency-graph plugin #​933
• [FIX] Cache entries and Job Summary not written on cache-cleanup failure #​990 #​858
• [FIX] Failure to write build results file should not cause overall build to fail #​866

Full-changelog: gradle/gradle-build-action@v2.10.0...v2.11.0

v2.10.0

Compare Source

This release introduces a new artifact-retention-days parameter, which allows a user to configure how long the generated dependency-graph artifacts are retained by GitHub Actions. Adjusting the retention period can be useful to reduce storage costs associated with these dependency-graph artifacts.

See the documentation for more details.

Changelog

• [NEW] Add artifact-retention-days configuration parameter #​903
• [FIX] Update to v1.0.0 of the github-dependency-graph-gradle-plugin
• [FIX] Update @babel/traverse to address reported security vulnerability

Full-changelog: gradle/gradle-build-action@v2.9.0...v2.10.0

v2.9.0

Compare Source

The GitHub dependency-review-action helps you understand dependency changes (and the security impact of these changes) for a pull request. This release updates the GItHub Dependency Graph support to be compatible with the dependency-review-action.

See the documentation for detailed examples.

Changelog

• [FIX] Use correct SHA for pull-request events #​882
• [FIX] Avoid generating dependency graph during cache cleanup #​905
• [NEW] Improve warning on failure to submit dependency graph
• [NEW] Compatibility with GitHub dependency-review-action #​879

Full-changelog: gradle/gradle-build-action@v2.8.1...v2.9.0

v2.8.1

Compare Source

Fixes an issue that prevented Dependency Graph submission when running on GitHub Enterprise Server.

Fixes

• Incorrect endpoint used to submit Dependency Graph on GitHub Enterprise #​885

Changelog

v2.8.0

Compare Source

The v2.8.0 release of the gradle-build-action introduces an easy mechanism to connect to Gradle Enterprise, as well improved support for self-hosted GitHub Actions runners.

Automatic injection of Gradle Enterprise connectivity

It is now possible to connect a Gradle build to Gradle Enterprise without changing any of the Gradle project sources. This is achieved through Gradle Enterprise injection, where an init-script will apply the Gradle Enterprise plugin and associated configuration.

This feature can be useful to easily trial Gradle Enterprise on a project, or to centralize Gradle Enterprise configuration for all GitHub Actions workflows in an organization.

See Gradle Enterprise injection in the README for more info.

Restore Gradle User Home when directory already exists

Previously, the Gradle User Home would not be restored if the directory already exists. This wasn't normally an issue with GitHub-hosted runners, but limited the usefulness of the action for persistent, self-hosted runners.

This behaviour has been improved in this release:

• The Job Summary now includes a useful error message when Gradle User Home was not restored because the directory already exists.
• The action can now be configured to restore the Gradle User Home when the directory already exists, overwriting existing content with content from the GitHub Actions cache. See https://github.com/gradle/gradle-build-action#overwriting-an-existing-gradle-user-home for more details.

Changes

Issues fixed: https://github.com/gradle/gradle-build-action/issues?q=milestone%3A2.8.0+is%3Aclosed
Full changelog: gradle/gradle-build-action@v2.7.1...v2.8.0

v2.7.1

Compare Source

This release contains no code changes, only dependency updates and documentation improvements.

Changelog

v2.7.0

Compare Source

GitHub Dependency Graph support

In this release, the GitHub Dependency Graph support is no longer considered "experimental", and should be considered ready for production use. You can read more about the Dependency Graph support in the README chapter.

Changes

• Update to [email protected]
  • Dependency graph uses Gradle Settings file as manifest location (if Settings file exists)
• Adds a dependency-graph-file output to any step that generates a Dependency Graph file

Changelog

v2.6.1

Compare Source

Dependency Graph support

This patch release fixes and improves a couple of aspects of the experimental Dependency Graph support:

• The action will now generate a unique job.correlator value for each Gradle invocation within a Job. This permits multiple Gradle invocations in a single job to generate and submit a separate dependency graph.
• Update to use [email protected], which brings a number of improvements to the generated dependency graph:
  • Each Gradle build invocation is mapped to a single GitHub Dependency Graph manifest. This should result in fewer duplicate security alerts being generated.
  • Configurations that contribute to the GitHub Dependency Graph can be filtered by regular expression

v2.6.0

Compare Source

GitHub Dependency Graph support (Experimental)

This release brings experimental support for submitting a GitHub Dependency Graph snapshot via the GitHub Dependency Submission API.

The dependency graph snapshot is generated via integration with the GitHub Dependency Graph Gradle Plugin, and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).

The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate Dependabot Alerts for vulnerable dependencies, as well as to populate the Dependency Graph insights view.

Check out the README chapter for more details on how this works and how to configure a workflow that submits a dependency graph.

Changelog

v2.5.1

Compare Source

Fixes a regression in v2.5.0 that resulted in failure when running a workflow that has a name containing a comma.

Fixes

• Cache key Validation Error when workflow name contains a comma #​756

Changelog

v2.5.0

Compare Source

This minor release fixes a couple of issues that affected the action in particular scenarios, and updates all dependencies to recent versions.

