Skip to content

ci(deps): bump gradle/actions from 5.0.1 to 6.1.0 in the github-actions group across 1 directory#95

Merged
MykhailoRyzhman merged 1 commit into
developmentfrom
dependabot/github_actions/github-actions-74bc40b237
Jun 4, 2026
Merged

ci(deps): bump gradle/actions from 5.0.1 to 6.1.0 in the github-actions group across 1 directory#95
MykhailoRyzhman merged 1 commit into
developmentfrom
dependabot/github_actions/github-actions-74bc40b237

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 1 update in the / directory: gradle/actions.

Updates gradle/actions from 5.0.1 to 6.1.0

Release notes

Sourced from gradle/actions's releases.

v6.1.0

New: Basic Cache Provider

A new MIT-licensed Basic Caching provider is now available as an alternative to the proprietary Enhanced Caching provided by gradle-actions-caching. Choose Basic Caching by setting cache-provider: basic on setup-gradle or dependency-submission actions.

  • Built on @actions/cache -- fully open source
  • Caches ~/.gradle/caches and ~/.gradle/wrapper directories
  • Cache key derived from build files (*.gradle*, gradle-wrapper.properties, etc.)
  • Clean cache on build file changes (no restore keys, preventing stale entry accumulation)

Limitations vs Enhanced Caching: No cache cleanup, no deduplication of cached content, cached content is fixed unless build files change.

Revamped Licensing & Distribution Documentation

  • New DISTRIBUTION.md documents the licensing of each component (particularly Basic Caching vs Enhanced Caching)
  • Simplified licensing notices in README, docs, and runtime log output
  • Clear usage tiers: Enhanced Caching is free for public repos and in Free Preview for private repos

What's Changed

Full Changelog: gradle/actions@v6.0.1...v6.1.0

v6.0.1

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

[!IMPORTANT]

... (truncated)

Commits
  • 50e97c2 Link to docs for caching providers
  • f2e6298 Restructure caching documentation for basic and enhanced providers (#934)
  • b294b1e Really fix integ-test-full
  • 83d3189 Revise license details for gradle-actions-caching
  • 1d5db06 Update license link for gradle-actions-caching component
  • 1c80961 Fix license link for Enhanced Caching component
  • 9e99920 Fix integ-test-full workflow
  • bb8aaaf Fix workflow permissions
  • f5dfb43 [bot] Update dist directory
  • ff9ae24 Add open-source 'basic' cache provider and revamp licensing documentation (#930)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 1 update in the / directory: [gradle/actions](https://github.com/gradle/actions).


Updates `gradle/actions` from 5.0.1 to 6.1.0
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@v5.0.1...50e97c2)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependencies update github_actions Pull requests that update GitHub Actions code labels Jun 4, 2026
@dependabot dependabot Bot requested a review from MykhailoRyzhman as a code owner June 4, 2026 17:22
@dependabot dependabot Bot added dependencies Dependencies update github_actions Pull requests that update GitHub Actions code labels Jun 4, 2026
@statgpt-actions

Copy link
Copy Markdown
Collaborator

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/release.yml

PackageVersionLicenseIssue Type
gradle/actions/dependency-submission50e97c2cd7a37755bbfafc9c5b7cafaece252f6eNullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/gradle/actions/dependency-submission 50e97c2cd7a37755bbfafc9c5b7cafaece252f6e 🟢 6.9
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/25 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts⚠️ 2binaries present in source code
Vulnerabilities🟢 73 existing vulnerabilities detected
License🟢 9license file detected
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
CI-Tests🟢 108 out of 8 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 7 contributing companies or organizations

Scanned Files

  • .github/workflows/release.yml

@MykhailoRyzhman MykhailoRyzhman merged commit a8e9670 into development Jun 4, 2026
10 checks passed
@MykhailoRyzhman MykhailoRyzhman deleted the dependabot/github_actions/github-actions-74bc40b237 branch June 4, 2026 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependencies update github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants