Bump gradle/actions from 5.0.2 to 6.0.1 in the gha group

[dependabot]

Bumps the gha group with 1 update: gradle/actions.

Updates gradle/actions from 5.0.2 to 6.0.1

Release notes

Sourced from gradle/actions's releases.

v6.0.1

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

• Bump actions used in docs by @​Goooler in gradle/actions#792
• Add typing information for use by typesafegithub by @​bigdaz in gradle/actions#910
• Mute license warning when terms are accepted by @​bigdaz in gradle/actions#911
• Mention explicit license acceptance in notice by @​bigdaz in gradle/actions#912
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in gradle/actions#907

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

• Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.
• Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.
• Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot[bot] in gradle/actions#866
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#868
• Dependency updates by @​bigdaz in gradle/actions#876
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#878
• Bump @​types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @​dependabot[bot] in gradle/actions#877

... (truncated)

Commits

• 39e147c [bot] Update dist directory
• 14ac3d6 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to...
• 81fec7a Mention explicit license acceptance in notice (#912)
• 4ac5b01 [bot] Update dist directory
• f64284c Mute license warning when terms are accepted (#911)
• c2457a7 Update tagging instructions for release
• 8205114 Update Gradle version compatibility information
• 6710000 Add typing information for use by typesafegithub (#910)
• 3d0e2a8 Pin version for github actions
• f663ed9 Ignore internal action files for type validation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[psiinon]

Checkmarx One – Scan Summary & Details – c8ccf181-cc43-4301-a5f9-cae89b9f9b1a

---

New Issues (9)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Last User Is 'root'	/docker-wrapper: 10	details Leaving the last user as root can cause security risks. Change to another user after running the commands that need privileges
2		Hardcoded_Password_in_Connection_String	/other/api/sdlc-integration/core/scan_module/scan.py: 219	details The application contains hardcoded connection details, "PASS: ", at line 219 of /other/api/sdlc-integration/core/scan_module/scan.py. This conn... Attack Vector
3		Use_of_Broken_or_Risky_Cryptographic_Algorithm	/payloadgenerator/associated_fields.py: 34	details In , the application protects sensitive data using a cryptographic algorithm, hexdigest, that is considered weak or even trivially broken, in /payl... Attack Vector
4		Filtering_Sensitive_Logs	/other/api/sdlc-integration/core/scan_module/scan.py: 243	details The application logs various user events, and in method  writes sensitive user details to debug, in /other/api/sdlc-integration/core/scan_module/... Attack Vector
5		Filtering_Sensitive_Logs	/other/api/sdlc-integration/core/scan_module/scan.py: 218	details The application logs various user events, and in method  writes sensitive user details to debug, in /other/api/sdlc-integration/core/scan_module/... Attack Vector
6		MAINTAINER Instruction Being Used	/docker-wrapper: 3	details The MAINTAINER instruction sets the Author field of the generated images. The LABEL instruction is a much more flexible version of this and you sh...
7		Unpinned Actions Full Length Commit SHA	/codeql.yml: 31	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
8		Unpinned Actions Full Length Commit SHA	/codeql.yml: 34	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
9		Unpinned Actions Full Length Commit SHA	/codeql.yml: 35	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR