Skip to content

Bump the actions-deps group with 3 updates#40

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions-deps-1a0e9e7afd
Closed

Bump the actions-deps group with 3 updates#40
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions-deps-1a0e9e7afd

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions-deps group with 3 updates: lfreleng-actions/github2gerrit-action, actions/setup-java and lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml.

Updates lfreleng-actions/github2gerrit-action from 1.4.1 to 1.4.2

Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.4.2

Downloads for this release

🐛 Bug Fixes 🐛

🔧 Maintenance 🔧

🎓 Code Quality 🎓

Links

Commits
  • 9f32f3c Merge pull request #335 from lfreleng-actions/dependabot/uv/hatchling-1.31.0
  • 86c6955 Merge pull request #333 from lfreleng-actions/dependabot/uv/mypy-2.2.0
  • c6305b3 Merge pull request #332 from lfreleng-actions/dependabot/github_actions/astra...
  • d6a1ecd Merge pull request #334 from lfreleng-actions/dependabot/github_actions/lfit/...
  • 5ae1bf9 Merge pull request #331 from lfreleng-actions/dependabot/github_actions/step-...
  • e134af5 Chore: Bump hatchling from 1.30.1 to 1.31.0
  • 5dc30c2 Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-sc...
  • b053702 Chore: Bump mypy from 2.1.0 to 2.2.0
  • 0be7d15 Chore: Bump astral-sh/setup-uv from 8.3.0 to 8.3.2
  • 6d3b65f Chore: Bump step-security/harden-runner from 2.19.4 to 2.20.0
  • Additional commits viewable in compare view

Updates actions/setup-java from 5.5.0 to 5.6.0

Release notes

Sourced from actions/setup-java's releases.

v5.6.0

What's Changed

Full Changelog: actions/setup-java@v5...v5.6.0

Commits
  • 03ad4de Backport #1097/#1098: cache Maven and Gradle wrapper distributions separately...
  • d229d2e Backport #1111: Preserve Maven toolchains across repeated setup-java runs (#1...
  • bbf0f69 dist: Cover Tencent Kona JDK 25 (#1110)
  • 513edc4 feat: expose cache-primary-key output (#597) [v5 backport] (#1089)
  • 62df799 Add Maven compiler problem matcher for javac diagnostics (#1087)
  • 176156a chore: bump version to 5.6.0 for v5 release line
  • bf7b8de build: rebuild dist for backported changes (#1079, #1083, #1084)
  • 0173e6d Infer distribution from asdf .tool-versions vendor prefix (#1084)
  • f45cd82 Rename jdkFile input to jdk-file with deprecated alias (#1083)
  • e2863ad Map Zulu x86 architecture to i686 for Azul Metadata API (#1079)
  • Additional commits viewable in compare view

Updates lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml from 0.7.4 to 0.8.0

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml's releases.

v0.8.0

Downloads for this release

✨ New Features ✨

🔧 Maintenance 🔧

  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.7.3 to 0.7.4 @dependabot[bot] (#782)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.7.3 to 0.7.4 @dependabot[bot] (#781)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.3 to 0.7.4 @dependabot[bot] (#784)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.7.3 to 0.7.4 @dependabot[bot] (#786)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.7.3 to 0.7.4 @dependabot[bot] (#787)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.7.3 to 0.7.4 @dependabot[bot] (#783)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.7.3 to 0.7.4 @dependabot[bot] (#785)
  • Chore: Bump lfreleng-actions/credential-load-action from 2.0.0 to 2.0.1 @dependabot[bot] (#788)
  • Chore: Bump lfreleng-actions/credential-load-action from 2.0.1 to 2.0.2 @dependabot[bot] (#790)
  • Chore: pre-commit linting updates @pre-commit-ci[bot] (#789)

Links

Commits
  • 4901953 Merge pull request #791 from modeseven-lfit/feat/composed-go-sonar-cloud
  • 9145370 Feat: Add Gerrit-aware Go SonarQube workflow
  • b64bdf6 Merge pull request #789 from lfit/pre-commit-ci-update-config
  • f227e25 Merge pull request #790 from lfit/dependabot/github_actions/lfreleng-actions/...
  • a51e983 Chore: Bump lfreleng-actions/credential-load-action from 2.0.1 to 2.0.2
  • aa82169 Chore: pre-commit linting updates
  • 039c285 Merge pull request #788 from lfit/dependabot/github_actions/lfreleng-actions/...
  • 46849b7 Chore: Bump lfreleng-actions/credential-load-action from 2.0.0 to 2.0.1
  • 189457f Merge pull request #785 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • 5d2994c Merge pull request #783 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions-deps group with 3 updates: [lfreleng-actions/github2gerrit-action](https://github.com/lfreleng-actions/github2gerrit-action), [actions/setup-java](https://github.com/actions/setup-java) and [lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml](https://github.com/lfit/releng-reusable-workflows).


Updates `lfreleng-actions/github2gerrit-action` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/lfreleng-actions/github2gerrit-action/releases)
- [Commits](lfreleng-actions/github2gerrit-action@f21a570...9f32f3c)

Updates `actions/setup-java` from 5.5.0 to 5.6.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@0f481fc...03ad4de)

Updates `lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml` from 0.7.4 to 0.8.0
- [Release notes](https://github.com/lfit/releng-reusable-workflows/releases)
- [Commits](lfit/releng-reusable-workflows@5fa62e3...4901953)

---
updated-dependencies:
- dependency-name: lfreleng-actions/github2gerrit-action
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: actions/setup-java
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 17, 2026
@github-actions

Copy link
Copy Markdown

PR: #40
Mode: squash
Topic: GH-controller-40
Change-Ids:
I7e6f9dc12b54309b05c8c3dafa7867bb87bbe311
Digest: 5a0422d648d9
GitHub-Hash: 2e463fdd209f4a3e

Note: This metadata is also included in the Gerrit commit message for reconciliation.

@github-actions

Copy link
Copy Markdown

Change raised in Gerrit by GitHub2Gerrit: https://git.opendaylight.org/gerrit/c/controller/+/124018

odl-github pushed a commit that referenced this pull request Jul 17, 2026
Bumps the actions-deps group with 3 updates: [lfreleng-actions/github2gerrit-action](https://github.com/lfreleng-actions/github2gerrit-action), [actions/setup-java](https://github.com/actions/setup-java) and [lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml](https://github.com/lfit/releng-reusable-workflows).
Updates `lfreleng-actions/github2gerrit-action` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/lfreleng-actions/github2gerrit-action/releases)
- [Commits](lfreleng-actions/github2gerrit-action@f21a570...9f32f3c)
Updates `actions/setup-java` from 5.5.0 to 5.6.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@0f481fc...03ad4de)
Updates `lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml` from 0.7.4 to 0.8.0
- [Release notes](https://github.com/lfit/releng-reusable-workflows/releases)
- [Commits](lfit/releng-reusable-workflows@5fa62e3...4901953)

Signed-off-by: dependabot[bot] <support@github.com>
Change-Id: I7e6f9dc12b54309b05c8c3dafa7867bb87bbe311
GitHub-PR: #40
GitHub-Hash: 2e463fdd209f4a3e
Signed-off-by: gh2gerrit <releng+odl-gh2gerrit@linuxfoundation.org>
@github-actions

Copy link
Copy Markdown

Automated PR Closure

This pull request has been automatically closed by GitHub2Gerrit.

The corresponding Gerrit change has been accepted and merged ✅

The changes from this PR are now part of the main codebase in Gerrit.


This is an automated action performed by the GitHub2Gerrit tool.

@github-actions github-actions Bot closed this Jul 17, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot
dependabot Bot deleted the dependabot/github_actions/actions-deps-1a0e9e7afd branch July 17, 2026 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Development

Successfully merging this pull request may close these issues.

0 participants