1073 Commits

Author	SHA1	Message	Date
Mathias Fredriksson	aa6f301305	ci: add conventional commit PR title linting (#23096) ... Restore PR title validation that was removed in 828f33a when cdr-bot was expected to handle it. That bot has since been disabled. The new title job in contrib.yaml validates: - Conventional commit format (type(scope): description) - Type from the same set used by release notes generation - Scope validity derived from the changed files in the PR diff - All changed files fall under the declared scope Uses actions/github-script (no third-party marketplace actions). Also fixes feat(api) examples across docs (no api folder exists) and consolidates commit rules into CONTRIBUTING.md as the single source of truth.	2026-03-16 12:24:59 +02:00
Kyle Carberry	3d9628c27e	ci: split build artifacts into per-platform uploads (#23081) ... Splits the single `coder` artifact (containing all platforms in a 1.3GB zip) into individual artifacts per OS/arch/format. ## Problem All CI build artifacts are uploaded as a single artifact named `coder`, producing a 1.3GB zip containing every platform's binary. This makes it impossible to download a single platform's binary without pulling the entire bundle. ## Solution Upload each platform/format combination as a separate artifact: | Artifact Name | Contents | |---|---| | `coder-linux-amd64.tar.gz` | Linux amd64 tarball | | `coder-linux-amd64.deb` | Linux amd64 deb package | | `coder-linux-arm64.tar.gz` | Linux arm64 tarball | | `coder-linux-arm64.deb` | Linux arm64 deb package | | `coder-linux-armv7.tar.gz` | Linux armv7 tarball | | `coder-linux-armv7.deb` | Linux armv7 deb package | | `coder-windows-amd64.zip` | Windows amd64 zip | ## Plan This is the first step toward letting customers install directly from `main` via: ```bash curl -L https://coder.com/install.sh | sh -s -- --unsafe-unstable ``` GitHub Actions artifact downloads require authentication even for public repos, so the next steps are to add a small Cloudflare Worker (similar to the one we already have for `install.sh`) that: 1. Lists artifacts via the GitHub API (unauthenticated) to find the latest artifact ID for the requested platform 2. Calls the download endpoint with a GitHub token (CF Worker secret) to get a 302 redirect to a time-limited Azure Blob URL 3. Redirects the caller to that URL (which requires no auth) This gives us publicly accessible per-platform URLs that the `--unsafe-unstable` flag would point at. The worker doesn't proxy the binary itself — it only proxies the metadata API call (~1KB) and redirects for the actual download. This PR splits the artifacts so the worker can serve individual platform downloads (~200MB each) instead of forcing a 1.3GB bundle.	2026-03-15 09:56:18 -04:00
Dean Sheather	a2b8564c48	chore: update deploy to use EKS (#23084)	2026-03-16 00:55:09 +11:00
Spike Curtis	5745ff7912	test: log DERP debug in CI (#23041) ... related to: https://github.com/coder/internal/issues/1387 Sometimes our tests using DERP flake like the above, but we have no information at the DERP layer about why. This enables verbose DERP logging in CI. Logs are kinda spammy, but most tests do not force DERP and so only use it for discovery (disco). A test like TestWorkspaceAgentListeningPorts/OK_BlockDirect drops around 50 DERP packets e.g. ``` t.go:111: 2026-03-13 15:20:52.201 [debu] agent.net.tailnet.net.wgengine: magicsock: got derp-999 packet: "\x04\x00\x00\x00C}\xe0\xb9\x00\x00\x00\x00\x00\x00\x00\x00}\xae;l\xd9Hk8\xa8l\x1cK\xedO{狦)\x18NIw\xc4k\xd2-\x19\xbf\xfb\xdd\x17\xa9b\xac\xfd#\xf7\xcaC\xbe\vq(u=\xa7\x16\xe9\x9aLjS\x1fXL\x19y\xf4\x1dE%\xb3\xff\x9d:8\xa9\x95X\xfe\xf8\x95\x7f\x9dv$\f\xf4\xbe" t.go:111: 2026-03-13 15:20:52.201 [debu] agent.net.tailnet.net.wgengine: magicsock: got derp-999 packet: "\x04\x00\x00\x00C}\xe0\xb9\x01\x00\x00\x00\x00\x00\x00\x00\x05x\xb6RD;\xb4\x80\xb6\x0f\xf6KŠc\xfb1\xbd\x06\xb70K3\x97`\x8d\xd2\x14\xed\xc5\xd6\xc6\xcaV\xbf\x878\xb2Ƥ\xf0\xd5\xf7\xc0\x1b\x9f\x04Y\x03\x17\xd4\x06\xee\xb2G\r){\x9f\xde\xe0(\xb5N\xfejR_\xf6q\xa4\xfaT\x9a\xd8\xcbk\xba\x16K" t.go:111: 2026-03-13 15:20:52.201 [debu] agent.net.tailnet.net.wgengine: magicsock: got derp-999 packet: "\x04\x00\x00\x00C}\xe0\xb9\x02\x00\x00\x00\x00\x00\x00\x00\x1e\x93a\x15\xfev\x81'\xa9?\xe8nR\xce<\x91\x86\xcau@\xb9\xcfɩ\xef\xd1眓\x95\xf3*X^7\x99\x88\xb0|\x8cS\xe4@[\x16\xda\xca\xd4\xd9\x1dP\xd0\xfe\xd9r\x8c\xfcp~dP\xfaK\xe0\xf9y\xb2\x11\x15\xfe\xdcx鷽\xdeF\xf7\x92\xe8" ```	2026-03-13 12:50:39 -04:00
Mathias Fredriksson	c8079a5b8c	ci(docs): rewrite same-repo links to PR head SHA in linkspector (#22995) ... When a PR introduces new files and docs link to them via github.com/coder/coder/blob/main/..., linkspector returns 404 because the files don't exist on main yet. Add a step that, for PR events only, appends replacementPatterns to the linkspector config rewriting blob/main/ and tree/main/ URLs to use the PR's head commit SHA. Refs #22922	2026-03-12 17:45:40 +02:00
Atif Ali	a21f00d250	chore(ci): tighten permissions for AI workflows (#22471)	2026-03-10 16:43:36 +05:00
Atif Ali	e6983648aa	chore: add Linear release integration workflow (#22310)	2026-03-09 21:32:06 +05:00
Mathias Fredriksson	a96ec4c397	build: remove defunct test-postgres rule (#22839) ... The `test-postgres` Makefile rule was redundant — CI never used it (it runs `test-postgres-docker` + `make test` via the `test-go-pg` action), and `make test` auto-starts a Postgres Docker container when needed via `dbtestutil`. - Remove the `test-postgres` rule from Makefile - Update `pre-push` to run `test-postgres-docker` in the first phase (alongside gen/fmt) and `make test` in the second phase - Fix stale comments in CI workflows referencing `make test-postgres` - Remove redundant "Test Postgres" entries from docs since `make test` handles Postgres automatically	2026-03-09 16:24:40 +02:00
Ethan	51a627c107	ci: remove unnecessary brew install google-chrome from macOS CI (#22835) ... Closes https://github.com/coder/internal/issues/1391 ## Problem The `test-go-pg (macos-latest)` job hit its 25m timeout without ever running tests because `brew install google-chrome` stalled for 23+ minutes downloading from the Homebrew CDN: ``` ==> Fetching downloads for: google-chrome Error: The operation was canceled. ``` ## Why this is safe to remove `brew install google-chrome` was added in Oct 2023 (`70a4e56c0`) the day after chromedp was integrated into the scaletest/dashboard package (`1c48610d5`). At that time, `run.go` called `initChromeDPCtx` directly (hardcoded), so the unit test actually launched a real Chrome process. In Jun 2024, #13650 refactored this to accept a mock `InitChromeDPCtx` via the `Config` struct, and the test now passes a stub that never launches a browser. No test file in the repo references `chromedp` directly — the only test (`scaletest/dashboard/run_test.go`) fully mocks Chrome initialization. The `chromedp` Go library compiles fine without Chrome installed; it only needs the binary at runtime, and no test exercises that path. ## Impact - Removes a ~200MB+ download from every macOS CI run - Eliminates a fragile external dependency on Homebrew CDN availability - Saves several minutes per run even when the download succeeds _Generated with mux but reviewed by a human_	2026-03-10 00:07:35 +11:00
Mathias Fredriksson	a48e4a43e2	fix(Makefile): align test-race with CI configuration (#22727) ... Follow-up to #22705 (pre-commit/pre-push hooks). Unifies `test` and `test-race` into the same structure and lets CI call `make test-race` instead of reproducing the gotestsum command. **Parallelism**: Extracted from `GOTEST_FLAGS` into `TEST_PARALLEL_PACKAGES` / `TEST_PARALLEL_TESTS` (default 8x8). `test-race` overrides to 4x4 via target-specific Make variables. `TEST_NUM_PARALLEL_PACKAGES` and `TEST_NUM_PARALLEL_TESTS` env vars continue to work for both targets. **GOTEST_FLAGS**: Changed from simply-expanded (`:=`) to recursively-expanded (`=`) so target-specific overrides take effect at recipe time. **CI**: `.github/actions/test-go-pg/action.yaml` now calls `make test-race` / `make test` instead of hand-rolling the gotestsum command, eliminating drift between local and CI configurations. Refs #22705	2026-03-09 10:39:13 +00:00
Mathias Fredriksson	4c83a7021f	fix: update offlinedocs/next-env.d.ts to match Next.js 15 output (#22739) ... ## Problem `offlinedocs/next-env.d.ts` was committed with content from an older Next.js version. Next.js 15 rewrites this file on every `next build` with two changes: 1. Adds `/// <reference path="./.next/types/routes.d.ts" />` 2. Updates the docs URL from `basic-features/typescript` to `pages/api-reference/config/typescript` During `make pre-commit` / `make pre-push`, the `pnpm export` step triggers `next build`, which silently rewrites the file. The `check-unstaged` guard then detects the diff and fails. If the hook is interrupted, the regenerated file persists as an unstaged change, blocking subsequent commits/pushes. ## Fix Update the committed file to match what the current Next.js 15 produces, making the build idempotent.	2026-03-06 18:22:00 -05:00
Atif Ali	71ac4847cf	chore: remove needs-triage label from bug template (#22679) ... We now use Linear for Triaging <!-- If you have used AI to produce some or all of this PR, please ensure you have read our [AI Contribution guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING) before submitting. -->	2026-03-06 10:55:20 +00:00
Kyle Carberry	76076de1ca	feat(site): polish right panel tabs, diff stats, and file headers (#22636) ... Polishes the right panel UI introduced in #22633: <img width="3138" height="1596" alt="image" src="https://github.com/user-attachments/assets/d3947db0-6600-4469-b7e2-6eb80aadb7bc" /> Over 2k lines of this is just the Seti font definition. The file tree view isn't actually adjusting much, it's just a scroll helper. Soon I'll add a comment system so users can leave agents feedback directly from the code.	2026-03-05 07:38:49 -05:00
Mathias Fredriksson	a6a8fd94d7	build(Makefile): enable parallel make -j gen with correct dependency graph (#22612) ... `make gen` could not run with `-j` because inter-target dependency edges were missing. Multiple recipes compile `coderd/rbac` (which includes generated files like `object_gen.go`), and without explicit ordering, parallel runs produced syntax errors from mid-write reads. Three main changes: **Dependency graph fixes** declare the compile-time chain through `coderd/rbac` so that `object_gen.go` is written before anything that imports it is compiled. The DB generation targets use a GNU Make 4.3+ grouped target (`&:`) so Make knows `generate.sh` co-produces `querier.go`, `unique_constraint.go`, `dbmetrics`, and `dbauthz` in a single invocation. `SKIP_DUMP_SQL=1` avoids re-entrant `make` inside `generate.sh` when the Makefile already guarantees `dump.sql` is fresh. **`scripts/atomicwrite` package** replaces `os.WriteFile` in all gen scripts with a temp-file-in-same-dir + rename pattern, preventing interrupted runs from leaving partial files. **`.PRECIOUS` and shell atomic writes** protect git-tracked generated files from Make's default delete-on-error behavior. Since these files are committed, deletion is worse than staleness -- `git restore` is the recovery path. CI now runs `make -j --output-sync -B gen` (~32s, down from ~85s serial). | Scenario | Before | After | |-----------------------------------|--------------------|----------| | `make gen` (serial) | 95s | 95s | | `make -j gen` (parallel) | race error | **22s** | | CI `make -j --output-sync -B gen` | forced serial ~85s | **~32s** |	2026-03-05 11:58:10 +00:00
Ethan	e738ff5299	ci: remove dylib build pipeline (#22592) ... ## Summary The macOS `.dylib` is only used by Coder Desktop macOS v0.7.2 or older. v0.7.2 was released in August 2025. v0.8.0 of Coder Desktop macOS, also released in August 2025, uses a signed Coder slim binary from the deployment instead. It's unlikely customers will be using Coder Desktop macOS v0.7.2 and the next release of Coder simultaneously, so I think we can safely remove this process, given it slows down CI & release processes. ## Changes - **Makefile**: Remove `DYLIB_ARCHES`, `CODER_DYLIBS` variables and `build/coder-dylib` target - **scripts/build_go.sh**: Remove `--dylib` flag and all dylib-specific logic (c-shared buildmode, CGO, plist embedding, vpn/dylib entrypoint) - **scripts/sign_darwin.sh**: Remove dylib-specific comment - **CI (ci.yaml)**: Remove `build-dylib` job, artifact download/insert steps, and `build-dylib` dependency from `build` job - **Release (release.yaml)**: Remove `build-dylib` job, artifact download/insert steps, and `build-dylib` dependency from `release` job - **vpn/dylib/**: Delete entire directory (`lib.go` + `info.plist.tmpl`) - **vpn/router.go, vpn/dns.go**: Clean up comments referencing dylib The slim and fat binary builds are completely unaffected — the dylib was an independent build target with its own CI job. _Generated by mux but reviewed by a human_	2026-03-05 01:50:50 +11:00
Steven Masley	f6b4b7edab	ci: remove sqlc push to cloud (#22574) ... I left a vestigial piece, whooops	2026-03-03 14:49:00 -06:00
Steven Masley	8ea0c2f3bc	ci: remove ci action to push schema to sqlc cloud (#22572) ... SQLc cloud no longer exists	2026-03-03 14:21:07 -06:00
Andrew Aquino	ef2e408c0c	chore: add GitHub Action to build+deploy coder.com whenever docs paths change (#22283) ... ## problem Fixes an issue where updates to docs resulted in docs links returning HTTP 404, sometimes taking 4-12 hours before returning HTTP 200 (OK). coder.com is deployed to Vercel from a separate Next.js repo, which has no knowledge of when docs pages in this repo get updated. ### examples (non-exhaustive) PR | 404 description ---|--- #19625 | URL for https://coder.com/docs/install/offline was updated to https://coder.com/docs/install/airgap, but the latter returned 404 for 3 hr 56 min after the PR was merged #21434 | URLs https://coder.com/docs/ai-coder/nsjail and https://coder.com/docs/ai-coder/landjail were added, but both paths 404ed for 1 hr 30 min after the PR was merged. Note that these paths have changed since then--don't be alarmed if clicking those links returns 404s while reviewing this PR #21708 | URL https://coder.com/docs/ai-coder/boundary/agent-boundary was added, but it returned 404 for 1 hr 19 min after the PR was merged ## solution All 3 PRs listed above modify manifest.json. This file is fetched during coder.com's `getStaticPaths` for docs pages, defining which docs URLs get statically generated at build time. In the latter 2 cases, the 404s were resolved by manually triggering a redeploy of coder.com in the Vercel dashboard. The new CI workflow in this PR automatically triggers a Vercel deploy hook ([see docs](https://vercel.com/docs/deploy-hooks#triggering-a-deploy-hook)) with a POST request that runs whenever commits are pushed to main that modify manifest.json. The deploy hook initiates a new build+deploy of the coder.com Next.js app, which reruns `getStaticPaths`, updating docs pages' URLs. **Note:** I have not tested this workflow yet. I will verify that it works after this PR is merged. I confirmed in a local terminal that the webhook URL does successfully initiate a new Vercel build. I also tested with a malformed URL and received error JSON output, so if the action fails for some reason, we should see error output in the workflow logs ([example](https://github.com/coder/coder/actions/runs/22361453442/job/64722503802)).	2026-03-03 00:38:49 -08:00
Zach	2b9baffdcb	chore: update setup-go action to fix Go download failures (#22306) ... setup-go has been sporadically failing to download Go, and we were advised by a member of the Go team that downloading Go from `storage.googleapis.com` is not guaranteed (which is what setup-go <= v5.6.0 does). Also remove the use-preinstalled-go optimization for Windows runners. setup-go v6 sets GOTOOLCHAIN=local, which prevents the pre-installed Go from auto-downloading the toolchain specified in go.mod. The windows optimization with v5 relied on GOTOOLCHAIN=auto. setup-go uses the runner cache, which is a different caching path but should serve the same purpose.	2026-02-27 08:43:53 -07:00
dependabot[bot]	89301f62c5	ci: bump actions/stale from 10.1.1 to 10.2.0 in the github-actions group (#22254) ... Bumps the github-actions group with 1 update: [actions/stale](https://github.com/actions/stale). Updates `actions/stale` from 10.1.1 to 10.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.2.0</h2> <h2>What's Changed</h2> <h3>Bug Fix</h3> <ul> <li>Fix checking state cache (fix <a href="https://redirect.github.com/actions/stale/issues/1136">#1136</a>) and switch to Octokit helper methods by <a href="https://github.com/itchyny"><code>@​itchyny</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1152">actions/stale#1152</a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Upgrade js-yaml from 4.1.0 to 4.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1304">actions/stale#1304</a></li> <li>Upgrade lodash from 4.17.21 to 4.17.23 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1313">actions/stale#1313</a></li> <li>Upgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0 by <a href="https://github.com/chiranjib-swain"><code>@​chiranjib-swain</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1312">actions/stale#1312</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/itchyny"><code>@​itchyny</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1152">actions/stale#1152</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v10...v10.2.0">https://github.com/actions/stale/compare/v10...v10.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/b5d41d4e1d5dceea10e7104786b73624c18a190f"><code>b5d41d4</code></a> build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (<a href="https://redirect.github.com/actions/stale/issues/1313">#1313</a>)</li> <li><a href="https://github.com/actions/stale/commit/dcd2b9469d2220b7e8d08aedc00c105d277fd46b"><code>dcd2b94</code></a> Fix punycode and url.parse Deprecation Warnings (<a href="https://redirect.github.com/actions/stale/issues/1312">#1312</a>)</li> <li><a href="https://github.com/actions/stale/commit/d6f8a33132340b15a7006f552936e4b9b39c00ec"><code>d6f8a33</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/actions/stale/issues/1304">#1304</a>)</li> <li><a href="https://github.com/actions/stale/commit/a21a0816299b11691f9592ef0d63d08e02f06d9d"><code>a21a081</code></a> Fix checking state cache (fix <a href="https://redirect.github.com/actions/stale/issues/1136">#1136</a>), also switch to octokit methods (<a href="https://redirect.github.com/actions/stale/issues/1152">#1152</a>)</li> <li>See full diff in <a href="https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-23 13:00:46 +00:00
Lukasz	9bbe3c6af9	chore: update trivy-action to v0.34.0 (#22216) ... Update trivy-action to v0.34.0.	2026-02-20 12:27:44 +01:00
Yevhenii Shcherbina	dcdca814d6	chore: fix pty-max-limit flake (#22147) ... ### Notes - Closes https://github.com/coder/internal/issues/558 - I closed previous attempt with `ptySemaphore`: https://github.com/coder/coder/pull/21981 - We can consider implementing the retries proposed by Spike in: https://github.com/coder/coder/pull/21981#pullrequestreview-3783200423, if increasing the limit isn’t enough. - I looked into Datadog — this particular test doesn’t seem very flaky right now. It failed once in the Nightly gauntlet (3 weeks ago), but it hasn’t failed again in the last 3 months (at least I couldn’t find any other failures in Datadog). ## Fix PTY exhaustion flake on macOS CI ### Problem macOS CI runners were experiencing PTY exhaustion during test runs, causing flakes. The default PTY limit on macOS is 511, which can be insufficient when running parallel tests. ### Solution Added a CI step to increase the PTY limit on macOS runners from the default 511 to the maximum allowed value of 999 before running tests. ### Changes - Added `Increase PTY limit (macOS)` step in `.github/workflows/ci.yaml` - Sets `kern.tty.ptmx_max=999` using `sysctl` (maximum value on our CI runners) - Runs only on macOS runners before the test-go-pg action	2026-02-18 08:38:35 -05:00
Lukasz	4c0c621f2a	chore: bump bundled terraform to 1.14.5 (#22167) ... Description: This PR updates the bundled Terraform binary and related version pins from 1.14.1 to 1.14.5 (base image, installer fallback, and CI/test fixtures). Terraform is statically built with an embedded Go runtime. Moving to 1.14.5 updates the embedded toolchain and is intended to address Go stdlib CVEs reported by security scanning. Notes: - Change is version-only; no functional Coder logic changes. - Backport-friendly: intended to be cherry-picked to release branches after merge.	2026-02-18 12:18:38 +01:00
Jon Ayers	e82edf1b6b	chore: update Go from 1.25.6 to 1.25.7 (#22042)	2026-02-17 22:31:20 -06:00
dependabot[bot]	06cfe2705a	ci: bump the github-actions group with 3 updates (#22125) ... Bumps the github-actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [depot/setup-action](https://github.com/depot/setup-action) and [depot/build-push-action](https://github.com/depot/build-push-action). Updates `step-security/harden-runner` from 2.14.1 to 2.14.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.2</h2> <h2>What's Changed</h2> <p>Security fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See <a href="https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq">GHSA-cpmj-h4f6-r6pq</a> for details.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2">https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/5ef0c079ce82195b2a36a210272d6b661572d83e"><code>5ef0c07</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/635">#635</a> from step-security/rc-34</li> <li><a href="https://github.com/step-security/harden-runner/commit/eb43c7b3fd5a30c42ff1ab84b494f1cc6c7cc3b6"><code>eb43c7b</code></a> update agent</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...5ef0c079ce82195b2a36a210272d6b661572d83e">compare view</a></li> </ul> </details> <br /> Updates `depot/setup-action` from 1.6.0 to 1.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/depot/setup-action/releases">depot/setup-action's releases</a>.</em></p> <blockquote> <h2>v1.7.1</h2> <h2>What's Changed</h2> <ul> <li>Update release workflow to ubuntu-latest (<a href="https://redirect.github.com/depot/setup-action/issues/19">#19</a>) <a href="https://github.com/jacobwgillespie"><code>@​jacobwgillespie</code></a></li> </ul> <h2>v1.7.0</h2> <h2>What's Changed</h2> <ul> <li>chore: update node to v24 (<a href="https://redirect.github.com/depot/setup-action/issues/18">#18</a>) <a href="https://github.com/WitoDelnat"><code>@​WitoDelnat</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/depot/setup-action/commit/15c09a5f77a0840ad4bce955686522a257853461"><code>15c09a5</code></a> Merge pull request <a href="https://redirect.github.com/depot/setup-action/issues/19">#19</a> from depot/jacobwgillespie-patch-1</li> <li><a href="https://github.com/depot/setup-action/commit/3194a53ed0aa42e00bc88f2411ab49d3f60219ba"><code>3194a53</code></a> Update release workflow to ubuntu-latest</li> <li><a href="https://github.com/depot/setup-action/commit/c0b08c3ba30137f89e75961508b587484558ff0f"><code>c0b08c3</code></a> Merge pull request <a href="https://redirect.github.com/depot/setup-action/issues/18">#18</a> from depot/wito/dep-2955-update-our-actions-to-use-nod...</li> <li><a href="https://github.com/depot/setup-action/commit/23e67ebf8b5a313459580616cd34c7787607ac86"><code>23e67eb</code></a> chore: update action dependencies</li> <li><a href="https://github.com/depot/setup-action/commit/0886069e678860faf0d22c46e9f154d35beaa529"><code>0886069</code></a> chore: update node to v24</li> <li>See full diff in <a href="https://github.com/depot/setup-action/compare/b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5...15c09a5f77a0840ad4bce955686522a257853461">compare view</a></li> </ul> </details> <br /> Updates `depot/build-push-action` from 1.16.2 to 1.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/depot/build-push-action/releases">depot/build-push-action's releases</a>.</em></p> <blockquote> <h2>v1.17.0</h2> <h2>What's Changed</h2> <ul> <li>chore: update node to v24 (<a href="https://redirect.github.com/depot/build-push-action/issues/46">#46</a>) <a href="https://github.com/WitoDelnat"><code>@​WitoDelnat</code></a></li> <li>Fix typo (<a href="https://redirect.github.com/depot/build-push-action/issues/45">#45</a>) <a href="https://github.com/gavrie"><code>@​gavrie</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/depot/build-push-action/commit/5f3b3c2e5a00f0093de47f657aeaefcedff27d18"><code>5f3b3c2</code></a> Merge pull request <a href="https://redirect.github.com/depot/build-push-action/issues/46">#46</a> from depot/wito/dep-2955-update-our-actions-to-use-nod...</li> <li><a href="https://github.com/depot/build-push-action/commit/1c8a5de5bf842e36234a9f65b76b66173541193f"><code>1c8a5de</code></a> chore: update actions dependency</li> <li><a href="https://github.com/depot/build-push-action/commit/88deb2d202089ac6bada8368187086a1d5cb6daa"><code>88deb2d</code></a> chore: update node to v24</li> <li><a href="https://github.com/depot/build-push-action/commit/eb4edcff909a80720d31732b633e4691b0c7cf02"><code>eb4edcf</code></a> Merge pull request <a href="https://redirect.github.com/depot/build-push-action/issues/45">#45</a> from gavrie/fix-typo</li> <li><a href="https://github.com/depot/build-push-action/commit/b7a09de6c74816aaa562b09c2d4082c63c68629a"><code>b7a09de</code></a> Fix typo</li> <li>See full diff in <a href="https://github.com/depot/build-push-action/compare/9785b135c3c76c33db102e45be96a25ab55cd507...5f3b3c2e5a00f0093de47f657aeaefcedff27d18">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-16 13:24:16 +00:00
dependabot[bot]	19d24075da	ci: bump the github-actions group with 4 updates (#22010) ... Bumps the github-actions group with 4 updates: [actions/cache](https://github.com/actions/cache), [docker/login-action](https://github.com/docker/login-action), [actions/attest](https://github.com/actions/attest) and [nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action). Updates `actions/cache` from 5.0.2 to 5.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.3</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.3">https://github.com/actions/cache/compare/v5...v5.0.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE]<br /> Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306"><code>cdf6c1f</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1695">#1695</a> from actions/Link-/prepare-5.0.3</li> <li><a href="https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d"><code>a1bee22</code></a> Add review for the <code>@​actions/http-client</code> license</li> <li><a href="https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f"><code>4695763</code></a> Add licensed output</li> <li><a href="https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502"><code>dc73bb9</code></a> Upgrade dependencies and address security warnings</li> <li><a href="https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a"><code>345d5c2</code></a> Add 5.0.3 builds</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/8b402f58fbc84540c8b491a91e594a4576fec3d7...cdf6c1fa76f9f475f3d7449005a359c84ca0f306">compare view</a></li> </ul> </details> <br /> Updates `docker/login-action` from 3.6.0 to 3.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Add <code>scope</code> input to set scopes for the authentication token by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/912">docker/login-action#912</a></li> <li>Add support for AWS European Sovereign Cloud ECR by <a href="https://github.com/dphi"><code>@​dphi</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/914">docker/login-action#914</a></li> <li>Ensure passwords are redacted with <code>registry-auth</code> input by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/911">docker/login-action#911</a></li> <li>build(deps): bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/login-action/pull/915">docker/login-action#915</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.6.0...v3.7.0">https://github.com/docker/login-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/c94ce9fb468520275223c153574b00df6fe4bcc9"><code>c94ce9f</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/915">#915</a> from docker/dependabot/npm_and_yarn/lodash-4.17.23</li> <li><a href="https://github.com/docker/login-action/commit/8339c958ce8511f38d0c474c1886a87c802bf1ef"><code>8339c95</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/912">#912</a> from docker/scope</li> <li><a href="https://github.com/docker/login-action/commit/c83e9320c8beb50b77dd007c46d5c8161f0cac4a"><code>c83e932</code></a> build(deps): bump lodash from 4.17.21 to 4.17.23</li> <li><a href="https://github.com/docker/login-action/commit/b268aa57e39ff0a5386d2fd1eded4e2e1d60d705"><code>b268aa5</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/a60322927812ddc99316dd6252b4fba6d8f09ac1"><code>a603229</code></a> documentation for scope input</li> <li><a href="https://github.com/docker/login-action/commit/7567f92a74b2639be1bd8bc932a112a0d81283da"><code>7567f92</code></a> Add scope input to set scopes for the authentication token</li> <li><a href="https://github.com/docker/login-action/commit/0567fa5ae8c9a197cb207537dc5cbb43ca3d803f"><code>0567fa5</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/914">#914</a> from dphi/add-support-for-amazonaws.eu</li> <li><a href="https://github.com/docker/login-action/commit/f6ef57754547a85003a0e18f789be661346d4a6e"><code>f6ef577</code></a> feat: add support for AWS European Sovereign Cloud ECR registries</li> <li><a href="https://github.com/docker/login-action/commit/916386b00027d425839f8da46d302dab33f5875b"><code>916386b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/911">#911</a> from crazy-max/ensure-redact</li> <li><a href="https://github.com/docker/login-action/commit/5b3f94a294ea5478af3af437baa6ad0d3dcd04fd"><code>5b3f94a</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/5e57cd118135c172c3672efd75eb46360885c0ef...c94ce9fb468520275223c153574b00df6fe4bcc9">compare view</a></li> </ul> </details> <br /> Updates `actions/attest` from 3.1.0 to 3.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/attest/releases">actions/attest's releases</a>.</em></p> <blockquote> <h2>v3.2.0</h2> <h2>What's Changed</h2> <ul> <li>Bump the npm-development group with 3 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/320">actions/attest#320</a></li> <li>Validate repository org-ownership before storage record creation by <a href="https://github.com/malancas"><code>@​malancas</code></a> in <a href="https://redirect.github.com/actions/attest/pull/328">actions/attest#328</a></li> <li>Update version to 3.2.0 by <a href="https://github.com/malancas"><code>@​malancas</code></a> in <a href="https://redirect.github.com/actions/attest/pull/334">actions/attest#334</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest/compare/v3.1.0...v3.2.0">https://github.com/actions/attest/compare/v3.1.0...v3.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/attest/commit/e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d"><code>e59cbc1</code></a> Update version to 3.2.0 (<a href="https://redirect.github.com/actions/attest/issues/334">#334</a>)</li> <li><a href="https://github.com/actions/attest/commit/20eb46ce7aac0a8d0fb0ba74463460bff36cc0bd"><code>20eb46c</code></a> Validate repository org-ownership before storage record creation (<a href="https://redirect.github.com/actions/attest/issues/328">#328</a>)</li> <li><a href="https://github.com/actions/attest/commit/7433fa7e7a4d4084bbd71358379fa9b45ce9d4d7"><code>7433fa7</code></a> Update <code>undici</code> development dependency to the latest version (<a href="https://redirect.github.com/actions/attest/issues/332">#332</a>)</li> <li><a href="https://github.com/actions/attest/commit/c03bf4160d4018cb293f5dcbf204e47c1b2808e1"><code>c03bf41</code></a> Bump the npm-development group with 3 updates (<a href="https://redirect.github.com/actions/attest/issues/320">#320</a>)</li> <li>See full diff in <a href="https://github.com/actions/attest/compare/7667f588f2f73a90cea6c7ac70e78266c4f76616...e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d">compare view</a></li> </ul> </details> <br /> Updates `nix-community/cache-nix-action` from 7.0.1 to 7.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nix-community/cache-nix-action/releases">nix-community/cache-nix-action's releases</a>.</em></p> <blockquote> <h2>v7.0.2</h2> <h2>What's Changed</h2> <h2>Fixed</h2> <ul> <li>Fix: Nix versions under <code>v2.33</code> not supported by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/295">nix-community/cache-nix-action#295</a></li> <li>Use a more precise check by <a href="https://github.com/deemp"><code>@​deemp</code></a> in 47869c4cbb023c803424e7311f07a744a2d66296</li> </ul> <h2>Changed (deps)</h2> <!-- raw HTML omitted --> <ul> <li>chore(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code> from 8.53.0 to 8.53.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/284">nix-community/cache-nix-action#284</a></li> <li>chore(deps): bump DeterminateSystems/determinate-nix-action from 3.15.1 to 3.15.2 in the minor-actions-dependencies group by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/288">nix-community/cache-nix-action#288</a></li> <li>chore(deps-dev): bump eslint-config-love from 144.0.0 to 147.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/287">nix-community/cache-nix-action#287</a></li> <li>chore(deps-dev): bump prettier from 3.8.0 to 3.8.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/286">nix-community/cache-nix-action#286</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/parser</code> from 8.53.1 to 8.54.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/290">nix-community/cache-nix-action#290</a></li> <li>chore(deps): bump <code>@​actions/github</code> from 7.0.0 to 8.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/291">nix-community/cache-nix-action#291</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code> from 8.53.1 to 8.54.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/289">nix-community/cache-nix-action#289</a></li> <li>chore(deps-dev): bump eslint-config-love from 147.0.0 to 149.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/294">nix-community/cache-nix-action#294</a></li> </ul> <!-- raw HTML omitted --> <p><strong>Full Changelog</strong>: <a href="https://github.com/nix-community/cache-nix-action/compare/v7...v7.0.2">https://github.com/nix-community/cache-nix-action/compare/v7...v7.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nix-community/cache-nix-action/commit/7df957e333c1e5da7721f60227dbba6d06080569"><code>7df957e</code></a> chore: build the action</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/47869c4cbb023c803424e7311f07a744a2d66296"><code>47869c4</code></a> fix(action): use a more precise check</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/eca69c462eda8455304862773d53bfe08a7c1fad"><code>eca69c4</code></a> Merge pull request <a href="https://redirect.github.com/nix-community/cache-nix-action/issues/295">#295</a> from nix-community/nix-versions-under-v233-not-supported</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/b6fd2e3f7b9992c952409248b26c3806976ca922"><code>b6fd2e3</code></a> feat(ci): add test with Nix version &lt;2.33</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/ddd9cbc8ee25d0dbd64bc7bf380398d810fedcc0"><code>ddd9cbc</code></a> fix(ci): bump action version</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/922e9060c19ec2c406a055d4255ec1760e0af798"><code>922e906</code></a> chore: build the action</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/4038f94ae961f71f156295e34fc27af3846cb555"><code>4038f94</code></a> refactor(action): rename constants for command results</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/dfde4d35b86aa2875e5829cfc8b6c2d4c203ab9b"><code>dfde4d3</code></a> fix(action): choose command based on the Nix version</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/4b2dd9ec99b6d72fad66eeff381bc94d20d7207d"><code>4b2dd9e</code></a> Merge pull request <a href="https://redirect.github.com/nix-community/cache-nix-action/issues/294">#294</a> from nix-community/dependabot/npm_and_yarn/eslint-con...</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/273d1a77100543feec627c2bdd09b6c7060b88ab"><code>273d1a7</code></a> chore(deps-dev): bump eslint-config-love from 147.0.0 to 149.0.0</li> <li>Additional commits viewable in <a href="https://github.com/nix-community/cache-nix-action/compare/106bba72ed8e29c8357661199511ef07790175e9...7df957e333c1e5da7721f60227dbba6d06080569">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-09 13:35:13 +00:00
Dean Sheather	d3036d569e	chore: only run lint-actions job on CI changes (#21999) ... It was split to reduce flaking, but still always ran on `main` anyways	2026-02-09 05:31:17 +00:00
DevCats	a5bc0eb37d	fix: limit doc-check comments by restricting to one sticky comment and updating logic (#21933) ... This pull request updates the documentation review workflow in `.github/workflows/doc-check.yaml` to improve clarity and introduce sticky comment logic for doc-check reviews. The changes focus on refining the review context messages and providing detailed instructions for updating existing doc-check comments, ensuring more consistent and actionable documentation feedback. **Workflow message and prompt improvements:** * Refined the context messages for different PR trigger types to be clearer and less repetitive, making instructions more concise for the agent. **Sticky comment logic and instructions:** * Updated the task prompt to instruct the agent to look for an existing doc-check comment containing `<!-- doc-check-sticky -->` and update it instead of creating a new one, supporting more efficient and organized review threads. * Added detailed instructions for how to update sticky comments, including checking off addressed items, striking through items no longer needed, adding new items, and warning if changes can't be verified. * Modified the comment format example to include sticky comment conventions, such as strikethrough for reverted items, checkboxes for addressed items, and warnings for unverifiable documentation changes. * Ensured the `<!-- doc-check-sticky -->` marker is placed at the end of the comment for easier identification and updates in future runs.	2026-02-06 09:26:31 -06:00
Ethan	dc633e22a3	ci: add setup-gnu-tools action for macOS runners (#21938) ... macOS runners lack GNU toolchain dependencies (bash 4+, GNU getopt, make 4+) required by `scripts/lib.sh`. When any script sources `lib.sh`, it checks for these dependencies and fails if they're missing. This caused consistent failures in the `test-go-pg (macos-latest)` job in `nightly-gauntlet.yaml`, which didn't have the GNU tools setup that `ci.yaml` had. Commit 9a417df ("ci: add retry logic for Go module operations") added a macOS GNU tools step to `ci.yaml`, but `nightly-gauntlet.yaml` was not updated. This PR adds a reusable `setup-gnu-tools` action and uses it consistently across all workflows with macOS jobs, replacing the inline brew install steps. Closes https://github.com/coder/internal/issues/1133	2026-02-05 05:06:10 +00:00
Danny Kopping	29b1aea736	chore: make AI code review opt-in (#21883) ... The comments generated are too noisy and not of sufficiently high signal that we should automatically opt every PR in. This PR moves the trigger to the `code-review` label _only_. Signed-off-by: Danny Kopping <danny@coder.com>	2026-02-04 17:23:23 +02:00
Dean Sheather	b8b8387b27	chore: allow blinkagent[bot] to bypass CLA check (#21872)	2026-02-03 03:03:51 +00:00
DevCats	885aeed91b	feat: add code-review skill and align workflow with doc-check (#21668) ... This pull request adds a new documentation file that defines the "code-review" skill for use in the project. The document outlines a standard workflow, severity levels, key areas to focus on during code reviews, and Coder-specific review guidelines. This aims to standardize and improve the quality and consistency of code reviews across the team. Documentation and process standardization: * Added `.claude/skills/code-review/SKILL.md`, which describes the code-review skill, including workflow steps, severity levels, what to look for in reviews, and what not to comment on. It also provides Coder-specific patterns and best practices for authorization, error handling, and shell scripting.	2026-02-02 17:49:45 +00:00
dependabot[bot]	1276b9d9b7	ci: bump the github-actions group with 2 updates (#21846) ... [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [actions/setup-java](https://github.com/actions/setup-java). Updates `step-security/harden-runner` from 2.14.0 to 2.14.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.1</h2> <h2>What's Changed</h2> <ol> <li> <p>In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.</p> </li> <li> <p>Fixed npm audit vulnerabilities</p> </li> </ol> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1">https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/e3f713f2d8f53843e71c69a996d56f51aa9adfb9"><code>e3f713f</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/631">#631</a> from step-security/rc-31</li> <li><a href="https://github.com/step-security/harden-runner/commit/423acdda6fd4f75f197b7c305a3f2e3d700dc00b"><code>423acdd</code></a> chore: fix npm audit vulnerabilities</li> <li><a href="https://github.com/step-security/harden-runner/commit/0ddb86cf0353b79dbed5bb8cef4103700cea70a7"><code>0ddb86c</code></a> update agent</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...e3f713f2d8f53843e71c69a996d56f51aa9adfb9">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-java` from 5.1.0 to 5.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-java/releases">actions/setup-java's releases</a>.</em></p> <blockquote> <h2>v5.2.0</h2> <h2>What's Changed</h2> <h3>Enhancement</h3> <ul> <li>Retry on HTTP 522 Connection timed out by <a href="https://github.com/findepi"><code>@​findepi</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/964">actions/setup-java#964</a></li> </ul> <h3>Documentation Changes</h3> <ul> <li>Update gradle caching by <a href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/972">actions/setup-java#972</a></li> <li>Update checkout to v6 by <a href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/973">actions/setup-java#973</a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Upgrade <code>@​actions/cache</code> to v5 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/968">actions/setup-java#968</a></li> <li>Upgrade actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/961">actions/setup-java#961</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/findepi"><code>@​findepi</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-java/pull/964">actions/setup-java#964</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-java/compare/v5...v5.2.0">https://github.com/actions/setup-java/compare/v5...v5.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-java/commit/be666c2fcd27ec809703dec50e508c2fdc7f6654"><code>be666c2</code></a> Chore: Version Update and Checkout Update to v6 (<a href="https://redirect.github.com/actions/setup-java/issues/973">#973</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/f7a6fefba97e80156950e16f2a9dafc8579b7d05"><code>f7a6fef</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/actions/setup-java/issues/961">#961</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/d81c4e45f3ac973cc936d79104023e20054ba578"><code>d81c4e4</code></a> Upgrade <code>@​actions/cache</code> to v5 (<a href="https://redirect.github.com/actions/setup-java/issues/968">#968</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/1b1bbe1085cb6ab21b5b19b7bebc091a9430026a"><code>1b1bbe1</code></a> readme update (<a href="https://redirect.github.com/actions/setup-java/issues/972">#972</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/5d7b2146334bacf88728daaa70414a99f5164e0f"><code>5d7b214</code></a> Retry on HTTP 522 Connection timed out (<a href="https://redirect.github.com/actions/setup-java/issues/964">#964</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-java/compare/f2beeb24e141e01a676f977032f5a29d81c9e27e...be666c2fcd27ec809703dec50e508c2fdc7f6654">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-02 13:53:07 +00:00
Dean Sheather	bcc57632dd	ci: split lint-actions into separate job to reduce flakes (#21834) ... ## Summary The `lint/actions/zizmor` target flakes in CI due to network connectivity issues when running on depot runners (https://github.com/coder/internal/issues/1233). The zizmor tool needs to reach GitHub's API but intermittently fails with "Connection refused" errors. ## Changes - Creates a new `lint-actions` CI job that only runs when `.github/**` files are touched (using existing `ci` filter) - Removes zizmor from the main `lint` job - Uses a Makefile conditional to include actionlint in `make lint` locally but skip it in CI (where `lint-actions` handles it) This reduces unnecessary flake exposure for PRs that don't modify GitHub Actions files. ## Testing - `actionlint` passes on the modified ci.yaml - Verified Makefile conditional works: actionlint included locally, skipped when `CI=true` Fixes https://github.com/coder/internal/issues/1233	2026-02-03 00:32:09 +11:00
Kacper Sawicki	9a417df940	ci: add retry logic for Go module operations (#21609) ... ## Description Add exponential backoff retries to all `go install` and `go mod download` commands across CI workflows and actions. ## Why Fixes [coder/internal#1276](https://github.com/coder/internal/issues/1276) - CI fails when `sum.golang.org` returns 500 errors during Go module verification. This is an infrastructure-level flake that can't be controlled. ## Changes - Created `.github/scripts/retry.sh` - reusable retry helper with exponential backoff (2s, 4s, 8s delays, max 3 attempts), using `scripts/lib.sh` helpers - Wrapped all `go install` and `go mod download` commands with retry in: - `.github/actions/setup-go/action.yaml` - `.github/actions/setup-sqlc/action.yaml` - `.github/actions/setup-go-tools/action.yaml` - `.github/workflows/ci.yaml` - `.github/workflows/release.yaml` - `.github/workflows/security.yaml` - Added GNU tools setup (bash 4+, GNU getopt, make 4+) for macOS in `test-go-pg` job, since `retry.sh` uses `lib.sh` which requires these tools	2026-01-29 16:05:49 +01:00
DevCats	1b31279506	chore: update doc-check workflow to prevent unnecessary comments (#21737) ... This pull request makes a minor update to the documentation check workflow. It clarifies that a comment should not be posted if there are no documentation changes needed and simplifies the comment format instructions.	2026-01-28 22:02:16 +00:00
Jon Ayers	4ce4b5ef9f	chore: fix trivy dependency (#21736)	2026-01-28 22:36:42 +01:00
Danny Kopping	3ee4f6d0ec	chore: update to Go 1.25.6 (#21693) ... ## Summary - Update Go version from 1.24.11 to 1.25.6 - Update go.mod to specify Go 1.25.6 - Update GitHub Actions setup-go default version - Update dogfood Dockerfile with new Go version and SHA256 checksum 🤖 Generated with [Claude Code](https://claude.com/claude-code) via [Coder Task](https://dev.coder.com/tasks/danny/42dcc0b6-17e1-4caf-bb44-8d6c8f346bef) --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-27 20:44:21 +02:00
DevCats	2ee3386cc5	chore: add ready_for_review trigger and disable auto-commenting to doc-check worfklow (#21667) ... This pull request updates the `.github/workflows/doc-check.yaml` workflow to improve how documentation reviews are triggered and handled, particularly for pull requests that are converted from draft to ready for review. The changes ensure that documentation checks are performed at the appropriate times and clarify the workflow's behavior. **Workflow trigger and logic enhancements:** * Added support for triggering the documentation check when a pull request is marked as "ready for review" (converted from draft), both in the workflow triggers and in the workflow logic. [[1]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R9) [[2]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R24) [[3]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149L39-R48) * Updated the internal context and trigger type handling to recognize and describe the "ready_for_review" event, providing more accurate context for the agent. [[1]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R138-R140) [[2]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R171-R173) **Workflow behavior adjustment:** * Changed the `comment-on-issue` setting to `false`, so the workflow will no longer automatically comment on the PR issue when running which was creating unnecessary noise.	2026-01-27 08:09:54 -06:00
dependabot[bot]	bb186b8699	ci: bump the github-actions group across 1 directory with 4 updates (#21683) ... Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/cache](https://github.com/actions/cache), [chromaui/action](https://github.com/chromaui/action) and [nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action). Updates `actions/checkout` from 6.0.1 to 6.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.2</h2> <h2>What's Changed</h2> <ul> <li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by <a href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@​motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@​benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd"><code>de0fac2</code></a> Fix tag handling: preserve annotations and explicit fetch-tags (<a href="https://redirect.github.com/actions/checkout/issues/2356">#2356</a>)</li> <li><a href="https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49"><code>064fe7f</code></a> Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd">compare view</a></li> </ul> </details> <br /> Updates `actions/cache` from 5.0.1 to 5.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v.5.0.2</h2> <h1>v5.0.2</h1> <h2>What's Changed</h2> <p>When creating cache entries, 429s returned from the cache service will not be retried.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>Changelog</h2> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <h3>4.2.4</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.5</li> </ul> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p> <p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p> <p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p> <p>If you do not upgrade, all workflow runs using any of the deprecated <a href="https://github.com/actions/cache">actions/cache</a> will fail.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7"><code>8b402f5</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1692">#1692</a> from GhadimiR/main</li> <li><a href="https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002"><code>304ab5a</code></a> license for httpclient</li> <li><a href="https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be"><code>609fc19</code></a> Update licensed record for cache</li> <li><a href="https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5"><code>b22231e</code></a> Build</li> <li><a href="https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a"><code>93150cd</code></a> Add PR link to releases</li> <li><a href="https://github.com/actions/cache/commit/9b8ca9f07e012351dafbf1c878e8fe2ee9a01c84"><code>9b8ca9f</code></a> Bump actions/cache to 5.0.3</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...8b402f58fbc84540c8b491a91e594a4576fec3d7">compare view</a></li> </ul> </details> <br /> Updates `chromaui/action` from 13.3.4 to 13.3.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chromaui/action/commit/07791f8243f4cb2698bf4d00426baf4b2d1cb7e0"><code>07791f8</code></a> v13.3.5</li> <li>See full diff in <a href="https://github.com/chromaui/action/compare/4c20b95e9d3209ecfdf9cd6aace6bbde71ba1694...07791f8243f4cb2698bf4d00426baf4b2d1cb7e0">compare view</a></li> </ul> </details> <br /> Updates `nix-community/cache-nix-action` from 7.0.0 to 7.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nix-community/cache-nix-action/releases">nix-community/cache-nix-action's releases</a>.</em></p> <blockquote> <h2>v7.0.1</h2> <h2>What's Changed</h2> <h2>Fixed</h2> <ul> <li>Checkpoint Nix store database before saving cache by <a href="https://github.com/CathalMullan"><code>@​CathalMullan</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/278">nix-community/cache-nix-action#278</a></li> <li>Checkpoint Nix store database before copying it by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/279">nix-community/cache-nix-action#279</a></li> </ul> <h2>Fixed (CI)</h2> <ul> <li>Fix formatting in CI by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/280">nix-community/cache-nix-action#280</a></li> <li>Fix workflows for PRs in CI by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/281">nix-community/cache-nix-action#281</a></li> </ul> <h2>Changed (deps)</h2> <!-- raw HTML omitted --> <ul> <li>chore(deps): bump <code>@​actions/github</code> from 6.0.1 to 7.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/272">nix-community/cache-nix-action#272</a></li> <li>chore(deps-dev): bump eslint-config-love from 140.0.0 to 144.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/271">nix-community/cache-nix-action#271</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/parser</code> from 8.51.0 to 8.52.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/269">nix-community/cache-nix-action#269</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.12.0 to 29.12.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/266">nix-community/cache-nix-action#266</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code> from 8.51.0 to 8.52.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/268">nix-community/cache-nix-action#268</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/parser</code> from 8.52.0 to 8.53.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/273">nix-community/cache-nix-action#273</a></li> <li>chore(deps-dev): bump prettier from 3.7.4 to 3.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/277">nix-community/cache-nix-action#277</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code> from 8.52.0 to 8.53.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/274">nix-community/cache-nix-action#274</a></li> </ul> <!-- raw HTML omitted --> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/CathalMullan"><code>@​CathalMullan</code></a> made their first contribution in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/278">nix-community/cache-nix-action#278</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nix-community/cache-nix-action/compare/v7...v7.0.1">https://github.com/nix-community/cache-nix-action/compare/v7...v7.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nix-community/cache-nix-action/commit/106bba72ed8e29c8357661199511ef07790175e9"><code>106bba7</code></a> fix(ci): use a modern command</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/b244431fab1b7abe5a59cdf0a5333321adfc040f"><code>b244431</code></a> chore: update src</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/052bf75174c2526e286675ef224b3ed819ca069b"><code>052bf75</code></a> chore: update docs</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/c19319ee78cf2c8fdae7caec6d618d8d2f103a63"><code>c19319e</code></a> chore: build the action</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/e3b90182d2cfa77237ff1a124c0017402fe96732"><code>e3b9018</code></a> feat(action): add comment about checkpointing after database merging</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/05419d3e13bd8048ce71089f751a60193e8b2520"><code>05419d3</code></a> feat(readme): mention that the action may affect the workflow speed</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/0c043090a02147aa5edf074d1b0b7ccae887fd53"><code>0c04309</code></a> refactor(readme): group limitations and list them in separate sections</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/084a7ec7cc80327648e51c57b90e12b596675f40"><code>084a7ec</code></a> fix(github): adress linter comments and format templates</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/b23f7c961d5d57e86f703e0526f2b35fc9223c12"><code>b23f7c9</code></a> fix(ci): don't fail-fast</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/6b5a012f6e29cda21881bcb0432a5350d18b44ad"><code>6b5a012</code></a> Merge pull request <a href="https://redirect.github.com/nix-community/cache-nix-action/issues/281">#281</a> from nix-community/fix-prs</li> <li>Additional commits viewable in <a href="https://github.com/nix-community/cache-nix-action/compare/b426b118b6dc86d6952988d396aa7c6b09776d08...106bba72ed8e29c8357661199511ef07790175e9">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-26 13:20:40 +00:00
DevCats	338b952d71	chore: skip doc-check when secrets are not available (#21637) ... This pull request updates the `.github/workflows/doc-check.yaml` workflow to improve its handling of required secrets. The workflow now checks for the presence of necessary secrets before proceeding, and conditionally skips all subsequent steps if the secrets are unavailable. This prevents failures on pull requests where secrets are not accessible (such as from forks), and provides clear messaging for maintainers about manual triggering options. Key improvements: **Secret availability checks and conditional execution:** * Added an explicit step at the start of the workflow to check if required secrets (`DOC_CHECK_CODER_URL` and `DOC_CHECK_CODER_SESSION_TOKEN`) are available, and set an output flag (`skip`) accordingly. * Updated all subsequent workflow steps to include a conditional (`if: steps.check-secrets.outputs.skip != 'true'`), ensuring they only run if the secrets are present. This includes setup, context extraction, task creation, waiting, and summary steps. [[1]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R59-R82) [[2]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R140) [[3]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R205) [[4]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R215) [[5]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R232) [[6]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149R250) * Modified the "Fetch Task Logs", "Cleanup Task", and "Write Final Summary" steps to combine their existing `always()` condition with the new secrets check, preventing unnecessary errors when secrets are missing. [[1]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149L314-R340) [[2]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149L327-R353) [[3]](diffhunk://#diff-46e6065a312f35e5d294476e7865089afd10e6072fed80ac77b257e090def149L339-R365) **Documentation and messaging:** * Added comments at the top of the workflow file to explain the secret requirements and the expected behavior for PRs without secrets, including instructions for maintainers on manual triggering.…se on pr's originating from forks. <!-- If you have used AI to produce some or all of this PR, please ensure you have read our [AI Contribution guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING) before submitting. -->	2026-01-23 12:15:07 -06:00
DevCats	26ce070393	feat: update doc-check workflow to utilize claude-skills (#21588) ... ## Summary Updates our existing doc-check workflow to utilize new claude-skills that exist in the repository for better contextual behavior with less prompting requirements in the workflow ## Changes ### New: Claude Skill (`.claude/skills/doc-check/SKILL.md`) Defines the doc-check workflow for Claude: - Check PR title first to skip irrelevant reviews (refactors, tests, chores) - Read code changes and search existing docs for related content - Post structured comments with specific recommendations ### Updated: GitHub Workflow (`.github/workflows/doc-check.yaml`) - **Triggers**: PR opened, updated (synchronize), `doc-check` label added, or manual dispatch - **Task lifecycle**: Creates task → monitors completion → fetches logs → cleans up - **Context-aware prompts**: Tells Claude if this is a new PR, update, or manual request - Uses `coder-username` parameter to run as `doc-check-bot` service account	2026-01-21 16:14:43 -06:00
Jakub Domeracki	3894edbcc3	chore: update Go to 1.24.11 (#21519) ... Resolves: https://github.com/coder/coder/issues/21470	2026-01-15 15:12:31 +01:00
Danny Kopping	7d558e76e9	fix: make make test runnable again (#21251) ... Signed-off-by: Danny Kopping <danny@coder.com>	2026-01-13 10:36:06 +00:00
dependabot[bot]	2c2c67665f	ci: bump the github-actions group across 1 directory with 3 updates (#21482) ... Bumps the github-actions group with 3 updates in the / directory: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata), [nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action) and [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign). Updates `dependabot/fetch-metadata` from 2.4.0 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/628">dependabot/fetch-metadata#628</a></li> <li>Bump the dev-dependencies group with 11 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/629">dependabot/fetch-metadata#629</a></li> <li>Bump actions/create-github-app-token from 2.0.6 to 2.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/635">dependabot/fetch-metadata#635</a></li> <li>Bump actions/create-github-app-token from 2.1.1 to 2.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/638">dependabot/fetch-metadata#638</a></li> <li>Bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/636">dependabot/fetch-metadata#636</a></li> <li>Bump actions/setup-node from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/637">dependabot/fetch-metadata#637</a></li> <li>Bump actions/setup-node from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/639">dependabot/fetch-metadata#639</a></li> <li>Bump actions/create-github-app-token from 2.1.4 to 2.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/643">dependabot/fetch-metadata#643</a></li> <li>Bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/642">dependabot/fetch-metadata#642</a></li> <li>Bump actions/create-github-app-token from 2.2.0 to 2.2.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/648">dependabot/fetch-metadata#648</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/644">dependabot/fetch-metadata#644</a></li> <li>Bump express from 5.1.0 to 5.2.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/645">dependabot/fetch-metadata#645</a></li> <li>Bump <code>@​modelcontextprotocol/sdk</code> from 1.11.2 to 1.24.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/647">dependabot/fetch-metadata#647</a></li> <li>v2.5.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/631">dependabot/fetch-metadata#631</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.5.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/21025c705c08248db411dc16f3619e6b5f9ea21a"><code>21025c7</code></a> v2.5.0</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/252291c4909623444d34d29176583b6bae564c4a"><code>252291c</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/647">#647</a> from dependabot/dependabot/npm_and_yarn/modelcontextp...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/fa144c97df0d508a206af2a27295ecc2935effbd"><code>fa144c9</code></a> chore: Migrate jest expectation function</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/33c7a0bfc8c64c28af2c81b3431ef4c59ec496b4"><code>33c7a0b</code></a> bug: Mock PR body in test</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/99c27add52552e57615946e8e3e30bb1e06c907f"><code>99c27ad</code></a> Bump <code>@​modelcontextprotocol/sdk</code> from 1.11.2 to 1.24.0</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/3837dcc013fa49857b3ce43e5e985c87b36856fe"><code>3837dcc</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/645">#645</a> from dependabot/dependabot/npm_and_yarn/express-5.2.1</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/d411582f801e564114e3c0e221a9301030b6b7dd"><code>d411582</code></a> Bump express from 5.1.0 to 5.2.1</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/186ccbbe83ea100061d2a4e5ad1e78372b949c3f"><code>186ccbb</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/644">#644</a> from dependabot/dependabot/npm_and_yarn/js-yaml-3.14.2</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/84c891ecc223caac49af317368a1df9d6fb72ff7"><code>84c891e</code></a> Bump js-yaml from 3.14.1 to 3.14.2</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/4542092e926ee0072c057475cbe8b76968714a21"><code>4542092</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/648">#648</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li>Additional commits viewable in <a href="https://github.com/dependabot/fetch-metadata/compare/08eff52bf64351f401fb50d4972fa95b9f2c2d1b...21025c705c08248db411dc16f3619e6b5f9ea21a">compare view</a></li> </ul> </details> <br /> Updates `nix-community/cache-nix-action` from 6.1.3 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nix-community/cache-nix-action/releases">nix-community/cache-nix-action's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>What's Changed</h2> <h3>Breaking changes</h3> <ul> <li>Cache only <code>/nix</code> by default by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/261">nix-community/cache-nix-action#261</a></li> <li>Improve <code>saveFromGC</code> by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/253">nix-community/cache-nix-action#253</a></li> <li>Update dependencies by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/228">nix-community/cache-nix-action#228</a></li> </ul> <h3>Added</h3> <ul> <li>Support ca-derivations by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/130">nix-community/cache-nix-action#130</a></li> <li>Support <code>cachix/install-nix-action</code> and <code>DeterminateSystems/determinate-nix-action</code> by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/234">nix-community/cache-nix-action#234</a></li> <li>Support custom cache URL by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/244">nix-community/cache-nix-action#244</a></li> <li>Use Temporal by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/260">nix-community/cache-nix-action#260</a></li> </ul> <h3>Fixed</h3> <ul> <li>Fix assumptions in nix commands by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/240">nix-community/cache-nix-action#240</a></li> <li>Install sqlite on macOS only when it's missing and if there's at least one cache to restore by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/241">nix-community/cache-nix-action#241</a></li> <li>Run <code>zstd</code> in multi-threaded mode by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/243">nix-community/cache-nix-action#243</a></li> <li>Align with upstream by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/249">nix-community/cache-nix-action#249</a></li> <li>Update saveFromGC package by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/254">nix-community/cache-nix-action#254</a></li> <li>Fix skipping restore on hit primary key by <a href="https://github.com/deemp"><code>@​deemp</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/259">nix-community/cache-nix-action#259</a></li> </ul> <h3>Changed (docs)</h3> <ul> <li>fix <code>nix_conf</code> example in readme by <a href="https://github.com/peterbecich"><code>@​peterbecich</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/132">nix-community/cache-nix-action#132</a></li> <li>add <code>nothing-but-nix</code> to readme by <a href="https://github.com/peterbecich"><code>@​peterbecich</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/162">nix-community/cache-nix-action#162</a></li> <li>Update status of <code>magic-nix-cache-action</code> by <a href="https://github.com/lucperkins"><code>@​lucperkins</code></a> in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/161">nix-community/cache-nix-action#161</a></li> </ul> <h3>Changed (deps)</h3> <!-- raw HTML omitted --> <ul> <li>chore(deps): bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/183">nix-community/cache-nix-action#183</a></li> <li>chore(deps-dev): bump eslint from 9.22.0 to 9.37.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/207">nix-community/cache-nix-action#207</a></li> <li>chore(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/210">nix-community/cache-nix-action#210</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/parser</code> from 8.26.1 to 8.46.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/208">nix-community/cache-nix-action#208</a></li> <li>chore(deps-dev): bump ts-jest from 29.2.6 to 29.4.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/200">nix-community/cache-nix-action#200</a></li> <li>chore(deps): bump nixbuild/nix-quick-install-action from 30 to 34 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/204">nix-community/cache-nix-action#204</a></li> <li>chore(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code> from 8.26.1 to 8.46.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/209">nix-community/cache-nix-action#209</a></li> <li>chore(deps-dev): bump eslint-import-resolver-typescript from 3.8.3 to 4.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/143">nix-community/cache-nix-action#143</a></li> <li>chore(deps-dev): bump eslint-plugin-n from 17.16.2 to 17.23.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/215">nix-community/cache-nix-action#215</a></li> <li>chore(deps-dev): bump nock from 14.0.1 to 14.0.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/213">nix-community/cache-nix-action#213</a></li> <li>chore(deps-dev): bump ts-jest from 29.4.4 to 29.4.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/211">nix-community/cache-nix-action#211</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 28.11.0 to 29.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/214">nix-community/cache-nix-action#214</a></li> <li>chore(deps): bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/220">nix-community/cache-nix-action#220</a></li> <li>chore(deps): bump dedent from 1.5.3 to 1.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/218">nix-community/cache-nix-action#218</a></li> <li>chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/nix-community/cache-nix-action/pull/216">nix-community/cache-nix-action#216</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nix-community/cache-nix-action/commit/b426b118b6dc86d6952988d396aa7c6b09776d08"><code>b426b11</code></a> chore: update docs</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/4bec4a908ea92e7c1b67b20cc4fd603014a22e1c"><code>4bec4a9</code></a> fix(readme): improve the typical job explanation</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/a084f54b888218ed2c3f358e3d5a6ae5af164b25"><code>a084f54</code></a> chore: update docs</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/f0ee4ceeda6370d9059e4d1356124668f4cf0bfe"><code>f0ee4ce</code></a> fix(readme): improve the section about caching approaches</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/5764445d30f0763098b7a4ccbdaf01419d666e99"><code>5764445</code></a> fix(readme): improve example - show how to use ISO 8601 duration format in `p...</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/7b6e0ca65529ad4f25cc125059556d432556f564"><code>7b6e0ca</code></a> fix(readme): improve comments</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/01b2c9a1def1aa05e61ea0fd5772ffa018f3f677"><code>01b2c9a</code></a> Merge pull request <a href="https://redirect.github.com/nix-community/cache-nix-action/issues/264">#264</a> from nix-community/dependabot/npm_and_yarn/eslint-plu...</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/c62435b446f5eac45d711e3e9301350e8ac4bb16"><code>c62435b</code></a> chore(deps-dev): bump eslint-plugin-jest from 29.11.2 to 29.12.0</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/69bb33a85010f6093f94a43682182f5455b2c18d"><code>69bb33a</code></a> fix(readme): explain which files get restored</li> <li><a href="https://github.com/nix-community/cache-nix-action/commit/507f991008894d9be5f9cf90f38caaf3dcb650a2"><code>507f991</code></a> Merge pull request <a href="https://redirect.github.com/nix-community/cache-nix-action/issues/261">#261</a> from nix-community/cache-only-nix-store</li> <li>Additional commits viewable in <a href="https://github.com/nix-community/cache-nix-action/compare/135667ec418502fa5a3598af6fb9eb733888ce6a...b426b118b6dc86d6952988d396aa7c6b09776d08">compare view</a></li> </ul> </details> <br /> Updates `toshimaru/auto-author-assign` from 2.1.1 to 3.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/toshimaru/auto-author-assign/releases">toshimaru/auto-author-assign's releases</a>.</em></p> <blockquote> <h2>v3.0.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Dependencies</h3> <ul> <li>build(deps): bump <code>@​actions/core</code> from 1.11.1 to 2.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/122">toshimaru/auto-author-assign#122</a></li> </ul> <h3>Chores</h3> <ul> <li>chore(main): release 3.0.1 by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/138">toshimaru/auto-author-assign#138</a></li> <li>Replace ubuntu-latest with ubuntu-slim across workflows and documentation by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/137">toshimaru/auto-author-assign#137</a></li> <li>Add workflow_dispatch trigger to release-please workflow by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/136">toshimaru/auto-author-assign#136</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/toshimaru/auto-author-assign/compare/v3.0.0...v3.0.1">https://github.com/toshimaru/auto-author-assign/compare/v3.0.0...v3.0.1</a></p> <h2>v3.0.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Bump Node.js from 20 to 24 by <a href="https://github.com/toshimaru"><code>@​toshimaru</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/128">toshimaru/auto-author-assign#128</a></li> <li>Migrate from standard-version to release-please by <a href="https://github.com/toshimaru"><code>@​toshimaru</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/129">toshimaru/auto-author-assign#129</a></li> <li>feat: Add <code>npm run package</code> instead of <code>build</code> by <a href="https://github.com/toshimaru"><code>@​toshimaru</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/130">toshimaru/auto-author-assign#130</a></li> </ul> <h3>Chores</h3> <ul> <li>chore(main): release 3.0.0 by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/135">toshimaru/auto-author-assign#135</a></li> <li>chore: Remove reviewers from dependabot.yml by <a href="https://github.com/google-labs-jules"><code>@​google-labs-jules</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/127">toshimaru/auto-author-assign#127</a></li> </ul> <h3>Docs</h3> <ul> <li>docs(ai): Create <code>AGENTS.md</code>(<code>CLAUDE.md</code>) file by <a href="https://github.com/toshimaru"><code>@​toshimaru</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/125">toshimaru/auto-author-assign#125</a></li> <li>docs: bump version to 2.1.2 in <code>README.md</code> by <a href="https://github.com/toshimaru"><code>@​toshimaru</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/134">toshimaru/auto-author-assign#134</a></li> <li>docs(ai): Create build-script.md for Claude Code / Restore <code>CHANGELOG.md</code> by <a href="https://github.com/toshimaru"><code>@​toshimaru</code></a> in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/132">toshimaru/auto-author-assign#132</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/toshimaru/auto-author-assign/compare/v2.1.2...v3.0.0">https://github.com/toshimaru/auto-author-assign/compare/v2.1.2...v3.0.0</a></p> <h2>v2.1.2</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Dependencies</h3> <ul> <li>build(deps): bump actions/setup-node from 4 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/110">toshimaru/auto-author-assign#110</a></li> <li>build(deps): bump actions/checkout from 4 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/111">toshimaru/auto-author-assign#111</a></li> <li>build(deps): bump undici from 5.28.4 to 5.29.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/118">toshimaru/auto-author-assign#118</a></li> <li>build(deps): bump <code>@​octokit/plugin-paginate-rest</code> from 9.1.5 to 9.2.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/115">toshimaru/auto-author-assign#115</a></li> <li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/114">toshimaru/auto-author-assign#114</a></li> <li>build(deps): bump <code>@​actions/core</code> from 1.10.1 to 1.11.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/toshimaru/auto-author-assign/pull/105">toshimaru/auto-author-assign#105</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md">toshimaru/auto-author-assign's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/toshimaru/auto-author-assign/compare/v3.0.0...v3.0.1">3.0.1</a> (2025-12-25)</h2> <h3>Miscellaneous Chores</h3> <ul> <li>release 3.0.1 (<a href="https://github.com/toshimaru/auto-author-assign/commit/718d4ed5349747d47952ae841ae03fcbdd74ebea">718d4ed</a>)</li> </ul> <h2><a href="https://github.com/toshimaru/auto-author-assign/compare/v2.1.2...v3.0.0">3.0.0</a> (2025-12-21)</h2> <h3>Features</h3> <ul> <li>Add <code>npm run package</code> instead of <code>build</code> (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/130">#130</a>) (<a href="https://github.com/toshimaru/auto-author-assign/commit/972720f0403d2873e807f16e350c5b0b1be4dda3">972720f</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>release 3.0.0 (<a href="https://github.com/toshimaru/auto-author-assign/commit/d100ceff34d1e9cd2c4ea5b8055922f1409f3068">d100cef</a>)</li> </ul> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v2.1.1...v2.1.2">2.1.2</a> (2025-12-16)</h3> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v2.1.0...v2.1.1">2.1.1</a> (2024-06-26)</h3> <h2><a href="https://github.com/toshimaru/auto-author-assign/compare/v2.0.1...v2.1.0">2.1.0</a> (2024-01-17)</h2> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v2.0.0...v2.0.1">2.0.1</a> (2023-09-26)</h3> <h2><a href="https://github.com/toshimaru/auto-author-assign/compare/v1.6.2...v2.0.0">2.0.0</a> (2023-09-24)</h2> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v1.6.1...v1.6.2">1.6.2</a> (2023-01-03)</h3> <ul> <li>chore: dependencies update</li> </ul> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v1.6.0...v1.6.1">1.6.1</a> (2022-08-01)</h3> <ul> <li>doc: README Update</li> </ul> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v1.5.1...v1.6.0">1.6.0</a> (2022-07-28)</h3> <ul> <li>feat: Add auto-author-assign for the issues</li> </ul> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v1.5.0...v1.5.1">1.5.1</a> (2022-07-22)</h3> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v1.4.0...v1.5.0">1.5.0</a> (2022-03-28)</h3> <ul> <li>Bump node from node12 to node16</li> </ul> <h3><a href="https://github.com/toshimaru/auto-author-assign/compare/v1.3.7...v1.4.0">1.4.0</a> (2021-10-17)</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/4d585cc37690897bd9015942ed6e766aa7cdb97f"><code>4d585cc</code></a> chore(main): release 3.0.1 (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/138">#138</a>)</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/718d4ed5349747d47952ae841ae03fcbdd74ebea"><code>718d4ed</code></a> chore: release 3.0.1</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/4a5388d22f6d4ff1d3dd731718ecef020b6ba4d7"><code>4a5388d</code></a> build(deps): bump <code>@​actions/core</code> from 1.11.1 to 2.0.1 (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/122">#122</a>)</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/988cabb6fa31f6fbe7445a9404c4a81c595da880"><code>988cabb</code></a> Add workflow_dispatch to release-please.yml (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/136">#136</a>)</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/fccc493a2659c5efe9f9f5afbbba91afb29a8a2f"><code>fccc493</code></a> Replace ubuntu-latest with ubuntu-slim across workflows and documentation (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/137">#137</a>)</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/c66af760da33f680c9baa5e8aa27c3a933b11593"><code>c66af76</code></a> chore(main): release 3.0.0 (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/135">#135</a>)</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/d100ceff34d1e9cd2c4ea5b8055922f1409f3068"><code>d100cef</code></a> chore: release 3.0.0</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/a076d1056015d81890e49a0cea0d907609200384"><code>a076d10</code></a> docs: bump version to 2.1.2 in <code>README.md</code> (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/134">#134</a>)</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/e7df92b95b730fface0fd16ad67929d77df07251"><code>e7df92b</code></a> docs(ai): Create build-script.md for Claude Code / Restore <code>CHANGELOG.md</code> (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/132">#132</a>)</li> <li><a href="https://github.com/toshimaru/auto-author-assign/commit/972720f0403d2873e807f16e350c5b0b1be4dda3"><code>972720f</code></a> feat: Add <code>npm run package</code> instead of <code>build</code> (<a href="https://redirect.github.com/toshimaru/auto-author-assign/issues/130">#130</a>)</li> <li>Additional commits viewable in <a href="https://github.com/toshimaru/auto-author-assign/compare/16f0022cf3d7970c106d8d1105f75a1165edb516...4d585cc37690897bd9015942ed6e766aa7cdb97f">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-12 15:07:29 +00:00
Cian Johnston	b116d22c5f	chore: manage tool versions in go.mod (#21455) ... Go 1.24 adds [tool dependencies](https://go.dev/doc/modules/managing-dependencies#tools). This allows us to track versions of tools in our `go.mod` instead of sprinkling various `go run` commands throughout our codebase. NOTE: there are still various hard-coded `go install` commands in our dogfood Dockerfile. As that list is likely severely outdated, will leave that for a separate PR.	2026-01-08 16:25:28 +00:00
dependabot[bot]	61c379dba6	ci: bump the github-actions group with 3 updates (#21394) ... Bumps the github-actions group with 3 updates: [actions/attest](https://github.com/actions/attest), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/attest` from 3.0.0 to 3.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/attest/releases">actions/attest's releases</a>.</em></p> <blockquote> <h2>v3.1.0</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@​actions/attest</code> from 1.6.0 to 2.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/299">actions/attest#299</a></li> <li>Bump <code>@​actions/core</code> from 1.11.1 to 2.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/318">actions/attest#318</a></li> <li>Create Artifact Metadata Storage Record on registry push by <a href="https://github.com/malancas"><code>@​malancas</code></a> in <a href="https://redirect.github.com/actions/attest/pull/313">actions/attest#313</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/malancas"><code>@​malancas</code></a> made their first contribution in <a href="https://redirect.github.com/actions/attest/pull/313">actions/attest#313</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest/compare/v3...v3.1.0">https://github.com/actions/attest/compare/v3...v3.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/attest/commit/7667f588f2f73a90cea6c7ac70e78266c4f76616"><code>7667f58</code></a> Create Artifact Metadata Storage Record on registry push (<a href="https://redirect.github.com/actions/attest/issues/313">#313</a>)</li> <li><a href="https://github.com/actions/attest/commit/0512723b049f456232eb06b040bc579727752a6a"><code>0512723</code></a> Bump <code>@​actions/core</code> from 1.11.1 to 2.0.1 (<a href="https://redirect.github.com/actions/attest/issues/318">#318</a>)</li> <li><a href="https://github.com/actions/attest/commit/c16e6655b77834c757beac502b8f2013705f92f4"><code>c16e665</code></a> Bump the npm-development group with 5 updates (<a href="https://redirect.github.com/actions/attest/issues/315">#315</a>)</li> <li><a href="https://github.com/actions/attest/commit/3374a04c9f423bc0e4e5560f82ebe38956064fd0"><code>3374a04</code></a> Bump <code>@​types/node</code> from 24.10.1 to 25.0.2 (<a href="https://redirect.github.com/actions/attest/issues/317">#317</a>)</li> <li><a href="https://github.com/actions/attest/commit/8ed7eda47c4480c843fdfd8850cbc514a728d335"><code>8ed7eda</code></a> Bump actions/upload-artifact from 5 to 6 (<a href="https://redirect.github.com/actions/attest/issues/314">#314</a>)</li> <li><a href="https://github.com/actions/attest/commit/6440a037b10d2a829cc9882a533f3d9138424c0d"><code>6440a03</code></a> Bump the npm-development group with 2 updates (<a href="https://redirect.github.com/actions/attest/issues/312">#312</a>)</li> <li><a href="https://github.com/actions/attest/commit/70b5d87a50d4136d848a73c7cf376b97b7a70223"><code>70b5d87</code></a> Bump the actions-minor group with 2 updates (<a href="https://redirect.github.com/actions/attest/issues/311">#311</a>)</li> <li><a href="https://github.com/actions/attest/commit/9902fb2594e0b5bbab9995737abd2547cde67f22"><code>9902fb2</code></a> Bump the npm-development group with 2 updates (<a href="https://redirect.github.com/actions/attest/issues/310">#310</a>)</li> <li><a href="https://github.com/actions/attest/commit/32938749009952fa9f8278fe546fd1f7ed2c5eeb"><code>3293874</code></a> Bump actions/checkout from 5.0.1 to 6.0.0 (<a href="https://redirect.github.com/actions/attest/issues/308">#308</a>)</li> <li><a href="https://github.com/actions/attest/commit/88adb8653690c030561da54074f99d467b74741b"><code>88adb86</code></a> Bump the npm-development group with 2 updates (<a href="https://redirect.github.com/actions/attest/issues/307">#307</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/attest/compare/daf44fb950173508f38bd2406030372c1d1162b1...7667f588f2f73a90cea6c7ac70e78266c4f76616">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.12.0</h2> <ul> <li>Deprecate <code>install</code> input by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/455">docker/setup-buildx-action#455</a></li> <li>Bump <code>@​docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/434">docker/setup-buildx-action#434</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/436">docker/setup-buildx-action#436</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/432">docker/setup-buildx-action#432</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/435">docker/setup-buildx-action#435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0">https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"><code>8d2750c</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/455">#455</a> from crazy-max/install-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e81846bcc4416a0bf18b8389e4f6fce279619ddc"><code>e81846b</code></a> deprecate install input</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/65d18f8f8a05aab1b2d761032bec9cd5578caadb"><code>65d18f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/454">#454</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/000d75d273dec231f74115df50b6ee04c9b25e55"><code>000d75d</code></a> build(deps): bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/1583c0f09d26c58c59d25b0eef29792b7ce99d9a"><code>1583c0f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/443">#443</a> from nicolasleger/patch-1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/ed158e796328af702db08c75bebb92f2fb10be88"><code>ed158e7</code></a> doc: bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4cc794f83e4b7488282e879f4469e86246e52ddd"><code>4cc794f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/441">#441</a> from docker/dependabot/github_actions/actions/checkout-5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4dfc3d6c5d9e9534040f8d8b55bd4a98459b62b7"><code>4dfc3d6</code></a> build(deps): bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/af1b253b8dc984466d22633f04ef341c1520ed2f"><code>af1b253</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/440">#440</a> from crazy-max/k3s-build</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/3c6ab92b04d9f3e63233e0e0168ba114c6b448bc"><code>3c6ab92</code></a> ci: k3s test with latest buildx</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 4.31.6 to 4.31.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.31.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.7</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> <li>Update default CodeQL bundle version to 2.23.5. <a href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li> </ul> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <ul> <li>Bump minimum CodeQL bundle version to 2.17.6. <a href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li> <li>When SARIF files are uploaded by the <code>analyze</code> or <code>upload-sarif</code> actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the <code>upload-sarif</code> action. For <code>analyze</code>, this may affect Advanced Setup for CodeQL users who specify a value other than <code>always</code> for the <code>upload</code> input. <a href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/5d4e8d1aca955e8d8589aabd499c5cae939e33c7"><code>5d4e8d1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3371">#3371</a> from github/update-v4.31.9-998798e34</li> <li><a href="https://github.com/github/codeql-action/commit/1dc115f17a8c6966e94a6477313dd3df6319bc83"><code>1dc115f</code></a> Update changelog for v4.31.9</li> <li><a href="https://github.com/github/codeql-action/commit/998798e34d79baddb1566c60bbb8f68a901c04e6"><code>998798e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3352">#3352</a> from github/nickrolfe/jar-min-ff-cleanup</li> <li><a href="https://github.com/github/codeql-action/commit/5eb751966fe18977cdefa4e41e0f90e92801ce90"><code>5eb7519</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3358">#3358</a> from github/henrymercer/database-upload-telemetry</li> <li><a href="https://github.com/github/codeql-action/commit/d29eddb39b7c33171bb0250114b1c9e3ff8fe2bc"><code>d29eddb</code></a> Extract version number to constant</li> <li><a href="https://github.com/github/codeql-action/commit/e9626872ef3347a9c18091d60da647084c2451a6"><code>e962687</code></a> Merge branch 'main' into henrymercer/database-upload-telemetry</li> <li><a href="https://github.com/github/codeql-action/commit/19c7f96922a6269458f2cadcc23faf0ebaa1368b"><code>19c7f96</code></a> Rename <code>isOverlayBase</code></li> <li><a href="https://github.com/github/codeql-action/commit/ae5de9a20d0468cc3818a0dc5c99e456f996d9cf"><code>ae5de9a</code></a> Use <code>getErrorMessage</code> in log too</li> <li><a href="https://github.com/github/codeql-action/commit/0cb86337c5111af4ff3dc7e8f9b98c479c9ea954"><code>0cb8633</code></a> Prefer <code>performance.now()</code></li> <li><a href="https://github.com/github/codeql-action/commit/c07cc0d3a95a282fc5a54477464931c776d124ec"><code>c07cc0d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3351">#3351</a> from github/henrymercer/ghec-dr-determine-tools-vers...</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/fe4161a26a8629af62121b670040955b330f9af2...5d4e8d1aca955e8d8589aabd499c5cae939e33c7">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-29 12:21:08 +00:00
Danny Kopping	11275330a6	chore: revert runner sizes & parallelism from #21091 (#21380) ... The juice wasn't worth the squeeze. We reduced our median run times by 33% but also increased the failure rate. Even if the latter is a misattribution to this change, doubling costs for only a 33% speedup is not worth it. The refactorings from #21091 are worthwhile keeping, so I've just reverted the runner sizes & parallelism to [previous levels](https://github.com/coder/coder/blob/8ed1c1d3720b40a5dcc41c8a17debf93b36d3537/.github/workflows/ci.yaml). --- Before: <img width="2028" height="373" alt="image" src="https://github.com/user-attachments/assets/be527e63-d14d-4bab-ac35-214e7a73c675" /> After: <img width="2040" height="403" alt="image" src="https://github.com/user-attachments/assets/fd834ae6-f310-492a-90c4-814545cda7f5" /> Signed-off-by: Danny Kopping <danny@coder.com>	2025-12-23 11:42:04 +02:00
dependabot[bot]	3f13859ade	ci: bump the github-actions group with 4 updates (#21370) ... Bumps the github-actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/cache](https://github.com/actions/cache), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `step-security/harden-runner` from 2.13.2 to 2.14.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.</li> <li>Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p> <h2>v2.13.3</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where process events were not uploaded in certain edge cases.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/20cf305ff2072d973412fa9b1e3a4f227bda3c76"><code>20cf305</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a> from step-security/feature/custom-property-skip</li> <li><a href="https://github.com/step-security/harden-runner/commit/c51e8eeb6c4fdcd08f65e43a051dacdbfaa69702"><code>c51e8ee</code></a> feat: skip agent install and post step on subsequent runs for GitHub-hosted r...</li> <li><a href="https://github.com/step-security/harden-runner/commit/e152b90204c3d85cefa1441b701a47a13ed28bd7"><code>e152b90</code></a> feat: skip harden-runner based on repository custom property</li> <li><a href="https://github.com/step-security/harden-runner/commit/ee1faec052d1000061fa79a13e030db11b3f86bd"><code>ee1faec</code></a> feat: replace skip-harden-runner with skip-on-custom-property input</li> <li><a href="https://github.com/step-security/harden-runner/commit/1dc7c1764659d537dab2a854b8e165a801103eb1"><code>1dc7c17</code></a> feat: add skip-harden-runner input to conditionally skip execution</li> <li><a href="https://github.com/step-security/harden-runner/commit/df199fb7be9f65074067a9eb93f12bb4c5547cf2"><code>df199fb</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a> from step-security/rc-29</li> <li><a href="https://github.com/step-security/harden-runner/commit/03d096a772368b1f0222005a6899d3e35a7f62df"><code>03d096a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/40901073af04afd40408833437092a7467798f33"><code>4090107</code></a> fix: update agent</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...20cf305ff2072d973412fa9b1e3a4f227bda3c76">compare view</a></li> </ul> </details> <br /> Updates `actions/cache` from 4.3.0 to 5.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.1</h2> <blockquote> <p>[!IMPORTANT] <strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</strong></p> <p>If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <hr /> <h1>v5.0.1</h1> <h2>What's Changed</h2> <ul> <li>fix: update <code>@​actions/cache</code> for Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1685">actions/cache#1685</a></li> <li>prepare release v5.0.1 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1686">actions/cache#1686</a></li> </ul> <h1>v5.0.0</h1> <h2>What's Changed</h2> <ul> <li>Upgrade to use node24 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.1">https://github.com/actions/cache/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <blockquote> <p>[!IMPORTANT] <strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</strong></p> <p>If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <hr /> <h2>What's Changed</h2> <ul> <li>Upgrade to use node24 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.3.0...v5.0.0">https://github.com/actions/cache/compare/v4.3.0...v5.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>Changelog</h2> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <h3>4.2.4</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.5</li> </ul> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p> <p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p> <p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p> <p>If you do not upgrade, all workflow runs using any of the deprecated <a href="https://github.com/actions/cache">actions/cache</a> will fail.</p> <p>Upgrading to the recommended versions will not break your workflows.</p> <h3>4.1.2</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/9255dc7a253b0ccc959486e2bca901246202afeb"><code>9255dc7</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1686">#1686</a> from actions/cache-v5.0.1-release</li> <li><a href="https://github.com/actions/cache/commit/8ff5423e8b66eacab4e638ee52abbd2cb831366a"><code>8ff5423</code></a> chore: release v5.0.1</li> <li><a href="https://github.com/actions/cache/commit/9233019a152bc768059ac1768b8e4403b5da16c1"><code>9233019</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1685">#1685</a> from salmanmkc/node24-storage-blob-fix</li> <li><a href="https://github.com/actions/cache/commit/b975f2bb844529e1063ad882c609b224bcd66eb6"><code>b975f2b</code></a> fix: add peer property to package-lock.json for dependencies</li> <li><a href="https://github.com/actions/cache/commit/d0a0e1813491d01d574c95f8d189f62622bbb2ae"><code>d0a0e18</code></a> fix: update license files for <code>@​actions/cache</code>, fast-xml-parser, and strnum</li> <li><a href="https://github.com/actions/cache/commit/74de208dcfcbe85c0e7154e7b17e4105fe2554ff"><code>74de208</code></a> fix: update <code>@​actions/cache</code> to ^5.0.1 for Node.js 24 punycode fix</li> <li><a href="https://github.com/actions/cache/commit/ac7f1152ead02e89c14b5456d14ab17591e74cfb"><code>ac7f115</code></a> peer</li> <li><a href="https://github.com/actions/cache/commit/b0f846b50b6061d7a2ca6f1a2fea61d4a65d1a16"><code>b0f846b</code></a> fix: update <code>@​actions/cache</code> with storage-blob fix for Node.js 24 punycode depr...</li> <li><a href="https://github.com/actions/cache/commit/a7833574556fa59680c1b7cb190c1735db73ebf0"><code>a783357</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1684">#1684</a> from actions/prepare-cache-v5-release</li> <li><a href="https://github.com/actions/cache/commit/3bb0d78750a39cefce0c2b5a0a9801052b4359ad"><code>3bb0d78</code></a> docs: highlight v5 runner requirement in releases</li> <li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb">compare view</a></li> </ul> </details> <br /> Updates `actions/upload-artifact` from 5.0.0 to 6.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>v6 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Upload Artifact Node 24 support by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li> <li>fix: update <code>@​actions/artifact</code> for Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li> <li>prepare release v6.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f"><code>b7c566a</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/745">#745</a> from actions/upload-artifact-v6-release</li> <li><a href="https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b"><code>e516bc8</code></a> docs: correct description of Node.js 24 support in README</li> <li><a href="https://github.com/actions/upload-artifact/commit/ddc45ed9bca9b38dbd643978d88e3981cdc91415"><code>ddc45ed</code></a> docs: update README to correct action name for Node.js 24 support</li> <li><a href="https://github.com/actions/upload-artifact/commit/615b319bd27bb32c3d64dca6b6ed6974d5fbe653"><code>615b319</code></a> chore: release v6.0.0 for Node.js 24 support</li> <li><a href="https://github.com/actions/upload-artifact/commit/017748b48f8610ca8e6af1222f4a618e84a9c703"><code>017748b</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/744">#744</a> from actions/fix-storage-blob</li> <li><a href="https://github.com/actions/upload-artifact/commit/38d4c7997f5510fcc41fc4aae2a6b97becdbe7fc"><code>38d4c79</code></a> chore: rebuild dist</li> <li><a href="https://github.com/actions/upload-artifact/commit/7d27270e0cfd253e666c44abac0711308d2d042f"><code>7d27270</code></a> chore: add missing license cache files for <code>@​actions/core</code>, <code>@​actions/io</code>, and mi...</li> <li><a href="https://github.com/actions/upload-artifact/commit/5f643d3c9475505ccaf26d686ffbfb71a8387261"><code>5f643d3</code></a> chore: update license files for <code>@​actions/artifact</code><a href="https://github.com/5"><code>@​5</code></a>.0.1 dependencies</li> <li><a href="https://github.com/actions/upload-artifact/commit/1df1684032c88614064493e1a0478fcb3583e1d0"><code>1df1684</code></a> chore: update package-lock.json with <code>@​actions/artifact</code><a href="https://github.com/5"><code>@​5</code></a>.0.1</li> <li><a href="https://github.com/actions/upload-artifact/commit/b5b1a918401ee270935b6b1d857ae66c85f3be6f"><code>b5b1a91</code></a> fix: update <code>@​actions/artifact</code> to ^5.0.0 for Node.js 24 punycode fix</li> <li>Additional commits viewable in <a href="https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f">compare view</a></li> </ul> </details> <br /> Updates `actions/download-artifact` from 6.0.0 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li>Download Artifact Node24 support by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> <li>fix: update <code>@​actions/artifact</code> to fix Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li> <li>prepare release v7.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0">https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/37930b1c2abaa49bbe596cd826c3c89aef350131"><code>37930b1</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/452">#452</a> from actions/download-artifact-v7-release</li> <li><a href="https://github.com/actions/download-artifact/commit/72582b9e0acd370909e83fa4a1fd0fca3ad452d8"><code>72582b9</code></a> doc: update readme</li> <li><a href="https://github.com/actions/download-artifact/commit/0d2ec9d4cbcefe257d822f108de2a1f15f8da9f6"><code>0d2ec9d</code></a> chore: release v7.0.0 for Node.js 24 support</li> <li><a href="https://github.com/actions/download-artifact/commit/fd7ae8fda6dc16277a9ffbc91cdb0eedf156e912"><code>fd7ae8f</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/451">#451</a> from actions/fix-storage-blob</li> <li><a href="https://github.com/actions/download-artifact/commit/d484700543354b15886d6a52910cf61b7f1d2b27"><code>d484700</code></a> chore: restore minimatch.dep.yml license file</li> <li><a href="https://github.com/actions/download-artifact/commit/03a808050efe42bb6ad85281890afd4e4546672c"><code>03a8080</code></a> chore: remove obsolete dependency license files</li> <li><a href="https://github.com/actions/download-artifact/commit/56fe6d904b0968950f8b68ea17774c54973ed5e2"><code>56fe6d9</code></a> chore: update <code>@​actions/artifact</code> license file to 5.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/8e3ebc4ab4d2e095e5eb44ba1a4a53b6b03976ad"><code>8e3ebc4</code></a> chore: update package-lock.json with <code>@​actions/artifact</code><a href="https://github.com/5"><code>@​5</code></a>.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/1e3c4b4d4906c98ab57453c24efefdf16c078044"><code>1e3c4b4</code></a> fix: update <code>@​actions/artifact</code> to ^5.0.0 for Node.js 24 punycode fix</li> <li><a href="https://github.com/actions/download-artifact/commit/458627d354794c71bc386c8d5839d20b5885fe2a"><code>458627d</code></a> chore: use local <code>@​actions/artifact</code> package for Node.js 24 testing</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-22 12:32:48 +00:00
Mathias Fredriksson	089b67761a	ci: remove start-workspace workflow (deprecated) (#21291) ... This workflow is no longer used and can be removed. Refs #21023	2025-12-16 18:14:30 +02:00