chore(deps): bump actions/download-artifact from 5 to 6

[dependabot]

Bumps actions/download-artifact from 5 to 6.

Release notes

Sourced from actions/download-artifact's releases.

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README for download-artifact v5 changes by @​yacaovsnc in actions/download-artifact#417
• Update README with artifact extraction details by @​yacaovsnc in actions/download-artifact#424
• Readme: spell out the first use of GHES by @​danwkennedy in actions/download-artifact#431
• Bump @actions/artifact to v4.0.0
• Prepare v6.0.0 by @​danwkennedy in actions/download-artifact#438

New Contributors

• @​danwkennedy made their first contribution in actions/download-artifact#431

Full Changelog: actions/download-artifact@v5...v6.0.0

Commits

• 018cc2c Merge pull request #438 from actions/danwkennedy/prepare-6.0.0
• 815651c Revert "Remove github.dep.yml"
• bb3a066 Remove github.dep.yml
• fa1ce46 Prepare v6.0.0
• 4a24838 Merge pull request #431 from danwkennedy/patch-1
• 5e3251c Readme: spell out the first use of GHES
• abefc31 Merge pull request #424 from actions/yacaovsnc/update_readme
• ac43a60 Update README with artifact extraction details
• de96f46 Merge pull request #417 from actions/yacaovsnc/update_readme
• 7993cb4 Remove migration guide for artifact download changes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Container Security Risks

Trivy found possible vulnerabilities in your container image. Please update your container to use the latest image version & all the application dependencies (such as nodejs, go, jvm etc…).

Metadata:

• OS Version: 24.04
• Image ID: sha256:9e3847899bced55b10d23a635b823daf2c940e5c1e59c53949f55b073aa0baf8
• Docker Image: tomcat7-maven-plugin:local

Vulnerabilities:

[dunebot]

Note

This Pull Request is not mergeable by DuneBot.

Details

DuneBot Logs in DataDog

Post "https://api.github.com/repos/containifyci/engine-java/pulls/64/reviews": oauth2: "bad_refresh_token" "The refresh token passed is incorrect or expired." "https://docs.github.com/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"

goroutine 10413 [running]:
github.com/containifyci/dunebot/pkg/github.ErrorHandler.NewNotMergableError({{0x1f4?, 0xc00031e690?, 0x31535c0?}}, {0x20b7e88, 0xc000e8f7a0}, {0x209c2a0, 0xc000d54d20})
	/go/pkg/github.com/containifyci/dunebot@v0.3.2/pkg/github/error.go:103 +0x7f
github.com/containifyci/dunebot/pkg/github.NewNotMergableError({0x20b7e88, 0xc000e8f7a0}, {0x209c2a0, 0xc000d54d20})
	/go/pkg/github.com/containifyci/dunebot@v0.3.2/pkg/github/error.go:97 +0x45
github.com/containifyci/dunebot/pkg/github.GithubClient.ApprovePullRequest({0xc0008da908, {0x20b8710, 0xc00028a9a0}, {{0x0, 0x0}, {0x1dbad76, 0xe}, {0x1dae771, 0x5}, {0xc0008ab620, ...}, ...}, ...}, ...)
	/go/pkg/github.com/containifyci/dunebot@v0.3.2/pkg/github/client.go:315 +0x16d
github.com/containifyci/dunebot/pkg/review.(*reviewer).PullRequestReview(0xc000e8aea0, {0x20b7e88, 0xc000e8f7a0}, {0xc000aac700?, 0xc00081a708?, 0xc0005f3c80?, 0xc0009bd700?})
	/go/pkg/github.com/containifyci/dunebot@v0.3.2/pkg/review/review.go:201 +0x12e5
github.com/containifyci/temporal-worker/pkg/workflows/github.PullRequestReviewActivities.PullRequestReviewActivity({{{{0xc000056050, 0x9}, {0x0, 0x0}, 0x0}, {{0xc000058077, 0x13}, {0xc00005409a, 0x17}, {0x0, ...}, ...}, ...}, ...}, ...)
	/usr/src/pkg/workflows/github/pull_request.go:75 +0x1cc
reflect.Value.call({0x1a2aac0?, 0xc000598600?, 0xc000eaf6b8?}, {0x1dadb85, 0x4}, {0xc000e8f7d0, 0x2, 0x16?})
	/usr/local/go/src/reflect/value.go:581 +0xcc6
reflect.Value.Call({0x1a2aac0?, 0xc000598600?, 0xc0009edb90?}, {0xc000e8f7d0?, 0xc0009f2b40?, 0xc0009edbb8?})
	/usr/local/go/src/reflect/value.go:365 +0xb9
go.temporal.io/sdk/internal.executeFunction({0x1a2aac0, 0xc000598600?}, {0xc0009f2ba0?, 0x2, 0x19f9b00?})
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_worker.go:2260 +0x305
go.temporal.io/sdk/internal.executeFunctionWithContext({0x20b7e88, 0xc000e8f7a0}, {0x1a2aac0, 0xc000598600}, {0xc000e95710, 0x1, 0x1})
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_worker.go:2244 +0x1b8
go.temporal.io/sdk/internal.(*activityEnvironmentInterceptor).ExecuteActivity(0xc0005f3c00, {0x20b7f30?, 0xc0002e4c40?}, 0xc000484bd0)
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_activity.go:350 +0x67
go.temporal.io/sdk/internal.(*activityExecutor).ExecuteWithActualArgs(0xc000556600, {0x20b7f30, 0xc0002e4c40}, {0xc000e95710, 0x1, 0x1})
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_worker.go:1105 +0x14b
go.temporal.io/sdk/internal.(*activityExecutor).Execute(0xc000556600, {0x20b7f30, 0xc0002e4c40}, 0xc0005f3880)
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_worker.go:1091 +0x20e
go.temporal.io/sdk/internal.(*activityTaskHandlerImpl).Execute(0xc00021c0e0, {0x1db6377, 0xb}, 0xc000c8e9a0)
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_task_handlers.go:2306 +0xb39
go.temporal.io/sdk/internal.(*activityTaskPoller).ProcessTask(0xc0004ccb60, {0x1a58b00, 0xc000e94b20})
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_task_pollers.go:1240 +0x26d
go.temporal.io/sdk/internal.(*baseWorker).processTaskAsync.func1()
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_worker_base.go:536 +0x12f
created by go.temporal.io/sdk/internal.(*baseWorker).processTaskAsync in goroutine 53
	/go/pkg/go.temporal.io/sdk@v1.37.0/internal/internal_worker_base.go:515 +0x8c

---

❓ Got questions?
Check out DuneBot's Docs
For further assistance reach out to #ask-platform.

---

You can trigger DuneBot reprocessing by closing and reopen the Pull Request.

This PR comment was generated by DuneBot