Bump the workflow-actions group with 4 updates

dependabot[bot] · web-flow · commit 361f2b1c1afa · 2025-09-01T07:29:12.000Z
Bumps the workflow-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-java](https://github.com/actions/setup-java), [actions/cache](https://github.com/actions/cache) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@11bd719...08c6903) Updates `actions/setup-java` from 4.7.1 to 5.0.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@c5195ef...dded088) Updates `actions/cache` from 4.2.3 to 4.2.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@5a3ec84...0400d5f) Updates `actions/download-artifact` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@d3f86a1...634f93c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflow-actions - dependency-name: actions/setup-java dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflow-actions - dependency-name: actions/cache dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: workflow-actions - dependency-name: actions/download-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflow-actions ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/ci-report.yml b/.github/workflows/ci-report.yml
@@ -49,21 +49,21 @@ jobs:
           fi
       # Checkout target branch which has trusted code
       - name: Check out target branch
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
         with:
           persist-credentials: false
           # By default, a workflow that is triggered with on workflow_run would run on the main (default) branch.
           #  Different branches might have different versions of Develocity, and we want to make sure
           #  that we publish with the one that we built the scan with in the first place.
           ref: ${{ steps.determine_branch_ref.outputs.original_branch_ref }}
       - name: Set up Java 21
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 5.0.0
         with:
           java-version: 21
           distribution: temurin
       # https://github.com/actions/cache/blob/main/examples.md#java---maven
       - name: Cache local Maven repository
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4
         with:
           path: ~/.m2/repository
           # use a different key than workflows running untrusted code
@@ -74,7 +74,7 @@ jobs:
         run: ./mvnw -v
       - name: Download GitHub Actions artifacts for the Develocity build scans
         id: downloadBuildScan
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # 4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # 5.0.0
         with:
           pattern: build-scan-data-*
           github-token: ${{ github.token }}
diff --git a/.github/workflows/ci-tck-report.yml b/.github/workflows/ci-tck-report.yml
@@ -34,12 +34,12 @@ jobs:
         java-version: [ '17', '21' ]
 
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
         with:
           persist-credentials: false
 
       - name: Set up Java ${{ matrix.java-version }}
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 5.0.0
         with:
           java-version: ${{ matrix.java-version }}
           distribution: temurin
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -86,17 +86,17 @@ jobs:
       - name: Support longpaths on Windows
         if: "startsWith(matrix.os.runs-on, 'windows')"
         run: git config --global core.longpaths true
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
         with:
           persist-credentials: false
       - name: Set up Java ${{ matrix.os.java.version }}
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 5.0.0
         with:
           java-version: ${{ matrix.os.java.version }}
           distribution: temurin
       # https://github.com/actions/cache/blob/main/examples.md#java---maven
       - name: Cache local Maven repository
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4
         with:
           path: ~/.m2/repository
           # use a different key than workflows running in trusted mode
