ci(deps): bump actions/setup-java from 5.3.0 to 5.4.0

[dependabot]

Bumps actions/setup-java from 5.3.0 to 5.4.0.

Release notes

Sourced from actions/setup-java's releases.

v5.4.0

What's Changed

• Bump @​typescript-eslint/parser from 8.48.0 to 8.61.1 by @​dependabot[bot] in actions/setup-java#1021
• Fix codeql workflow permissions by @​jsoref in actions/setup-java#993
• fix CodeQL permissions by @​gdams in actions/setup-java#1025
• fix: reject non-semver candidate versions in isVersionSatisfies by @​sproctor in actions/setup-java#1009
• Bump @​actions/cache to 5.1.0, handle cache write denied by @​jasongin in actions/setup-java#1026
• Add Maven Wrapper cache feature by @​mahabaleshwars in actions/setup-java#1027
• Spelling by @​jsoref in actions/setup-java#713
• add link to advanced configuration for JetBrains by @​robstoll in actions/setup-java#850
• docs(action): fix missing required or default fields by @​kranthipoturaju in actions/setup-java#1007
• feat: add microsoft openjdk 17.0.18 by @​al-kau in actions/setup-java#1002
• Update README.md - use "alert syntax for Markdown" for notes by @​mhoffrog in actions/setup-java#924
• Bump undici from 6.24.1 to 6.27.0 by @​dependabot[bot] in actions/setup-java#1033
• Update contributor guide with emoji for clarity by @​brunoborges in actions/setup-java#1028
• add javac problem matcher by @​Trass3r in actions/setup-java#562
• Clarify README version syntax and migration guidance by @​brunoborges with @​Copilot in actions/setup-java#1038
• Update undici artifacts to 6.27.0 (license cache + dist) by @​brunoborges in actions/setup-java#1040
• docs: enhance custom jdk file installation by @​stephanabel in actions/setup-java#996
• Templates for new Java distributions by @​panticmilos in actions/setup-java#429
• Bump actions/checkout from 6 to 7 by @​dependabot[bot] in actions/setup-java#1032
• Bump @​types/node from 25.9.3 to 26.0.0 by @​dependabot[bot] in actions/setup-java#1031
• docs: replace non-existent HelloWorldApp references with java --version by @​brunoborges with @​Copilot in actions/setup-java#1043
• docs: add JavaFX Maven project configuration instructions by @​brunoborges with @​Copilot in actions/setup-java#1044
• docs: self-signed certificate / internal CA handling for GitHub Enterprise by @​brunoborges in actions/setup-java#1050
• docs: document importing an internal CA into the installed JDK (cacerts) by @​brunoborges in actions/setup-java#1051
• chore: Harden workflows: least-privilege permissions + zizmor integration by @​brunoborges in actions/setup-java#1039
• dist: Add GraalVM Community distribution support by @​brunoborges with @​Copilot in actions/setup-java#1042
• docs: note jdkfile approach for Early Access / unreleased JDK builds by @​brunoborges in actions/setup-java#1058
• dist: Apply Copilot review suggestions from PR #1042 (GraalVM Community) by @​brunoborges in actions/setup-java#1059

New Contributors

• @​jsoref made their first contribution in actions/setup-java#993
• @​sproctor made their first contribution in actions/setup-java#1009
• @​jasongin made their first contribution in actions/setup-java#1026
• @​robstoll made their first contribution in actions/setup-java#850
• @​kranthipoturaju made their first contribution in actions/setup-java#1007
• @​al-kau made their first contribution in actions/setup-java#1002
• @​mhoffrog made their first contribution in actions/setup-java#924
• @​brunoborges made their first contribution in actions/setup-java#1028
• @​Trass3r made their first contribution in actions/setup-java#562
• @​stephanabel made their first contribution in actions/setup-java#996

Full Changelog: actions/setup-java@v5...v5.4.0

Commits

• 1bcf9fb dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#...
• fa2c650 docs: note jdkfile approach for Early Access / unreleased JDK builds (#1058)
• 1d56e31 dist: Add GraalVM Community distribution support (#1042)
• 1d25252 chore: Harden workflows: least-privilege permissions + zizmor integration (#1...
• 668c1ea docs: add post-install keytool import for the JDK cacerts trust store (#1051)
• a9a46fb docs: document self-signed certificate / internal CA handling for GitHub Ente...
• 5431e71 docs: add JavaFX Maven project configuration instructions (#1044)
• 4baa9b4 docs: replace non-existent HelloWorldApp references with java --version (#1043)
• eab4b08 Bump @​types/node from 25.9.3 to 26.0.0 (#1031)
• bf0c0e6 Bump actions/checkout from 6 to 7 (#1032)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 04f9d44.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/setup-java	1bcf9fb12cf4aa7d266a90ae39939e61372fe520	🟢 5.6	Details Check Score Reason Code-Review 🟢 7 Found 14/19 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6

Scanned Files

• .github/workflows/maven.yml