[deps]: Update gradle/actions action to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
gradle/actions	action	major	v4.3.0 -> v5.0.0

---

Release Notes

gradle/actions (gradle/actions)

v5.0.0

Compare Source

What's Changed

Breaking Changes

• Upgrade to node 24 by @​amyu in #​721

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency upgrades

• Bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in #​748

Full Changelog: gradle/actions@v4...v5.0.0

v4.4.4

Compare Source

What's Changed

• Bump the github-actions group across 2 directories with 3 updates by @​dependabot[bot] in #​726
• Regenerating package lock by @​cdsap in #​729
• Update known wrapper checksums by @​github-actions[bot] in #​730
• Bump the github-actions group across 1 directory with 3 updates by @​dependabot[bot] in #​735
• Bump the gradle group across 3 directories with 1 update by @​dependabot[bot] in #​734
• Bump the npm-dependencies group in /sources with 4 updates by @​dependabot[bot] in #​733
• Bump references to Develocity Gradle plugin from 4.1.1 to 4.2 by @​bot-githubaction in #​736
• Handle gracefully parse errors in checksum file by @​jprinet in #​737
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/kotlin-dsl by @​bot-githubaction in #​742
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/java-toolchain by @​bot-githubaction in #​741
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/groovy-dsl by @​bot-githubaction in #​740
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/gradle-plugin by @​bot-githubaction in #​739
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /sources/test/init-scripts by @​bot-githubaction in #​738
• Update known wrapper checksums by @​github-actions[bot] in #​743
• Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @​dependabot[bot] in #​746
• Bump the npm-dependencies group in /sources with 5 updates by @​dependabot[bot] in #​745

Full Changelog: gradle/actions@v4...v4.4.4

v4.4.3

Compare Source

What's Changed

• Adapt tests to future new Build Scan publication message by @​alextu in #​708
• Add missing Gradle version input to setup-gradle by @​jprinet in #​713
• Bump the github-actions group across 2 directories with 4 updates by @​dependabot[bot] in #​710
• Bump references to Develocity Gradle plugin from 4.1 to 4.1.1 by @​bot-githubaction in #​712
• Update known wrapper checksums by @​github-actions[bot] in #​709
• Bump the npm-dependencies group across 1 directory with 4 updates by @​dependabot[bot] in #​711
• Do not run setup-gradle post action if workflow is cancelled by @​jprinet in #​716
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot[bot] in #​715
• Bump the npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​720
• Bump github/codeql-action from 3.29.11 to 3.30.0 in the github-actions group across 1 directory by @​dependabot[bot] in #​719
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.2 to 2.20.0 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in #​718
• Update known wrapper checksums by @​github-actions[bot] in #​723
• Bump the npm-dependencies group in /sources with 5 updates by @​dependabot[bot] in #​725

Full Changelog: gradle/actions@v4.4.2...v4.4.3

v4.4.2

Compare Source

This patch release updates a bunch of dependency versions

What's Changed

• Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (#​703)
• Bumps the npm-dependencies group in /sources with 4 updates (#​702)
• Upgrade to gradle 9 in workflows and tests (#​704)
• Update known wrapper checksums (#​701)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (#​695)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (#​696)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (#​697)
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (#​693)
• Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (#​691)
• Bump the npm-dependencies group in /sources with 5 updates (#​692)
• Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (#​685)
• Bump the npm-dependencies group across 1 directory with 8 updates (#​684)
• Run Gradle release candidate tests with JDK 17 (#​690)
• Update Develocity npm agent to version 1.0.1 (#​687)
• Update known wrapper checksums (#​688)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (#​683
• Bump the github-actions group across 1 directory with 3 updates (#​675)
• Bump the gradle group across 3 directories with 2 updates (#​674)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (#​679)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (#​682)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (#​681)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (#​680)
• Update known wrapper checksums (#​676)

Full Changelog: gradle/actions@v4.4.1...v4.4.2

v4.4.1

Compare Source

This patch release fixes a bug in Develocity Injection with a custom plugin repository.
The gradle-plugin-repository-* action parameters were not being correctly mapped to environment variables that are read by the Develocity Injection init script.

This issue has been fixed by setting the correct environment variables:

• gradle-plugin-repository-url is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL
• gradle-plugin-repository-username is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME
• gradle-plugin-repository-password is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD

Additionally, these parameters can now be used to configure a custom plugin repository for the GitHub Dependency Graph Gradle Plugin, required for dependency submission.

What's Changed

• Dependency updates by @​bigdaz in #​667
• Fix plugin repository env vars by @​bigdaz in #​669

Full Changelog: gradle/actions@v4.4.0...v4.4.1

v4.4.0

Compare Source

This release updates 2 downstream components:

• Develocity injection has been updated to v2.0
  • Some environment variables related to Develocity injection have been renamed. All vars now being with DEVELOCITY_INJECTION_. Check the docs for more details.
• Dependency-graph plugin has been updated to v1.4.0
  • The 'detector' values included in the generated graph can now be configured via environment variables.

What's Changed

• Update develocity-injection init script to v1.3 by @​bot-githubaction in #​592
• Update develocity-injection init script to v2.0 by @​bot-githubaction in #​593
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in #​597
• Use v1.4.0 of dependency graph plugin by @​bigdaz in #​638

New Contributors

• @​step-security-bot made their first contribution in #​597

Full Changelog: gradle/actions@v4.3.1...v4.4.0

v4.3.1

Compare Source

This release fixes a couple of minor issues, as well as keeping dependencies up to date.

Fixed issues

• The develocity-allow-untrusted-server parameter should be honoured when fetching short-lived access tokens #​583
• Build summary may incorrectly report build success #​415

What's Changed

• Update develocity-injection init script to v1.1.1 by @​bot-githubaction in #​545
• Bump the github-actions group across 2 directories with 3 updates by @​dependabot in #​547
• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot in #​548
• Update develocity-injection init script to v1.2 by @​bot-githubaction in #​550
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot in #​552
• Bump the npm-dependencies group across 1 directory with 5 updates by @​dependabot in #​558
• Update known wrapper checksums by @​github-actions in #​560
• Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by @​bot-githubaction in #​561
• Catch more build failures in job summary by @​bigdaz in #​571
• Scope captured build failures by @​erichaagdev in #​574
• Ignore SSL certificate validation when fetching Develocity short-lived access token if develocity-allow-untrusted-server is enabled by @​remcomokveld in #​575
• Dependency updates by @​bigdaz in #​579
• Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @​dependabot in #​580
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot in #​582

New Contributors

• @​erichaagdev made their first contribution in #​574
• @​remcomokveld made their first contribution in #​575

Full Changelog: gradle/actions@v4.3.0...v4.3.1

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bitwarden-bot]

Internal tracking:

• ID: PM-26881
• Link: https://bitwarden.atlassian.net/browse/PM-26881

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.70%. Comparing base (b033edd) to head (c923802).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #510   +/-   ##
=======================================
  Coverage   79.70%   79.70%           
=======================================
  Files         300      300           
  Lines       32227    32227           
=======================================
  Hits        25686    25686           
  Misses       6541     6541           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 4bf9968b-9d44-4180-8f37-fee7d08c5d8f

Great job! No new security vulnerabilities introduced in this pull request

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud