Bump advanced-security/maven-dependency-submission-action from 4 to 5 (#810)

Bumps
[advanced-security/maven-dependency-submission-action](https://github.com/advanced-security/maven-dependency-submission-action)
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/advanced-security/maven-dependency-submission-action/releases">advanced-security/maven-dependency-submission-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>Improved multi-module support</h2>
<p>This release improves multi-module support by reflecting which
<code>pom.xml</code> file brings in a particular dependency. Previously,
the dependencies were aggregated into the top-level <code>pom.xml</code>
file. If a given package is brought in via multiple modules, that
package will be reflected in all of the modules that reference it.</p>
<p>Because of this change in behavior, we've removed two configuration
options:</p>
<ul>
<li><code>snapshot-dependency-file-name</code>: no longer applicable
since we submit more than one manifest</li>
<li><code>snapshot-include-file-name</code>: this flag determined
whether the manifest object included the file path. It should always be
available and there's no reason to omit it, so we've removed the
flag.</li>
</ul>
<h2>v4.1.3</h2>
<p>The release bumps dependency versions to stay up-to-date.</p>
<h2>v4.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add cycle safety for transitive dependencies by <a
href="https://github.com/juxtin"><code>@​juxtin</code></a> in <a
href="https://redirect.github.com/advanced-security/maven-dependency-submission-action/pull/103">advanced-security/maven-dependency-submission-action#103</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/juxtin"><code>@​juxtin</code></a> made
their first contribution in <a
href="https://redirect.github.com/advanced-security/maven-dependency-submission-action/pull/103">advanced-security/maven-dependency-submission-action#103</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/advanced-security/maven-dependency-submission-action/compare/v4...v4.1.2">https://github.com/advanced-security/maven-dependency-submission-action/compare/v4...v4.1.2</a></p>
<h2>v4.1.1</h2>
<p>No release notes provided.</p>
<h2>v4.1.0</h2>
<ul>
<li>
<p>Adds the ability to change the detector details for the dependency
snapshots via the optional input parameters:</p>
<ul>
<li><code>detector-name</code></li>
<li><code>detector-url</code></li>
<li><code>detector-version</code></li>
</ul>
<p>If the <code>detector-name</code> is specified, then all three become
mandatory as there are no sensible defaults that can be attributed to
the values.</p>
</li>
</ul>
<h2>v4.0.3</h2>
<ul>
<li>
<p>Updating the build process and tooling for Node 20 support in the CLI
executables which were introduced when the dependency-submission-toolkit
transitioned in to an ESM module</p>
</li>
<li>
<p>Fixes <a
href="https://redirect.github.com/advanced-security/maven-dependency-submission-action/issues/69">#69</a>
<a
href="https://redirect.github.com/advanced-security/maven-dependency-submission-action/issues/61">#61</a></p>
</li>
</ul>
<h2>v4.0.2</h2>
<p>No release notes provided.</p>
<h2>v4.0.1</h2>
<ul>
<li>Updating branding for the marketplace</li>
<li>Utilizing rollup to build cli executables as the ESM module for the
<code>dependency-submission-toolkit</code> broke the <code>4.0.0</code>
<code>pkg</code> based executable builds.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/b275d12641ac2d2108b2cbb7598b154ad2f2cee8"><code>b275d12</code></a>
Merge pull request <a
href="https://redirect.github.com/advanced-security/maven-dependency-submission-action/issues/114">#114</a>
from advanced-security/contrib-5.0</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/bdc082b320e323d3eee1996fbd48f4298a90285a"><code>bdc082b</code></a>
Bump the tag mentioned in the contrib doc to v5</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/2c65a53e2403f092605bbb24ef1eb6f116718640"><code>2c65a53</code></a>
Merge pull request <a
href="https://redirect.github.com/advanced-security/maven-dependency-submission-action/issues/110">#110</a>
from advanced-security/juxtin/file-centric-manifests</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/aa342c187faea5309fe9451ac9de7b11414e9193"><code>aa342c1</code></a>
Merge branch 'main' into juxtin/file-centric-manifests</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/f86e5bfc17374fd77ffca5c7b255725235f3e0c2"><code>f86e5bf</code></a>
README updates for v5.0.0</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/69b8872e0974d2307213cfe8f6d0daf986afe0fe"><code>69b8872</code></a>
Update wording in error message</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/e11bd00d83496a714b06a73abc4a1da3a8211b13"><code>e11bd00</code></a>
Remove debug line</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/b737283803d98af561c0d8334669fece872dc166"><code>b737283</code></a>
Update version to 5.0.0 since this has breaking changes</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/3059e7f9fa9e599987fcbc44116c7e749b7d29f8"><code>3059e7f</code></a>
Minor tweaks</li>
<li><a
href="https://github.com/advanced-security/maven-dependency-submission-action/commit/06796b833daddb297829a2e2a9534bee0b97c123"><code>06796b8</code></a>
Do not aggregate manifest files in multi-module projects</li>
<li>See full diff in <a
href="https://github.com/advanced-security/maven-dependency-submission-action/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />

<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>

| Dependency Name | Ignore Conditions |
| --- | --- |
| advanced-security/maven-dependency-submission-action | [< 4.1, >
4.0.0] |
</details>


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=advanced-security/maven-dependency-submission-action&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/security.yml

@@ -24,4 +24,4 @@ jobs:
           java-version: 23
 
       - name: Submit Dependency Snapshot
-        uses: advanced-security/maven-dependency-submission-action@v4
+        uses: advanced-security/maven-dependency-submission-action@v5