BOFA1ex / dlvx

Apache License 2.0
1 stars 0 forks source link

build(deps): bump gradle/wrapper-validation-action from 2.0.0 to 2.1.0 #13

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 9 months ago

Bumps gradle/wrapper-validation-action from 2.0.0 to 2.1.0.

Release notes

Sourced from gradle/wrapper-validation-action's releases.

v2.1.0

This release should vastly reduce the number of network requests made by the wrapper-validation-action, by hardcoding the checksums of all known Gradle wrapper jars at time of release. With this improvement, a number of long-standing issues should be addressed (#164, #162, #57).

The action should now only make network requests to validate the checksums of an unknown gradle-wrapper.jar. This can happen if:

  • The Gradle version was published after this action was released
  • The gradle-wrapper.jar is truly invalid

Changelog

  • [NEW] Hardcode list of known checksums to avoid network requests in most cases (#161)

Huge thanks to @​Marcono1234 for contributing this long-awaited improvement.

v2.0.1

This patch release fixes error reporting when failing to retrieve the checksums from services.gradle.org

  • [FIX] After migration from v1 to v2 silently fails (#174)
Commits
  • 85cde3f Add clarification about running in repository root
  • 8a2cbc9 Clarify that wrapper-validation should precede setup-gradle
  • d355de3 Build outputs
  • ac96f18 Hardcoded checksums follow-up
  • ca85ed0 Extend integration tests
  • c4ee1cd Update known wrapper checksums
  • a3555ef Clarify output format (#177)
  • 24d65a1 Merge branch 'releases/v2'
  • a494d93 Check dist on release branches
  • 21bea8c Log multiple errors
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 9 months ago

Superseded by #14.