Skip to content

Bump actions/checkout from 4 to 6#26

Open
dependabot[bot] wants to merge 14 commits into
mainfrom
dependabot/github_actions/actions/checkout-6
Open

Bump actions/checkout from 4 to 6#26
dependabot[bot] wants to merge 14 commits into
mainfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 20, 2025

Copy link
Copy Markdown

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

V5.0.1

V5.0.0

V4.3.1

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

gradle-update-robot and others added 14 commits February 26, 2025 01:07
@gradle-update-robot
Update Gradle Wrapper from 8.12.1 to 8.13
22d8d42 
Signed-off-by: gradle-update-robot <gradle-update-robot@regolo.cc>
@hankem
upgrade ASM (9.7.1 → 9.8) to support Java 25's class file major versi…
1f801a3 
…on 69

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
upgrade Guava (33.3.1-jre → 33.4.8-jre)
1ea6489 
https://github.com/google/guava/releases/tag/v33.4.4 has
- removed the dependency on JSR-305
  [google/guava@04bf030]
- migrated from Checker Framework annotations to (JSpecify)[https://jspecify.dev/] annotations
  [google/guava@2cc8c5e]
- removed the dependency on Checker Framework annotations
  [google/guava@800b3d4]

compare
- https://repo1.maven.org/maven2/com/google/guava/guava/33.3.1-jre/guava-33.3.1-jre.pom
- https://repo1.maven.org/maven2/com/google/guava/guava/33.4.8-jre/guava-33.4.8-jre.pom

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
upgrade slf4j (2.0.16 → 2.0.17) and test dependencies
e34ce85 
* org.apache.logging.log4j:log4j-{api,core,slf4j2-impl}
  2.24.1 → 2.24.3

* org.assertj:assertj-{core,guava}
  3.26.3 → 3.27.3

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
simplify JUnit dependencies
df96dfd 
  junit-jupiter
= junit-jupiter-api
+ junit-jupiter-params
+ junit-jupiter-engine (runtime)

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
upgrade JUnit (5.11.2 → 5.12.2)
70cab88 
Without the `junit-platform-launcher` dependency,
test execution in `archunit-3rd-party-test` fails with
```
Caused by: org.junit.platform.commons.JUnitException: TestEngine with ID 'junit-jupiter' failed to discover tests
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discoverEngineRoot(EngineDiscoveryOrchestrator.java:160)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discoverSafely(EngineDiscoveryOrchestrator.java:134)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discover(EngineDiscoveryOrchestrator.java:108)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discover(EngineDiscoveryOrchestrator.java:80)
	at app//org.junit.platform.launcher.core.DefaultLauncher.discover(DefaultLauncher.java:110)
	at app//org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:86)
	at app//org.junit.platform.launcher.core.DefaultLauncherSession$DelegatingLauncher.execute(DefaultLauncherSession.java:86)
	at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.processAllTestClasses(JUnitPlatformTestClassProcessor.java:124)
	at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.access$000(JUnitPlatformTestClassProcessor.java:99)
	at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor.stop(JUnitPlatformTestClassProcessor.java:94)
	at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.stop(SuiteTestClassProcessor.java:63)
	... 16 more
Caused by: org.junit.platform.commons.JUnitException: OutputDirectoryProvider not available; probably due to unaligned versions of the junit-platform-engine and junit-platform-launcher jars on the classpath/module path.
	at app//org.junit.platform.engine.EngineDiscoveryRequest.getOutputDirectoryProvider(EngineDiscoveryRequest.java:94)
	at app//org.junit.jupiter.engine.JupiterTestEngine.discover(JupiterTestEngine.java:67)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discoverEngineRoot(EngineDiscoveryOrchestrator.java:152)
	... 26 more
```

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
Ignore sun packages when importing full classpath
0194182 
resolves TNG#1446

The CI build has recently often failed on `ubuntu` and `macos` with Java 8,
due to `java.lang.OutOfMemoryError: GC overhead limit exceeded`.

This is due to `ClassFileImporterSlowTest` importing the full classpath in some tests,
which gives more than 20k classes on Java 8,
which contains 7k classes in `com.sun` and 4k classes in `sun` packages
that can easily be ignored.

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
remove unused dependencies
f80ab70 
Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
simplify dependency exclusion
3f94312 
`it` in the `exclude(dependency { /*...*/ })` closure of
[DependencyFilter](https://github.com/GradleUp/shadow/blob/8.3.6/src/main/groovy/com/github/jengelman/gradle/plugins/shadow/internal/DependencyFilter.groovy)
is a [`org.gradle.api.artifacts.ResolvedDependency`](https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/ResolvedDependency.html),
whose [`name`](https://github.com/gradle/gradle/blob/v8.13.0/platforms/software/dependency-management/src/main/java/org/gradle/api/internal/artifacts/DefaultResolvedDependency.java#L76-L78) is a `String`.

When the comparison `it.name != dependency.guava` was introduced with 18c5d18,
`dependency.guava` was String that could be compared against `it.name`,
but 82d61ad has changed this those to a `Map`.

However `dependency.guava` is relocated anyway – and hence removed by the `removeDuplicateThirdParty` task (as it is transitively available in `archunit.jar`),
so we can simply drop `dependency.guava` from not being excluded in the `shadowJar`.

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
introduce Gradle version catalog for ArchUnit dependencies
ce80903 
Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
use Gradle version catalog for ArchUnit-Examples
548da3c
@hankem
downgrade to test dependabot
a573854
@hankem
Merge pull request #1 from hankem/gradlew-update-8.13
9d0b02b 
Update Gradle Wrapper from 8.12.1 to 8.13
@dependabot
Bump actions/checkout from 4 to 6
6b2d1d2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 20, 2025
@dependabot dependabot Bot mentioned this pull request Nov 20, 2025
Closed
@hankem hankem force-pushed the main branch 4 times, most recently from 0740662 to 1a0cfac Compare May 15, 2026 06:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gradle-update-robot @hankem