Bump gradle/actions from 5 to 6 #3

New Issue

MrUnknownDE · 2026-04-05T17:53:27+02:00

MrUnknownDE commented

2026-04-05 17:53:27 +02:00

Originally created by @dependabot[bot] on 3/30/2026

Bumps gradle/actions from 5 to 6.

Release notes

Sourced from gradle/actions's releases.

v6.0.0

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.

Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.

Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

Bump the npm-dependencies group in /sources with 2 updates by @dependabot[bot] in gradle/actions#866

Update known wrapper checksums by @github-actions[bot] in gradle/actions#868

Dependency updates by @bigdaz in gradle/actions#876

Update known wrapper checksums by @github-actions[bot] in gradle/actions#878

Bump @types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @dependabot[bot] in gradle/actions#877

Bump the github-actions group across 3 directories with 3 updates by @dependabot[bot] in gradle/actions#867

Update known wrapper checksums by @github-actions[bot] in gradle/actions#881

Bump the npm-dependencies group in /sources with 6 updates by @dependabot[bot] in gradle/actions#879

Bump the github-actions group across 3 directories with 5 updates by @dependabot[bot] in gradle/actions#880

Remove configuration-cache support by @bigdaz in gradle/actions#884

Extract caching logic into a separate gradle-actions-caching component by @bigdaz in gradle/actions#885

Update gradle-actions-caching library to v0.3.0 by @bot-githubaction in gradle/actions#899

Avoid windows shutdown bug by @bigdaz in gradle/actions#900

Dependency updates by @bigdaz in gradle/actions#905

Fix critical and high npm vulnerabilities by @bigdaz in gradle/actions#904

Fix rendering of job-disabled message by @bigdaz in gradle/actions#909

Full Changelog: https://github.com/gradle/actions/compare/v5.0.2...v6.0.0

v5.0.2

Summary

This release contains no functional changes. It updates dependencies and known Gradle wrapper checksums.

What's Changed

Update dependencies by @bigdaz in gradle/actions#851

... (truncated)

Commits

39e147c [bot] Update dist directory
14ac3d6 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to...
81fec7a Mention explicit license acceptance in notice (#912)
4ac5b01 [bot] Update dist directory
f64284c Mute license warning when terms are accepted (#911)
c2457a7 Update tagging instructions for release
8205114 Update Gradle version compatibility information
6710000 Add typing information for use by typesafegithub (#910)
3d0e2a8 Pin version for github actions
f663ed9 Ignore internal action files for type validation
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

*Originally created by @dependabot[bot] on 3/30/2026* Bumps [gradle/actions](https://github.com/gradle/actions) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <blockquote> <p>[!IMPORTANT] The release of <code>gradle/actions@v6</code> contains important changes to the license terms. More details in <a href="https://blog.gradle.org/github-actions-for-gradle-v6">this blog post</a>. <strong>TL;DR</strong>: By upgrading to v6, you accept the <a href="https://gradle.com/legal/terms-of-use/">Terms of Use</a> for the <code>gradle-actions-caching</code> component.</p> </blockquote> <h2>Summary</h2> <ul> <li>Caching functionality of 'gradle-actions' has been extracted into a separate <code>gradle-actions-caching</code> library, and is no longer open-source. See <a href="https://blog.gradle.org/github-actions-for-gradle-v6">this blog post</a> for more context.</li> <li>Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in <code>gradle-actions-caching</code>.</li> <li>Dependencies updated to address security vulnerabilities</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <h4>Licensing notice</h4> <p>The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at <a href="https://gradle.com/legal/terms-of-use/">https://gradle.com/legal/terms-of-use/</a>.</p> <p>The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.</p> <p>Use of the `gradle-actions-caching` component is subject to a separate license, available at <a href="https://gradle.com/legal/terms-of-use/">https://gradle.com/legal/terms-of-use/</a>. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.</p> </blockquote> <h2>What's Changed</h2> <ul> <li>Bump the npm-dependencies group in /sources with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/866">gradle/actions#866</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/868">gradle/actions#868</a></li> <li>Dependency updates by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/876">gradle/actions#876</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/878">gradle/actions#878</a></li> <li>Bump <code>@types/node</code> from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/877">gradle/actions#877</a></li> <li>Bump the github-actions group across 3 directories with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/867">gradle/actions#867</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/881">gradle/actions#881</a></li> <li>Bump the npm-dependencies group in /sources with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/879">gradle/actions#879</a></li> <li>Bump the github-actions group across 3 directories with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/gradle/actions/pull/880">gradle/actions#880</a></li> <li>Remove configuration-cache support by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/884">gradle/actions#884</a></li> <li>Extract caching logic into a separate <code>gradle-actions-caching</code> component by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/885">gradle/actions#885</a></li> <li>Update gradle-actions-caching library to v0.3.0 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/899">gradle/actions#899</a></li> <li>Avoid windows shutdown bug by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/900">gradle/actions#900</a></li> <li>Dependency updates by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/905">gradle/actions#905</a></li> <li>Fix critical and high npm vulnerabilities by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/904">gradle/actions#904</a></li> <li>Fix rendering of job-disabled message by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/909">gradle/actions#909</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v5.0.2...v6.0.0">https://github.com/gradle/actions/compare/v5.0.2...v6.0.0</a></p> <h2>v5.0.2</h2> <h2>Summary</h2> <p>This release contains no functional changes. It updates dependencies and known Gradle wrapper checksums.</p> <h2>What's Changed</h2> <ul> <li>Update dependencies by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/851">gradle/actions#851</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f"><code>39e147c</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/14ac3d6351602bece7e0af25de31edb909e02e87"><code>14ac3d6</code></a> Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to...</li> <li><a href="https://github.com/gradle/actions/commit/81fec7a823e3abd8459222ff970e1c73fa64a6c0"><code>81fec7a</code></a> Mention explicit license acceptance in notice (<a href="https://redirect.github.com/gradle/actions/issues/912">#912</a>)</li> <li><a href="https://github.com/gradle/actions/commit/4ac5b012eaee72771cbc607a83a6172c335772f8"><code>4ac5b01</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/f64284c3331bad8afabcab31a8de532d8d509341"><code>f64284c</code></a> Mute license warning when terms are accepted (<a href="https://redirect.github.com/gradle/actions/issues/911">#911</a>)</li> <li><a href="https://github.com/gradle/actions/commit/c2457a7fb283d2bfe1c94ac0c360c27a79bcffd4"><code>c2457a7</code></a> Update tagging instructions for release</li> <li><a href="https://github.com/gradle/actions/commit/82051144474b723e63a98f67b5e04e4e714f0ab1"><code>8205114</code></a> Update Gradle version compatibility information</li> <li><a href="https://github.com/gradle/actions/commit/6710000013efea00802ecf636afd397941ccbfc5"><code>6710000</code></a> Add typing information for use by typesafegithub (<a href="https://redirect.github.com/gradle/actions/issues/910">#910</a>)</li> <li><a href="https://github.com/gradle/actions/commit/3d0e2a88dadc8577c2e0616f03a95b9b60f3410b"><code>3d0e2a8</code></a> Pin version for github actions</li> <li><a href="https://github.com/gradle/actions/commit/f663ed9f3df12f3ffa85c5933a22d9ed4089c04e"><code>f663ed9</code></a> Ignore internal action files for type validation</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/actions&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

MrUnknownDE added the github_actions dependencies Area: Continuous Integration Area: Continuous Integration labels 2026-04-05 17:53:27 +02:00

Sign in to join this conversation.

Branches Tags

main

aed/grammar-police

battery-0

bscotch/server-rewrite-temp

hannah/steam

pontoon

hannah/keybinds

server-rewrite

bscotch/accel-mount

dependabot/github_actions/gradle/actions-6

dependabot/github_actions/pnpm/action-setup-5

dependabot/github_actions/actions/upload-artifact-7

dependabot/github_actions/actions/download-artifact-8

FloorClipSteamLinkInteractionFix

sapphire/trim-vrm-json

llelievr/trackers-udp-tests

sapphire/linux-bridge-kotlin

sapphire/linux-vrchat-compatdata-path

smol-sleep-state

sapphire/stay-aligned-setup-no-step-skip

sapphire/steamvr-hands-warning

sapphire/proportions-import-skeleton-request

sapphire/bone-mask-update

llelievr/settings-profiles

bscotch/proguard

bscotch/bvh-fix

mitten

bscotch/reset-proof-tests

hannah/install-from-server

smol-buttons

TheButlah-patch-1

sapphire/update-solarxr

sapphire/kotlin-flatbuffers

csv-data-export

feat_flashmode

bscotch/remove-drift-compensation

llelievr/kotlin-config

bscotch/fix-osc-duplication

llelievr/keep-battery-value

rest-calibration-support

tracker-graph

fingertracking

update-eslint

tauri-android

hide-new-resets

height-config

snap-serial

feat/new-updater

support-inches

vrc-fix-ik-key

llelievr/3dmodel-preview

accel-mapping-fixes

llelievr/manual-proportions-rework

llelievr/put-automatic-steamvr-tracker-assigment-first

llelievr/remove-manual-mounting-onboarding

onboarding-usage-step

oldflex

motion-compensation

kotlin-warnings-fix

accessories

tpose

foxvr

No Label Area: Continuous Integration Area: Continuous Integration dependencies github_actions

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/SlimeVR-Server#3