chore(deps): update github-actions non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/create-github-app-token	action	patch	v2.0.2 -> v2.0.6
actions/setup-java	action	patch	v4.7.0 -> v4.7.1
crazy-max/ghaction-github-labeler	action	minor	v5.2.0 -> v5.3.0
dependabot/fetch-metadata	action	minor	v2.3.0 -> v2.4.0
gradle/actions	action	minor	v4.3.0 -> v4.4.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v2.0.6

Compare Source

Bug Fixes

• replace - with _ (#​246) (3336784)

v2.0.5

Compare Source

Bug Fixes

• deps: bump the production-dependencies group with 3 updates (#​240) (d64d7d7)

v2.0.4

Compare Source

Bug Fixes

• permission input handling (#​243) (2950cbc)

v2.0.3

Compare Source

Bug Fixes

• README: use v2 in examples (#​234) (9ba274d), closes #​232
• use core.getBooleanInput() to retrieve boolean input values (#​223) (c3c17c7)

actions/setup-java (actions/setup-java)

v4.7.1

Compare Source

What's Changed

Documentation changes

• Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Align with GFTC License Terms by @​aparnajyothi-y in https://github.com/actions/setup-java/pull/704
• Remove duplicated GraalVM section in documentation by @​Marcono1234 in https://github.com/actions/setup-java/pull/716

Dependency updates:

• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in https://github.com/actions/setup-java/pull/766
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in https://github.com/actions/setup-java/pull/744
• Upgrade ts-jest from 29.1.2 to 29.2.5 by @​dependabot in https://github.com/actions/setup-java/pull/743
• Upgrade @​action/cache to 4.0.3 by @​aparnajyothi-y in https://github.com/actions/setup-java/pull/773

Full Changelog: actions/setup-java@v4...v4.7.1

crazy-max/ghaction-github-labeler (crazy-max/ghaction-github-labeler)

v5.3.0

Compare Source

• Bump @​octokit/plugin-paginate-rest from 9.2.1 to 9.2.2 in https://github.com/crazy-max/ghaction-github-labeler/pull/229
• Bump @​octokit/request from 8.4.0 to 8.4.1 in https://github.com/crazy-max/ghaction-github-labeler/pull/232
• Bump @​octokit/request-error from 5.1.0 to 5.1.1 in https://github.com/crazy-max/ghaction-github-labeler/pull/228

Full Changelog: crazy-max/ghaction-github-labeler@v5.2.0...v5.3.0

dependabot/fetch-metadata (dependabot/fetch-metadata)

v2.4.0

Compare Source

What's Changed

• Bump actions/create-github-app-token from 1.11.0 to 1.11.3 by @​dependabot in https://github.com/dependabot/fetch-metadata/pull/598
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in https://github.com/dependabot/fetch-metadata/pull/578
• Add missing @octokit/request-error to package.json by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/605
• Bump to ESLint 9 by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/606
• Stop using a node16 devcontainer image by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/608
• Make typescript compile to "es2022" by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/609
• Bump the dev-dependencies group across 1 directory with 8 updates by @​dependabot in https://github.com/dependabot/fetch-metadata/pull/607
• Tidy up examples slightly by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/611
• Fixup some anchor tags that weren't deeplinking by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/614
• Remove unnecessary hardcoding of ref by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/617
• Bump actions/create-github-app-token from 1.11.3 to 2.0.2 by @​dependabot in https://github.com/dependabot/fetch-metadata/pull/616
• Enable caching of npm install/npm ci for setup-node action by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/618
• Add workflow to publish new version of immutable action on every release by @​jeffwidman in https://github.com/dependabot/fetch-metadata/pull/623
• Bump actions/create-github-app-token from 2.0.2 to 2.0.6 by @​dependabot in https://github.com/dependabot/fetch-metadata/pull/621
• v2.4.0 by @​fetch-metadata-action-automation in https://github.com/dependabot/fetch-metadata/pull/594

Full Changelog: dependabot/fetch-metadata@v2...v2.4.0

gradle/actions (gradle/actions)

v4.4.0

Compare Source

This release updates 2 downstream components:

• Develocity injection has been updated to v2.0
  • Some environment variables related to Develocity injection have been renamed. All vars now being with DEVELOCITY_INJECTION_. Check the docs for more details.
• Dependency-graph plugin has been updated to v1.4.0
  • The 'detector' values included in the generated graph can now be configured via environment variables.

What's Changed

• Update develocity-injection init script to v1.3 by @​bot-githubaction in https://github.com/gradle/actions/pull/592
• Update develocity-injection init script to v2.0 by @​bot-githubaction in https://github.com/gradle/actions/pull/593
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in https://github.com/gradle/actions/pull/597
• Use v1.4.0 of dependency graph plugin by @​bigdaz in https://github.com/gradle/actions/pull/638

New Contributors

• @​step-security-bot made their first contribution in https://github.com/gradle/actions/pull/597

Full Changelog: gradle/actions@v4.3.1...v4.4.0

v4.3.1

Compare Source

This release fixes a couple of minor issues, as well as keeping dependencies up to date.

Fixed issues

• The develocity-allow-untrusted-server parameter should be honoured when fetching short-lived access tokens #​583
• Build summary may incorrectly report build success #​415

What's Changed

• Update develocity-injection init script to v1.1.1 by @​bot-githubaction in https://github.com/gradle/actions/pull/545
• Bump the github-actions group across 2 directories with 3 updates by @​dependabot in https://github.com/gradle/actions/pull/547
• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/548
• Update develocity-injection init script to v1.2 by @​bot-githubaction in https://github.com/gradle/actions/pull/550
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/552
• Bump the npm-dependencies group across 1 directory with 5 updates by @​dependabot in https://github.com/gradle/actions/pull/558
• Update known wrapper checksums by @​github-actions in https://github.com/gradle/actions/pull/560
• Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by @​bot-githubaction in https://github.com/gradle/actions/pull/561
• Catch more build failures in job summary by @​bigdaz in https://github.com/gradle/actions/pull/571
• Scope captured build failures by @​erichaagdev in https://github.com/gradle/actions/pull/574
• Ignore SSL certificate validation when fetching Develocity short-lived access token if develocity-allow-untrusted-server is enabled by @​remcomokveld in https://github.com/gradle/actions/pull/575
• Dependency updates by @​bigdaz in https://github.com/gradle/actions/pull/579
• Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @​dependabot in https://github.com/gradle/actions/pull/580
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/582

New Contributors

• @​erichaagdev made their first contribution in https://github.com/gradle/actions/pull/574
• @​remcomokveld made their first contribution in https://github.com/gradle/actions/pull/575

Full Changelog: gradle/actions@v4.3.0...v4.3.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.