Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/cache	action	minor	v3.0.5 → v3.5.0
actions/checkout	action	minor	v4.1.7 → v4.3.1
actions/setup-java	action	minor	v4.2.1 → v4.8.0
github/codeql-action	action	minor	v3.25.13 → v3.32.6
gradle (source)		minor	8.0.2 → 8.14.4
gradle/wrapper-validation-action	action	patch	v2.1.1 → v2.1.3
org.projectlombok:lombok (source)	dependencies	patch	1.18.24 → 1.18.42
dev.minco:java-transformer	dependencies	patch	1.10.49 → 1.10.59
org.ow2.asm:asm (source)	dependencies	minor	9.3 → 9.9.1
org.jetbrains:annotations	dependencies	minor	23.0.0 → 23.1.0
io.github.classgraph:classgraph	dependencies	patch	4.8.149 → 4.8.184
dev.minco.gradle.defaults-plugin	plugin	patch	0.2.61 → 0.2.81
org.shipkit.shipkit-github-release	plugin	patch	1.2.0 → 1.2.3
org.shipkit.shipkit-changelog	plugin	patch	1.2.0 → 1.2.3
org.shipkit.shipkit-auto-version	plugin	patch	1.2.1 → 1.2.2
org.spockframework:spock-bom (source)	dependencies	minor	2.1-groovy-3.0 → 2.4-groovy-5.0

---

Release Notes

actions/cache (actions/cache)

v3.5.0

Compare Source

• Bump actions/cache to v4.1.0

Full Changelog: actions/cache@v3...v3.5.0

v3.4.3

Compare Source

What's Changed

• Bump @​actions/cache to v4.0.2 by @​robherley

Full Changelog: actions/cache@v3.4.2...v3.4.3

v3.4.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v3.4.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.1 by @​robherley in #​1554

Full Changelog: actions/cache@v3.4.0...v3.4.2

v3.4.1

Compare Source

[!WARNING]
This version was incorrectly released using a SHA pointing to a newer version for immutable actions only. Please use v3.4.2 (or v3) instead.

v3.4.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

• @​actions/core: 1.11.1
• @​actions/io: 1.1.3
• @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v3.3.3...v3.4.0

v3.3.3

Compare Source

What's Changed

• Cache v3.3.3 by @​robherley in #​1302

New Contributors

• @​robherley made their first contribution in #​1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

Compare Source

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in #​1133
• Readme fixes by @​kotewar in #​1134
• Updated description of the lookup-only input for main action by @​kotewar in #​1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in #​1131
• Update Cross-OS Caching tips by @​pdotl in #​1122
• Bazel example (Take #​2️⃣) by @​vorburger in #​1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in #​1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in #​1217
• Bump action version to 3.3.2 by @​bethanyj28 in #​1236

New Contributors

• @​vorburger made their first contribution in #​1132
• @​jorendorff made their first contribution in #​1187
• @​chkimes made their first contribution in #​1217
• @​bethanyj28 made their first contribution in #​1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

Compare Source

What's Changed

• Reduced download segment size to 128 MB and timeout to 10 minutes by @​kotewar in #​1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

Compare Source

What's Changed

• Bug: Permission is missing in cache delete example by @​kotokaze in #​1123
• Add lookup-only option by @​cdce8p in #​1041

New Contributors

• @​kotokaze made their first contribution in #​1123

Full Changelog: actions/cache@v3...v3.3.0

v3.2.6

Compare Source

What's Changed

• Updated branch in Force deletion of caches by @​t-dedah in #​1108
• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners by @​pdotl in #​1118

Full Changelog: actions/cache@v3...v3.2.6

v3.2.5

Compare Source

What's Changed

• Rewrite readmes by @​jsoref in #​1085
• Fixed typos and formatting in docs by @​kotewar in #​1076
• Fixing paths for OSes by @​kotewar in #​1101
• Release patch version update by @​Phantsure in #​1105

New Contributors

• @​jsoref made their first contribution in #​1085

Full Changelog: actions/cache@v3...v3.2.5

v3.2.4

Compare Source

What's Changed

• Update json5 package version by @​vsvipul in #​1065
• Cache recipes for cache, restore and save actions by @​kotewar in #​1055
• Add gnu tar and zstd as pre-requisites for windows self-hosted runners by @​pdotl in #​1068
• Fix a whitespace typo by @​kurtmckee in #​1074
• 📝 #​1045 update using the set-output command is deprecated by @​siguikesse in #​1046
• Fix referenced output key in save action readme by @​ruudk in #​1061
• Update workflows to use reusable-workflows by @​jongwooo in #​1066
• Introduce add-to-project step & rename workflow files by @​pallavx in #​1077
• chore: Fix syntax error typo by @​vHeemstra in #​1081
• Update caching-strategies.md by @​kpfleming in #​1084
• Added another usage hint to foresee #​1072 by @​maybeec in #​1089
• Add fail-on-cache-miss option by @​cdce8p in #​1036

New Contributors

• @​kurtmckee made their first contribution in #​1074
• @​siguikesse made their first contribution in #​1046
• @​ruudk made their first contribution in #​1061
• @​pallavx made their first contribution in #​1077
• @​vHeemstra made their first contribution in #​1081
• @​kpfleming made their first contribution in #​1084
• @​maybeec made their first contribution in #​1089
• @​cdce8p made their first contribution in #​1036

Full Changelog: actions/cache@v3...v3.2.4

v3.2.3

Compare Source

What's Changed

• Add Mint example by @​uhooi in #​1051
• Fixed broken link by @​kotewar in #​1057
• Add support to opt-in enable cross-os caching on windows by @​Phantsure in #​1056
• Release support for cross-os caching as opt-in feature by @​Phantsure in #​1060

New Contributors

• @​uhooi made their first contribution in #​1051

Full Changelog: actions/cache@v3...v3.2.3

v3.2.2

Compare Source

What's Changed

• Fix formatting error in restore/README.md by @​me-and in #​1044
• save/README.md: Fix typo in example by @​mmuetzel in #​1040
• README.md: remove outdated Windows cache tip link by @​me-and in #​1042
• Revert compression changes related to windows but keep version logging by @​Phantsure in #​1049

New Contributors

• @​me-and made their first contribution in #​1044
• @​mmuetzel made their first contribution in #​1040

Full Changelog: actions/cache@v3.2.1...v3.2.2

v3.2.1

Compare Source

What's Changed

• Release compression related changes for windows by @​Phantsure in #​1039
• Upgrade codeql to v2 by @​Phantsure in #​1023

Full Changelog: actions/cache@v3.2.0...v3.2.1

v3.2.0

Compare Source

What's Changed

• fix wrong timeout env var key in README.md by @​walterddr in #​959
• Updated release doc with correct env variable by @​kotewar in #​960
• Create pull_request_template.md by @​pdotl in #​963
• Update README with clearer info about cache-hit and its value by @​kotewar in #​961
• Change datadog/squid to Ubuntu/squid in CI check by @​bishal-pdMSFT in #​976
• Add more details to version section in readme by @​bishal-pdMSFT in #​971
• Update hashFiles documentation reference by @​asaf400 in #​979
• Updated link for cache segment download info by @​kotewar in #​986
• Readme update for deleting caches by @​t-dedah in #​981
• Add oncall logic to assign issues and PRs by @​vsvipul in #​997
• Bump minimatch from 3.0.4 to 3.1.2 by @​dependabot in #​998
• Revert "Bump minimatch from 3.0.4 to 3.1.2" by @​vsvipul in #​1005
• Fix npm vulnerability by @​Phantsure in #​1007
• refactor: Use early return pattern to avoid nested conditions by @​jongwooo in #​1013
• Use cache in check-dist.yml by @​jongwooo in #​1004
• chore: Use built-in cache action to cache dependencies by @​jongwooo in #​1014
• Updated node example by @​t-dedah in #​1008
• Fix: Node npm doc example by @​apascualm in #​1026
• docs: fix an invalid link in workarounds.md by @​teatimeguest in #​929
• General Availability release for granular cache by @​kotewar in #​1035 More details here on beta release.

New Contributors

• @​walterddr made their first contribution in #​959
• @​asaf400 made their first contribution in #​979
• @​jongwooo made their first contribution in #​1013
• @​apascualm made their first contribution in #​1026
• @​teatimeguest made their first contribution in #​929

Full Changelog: actions/cache@v3...v3.2.0

v3.0.11

Compare Source

What's Changed

• Call out cache not saved on hit by @​Phantsure in #​946
• Update @​actions/core to 1.10.0 by @​rentziass in #​950
• Update cache to use @​actions/core@​^1.10.0 by @​pdotl in #​956

New Contributors

• @​rentziass made their first contribution in #​950

Full Changelog: actions/cache@v3...v3.0.11

v3.0.10

Compare Source

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

v3.0.9

Compare Source

• Enhanced the warning message for cache unavailability in case of GHES.

v3.0.8

Compare Source

What's Changed

• Fix zstd not working for windows on gnu tar in issues.
• Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.

v3.0.7

Compare Source

What's Changed

• Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out.

v3.0.6

Compare Source

What's Changed

• Add example for clojure lein project dependencies by @​shivamarora1 in PR #​835
• Update toolkit's cache npm module to latest. Bump cache version to v3.0.6 by @​pdotl in PR #​887
• Fix issue #​809 where cache save/restore was failing for Amazon Linux 2 runners due to older tar version
• Fix issue #​833 where cache save was not working for caching github workspace directory

New Contributors

• @​shivamarora1 made their first contribution in #​835
• @​pdotl made their first contribution in #​887

Full Changelog: actions/cache@v3...v3.0.6

actions/checkout (actions/checkout)

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

actions/setup-java (actions/setup-java)

v4.8.0

Compare Source

What's Changed

• License and Audit Fixes by @​HarithaVattikuti in #​960
• Update SapMachine URLs by @​RealCLanger in #​965

Full Changelog: actions/setup-java@v4...v4.8.0

v4.7.1

Compare Source

What's Changed

Documentation changes

• Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Align with GFTC License Terms by @​aparnajyothi-y in #​704
• Remove duplicated GraalVM section in documentation by @​Marcono1234 in #​716

Dependency updates:

• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in #​766
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in #​744
• Upgrade ts-jest from 29.1.2 to 29.2.5 by @​dependabot in #​743
• Upgrade @​action/cache to 4.0.3 by @​aparnajyothi-y in #​773

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

Compare Source

What's Changed

• Configure Dependabot settings by @​HarithaVattikuti in #​722
• README Update: Added a permissions section by @​benwells in #​723
• Upgrade cache from version 3.2.4 to 4.0.0 by @​aparnajyothi-y in #​724
• Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @​dependabot in #​728
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in #​727
• Upgrade @types/jest from 29.5.12 to 29.5.14 by @​dependabot in #​729

New Contributors

• @​benwells made their first contribution in #​723

Full Changelog: actions/setup-java@v4...v4.7.0

v4.6.0

Compare Source

What's Changed

Add-ons:

• Add Support for JetBrains Runtime by @​gmitch215 in #​637

 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: ‘jetbrains’
     java-version: '21'

Bug fixes:

• Fix Ubuntu-latest CI failures by @​mahabaleshwars in #​693

New Contributors

• @​gmitch215 made their first contribution in #​637

Full Changelog: actions/setup-java@v4...v4.6.0

v4.5.0

Compare Source

What's Changed

• Upgrade IA Publish by @​Jcambass in #​686

Bug fixes:

• Improve archive extraction on windows runners without powershell core and Update micromatch dependency by @​priyagupta108 in #​689
• Update workflows for GraalVM and Version Enhancements by @​mahabaleshwars in #​699
• Refine isGhes logic by @​jww3 in #​697

New Contributors:

• @​priyagupta108 made their first contribution in #​689
• @​jww3 made their first contribution in #​697

Full Changelog: actions/setup-java@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

Add-ons :

• Add support for Oracle GraalVM by @​fniephaus in #​501

steps:
 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: 'graalvm'
     java-version: '21'

• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​684

Bug fixes :

• Add architecture to cache key by @​Zxilly in #​664
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Resolve check failures by @​aparnajyothi-y in #​687

New Contributors

• @​Jcambass made their first contribution in #​684
• @​Zxilly made their first contribution in #​664

Full Changelog: actions/setup-java@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

• Add support for SapMachine JDK/JRE by @​Shegox in #​614

steps:
 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: 'sapmachine'
     java-version: '21'

Bug fixes :

• Fix typos on Corretto by @​johnshajiang in #​666
• IBM Semeru Enhancement on arm64 by @​mahabaleshwars in #​677
• Resolve Basic Validation Check Failures by @​aparnajyothi-y
 in #​682

New Contributors :

• @​johnshajiang made their first contribution in #​666
• @​Shegox made their first contribution in #​614

Full Changelog: actions/setup-java@v4...v4.3.0

v4.2.2

Compare Source

What's Changed



Bug fixes:

• Fix macos latest check failures by @​HarithaVattikuti in #​634
• Fix dragonwell distribution parsing issues by @​Accelerator1996 in #​643

Documentation changes

• Update advanced documentation for java-version-file by @​mahabaleshwars in #​622

Dependency updates:

• Bump undici from 5.28.3 to 5.28.4 and other dependency updates by @​dependabot in #​616

Full Changelog: actions/setup-java@v4...v4.2.2

github/codeql-action (github/codeql-action)

v3.32.6

Compare Source

v3.32.5

Compare Source

• Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #​3507
• Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #​3487
• The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #​3515
• Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #​3516
• Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #​3498
• Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #​3512
• The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #​3503, #​3504

v3.32.4

Compare Source

• Update default CodeQL bundle version to 2.24.2. #​3493
• Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #​3473
• When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #​3486
• Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #​3485
• Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #​3484

v3.32.3

Compare Source

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #​3466

v3.32.2

Compare Source

• Update default CodeQL bundle version to 2.24.1. #​3460

v3.32.1

Compare Source

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #​3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #​3421

v3.32.0

Compare Source

• Update default CodeQL bundle version to 2.24.0. #​3425

v3.31.11

Compare Source

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #​3409
• Improved error handling throughout the CodeQL Action. #​3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #​3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #​3403

v3.31.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #​3393

See the full CHANGELOG.md for more information.

v3.31.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.