build(deps): bump gradle/actions from 5.0.2 to 6.0.1

[dependabot]

Bumps gradle/actions from 5.0.2 to 6.0.1.

Release notes

Sourced from gradle/actions's releases.

v6.0.1

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

• Bump actions used in docs by @​Goooler in gradle/actions#792
• Add typing information for use by typesafegithub by @​bigdaz in gradle/actions#910
• Mute license warning when terms are accepted by @​bigdaz in gradle/actions#911
• Mention explicit license acceptance in notice by @​bigdaz in gradle/actions#912
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in gradle/actions#907

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

• Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.
• Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.
• Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot[bot] in gradle/actions#866
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#868
• Dependency updates by @​bigdaz in gradle/actions#876
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#878
• Bump @​types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @​dependabot[bot] in gradle/actions#877

... (truncated)

Commits

• 39e147c [bot] Update dist directory
• 14ac3d6 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to...
• 81fec7a Mention explicit license acceptance in notice (#912)
• 4ac5b01 [bot] Update dist directory
• f64284c Mute license warning when terms are accepted (#911)
• c2457a7 Update tagging instructions for release
• 8205114 Update Gradle version compatibility information
• 6710000 Add typing information for use by typesafegithub (#910)
• 3d0e2a8 Pin version for github actions
• f663ed9 Ignore internal action files for type validation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

Fixes 🐛

• fix: CaptureFeedback now supports multiple attachments correctly by bitsandfoxes in #5077

Dependencies ⬆️

Deps

• chore(deps): update CLI to v3.3.5 by github-actions in #5093
• chore(deps): update Native SDK to v0.13.4 by github-actions in #5081
• chore(deps): update Java SDK to v8.37.1 by github-actions in #5071
• chore(deps): update CLI to v3.3.4 by github-actions in #5068
• chore(deps): update Java SDK to v8.37.0 by github-actions in #5069
• chore(deps): update Cocoa SDK to v9.8.0 by github-actions in #5044
• chore(deps): update Java SDK to v8.36.0 by github-actions in #5036
• chore(deps): update epitaph to 0.1.1 by github-actions in #5036

Other

• build(deps): bump gradle/actions from 5.0.2 to 6.0.1 by dependabot[bot] in #5107

• ci: fix workflows that always fail for fork PRs by jamescrosswell in #5065

---

_{🤖 This preview updates automatically when you update the PR.}

[Flash0ver]

issue: license change

Apparently, #5086 did not do the trick:

sentry-dotnet/.github/dependabot.yml

Lines 25 to 27 in e6a6c24

	ignore:
	- dependency-name: "gradle/actions/setup-gradle"
	versions: ['>= 6.0.0'] # license change: the bundled 'gradle-actions-caching' component is licensed and governed by a separate license (no longer MIT)

Claude Code insisted on this being the right syntax for the "github-actions" ecosystem ... liar 😉

[jamescrosswell]

issue: license change

Apparently, #5086 did not do the trick:

sentry-dotnet/.github/dependabot.yml

Lines 25 to 27 in e6a6c24

	ignore:
	- dependency-name: "gradle/actions/setup-gradle"
	versions: ['>= 6.0.0'] # license change: the bundled 'gradle-actions-caching' component is licensed and governed by a separate license (no longer MIT)

Claude Code insisted on this being the right syntax for the "github-actions" ecosystem ... liar 😉

Why don't we just ignore gradle/actions/setup-gradle entirely for version bumps? I assume they're not going to backport fixes to the version we are stuck on so we don't need to check/bump versions at all anymore.

Also, what's our plan moving forward? Are we going to find a replacement for this? Fork the version with a compatible licence and maintain it ourselves? Or just hope things keep working as long as possible on the version we have?