Bump the actions-deps group with 3 updates

[dependabot]

Bumps the actions-deps group with 3 updates: actions/setup-java, lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml and lfit/gerrit-review-action.

Updates actions/setup-java from 5.3.0 to 5.4.0

Release notes

Sourced from actions/setup-java's releases.

v5.4.0

What's Changed

• Bump @​typescript-eslint/parser from 8.48.0 to 8.61.1 by @​dependabot[bot] in actions/setup-java#1021
• Fix codeql workflow permissions by @​jsoref in actions/setup-java#993
• fix CodeQL permissions by @​gdams in actions/setup-java#1025
• fix: reject non-semver candidate versions in isVersionSatisfies by @​sproctor in actions/setup-java#1009
• Bump @​actions/cache to 5.1.0, handle cache write denied by @​jasongin in actions/setup-java#1026
• Add Maven Wrapper cache feature by @​mahabaleshwars in actions/setup-java#1027
• Spelling by @​jsoref in actions/setup-java#713
• add link to advanced configuration for JetBrains by @​robstoll in actions/setup-java#850
• docs(action): fix missing required or default fields by @​kranthipoturaju in actions/setup-java#1007
• feat: add microsoft openjdk 17.0.18 by @​al-kau in actions/setup-java#1002
• Update README.md - use "alert syntax for Markdown" for notes by @​mhoffrog in actions/setup-java#924
• Bump undici from 6.24.1 to 6.27.0 by @​dependabot[bot] in actions/setup-java#1033
• Update contributor guide with emoji for clarity by @​brunoborges in actions/setup-java#1028
• add javac problem matcher by @​Trass3r in actions/setup-java#562
• Clarify README version syntax and migration guidance by @​brunoborges with @​Copilot in actions/setup-java#1038
• Update undici artifacts to 6.27.0 (license cache + dist) by @​brunoborges in actions/setup-java#1040
• docs: enhance custom jdk file installation by @​stephanabel in actions/setup-java#996
• Templates for new Java distributions by @​panticmilos in actions/setup-java#429
• Bump actions/checkout from 6 to 7 by @​dependabot[bot] in actions/setup-java#1032
• Bump @​types/node from 25.9.3 to 26.0.0 by @​dependabot[bot] in actions/setup-java#1031
• docs: replace non-existent HelloWorldApp references with java --version by @​brunoborges with @​Copilot in actions/setup-java#1043
• docs: add JavaFX Maven project configuration instructions by @​brunoborges with @​Copilot in actions/setup-java#1044
• docs: self-signed certificate / internal CA handling for GitHub Enterprise by @​brunoborges in actions/setup-java#1050
• docs: document importing an internal CA into the installed JDK (cacerts) by @​brunoborges in actions/setup-java#1051
• chore: Harden workflows: least-privilege permissions + zizmor integration by @​brunoborges in actions/setup-java#1039
• dist: Add GraalVM Community distribution support by @​brunoborges with @​Copilot in actions/setup-java#1042
• docs: note jdkfile approach for Early Access / unreleased JDK builds by @​brunoborges in actions/setup-java#1058
• dist: Apply Copilot review suggestions from PR #1042 (GraalVM Community) by @​brunoborges in actions/setup-java#1059

New Contributors

• @​jsoref made their first contribution in actions/setup-java#993
• @​sproctor made their first contribution in actions/setup-java#1009
• @​jasongin made their first contribution in actions/setup-java#1026
• @​robstoll made their first contribution in actions/setup-java#850
• @​kranthipoturaju made their first contribution in actions/setup-java#1007
• @​al-kau made their first contribution in actions/setup-java#1002
• @​mhoffrog made their first contribution in actions/setup-java#924
• @​brunoborges made their first contribution in actions/setup-java#1028
• @​Trass3r made their first contribution in actions/setup-java#562
• @​stephanabel made their first contribution in actions/setup-java#996

Full Changelog: actions/setup-java@v5...v5.4.0

Commits

• 1bcf9fb dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#...
• fa2c650 docs: note jdkfile approach for Early Access / unreleased JDK builds (#1058)
• 1d56e31 dist: Add GraalVM Community distribution support (#1042)
• 1d25252 chore: Harden workflows: least-privilege permissions + zizmor integration (#1...
• 668c1ea docs: add post-install keytool import for the JDK cacerts trust store (#1051)
• a9a46fb docs: document self-signed certificate / internal CA handling for GitHub Ente...
• 5431e71 docs: add JavaFX Maven project configuration instructions (#1044)
• 4baa9b4 docs: replace non-existent HelloWorldApp references with java --version (#1043)
• eab4b08 Bump @​types/node from 25.9.3 to 26.0.0 (#1031)
• bf0c0e6 Bump actions/checkout from 6 to 7 (#1032)
• Additional commits viewable in compare view

Updates lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml from 0.6.0 to 0.7.0

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml's releases.

v0.7.0

✨ New Features ✨

• Feat: add change-isolation-verify workflows @​ModeSevenIndustrialSolutions (#720)

Links

• Submit bugs/feature requests

v0.6.2

🔧 Maintenance 🔧

• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.6.0 to 0.6.1 @dependabot[bot] (#715)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.6.0 to 0.6.1 @dependabot[bot] (#717)
• Chore: Bump lfreleng-actions/zizmor-scan-action from 0.1.1 to 0.2.0 @dependabot[bot] (#718)
• Chore: pre-commit linting updates @pre-commit-ci[bot] (#719)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.6.0 to 0.6.1 @dependabot[bot] (#716)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.6.0 to 0.6.1 @dependabot[bot] (#714)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.6.0 to 0.6.1 @dependabot[bot] (#713)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.6.0 to 0.6.1 @dependabot[bot] (#712)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.6.0 to 0.6.1 @dependabot[bot] (#711)
• Chore: Bump lfreleng-actions/sonarqube-cloud-scan-action from 1.1.0 to 1.1.1 @dependabot[bot] (#731)
• Chore: Bump hashicorp/setup-packer from 3.3.0 to 3.4.0 @dependabot[bot] (#727)
• Chore: Bump actions/setup-python from 6.2.0 to 6.3.0 @dependabot[bot] (#729)
• Chore: Bump lfreleng-actions/verify-release-schema-action from 0.4.0 to 0.4.1 @dependabot[bot] (#728)
• Chore: Bump lfreleng-actions/harden-runner-block-action from 0.2.0 to 0.2.1 @dependabot[bot] (#730)
• Chore: Bump lfreleng-actions/sonatype-lifecycle-scan-action from 0.1.3 to 0.1.4 @dependabot[bot] (#725)
• Chore: Bump lfreleng-actions/nexus-docker-login-action from 0.4.0 to 0.4.1 @dependabot[bot] (#724)
• Chore: Bump lfreleng-actions/pinned-versions-action from 0.2.0 to 0.2.1 @dependabot[bot] (#726)
• Chore: Bump lfreleng-actions/gerrit-review-action from 1.1.1 to 1.1.2 @dependabot[bot] (#722)
• Chore: Bump lfreleng-actions/nexus-publish-action from 0.2.1 to 1.1.2 @dependabot[bot] (#721)
• Chore: Bump actions/cache from 5.0.5 to 6.0.0 @dependabot[bot] (#723)

Links

• Submit bugs/feature requests

v0.6.1

🐛 Bug Fixes 🐛

• Fix(rtdv3): Match tox Python to ReadTheDocs @​ModeSevenIndustrialSolutions (#692)

🔧 Maintenance 🔧

• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#687)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#690)

... (truncated)

Commits

• f412e6f Merge pull request #720 from modeseven-lfit/feat/change-isolation-verify-work...
• 1166fed Merge pull request #723 from lfit/dependabot/github_actions/actions/cache-6.0.0
• 3fc98ee Merge pull request #721 from lfit/dependabot/github_actions/lfreleng-actions/...
• aba6169 Merge pull request #722 from lfit/dependabot/github_actions/lfreleng-actions/...
• 4ae5d81 Merge pull request #726 from lfit/dependabot/github_actions/lfreleng-actions/...
• 8d1c791 Merge pull request #724 from lfit/dependabot/github_actions/lfreleng-actions/...
• 5faf233 Merge pull request #725 from lfit/dependabot/github_actions/lfreleng-actions/...
• 33fa048 Merge pull request #730 from lfit/dependabot/github_actions/lfreleng-actions/...
• 8be9f51 Merge pull request #728 from lfit/dependabot/github_actions/lfreleng-actions/...
• 4da3597 Merge pull request #729 from lfit/dependabot/github_actions/actions/setup-pyt...
• Additional commits viewable in compare view

Updates lfit/gerrit-review-action from 1.1.1 to 1.1.2

Release notes

Sourced from lfit/gerrit-review-action's releases.

v1.1.2

🐛 Bug Fixes 🐛

• Fix: resolve Zizmor findings in vote step @​ModeSevenIndustrialSolutions (#116)

🔧 Maintenance 🔧

• Chore: remove redundant workflow copies @​ModeSevenIndustrialSolutions (#110)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#111)
• Docs: Add SECURITY.md security policy @​ModeSevenIndustrialSolutions (#113)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#114)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#115)

🎓 Code Quality 🎓

• CI(dependabot): Add 7-day update cooldown @​ModeSevenIndustrialSolutions (#112)

Links

• Submit bugs/feature requests

Commits

• a1c036a Merge pull request #116 from modeseven-lfreleng-actions/fix/zizmor-findings
• 8c9161c Fix: resolve Zizmor findings in vote step
• 48d5d48 Merge pull request #115 from lfreleng-actions/pre-commit-ci-update-config
• 8cb9127 Chore: pre-commit autoupdate
• 3b85ad7 Merge pull request #114 from lfreleng-actions/pre-commit-ci-update-config
• c9bd395 Chore: pre-commit autoupdate
• ebd4f19 Merge pull request #113 from modeseven-lfreleng-actions/chore/add-security-md
• 0c941e7 Docs: Add SECURITY.md security policy
• 46897b3 Merge pull request #112 from modeseven-lfreleng-actions/dependabot-cooldown
• f95da9e CI(dependabot): Add 7-day update cooldown
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

PR: #37
Mode: squash
Topic: GH-controller-37
Change-Ids:
I59e59391ac14f28e1e3fc00de24b879c6a0f8e29
Digest: 16272c5c01f6
GitHub-Hash: c6e261703e86ad66

Note: This metadata is also included in the Gerrit commit message for reconciliation.

[github-actions]

Change raised in Gerrit by GitHub2Gerrit: https://git.opendaylight.org/gerrit/c/controller/+/123765

[github-actions]

Automated PR Closure

This pull request has been automatically closed by GitHub2Gerrit.

The corresponding Gerrit change has been accepted and merged ✅

The changes from this PR are now part of the main codebase in Gerrit.

---

This is an automated action performed by the GitHub2Gerrit tool.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml