This release disables the save/restore of configuration-cache data, since this functionality has been shown to be problematic.
Gradle 8.1 has made changes to this functionality which will require a more comprehensive rework of the action before we can re-enable this.
v2.4.1
This patch release updates a number of dependencies, including xmljs which was reported to have a security vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-0842).
There is no evidence that this vulnerability affected the gradle-build-action.
This patch release removes all uses of the deprecated set-output and set-state commands, and should remove deprecation warnings from build logs. See #461 and #477 for more details.
With v2.3.0, the gradle-build-action can now attempt to remove any unused files from the Gradle User Home directory before storing to the GitHub Actions cache. This can prevent cases where the size of cache entry grows over time.
Gradle Home cache cleanup is disabled by default. You can enable this feature for the action as follows:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Gubaer/josm-contourmerge-plugin/network/alerts).
Bumps gradle/gradle-build-action from 2.1.6 to 2.4.2.
Release notes
Sourced from gradle/gradle-build-action's releases.
... (truncated)
Commits
749f47b
Update README.md for changes in releaseeb126d7
Update for Gradle 8.1 release5056fa9
Patch@azure/logger
to address CodeQL violations8a0051f
Specify current Gradle version via ASDF4f87177
Build outputsff62946
Update development dependencies2eddd20
Bump xml2js,@azure/ms-rest-js
and@azure/core-http
887e0bd
Fix typo (#655)dac0b87
Bump@typescript-eslint/parser
from 5.56.0 to 5.57.0 (#654)a8f0f0d
NPM dependency updatesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Gubaer/josm-contourmerge-plugin/network/alerts).