build(deps): Bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: theupdateframework/tuf-on-ci, actions/setup-node and actions/setup-java.

Updates theupdateframework/tuf-on-ci from 0.18.0 to 0.19.0

Release notes

Sourced from theupdateframework/tuf-on-ci's releases.

v0.19.0

• actions: Removed a dependency on pandoc, making the HTML generation more reliable (#696)
• Dependency updates

Changelog

Sourced from theupdateframework/tuf-on-ci's changelog.

Changelog

Unreleased

v0.19.0

• actions: Removed a dependency on pandoc, making the HTML generation more reliable (#696)
• Dependency updates

v0.18.0

• repo: tuf-on-ci-test-client now sets a user-agent header
• Dependency updates

v0.17.0

Dependency update release.

• This fixes an ongoing issue with the upload-repository action: theupdateframework/tuf-on-ci#629

v0.16.1

This release contains dependency updates and minor improvements in repository side.

v0.16.0

This release contains minor improvements to both repository and signer.

• Verify keyid calculation in signing event (#536)
• Improve error message when Yubikey authentication fails (#528)
• Improve python project metadata (#533)

Updating a repository from 0.15 does not require changes in GitHub workflow files.

v0.15.2

This point release fixes a bug introduced in 0.14.

• Only return open pull requests (PR) when searching for a signing event (#518). In cases where the signers rely on a fork to sign and then create a PR back to the main repository, both PRs will contain the same git commit at tip, and so multiple PRs would be returned, now only open PRs are considered.

Updating from 0.14 does not require any changes GitHub workflow files.

v0.15.1

... (truncated)

Commits

• daa76c3 Prepare new release (#698)
• 6a1457d build(deps-dev): bump the pinned-test-dependencies group across 2 directories...
• 41fa99b build(deps): bump the actions-dependencies group across 7 directories with 3 ...
• 5d7dfb8 repo: Update pinned requirements (#697)
• c101df8 repo/actions: Refactor HTML generation (#696)
• 577680b build(deps): bump pip-tools in /build in the build-dependencies group (#694)
• b6a807f build(deps-dev): bump the pinned-test-dependencies group across 2 directories...
• 6d71d05 build(deps): bump the pinned-test-dependencies group across 3 directories wit...
• 0d0f81f build(deps): bump the pinned-test-dependencies group across 3 directories wit...
• d44bfa5 build(deps): bump tox in /build in the build-dependencies group (#690)
• Additional commits viewable in compare view

Updates actions/setup-node from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-node's releases.

v6.1.0

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in actions/setup-node#1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in actions/setup-node#1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in actions/setup-node#1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in actions/setup-node#1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in actions/setup-node#1419

Full Changelog: actions/setup-node@v6...v6.1.0

Commits

• 395ad32 Bump js-yaml from 3.14.1 to 3.14.2 (#1435)
• a4d2e2b Bump actions/checkout from 5 to 6 (#1439)
• b9b25d4 Remove always-auth configuration handling from action (#1436)
• 633bb92 Bump @​actions/cache from 4.0.3 to 4.1.0 (#1384)
• dda4788 Add example for restore-only cache in documentation (#1419)
• See full diff in compare view

Updates actions/setup-java from 5.0.0 to 5.1.0

Release notes

Sourced from actions/setup-java's releases.

v5.1.0

What's Changed

New Features

• Add support for .sdkmanrc file in java-version-file parameter by @​guicamest in actions/setup-java#736
• Add support for Microsoft OpenJDK 25 builds by @​the-mod in actions/setup-java#927

Bug Fixes & Improvements

• Update Regex to Support All ASDF Versions for the supported distributions in tool-versions File by @​aparnajyothi-y in actions/setup-java#767
• Enhance error logging for network failures to include endpoint/IP details, add retry mechanism and update workflows to use macos-15-intel by @​priya-kinthali in actions/setup-java#946
• Update SapMachine URLs by @​RealCLanger in actions/setup-java#955
• Add GitHub Token Support for GraalVM and Refactor Code by @​mahabaleshwars in actions/setup-java#849

Documentation changes

• Update documentation to use checkout and Java v5 by @​lmvysakh in actions/setup-java#903
• Clarify JAVA_HOME and PATH setup in README by @​chiranjib-swain in actions/setup-java#841

Dependency updates

• Upgrade prettier from 2.8.8 to 3.6.2 and document breaking changes in v5 by @​dependabot in actions/setup-java#873
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/setup-java#912

New Contributors

• @​lmvysakh made their first contribution in actions/setup-java#903
• @​chiranjib-swain made their first contribution in actions/setup-java#841
• @​the-mod made their first contribution in actions/setup-java#927
• @​priya-kinthali made their first contribution in actions/setup-java#946
• @​guicamest made their first contribution in actions/setup-java#736

Full Changelog: actions/setup-java@v5...v5.1.0

Commits

• f2beeb2 Bump actions/publish-action from 0.3.0 to 0.4.0 (#912)
• 4e7e684 feat: Add support for .sdkmanrc file in java-version-file parameter (#736)
• 46c56d6 Add GitHub Token Support for GraalVM and Refactor Code (#849)
• 66b9457 Update SapMachine URLs (#955)
• 6ba5449 Enhance error logging for network failures to include endpoint/IP details, ad...
• de5a937 adds microsoft openjdk25 builds (#927)
• ead9eaa Update Regex to Support All ASDF Versions for the supported distributions in ...
• 8c57fa3 Clarify JAVA_HOME and PATH setup in README (#841)
• a7ab372 Bump prettier from 2.8.8 to 3.6.2 (#873)
• d0351b4 Update documentation to use checkout and Java v5 (#903)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions