2025-10-28 08:30:02 +08:00
38 changed files with 108 additions and 92 deletions
--- a/.github/actions/build-dist/action.yml
+++ b/.github/actions/build-dist/action.yml
@ -3,7 +3,7 @@ name: 'Build and upload distribution'
 runs:
  using: "composite"
  steps: 
-    - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+    - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
      with:
        node-version: 24
        cache: npm
--- a/.github/workflow-samples/groovy-dsl/settings.gradle
+++ b/.github/workflow-samples/groovy-dsl/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "4.2.2"
+    id "com.gradle.develocity" version "4.2"
    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.4.0"
 }
--- a/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
+++ b/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
@ -1,5 +1,5 @@
 plugins {
-    id("com.gradle.develocity") version "4.2.2"
+    id("com.gradle.develocity") version "4.2"
    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.4.0"
 }
--- a/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
+++ b/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "4.2.2" 
+    id "com.gradle.develocity" version "4.2" 
 }
 develocity {
--- a/.github/workflow-samples/no-wrapper/settings.gradle
+++ b/.github/workflow-samples/no-wrapper/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "4.2.2"
+    id "com.gradle.develocity" version "4.2"
 }
 develocity {
--- a/.github/workflow-samples/non-executable-wrapper/settings.gradle
+++ b/.github/workflow-samples/non-executable-wrapper/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "4.2.2"
+    id "com.gradle.develocity" version "4.2"
 }
 develocity {
--- a/.github/workflows/ci-check-and-unit-test.yml
+++ b/.github/workflows/ci-check-and-unit-test.yml
@ -19,14 +19,14 @@ jobs:
    steps:
    - name: Checkout sources
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-    - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+    - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
      with:
        node-version: 20
        cache: npm
        cache-dependency-path: sources/package-lock.json
    - name: Setup Gradle
      # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
+      uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
      env:
        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
      with:
--- a/.github/workflows/ci-codeql.yml
+++ b/.github/workflows/ci-codeql.yml
@ -35,7 +35,7 @@ jobs:
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v3.29.5
+      uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
      with:
        languages: ${{ matrix.language }}
        config: |
@ -43,4 +43,4 @@ jobs:
          - sources/src
    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v3.29.5
+      uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
--- a/.github/workflows/ci-combine-bot-prs.yml
+++ b/.github/workflows/ci-combine-bot-prs.yml
@ -0,0 +1,24 @@
 name: Combine Bot PRs
 on:
  workflow_dispatch:
 permissions:
  contents: read
 jobs:
  combine-wrapperbot-prs:
    permissions:
      contents: write
      pull-requests: write
      checks: read
    if: github.repository == 'gradle/actions'
    runs-on: ubuntu-latest
    steps:
      - name: combine-wrapperbot-prs
        uses: github/combine-prs@2909f404763c3177a456e052bdb7f2e85d3a7cb3 # v5.2.0
        with:
          branch_prefix: wrapperbot
          combine_branch_name: wrapperbot/combined-wrapper-updates
          pr_title: 'Bump Gradle Wrappers'
          ci_required: "false"
--- a/.github/workflows/ci-init-script-check.yml
+++ b/.github/workflows/ci-init-script-check.yml
@ -30,7 +30,7 @@ jobs:
        java-version: 17
    - name: Setup Gradle
      # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
+      uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
      env:
        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
    - name: Run integration tests
--- a/.github/workflows/ci-ossf-scorecard.yml
+++ b/.github/workflows/ci-ossf-scorecard.yml
@ -27,7 +27,7 @@ jobs:
          show-progress: false
      - name: 'Run analysis'
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
        with:
          results_file: results.sarif
          results_format: sarif
@ -52,6 +52,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3.29.5
+        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
        with:
          sarif_file: results.sarif
--- a/.github/workflows/ci-update-dist.yml
+++ b/.github/workflows/ci-update-dist.yml
@ -28,7 +28,7 @@ jobs:
        token: ${{ secrets.BOT_GITHUB_TOKEN }}
    - name: Set up Node.js
-      uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
      with:
        node-version: 20
        cache: npm
@ -66,7 +66,7 @@ jobs:
    # Important: The push event will not trigger any other workflows, see
    # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
    - name: Commit & push changes
-      uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
+      uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
      with:
        commit_author: bot-githubaction <bot-githubaction@gradle.com>
        commit_user_name: bot-githubaction
--- a/.github/workflows/ci-validate-wrappers.yml
+++ b/.github/workflows/ci-validate-wrappers.yml
@ -12,6 +12,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
+      - uses: gradle/actions/wrapper-validation@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
