Skip to content

chore(deps): bump the dependencies group across 1 directory with 3 updates#313

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/dependencies-f4eed11209
Closed

chore(deps): bump the dependencies group across 1 directory with 3 updates#313
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/dependencies-f4eed11209

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps the dependencies group with 3 updates in the / directory: gradle/actions, codecov/codecov-action and ytanikin/pr-conventional-commits.

Updates gradle/actions from 5.0.2 to 6.0.1

Release notes

Sourced from gradle/actions's releases.

v6.0.1

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

  • Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.
  • Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.
  • Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

... (truncated)

Commits
  • 39e147c [bot] Update dist directory
  • 14ac3d6 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to...
  • 81fec7a Mention explicit license acceptance in notice (#912)
  • 4ac5b01 [bot] Update dist directory
  • f64284c Mute license warning when terms are accepted (#911)
  • c2457a7 Update tagging instructions for release
  • 8205114 Update Gradle version compatibility information
  • 6710000 Add typing information for use by typesafegithub (#910)
  • 3d0e2a8 Pin version for github actions
  • f663ed9 Ignore internal action files for type validation
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates ytanikin/pr-conventional-commits from 1.5.1 to 1.5.2

Release notes

Sourced from ytanikin/pr-conventional-commits's releases.

1.5.2

What's Changed

Full Changelog: ytanikin/pr-conventional-commits@1.5.1...1.5.2

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 1, 2026 05:59
Copilot AI review requested due to automatic review settings April 1, 2026 05:59
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026
@dependabot dependabot bot review requested due to automatic review settings April 1, 2026 05:59
rhamzeh
rhamzeh reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@rhamzeh rhamzeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Warning ⚠️

We need to review and accept these terms before merging this PR, as part of the action is no longer OSS.

Moving this PR to Draft until we get a chance to do that

@rhamzeh rhamzeh marked this pull request as draft April 1, 2026 11:17
@dependabot dependabot bot changed the title chore(deps): bump the dependencies group with 3 updates chore(deps): bump the dependencies group across 1 directory with 3 updates Apr 1, 2026
@dependabot dependabot bot force-pushed the dependabot/github_actions/dependencies-f4eed11209 branch from d580ea5 to ac46430 Compare April 1, 2026 17:36
@curfew-marathon
Copy link
Copy Markdown
Contributor

curfew-marathon commented Apr 1, 2026

@dependabot recreate

@dependabot
chore(deps): bump the dependencies group with 3 updates
017f3dd 
Bumps the dependencies group with 3 updates: [gradle/actions](https://github.com/gradle/actions), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [ytanikin/pr-conventional-commits](https://github.com/ytanikin/pr-conventional-commits).


Updates `gradle/actions` from 5.0.2 to 6.0.1
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@0723195...39e147c)

Updates `codecov/codecov-action` from 5.5.2 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@671740a...57e3a13)

Updates `ytanikin/pr-conventional-commits` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/ytanikin/pr-conventional-commits/releases)
- [Commits](ytanikin/pr-conventional-commits@fda730c...639145d)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: ytanikin/pr-conventional-commits
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/dependencies-f4eed11209 branch from ac46430 to 017f3dd Compare April 1, 2026 18:00
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 2, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/github_actions/dependencies-f4eed11209 branch April 2, 2026 01:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhamzeh rhamzeh rhamzeh left review comments

@curfew-marathon curfew-marathon curfew-marathon approved these changes

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@curfew-marathon @rhamzeh