Bump actions/setup-java from 4 to 5

[dependabot]

Bumps actions/setup-java from 4 to 5.

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in actions/setup-java#888

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

• Upgrade Publish Immutable Action by @​HarithaVattikuti in actions/setup-java#798
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot[bot] in actions/setup-java#730
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-java#833
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-java#887
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-java#896

Bug Fixes

• Prevent default installation of JetBrains pre-releases by @​priyagupta108 in actions/setup-java#859
• Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failures by @​gowridurgad in actions/setup-java#848

New Contributors

• @​gowridurgad made their first contribution in actions/setup-java#848
• @​salmanmkc made their first contribution in actions/setup-java#888

Full Changelog: actions/setup-java@v4...v5.0.0

v4.8.0

What's Changed

• License and Audit Fixes by @​HarithaVattikuti in actions/setup-java#960
• Update SapMachine URLs by @​RealCLanger in actions/setup-java#965

Full Changelog: actions/setup-java@v4...v4.8.0

v4.7.1

What's Changed

Documentation changes

• Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Align with GFTC License Terms by @​aparnajyothi-y in actions/setup-java#704
• Remove duplicated GraalVM section in documentation by @​Marcono1234 in actions/setup-java#716

Dependency updates:

• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in actions/setup-java#766
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in actions/setup-java#744
• Upgrade ts-jest from 29.1.2 to 29.2.5 by @​dependabot in actions/setup-java#743
• Upgrade @​action/cache to 4.0.3 by @​aparnajyothi-y in actions/setup-java#773

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

What's Changed

... (truncated)

Commits

• f2beeb2 Bump actions/publish-action from 0.3.0 to 0.4.0 (#912)
• 4e7e684 feat: Add support for .sdkmanrc file in java-version-file parameter (#736)
• 46c56d6 Add GitHub Token Support for GraalVM and Refactor Code (#849)
• 66b9457 Update SapMachine URLs (#955)
• 6ba5449 Enhance error logging for network failures to include endpoint/IP details, ad...
• de5a937 adds microsoft openjdk25 builds (#927)
• ead9eaa Update Regex to Support All ASDF Versions for the supported distributions in ...
• 8c57fa3 Clarify JAVA_HOME and PATH setup in README (#841)
• a7ab372 Bump prettier from 2.8.8 to 3.6.2 (#873)
• d0351b4 Update documentation to use checkout and Java v5 (#903)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Upgraded Java setup action in the CodeQL analysis workflow to the latest version
  • Updated changelog to document the dependency update

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The changes upgrade the GitHub Actions setup-java action from v4 to v5 in the CodeQL workflow configuration, with no modifications to inputs, control flow, or subsequent steps. A corresponding changelog entry documents this dependency bump.

Changes

Cohort / File(s)	Summary
setup-java action upgrade .github/workflows/codeql-analysis.yml, CHANGELOG.md	Updates actions/setup-java from v4 to v5 in the CodeQL workflow and adds a changelog entry under Dependencies section

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Straightforward version bump with no logic changes
• Workflow inputs and downstream steps remain unchanged

Suggested reviewers

• jed326
• peternied
• sandeshkr419

Poem

🐰 A hop, a skip, a version rise,
From four to five—oh what a prize!
Setup-Java hops along so bright,
CodeQL's tests now run more right!
Changelog notes the change with glee,
Dependencies dance in harmony! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is missing the required 'Description' section and 'Related Issues' section from the template. It contains only Dependabot-generated content without the expected structured format.	Add a 'Description' section summarizing the upgrade and its impact, and include a 'Related Issues' section. Include the checklist items as specified in the template.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Bump actions/setup-java from 4 to 5' directly and clearly describes the main change in the PR, which upgrades the GitHub Action from v4 to v5.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/github_actions/actions/setup-java-5

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84bc68e and 5b1a7fa.

📒 Files selected for processing (2)

• .github/workflows/codeql-analysis.yml
• CHANGELOG.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: detect-breaking-change
• GitHub Check: dependabot
• GitHub Check: Analyze (java)

🔇 Additional comments (2)

CHANGELOG.md (1)

35-35: LGTM! Changelog entry is correctly formatted.

The dependency bump entry follows the established format and is properly placed in the Dependencies section.

.github/workflows/codeql-analysis.yml (1)

40-40: No action needed. All workflows in the repository are already using actions/setup-java@v5, confirming that codeql-analysis.yml is consistent with the rest of the codebase. The upgrade meets the v2.327.1+ runner requirement, which is satisfied by ubuntu-latest (GitHub-hosted and automatically maintained).

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}