build: bump the github-actions group with 2 updates

[dependabot]

Bumps the github-actions group with 2 updates: gradle/actions and actions/download-artifact.

Updates gradle/actions from 3.3.1 to 3.3.2

Release notes

Sourced from gradle/actions's releases.

v3.3.2

This patch release fixes a bug in both dependency-submission and setup-gradle (#196 introduced in v3.3.1), which resulted in "No dependency-graph files found to submit" when using the download-and-submit function. A number of other minor issues have also been addressed:

What's Changed

• [dependency-submission] Fix bug finding dependency-graph files with 'download-and-submit' (#199)
• [dependency-submission] Use Gradle logger instead of println in dependency graph init script (#191 from @​aleksandrserbin)
• [dependency-submission] Retain and log full stacktrace for dependency submission errors (#192)
• [setup-gradle] Improve build scan badge readability with long task names (#200 from @​gabrielfeo)

Full Changelog: gradle/actions@v3.3.1...v3.3.2

Commits

• db19848 [bot] Update dist directory
• 941b289 Avoid running Gradle 3.5.1 on MacOS where Java 8 is not available
• bce7dac Improve build scan badge readability with long tasks (#200)
• 11eaed9 Avoid Java 8 since it is not available on MacOS runners
• cd62d9c Improve job summary readability with long tasks
• a54fb6a Add tests on current job-summary behavior
• ef36f81 Fix typo in build shell script
• 18998bc [bot] Update dist directory
• a772c14 Avoid updating real dependency graph in tests
• 7763d71 Set the report dir for download-and-submit
• Additional commits viewable in compare view

Updates actions/download-artifact from 3 to 4

Release notes

Sourced from actions/download-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​bflad made their first contribution in actions/download-artifact#194

Full Changelog: actions/download-artifact@v3...v4.0.0

v3.0.2

• Bump @actions/artifact to v1.1.1 - actions/download-artifact#195
• Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet Migrate dev environment and workflows to node16  actions/toolkit#1278

v3.0.1

• Bump @​actions/core to 1.10.0

Commits

• 65a9edc Merge pull request #325 from bethanyj28/main
• fdd1595 licensed
• c13dba1 update @​actions/artifact dependency
• 0daa75e Merge pull request #324 from actions/eggyhead/use-artifact-v2.1.6
• 9c19ed7 Merge branch 'main' into eggyhead/use-artifact-v2.1.6
• 3d3ea87 updating license
• 89af5db updating artifact package v2.1.6
• b4aefff Merge pull request #323 from actions/eggyhead/update-artifact-v215
• 8caf195 package lock update
• d7a2ec4 updating package version
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[SylvainJuge]

While this looks ok to update, I really don't know what is the exact impact.

As written in https://github.com/elastic/observability-robots/issues/1970 both the upload and download have breaking changes, but I don't know if it's a problem here.

[v1v]

@dependabot ignore actions/download-artifact major version

[dependabot]

OK, I won't notify you about version 4.x.x of actions/download-artifact again, unless you unignore it.

[v1v]

download-artifact@v4 cannot be used as long as the upload-artifact@v3 is used in https://github.com/elastic/apm-pipeline-library/blob/0add8dd84257b1f07422ef9d622f4c5c3b4d1d98/.github/actions/buildkite/action.yml#L110-L111

We plan to bump to v4 in the future, but we have not planned when yet.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.