        with:
          allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
--- a/.github/workflows/integ-test-inject-develocity.yml
+++ b/.github/workflows/integ-test-inject-develocity.yml
@ -30,7 +30,7 @@ jobs:
      matrix:
        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: ['3.16.2', '4.2.2']
+        plugin-version: ['3.16.2', '4.2']
        include:
          - java-version: 17
          - gradle: '8.14.3'
@ -43,7 +43,7 @@ jobs:
            java-version: 11
          - plugin-version: '3.16.2'
            accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
-          - plugin-version: '4.2.2'
+          - plugin-version: '4.2'
            accessKeyEnv: DEVELOCITY_ACCESS_KEY
    runs-on: ${{ matrix.os }}
    env:
@ -92,7 +92,7 @@ jobs:
      matrix:
        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: ['3.16.2', '4.2.2']
+        plugin-version: ['3.16.2', '4.2']
        include:
          - java-version: 17
          - gradle: '8.14.3'
@ -148,7 +148,7 @@ jobs:
      matrix:
        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ '3.16.2', '4.2.2' ]
+        plugin-version: [ '3.16.2', '4.2' ]
        include:
          - java-version: 17
          - gradle: '8.14.3'
@ -191,7 +191,7 @@ jobs:
      matrix:
        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ '3.16.2', '4.2.2' ]
+        plugin-version: [ '3.16.2', '4.2' ]
        include:
          - java-version: 17
          - gradle: '8.14.3'
--- a/.github/workflows/update-checksums-file.yml
+++ b/.github/workflows/update-checksums-file.yml
@ -22,7 +22,7 @@ jobs:
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Set up Node.js
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
        with:
          node-version: 20
          cache: npm
--- a/README.md
+++ b/README.md
@ -32,7 +32,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
    - name: Build with Gradle
      run: ./gradlew build
 ```
@ -70,7 +70,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
 ```
 See the [full action documentation](docs/dependency-submission.md) for more advanced usage scenarios.
@ -99,7 +99,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v5
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 See the [full action documentation](docs/wrapper-validation.md) for more advanced usage scenarios.
--- a/RELEASING.md
+++ b/RELEASING.md
@ -11,16 +11,16 @@
  - Note: The gradle actions follow the GitHub Actions convention of including a .0 patch number for the first release of a minor version, unlike the Gradle convention which omits the trailing .0.
 ## Release gradle/actions
- Create a tag for the release. The tag should have the format `v5.0.0`
+- Create a tag for the release. The tag should have the format `v4.1.0`
-  - From CLI: `git tag -s -m "v5.0.0" v5.0.0 && git push --tags`
+  - From CLI: `git tag -s -m "v4.1.0" v4.1.0 && git push --tags`
  - Note that we sign the tag and set the commit message for the tag to the newly released version.
 - Go to https://github.com/gradle/actions/releases and "Draft new release"
  - Use the newly created tag and copy the tag name exactly as the release title.
  - Craft release notes content based on issues closed, PRs merged and commits
  - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
 - Publish the release.
- Force push the `v5` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
+- Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
-  - From CLI: `git tag -f -s -a -m "v5.0.0" v5 v5.0.0 && git push -f --tags`
+  - From CLI: `git tag -f -s -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
  - Note that we sign the tag and set the commit message for the tag to the newly released version.
 ## Post release steps
--- a/dependency-submission/README.md
+++ b/dependency-submission/README.md
@ -29,7 +29,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
 ```
 See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios.
--- a/dist/dependency-submission/main/index.js
+++ b/dist/dependency-submission/main/index.js
--- a/dist/dependency-submission/main/index.js.map
+++ b/dist/dependency-submission/main/index.js.map
--- a/dist/dependency-submission/post/index.js
+++ b/dist/dependency-submission/post/index.js
--- a/dist/dependency-submission/post/index.js.map
+++ b/dist/dependency-submission/post/index.js.map
--- a/dist/setup-gradle/main/index.js
+++ b/dist/setup-gradle/main/index.js
--- a/dist/setup-gradle/main/index.js.map
+++ b/dist/setup-gradle/main/index.js.map
--- a/dist/setup-gradle/post/index.js
+++ b/dist/setup-gradle/post/index.js
--- a/dist/setup-gradle/post/index.js.map
+++ b/dist/setup-gradle/post/index.js.map
--- a/dist/wrapper-validation/main/index.js
+++ b/dist/wrapper-validation/main/index.js
--- a/docs/dependency-submission.md
+++ b/docs/dependency-submission.md
@ -43,7 +43,7 @@ jobs:
        java-version: 17
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
 ```
 ### Gradle execution
@ -68,7 +68,7 @@ Three input parameters are required, one to enable publishing and two more to ac
 ```yaml
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
      with:
        build-scan-publish: true
        build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
@ -83,7 +83,7 @@ In some cases, the default action configuration will not be sufficient, and addi
 ```yaml
    - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
      with:
        # Use a particular Gradle version instead of the configured wrapper.
        gradle-version: '8.6'
@ -130,7 +130,7 @@ To reduce storage costs for these artifacts, you can:
 ```yaml
    - name: Generate dependency graph but only store workflow artifacts for 1 day
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
      with:
        artifact-retention-days: 1 # Default is 30 days or as configured for repository
 ```
@ -139,7 +139,7 @@ To reduce storage costs for these artifacts, you can:
 ```yaml
    - name: Generate and submit dependency graph but do not store as workflow artifact
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
      with:
        dependency-graph: 'generate-and-submit' # Default value is 'generate-submit-and-upload'
 ```
@ -299,7 +299,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj
 ```yaml
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
      with:
        # Exclude all dependencies that originate solely in the 'buildSrc' project
        dependency-graph-exclude-projects: ':buildSrc'
@ -350,7 +350,7 @@ jobs:
        java-version: 17
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
 ```
 #### 2. Add a dedicated Dependency Review workflow
@ -412,7 +412,7 @@ jobs:
        java-version: 17
    - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
      with:
        dependency-graph: generate-and-upload
 ```
@ -435,7 +435,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Download and submit dependency graph
-      uses: gradle/actions/dependency-submission@v5
+      uses: gradle/actions/dependency-submission@v4
      with:
        dependency-graph: download-and-submit # Download saved dependency-graph and submit
 ```
--- a/docs/deprecation-upgrade-guide.md
+++ b/docs/deprecation-upgrade-guide.md
@ -20,7 +20,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/setup-gradle@v5
+    uses: gradle/actions/setup-gradle@v4
 ```
 ## The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation`
@ -40,7 +40,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/wrapper-validation@v5
+    uses: gradle/actions/wrapper-validation@v4
 ```
 ## Using the action to execute Gradle via the `arguments` parameter is deprecated
@ -82,7 +82,7 @@ The exact syntax depends on whether or not your project is configured with the [
 ```
 - name: Setup Gradle
-  uses: gradle/actions/setup-gradle@v5
+  uses: gradle/actions/setup-gradle@v4
 - name: Assemble the project
  run: ./gradlew assemble
@ -99,7 +99,7 @@ The exact syntax depends on whether or not your project is configured with the [
 ```
 - name: Setup Gradle for a non-wrapper project
-  uses: gradle/actions/setup-gradle@v5
+  uses: gradle/actions/setup-gradle@v4
  with:
    gradle-version: '8.11'
--- a/docs/setup-gradle.md
+++ b/docs/setup-gradle.md
@ -45,7 +45,7 @@ jobs:
        java-version: 17
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
    - name: Execute Gradle build
      run: ./gradlew build
@ -58,7 +58,7 @@ Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid havi
 ```yaml
 - name: Setup Gradle 8.10
-   uses: gradle/actions/setup-gradle@v5
+   uses: gradle/actions/setup-gradle@v4
   with:
     gradle-version: '8.10' # Quotes required to prevent YAML converting to number
  - name: Build with Gradle 8.10
@ -96,7 +96,7 @@ jobs:
        distribution: temurin
        java-version: 17
-    - uses: gradle/actions/setup-gradle@v5
+    - uses: gradle/actions/setup-gradle@v4
      id: setup-gradle
      with:
        gradle-version: release-candidate
@ -218,7 +218,7 @@ jobs:
        distribution: temurin
        java-version: 17
-    - uses: gradle/actions/setup-gradle@v5
+    - uses: gradle/actions/setup-gradle@v4
      with:
        gradle-version: '8.6'
        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
@ -472,7 +472,7 @@ jobs:
        java-version: 17
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        add-job-summary-as-pr-comment: 'on-failure' # Valid values are 'never' (default), 'always', and 'on-failure'
@ -509,7 +509,7 @@ jobs:
        java-version: 17
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
    - name: Run build with Gradle wrapper
      run: ./gradlew build --scan
@ -540,7 +540,7 @@ If you do not want wrapper-validation to occur automatically, you can disable it
 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        validate-wrappers: false
 ```
@ -552,7 +552,7 @@ These are not allowed by default.
 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        validate-wrappers: true
        allow-snapshot-wrappers: true
@ -617,7 +617,7 @@ jobs:
        java-version: 17
    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        dependency-graph: generate-and-submit
    - name: Run the usual CI build (dependency-graph will be generated and submitted post-job)
@ -644,7 +644,7 @@ graph cannot be generated or submitted. You can enable this behavior with the `d
 ```yaml
 # Ensure that the workflow Job will fail if the dependency graph cannot be submitted
- uses: gradle/actions/setup-gradle@v5
+- uses: gradle/actions/setup-gradle@v4
  with:
    dependency-graph: generate-and-submit
    dependency-graph-continue-on-failure: false
@ -669,7 +669,7 @@ jobs:
        java-version: 17
    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        dependency-graph: generate-and-submit
    - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
@ -699,7 +699,7 @@ jobs:
        java-version: 17
    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        dependency-graph: generate-and-submit
    - name: Build the app, generating a graph of dependencies required
@ -743,7 +743,7 @@ To publish to https://scans.gradle.com, you must specify in your workflow that y
 ```yaml
    - name: Setup Gradle to publish build scans
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        build-scan-publish: true
        build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service'
@ -765,7 +765,7 @@ The short-lived access token will then be used wherever a Develocity access key
 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} # Long-lived access key, visiblility is restricted to this step.
@ -783,7 +783,7 @@ To avoid this, use the `develocity-token-expiry` parameter to specify a differen
 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
        develocity-token-expiry: '8' # The number of hours that the access token should remain valid (max 24).
@ -805,7 +805,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
    # The build will automatically use a short-lived access token to authenticate with Develocity
    - name: Run a Gradle build that is configured to publish to Develocity.
@ -837,7 +837,7 @@ Here's a minimal example:
 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        develocity-injection-enabled: true
        develocity-url: 'https://develocity.your-server.com'
@ -847,14 +847,14 @@ Here's a minimal example:
      run: ./gradlew build
 ```
-This configuration will automatically apply `v4.2.2` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v4.2` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
      with:
        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
@ -905,7 +905,7 @@ Here's an example using the env vars:
 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
    - name: Run a Gradle build with Develocity injection enabled with environment variables
      run: ./gradlew build
--- a/docs/wrapper-validation.md
+++ b/docs/wrapper-validation.md
@ -50,7 +50,7 @@ We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/
 Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
 ```yaml
-uses: gradle/actions/wrapper-validation@v5
+uses: gradle/actions/wrapper-validation@v4
 ```
 This action step should precede any step using `gradle/gradle-build-action` or `gradle/actions/setup-gradle`.
@ -73,7 +73,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v5
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 ## Contributing to an external GitHub Repository
--- a/setup-gradle/README.md
+++ b/setup-gradle/README.md
@ -26,7 +26,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v5
+      uses: gradle/actions/setup-gradle@v4
    - name: Build with Gradle
      run: ./gradlew build
 ```
--- a/sources/src/develocity/build-scan.ts
+++ b/sources/src/develocity/build-scan.ts
@ -34,7 +34,7 @@ export async function setup(config: BuildScanConfig): Promise<void> {
    // except if they are defined in the configuration
    if (config.getBuildScanPublishEnabled()) {
        maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION', '4.2.2')
+        maybeExportVariable('DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION', '4.2')
        maybeExportVariable('DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION', '2.1')
        maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
        maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
--- a/sources/src/wrapper-validation/wrapper-checksums.json
+++ b/sources/src/wrapper-validation/wrapper-checksums.json
@ -1,12 +1,4 @@
 [
  {
    "version": "9.2.0-rc-2",
    "checksum": "423cb469ccc0ecc31f0e4e1c309976198ccb734cdcbb7029d4bda0f18f57e8d9"
  },
  {
    "version": "9.2.0-rc-1",
    "checksum": "423cb469ccc0ecc31f0e4e1c309976198ccb734cdcbb7029d4bda0f18f57e8d9"
  },
  {
    "version": "9.1.0",
    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
--- a/sources/test/init-scripts/settings.gradle
+++ b/sources/test/init-scripts/settings.gradle
@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "4.2.2"
+    id "com.gradle.develocity" version "4.2"
    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.4.0"
 }
--- a/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy
+++ b/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy
@ -16,7 +16,7 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 class BaseInitScriptTest extends Specification {
-    static final String DEVELOCITY_PLUGIN_VERSION = '4.2.2'
+    static final String DEVELOCITY_PLUGIN_VERSION = '4.2'
    static final String CCUD_PLUGIN_VERSION = '2.1'
    static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)
--- a/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy
+++ b/sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy
@ -248,7 +248,7 @@ task expectFailure {
        when:
        settingsFile.text = """
            plugins {
-                id 'com.gradle.develocity' version '4.2.2' apply(false)
+                id 'com.gradle.develocity' version '4.2' apply(false)
            }
            gradle.settingsEvaluated {
                apply plugin: 'com.gradle.develocity'
--- a/wrapper-validation/README.md
+++ b/wrapper-validation/README.md
@ -25,7 +25,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v5
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 See the [full action documentation](../docs/wrapper-validation.md) for more advanced usage scenarios.