Fixes

• Parallel workflows containing jobs with the same name use the same cache key #​699
• Build scans are not captured when GE plugin is applied within settingsEvaluated #​626

Full changelog: gradle/gradle-build-action@v2.4.2...v2.5.0

v2.4.2

Compare Source

This release disables the save/restore of configuration-cache data, since this functionality has been shown to be problematic.
Gradle 8.1 has made changes to this functionality which will require a more comprehensive rework of the action before we can re-enable this.

v2.4.1

Compare Source

This patch release updates a number of dependencies, including xmljs which was reported to have a security vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-0842).
There is no evidence that this vulnerability affected the gradle-build-action.

Full changelog: gradle/gradle-build-action@v2.4.0...v2.4.1

v2.4.0

Compare Source

What's new

The v.2.4.0 release contains various library updates and fixes to fully support Gradle 8.

Notable changes:

• Update to @actions/cache: 3.1.3 should improve cache save/restore performance on Windows by using gnu tar and zstd when available.
• Fix caching of extracted JDK toolchains for Gradle 7.6+ (e444647)

Full Changelog: gradle/gradle-build-action@v2.3.3...v2.4.0

v2.3.3

Compare Source

This patch release removes all uses of the deprecated set-output and set-state commands, and should remove deprecation warnings from build logs. See #​461 and #​477 for more details.

Full Changelog: gradle/gradle-build-action@v2.3.2...v2.3.3

v2.3.2

Compare Source

This patch release fixes an issue which could result in errors in the post-action step. See #​441 for details.

Full Changelog: gradle/gradle-build-action@v2.3.1...v2.3.2

v2.3.1

Compare Source

This patch release addresses some security vulnerabilities reported by the CodeQL check:

• Removes sourcemap-register.js: this triggered Incorrect suffix check
• Patches the @azure/logger library to avoid logging an environment variable value: this triggered Clear-text logging of sensitive information
• Updates a bunch of development dependencies, which should not impact production code

The release contains no functional changes.

Full Changelog: gradle/gradle-build-action@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's new

With v2.3.0, the gradle-build-action can now attempt to remove any unused files from the Gradle User Home directory before storing to the GitHub Actions cache. This can prevent cases where the size of cache entry grows over time.

Gradle Home cache cleanup is disabled by default. You can enable this feature for the action as follows:

gradle-home-cache-cleanup: true

See the README for more details.

Full Changelog: gradle/gradle-build-action@v2.2.5...v2.3.0

v2.2.5

Compare Source

What's fixed

Fixes a bug where a corrupted cache entry caused an error in beforeSave (#​408). This meant that the entry was never purged.
By allowing @actions/globber to follow symlinks and ignore broken symlinks, the bad files in the cache entry are ignored and the corrupted cache entry can be replaced by a good one.

Full Changelog: gradle/gradle-build-action@v2.2.4...v2.2.5

v2.2.4

Compare Source

What's fixed

The fix for #​383 introduced a bug that caused the post-action to fail when attempting to resolve cache-read-only for scheduled jobs.
This has been fixed with an explicit (rather than implicit) check for 'event.repository != null'. (#​409)

Full Changelog: gradle/gradle-build-action@v2.2.3...v2.2.4

v2.2.3

Compare Source

What's fixed

This release updates a number of key dependencies and fixes some cache-related issues:

• Do not set cache-read-only=true for scheduled workflows on default branch (#​383)
• Fix reporting of caching errors that was broken in v2.2.2 (#​407)
• Abort cache download operations after 10 minutes (configurable). Previously cache download operations could hang the build. (#​369)

Full Changelog: gradle/gradle-build-action@v2.2.2...v2.2.3

v2.2.2

Compare Source

What's fixed

This release fixes some issues that were discovered in the v2.2.1 release, and updates a number of dependencies.

• Improved support for GitHub Enterprise
  • Do not attempt to use GitHub Actions cache when the feature is not available
  • Write Gradle Build summary to log files when Job Summary functionality not available
• Only attempt to stop Gradle daemons when caching Gradle User Home (#​341)
• Only write build-results file when GitHub Actions env vars are available (#​350)

Full Changelog: gradle/gradle-build-action@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's fixed

This release fixes some issues that were exposed by the v2.2.0 release, as well as improving the content and layout of the Job Summary.

• Don't try to generate Job Summary when functionality is not available (GitHub Enterprise): #​319
• Fix warning when attempting to delete non-existent file: #​308
• Fix Entry not saved: reason unknown message in Job Summary cache details: #​309
• Report failure to publish build scan in Job Summary: #​326

Full Changelog: gradle/gradle-build-action@v2.2.0...v2.2.1

gradle/wrapper-validation-action (gradle/wrapper-validation-action)

v1.1.0

Compare Source

The action now adds the path of the failed wrapper Jar as a failed-wrapper Step output parameter.
This makes the value available for reporting in later Steps/Jobs.

v1.0.6

Compare Source

Gradle Wrapper Validation

• Security vulnerability: Bump json5 from 1.0.1 to 1.0.2
• Security vulnerability: Bump qs from 6.10.1 to 6.11.0

v1.0.5

Compare Source

Gradle Wrapper Validation

• Update dependencies for Node 16 (#​53)
• Update dependencies with security vulnerabilities (#​67)
• Update various other dependencies (#​45, #​47, #​48, #​54)

---

Configuration

📅 Schedule: Branch creation - "after 5pm on the 2nd day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.