Bump the actions-deps group with 3 updates

[dependabot]

Bumps the actions-deps group with 3 updates: lfreleng-actions/github2gerrit-action, actions/setup-java and lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml.

Updates lfreleng-actions/github2gerrit-action from 1.2.3 to 1.2.4

Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.2.4

🐛 Bug Fixes 🐛

• Fix: surface Gerrit auth failures without noise @​ModeSevenIndustrialSolutions (#281)
• Fix: address Zizmor and CodeQL security findings @​ModeSevenIndustrialSolutions (#282)
• Fix: resolve vulnerable OpenSSL in cryptography @​ModeSevenIndustrialSolutions (#284)

🔧 Maintenance 🔧

• Chore: Bump actions/checkout from 6.0.2 to 6.0.3 @dependabot[bot] (#270)
• Chore: Bump typer from 0.26.5 to 0.26.7 @dependabot[bot] (#273)
• Chore: Bump hatchling from 1.29.0 to 1.30.1 @dependabot[bot] (#274)
• Chore: Bump astral-sh/setup-uv from 8.1.0 to 8.2.0 @dependabot[bot] (#271)
• Chore: Bump ruff from 0.15.15 to 0.15.16 @dependabot[bot] (#272)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#275)
• Docs: Add SECURITY.md security policy @​ModeSevenIndustrialSolutions (#278)
• Build(deps): Add uv exclude-newer cooldown @​ModeSevenIndustrialSolutions (#277)
• Chore: Bump ruff from 0.15.15 to 0.15.16 @dependabot[bot] (#279)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#280)
• Chore: Bump pyjwt from 2.12.1 to 2.13.0 @dependabot[bot] (#283)

🎓 Code Quality 🎓

• CI(dependabot): Add 7-day update cooldown @​ModeSevenIndustrialSolutions (#276)

Links

• Submit bugs/feature requests

Commits

• 806c001 Merge pull request #284 from modeseven-lfreleng-actions/fix/cryptography-open...
• 875879a Fix: resolve vulnerable OpenSSL in cryptography
• 587d4f0 Merge pull request #283 from lfreleng-actions/dependabot/uv/pyjwt-2.13.0
• 93dff5d Chore: Bump pyjwt from 2.12.1 to 2.13.0
• 71763aa Merge pull request #282 from modeseven-lfreleng-actions/fix/security-zizmor-c...
• 309622b Fix: address Zizmor and CodeQL security findings
• fb35f88 Merge pull request #280 from lfreleng-actions/pre-commit-ci-update-config
• b2d33e5 Merge pull request #281 from modeseven-lfreleng-actions/fix/gerrit-auth-guard...
• dbc0a93 Fix: surface Gerrit auth failures without noise
• 847130b Chore: pre-commit autoupdate
• Additional commits viewable in compare view

Updates actions/setup-java from 5.2.0 to 5.3.0

Release notes

Sourced from actions/setup-java's releases.

v5.3.0

What's Changed

• chore: update Java version to 25 in setup examples by @​alaahong in actions/setup-java#969
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in actions/setup-java#984
• Refactor error handling and improve test logging for installers by @​chiranjib-swain in actions/setup-java#989
• chore: upgrade dependencies (@​actions/core, cache, glob, http-client, tool-cache, xmlbuilder2) by @​Copilot in actions/setup-java#999
• Add Oracle JDK 17 licensing limitation note by @​mahabaleshwars in actions/setup-java#1001
• Update readme for ubuntu sudo java_home behavior by @​mahabaleshwars in actions/setup-java#1013
• temurin: add support for Alpine Linux by @​gdams in actions/setup-java#674
• fix: resolve npm audit vulnerabilities in fast-xml-builder and fast-xml-parser by @​gdams in actions/setup-java#1015
• Bump @​typescript-eslint/eslint-plugin from 8.35.1 to 8.48.0 by @​dependabot[bot] in actions/setup-java#952
• Bump eslint-config-prettier from 8.10.0 to 10.1.8 by @​dependabot[bot] in actions/setup-java#881
• Bump picomatch, @​types/jest, jest, jest-circus and ts-jest by @​dependabot[bot] in actions/setup-java#1016
• Bump @​types/node from 24.1.0 to 25.9.3 by @​dependabot[bot] in actions/setup-java#950
• Implement pagination with link headers for Adoptium based apis by @​johnoliver in actions/setup-java#1014
• Make the Adoptopenjdk package type look at the Temurin repo first for latest assets by @​johnoliver in actions/setup-java#522
• Bump @​vercel/ncc from 0.38.1 to 0.44.0 by @​dependabot[bot] in actions/setup-java#1018

New Contributors

• @​alaahong made their first contribution in actions/setup-java#969
• @​Copilot made their first contribution in actions/setup-java#999
• @​johnoliver made their first contribution in actions/setup-java#1014

Full Changelog: actions/setup-java@v5...v5.3.0

Commits

• ad2b381 Bump @​vercel/ncc from 0.38.1 to 0.44.0 (#1018)
• b24df5b Make the Adoptopenjdk package type look at the Temurin repo first for latest ...
• 43120bc Implement pagination with link headers for Adoptium based apis (#1014)
• ad9d6a6 Bump @​types/node from 24.1.0 to 25.9.3 (#950)
• 039af37 Bump picomatch, @​types/jest, jest, jest-circus and ts-jest (#1016)
• 1756ab6 Bump eslint-config-prettier from 8.10.0 to 10.1.8 (#881)
• 662bb59 Bump @​typescript-eslint/eslint-plugin from 8.35.1 to 8.46.2 (#952)
• 1071fc1 fix: resolve npm audit vulnerabilities in fast-xml-builder and fast-xml-parse...
• 576b821 Merge pull request #674 from gdams/alpine
• 307d3a2 update readme for ubuntu sudo java_home behavior (#1013)
• Additional commits viewable in compare view

Updates lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml from 0.5.0 to 0.6.0

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml's releases.

v0.6.0

✨ New Features ✨

• Feat: Dogfood semantic pull request workflow @​ModeSevenIndustrialSolutions (#669)
• Feat: Add reusable workflows and harden egress to block mode @​ModeSevenIndustrialSolutions (#680)
• Feat: Add package hardening audit workflow @​ModeSevenIndustrialSolutions (#681)

🔧 Maintenance 🔧

• Chore: pre-commit linting updates @pre-commit-ci[bot] (#679)
• Chore: Bump lfreleng-actions/nexus-publish-action from 0.2.0 to 0.2.1 @dependabot[bot] (#678)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#674)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#676)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#675)
• Chore: Bump github/codeql-action from 4.36.1 to 4.36.2 @dependabot[bot] (#677)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#673)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#672)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#670)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#671)

Links

• Submit bugs/feature requests

Commits

• f43b219 Merge pull request #681 from modeseven-lfit/feat/package-hardening-audit
• 6f57890 Feat: Add package hardening audit workflow
• f8a4d0a Merge pull request #680 from modeseven-lfit/ci/harden-runner-block-mode
• 4d5996a Fix: Block egress, silence zizmor on autolabeler
• 82c150a Feat: Add reusable SHA-pinned actions workflow
• 96e32b5 Feat: Add reusable autolabeler workflow
• ce92cf4 Feat: Add reusable zizmor scan workflow
• e22e915 Style: Refine workflow display names
• 371b433 Fix: Harden reusable workflow permissions
• 8b9dd61 CI: Enable harden-runner block egress mode
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

PR: #18
Mode: squash
Topic: GH-openflowplugin-18
Change-Ids:
I33f96fa2a438d1129beef62d2581fe0c58767f3d
Digest: 8b64bc7b3b7e
GitHub-Hash: baf7801683223962

Note: This metadata is also included in the Gerrit commit message for reconciliation.

[github-actions]

Change raised in Gerrit by GitHub2Gerrit: https://git.opendaylight.org/gerrit/c/openflowplugin/+/123615

[github-actions]

Automated PR Closure

This pull request has been automatically closed by GitHub2Gerrit.

The corresponding Gerrit change has been accepted and merged ✅

The changes from this PR are now part of the main codebase in Gerrit.

---

This is an automated action performed by the GitHub2Gerrit tool.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml