build(deps): bump gradle/wrapper-validation-action from 2 to 3

[dependabot]

Bumps gradle/wrapper-validation-action from 2 to 3.

Release notes

Sourced from gradle/wrapper-validation-action's releases.

v2.1.3

What's Changed

• Update various NPM dependencies
• Update wrapper checksums to include Gradle 8.7

Full Changelog: gradle/wrapper-validation-action@v2.1.2...v2.1.3

v2.1.2

What's Changed

• Update various NPM dependencies
• Update wrapper checksums

Full Changelog: gradle/wrapper-validation-action@v2.1.1...v2.1.2

v2.1.1

Changelog

• [FIX] Add hardcoded checksum for Gradle 7.6.4

Full Changelog: gradle/wrapper-validation-action@v2...v2.1.1

v2.1.0

This release should vastly reduce the number of network requests made by the wrapper-validation-action, by hardcoding the checksums of all known Gradle wrapper jars at time of release. With this improvement, a number of long-standing issues should be addressed (#164, #162, #57).

The action should now only make network requests to validate the checksums of an unknown gradle-wrapper.jar. This can happen if:

• The Gradle version was published after this action was released
• The gradle-wrapper.jar is truly invalid

Changelog

• [NEW] Hardcode list of known checksums to avoid network requests in most cases (#161)

Huge thanks to @​Marcono1234 for contributing this long-awaited improvement.

v2.0.1

This patch release fixes error reporting when failing to retrieve the checksums from services.gradle.org

• [FIX] After migration from v1 to v2 silently fails (#174)

Commits

• 8842585 Bump to v3.4.2
• 9ba54b6 Bump to v3.4.1
• 26ffd68 Bump to v3.4.0
• 216d1ad Bump to v3.3.2
• 5188e9b Bump to use v3.3.1
• 460a3ca Delegate to 'gradle/actions/wrapper-validation' (#200)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	3.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
actions/gradle/wrapper-validation-action	2.*.*	🟢 5.4	Details Check Score Reason Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7

Scanned Manifest Files

.github/workflows/build-rc-workflow.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

.github/workflows/ci-gradle.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

.github/workflows/functional-tests.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

.github/workflows/generate_baseline_profile.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

.github/workflows/pre-patch-workflow.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

.github/workflows/pre-release-workflow.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

.github/workflows/publish-snapshot.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

.github/workflows/release-workflow.yml

• gradle/wrapper-validation-action@3.*.*
• gradle/wrapper-validation-action@2.*.*

[bidetofevil]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with master! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[fractalwrench]

LGTM