Commit Graph

10 Commits

Author SHA1 Message Date
Mason Daugherty
3246caf831 ci(infra): add org guards to workflows and remove dead v0.3 docs workflow (#38665)
Adds `github.repository_owner == 'langchain-ai'` guards to 14 GitHub
Actions workflows that were missing them. Without these guards,
write-capable automation (issue/PR labeling, closing, commenting, PR
reopening, release publishing) and CI jobs fire on forks — causing
unwanted mutations, wasted runner minutes, and failed GitHub App token
generation on repos that don't have the required secrets.

Also removes `v03_api_doc_build.yml`, which pushed built docs to
`langchain-ai/langchain-api-docs-html` via `TOKEN_GITHUB_API_DOCS_HTML`
— a secret that isn't set on this repo. The workflow was dead code with
no consumers.

---

## What changed

**Write-capable workflows now guarded** (8 files):
- `auto-label-by-package` — was adding/removing issue labels on forks
- `close_unchecked_issues` — was closing issues and posting comments on
forks via GitHub App token
- `tag-external-issues` — both `tag-external` and `backfill` jobs were
generating App tokens and labeling issues on forks
- `reopen_on_assignment` — was reopening PRs and re-running workflows on
forks
- `require_issue_link` — was closing PRs, creating labels, posting
comments, and canceling workflow runs on forks
- `remove_waiting_on_author` — was removing labels on fork issues/PRs
- `pr_labeler` — was generating App tokens and adding/removing PR labels
on forks
- `pr_labeler_backfill` — same, on manual trigger from a fork

**Read-only CI workflows now guarded** (5 files):
- `check_diffs` — `build` and `check-release-options` jobs (downstream
jobs inherit the skip)
- `codspeed` — `build` job
- `check_agents_sync`, `check_versions`, `check_release_deps`

**Release workflow guarded** (1 file):
- `_release` — `build` job (all downstream jobs chain via `needs`, so
they inherit the skip). Previously relied only on `environment: Release`
approval and a `github.ref` check.

**Removed**:
- `v03_api_doc_build.yml` — dead workflow depending on unset
`TOKEN_GITHUB_API_DOCS_HTML` secret

## What was already guarded

`block_fork_main_prs`, `bump_uv_pin`, `check_extras_sync`,
`integration_tests`, `pr_lint_trailer`, `refresh_model_profiles` already
had the guard. `pr_lint` (read-only, `pull-requests: read`) and the
`_*.yml` reusable workflows (only run when called by a guarded parent)
were intentionally left unguarded.

## Release note

- GitHub Actions workflows now skip execution on forks via
`repository_owner == 'langchain-ai'` guards, preventing unwanted
issue/PR automation and CI runs outside the canonical repo.
- Removed the dead `v03_api_doc_build` workflow that depended on an
unset secret.

---

🤖 Generated with AI-agent involvement.
2026-07-04 21:30:23 -04:00
dependabot[bot]
fa021df592 chore: bump actions/checkout from 6.0.2 to 7.0.0 in the major group across 1 directory (#38585)
Bumps the major group with 1 update in the / directory:
[actions/checkout](https://github.com/actions/checkout).

Updates `actions/checkout` from 6.0.2 to 7.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>block checking out fork pr for pull_request_target and workflow_run
by <a href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li>
<li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the
minor-actions-dependencies group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li>
<li>Bump flatted from 3.3.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li>
<li>Bump js-yaml from 4.1.0 to 4.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li>
<li>Bump <code>@​actions/core</code> and
<code>@​actions/tool-cache</code> and Remove uuid by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li>
<li>upgrade module to esm and update dependencies by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li>
<li>Bump the minor-npm-dependencies group across 1 directory with 3
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li>
<li>getting ready for checkout v7 release by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2464">actions/checkout#2464</a></li>
<li>update error wording by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2467">actions/checkout#2467</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.3...v7.0.0">https://github.com/actions/checkout/compare/v6.0.3...v7.0.0</a></p>
<h2>v6.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update changelog by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>Update changelog for v6.0.3 by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yaananth"><code>@​yaananth</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v7.0.0</h2>
<ul>
<li>Block checking out fork PR for pull_request_target and workflow_run
by <a href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li>
<li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the
minor-actions-dependencies group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li>
<li>Bump flatted from 3.3.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li>
<li>Bump js-yaml from 4.1.0 to 4.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li>
<li>Bump <code>@​actions/core</code> and
<code>@​actions/tool-cache</code> and Remove uuid by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li>
<li>upgrade module to esm and update dependencies by <a
href="https://github.com/aiqiaoy"><code>@​aiqiaoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li>
<li>Bump the minor-npm-dependencies group across 1 directory with 3
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li>
</ul>
<h2>v6.0.3</h2>
<ul>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9c091bb21b"><code>9c091bb</code></a>
update error wording (<a
href="https://redirect.github.com/actions/checkout/issues/2467">#2467</a>)</li>
<li><a
href="1044a6dea9"><code>1044a6d</code></a>
getting ready for checkout v7 release (<a
href="https://redirect.github.com/actions/checkout/issues/2464">#2464</a>)</li>
<li><a
href="f0282184c7"><code>f028218</code></a>
Bump the minor-npm-dependencies group across 1 directory with 3 updates
(<a
href="https://redirect.github.com/actions/checkout/issues/2462">#2462</a>)</li>
<li><a
href="d914b262ff"><code>d914b26</code></a>
upgrade module to esm and update dependencies (<a
href="https://redirect.github.com/actions/checkout/issues/2463">#2463</a>)</li>
<li><a
href="537c7ef99c"><code>537c7ef</code></a>
Bump <code>@​actions/core</code> and <code>@​actions/tool-cache</code>
and Remove uuid (<a
href="https://redirect.github.com/actions/checkout/issues/2459">#2459</a>)</li>
<li><a
href="130a169078"><code>130a169</code></a>
Bump js-yaml from 4.1.0 to 4.2.0 (<a
href="https://redirect.github.com/actions/checkout/issues/2461">#2461</a>)</li>
<li><a
href="7d09575332"><code>7d09575</code></a>
Bump flatted from 3.3.1 to 3.4.2 (<a
href="https://redirect.github.com/actions/checkout/issues/2460">#2460</a>)</li>
<li><a
href="0f9f3aa320"><code>0f9f3aa</code></a>
Bump actions/publish-immutable-action (<a
href="https://redirect.github.com/actions/checkout/issues/2458">#2458</a>)</li>
<li><a
href="f9e715a95f"><code>f9e715a</code></a>
block checking out fork pr for pull_request_target and workflow_run (<a
href="https://redirect.github.com/actions/checkout/issues/2454">#2454</a>)</li>
<li><a
href="df4cb1c069"><code>df4cb1c</code></a>
Update changelog for v6.0.3 (<a
href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li>
<li>Additional commits viewable in <a
href="de0fac2e45...9c091bb21b">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 03:53:45 -04:00
Mason Daugherty
05b5af17dc chore(infra): update workflow key name (#38367) 2026-06-22 14:03:56 -04:00
dependabot[bot]
20afcbb2d5 chore: bump the minor-and-patch group with 2 updates (#37512)
Bumps the minor-and-patch group with 2 updates:
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
and
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials).

Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)
(<a
href="952a2a7073">952a2a7</a>)</li>
<li>support full repository names in <code>repositories</code> input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)
(<a
href="85eb8dd414">85eb8dd</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump <code>@​actions/core</code> from 3.0.0
to 3.0.1 in the production-dependencies group (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/364">#364</a>)
(<a
href="43e5c345bf">43e5c34</a>)</li>
<li>validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)
(<a
href="f24bbd8964">f24bbd8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md">actions/create-github-app-token's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)
(<a
href="952a2a7073">952a2a7</a>)</li>
<li>support full repository names in <code>repositories</code> input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)
(<a
href="85eb8dd414">85eb8dd</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump <code>@​actions/core</code> from 3.0.0
to 3.0.1 in the production-dependencies group (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/364">#364</a>)
(<a
href="43e5c345bf">43e5c34</a>)</li>
<li>validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)
(<a
href="f24bbd8964">f24bbd8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bcd2ba4921"><code>bcd2ba4</code></a>
chore(main): release 3.2.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/370">#370</a>)</li>
<li><a
href="f24bbd8964"><code>f24bbd8</code></a>
fix: validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)</li>
<li><a
href="363531b6d9"><code>363531b</code></a>
docs: capitalize Git as a proper noun in README (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/374">#374</a>)</li>
<li><a
href="fd2801133e"><code>fd28011</code></a>
docs: update procedure to configure Git (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/287">#287</a>)</li>
<li><a
href="85eb8dd414"><code>85eb8dd</code></a>
feat: support full repository names in <code>repositories</code> input
(<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)</li>
<li><a
href="c9aabb8372"><code>c9aabb8</code></a>
build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the
development-dependencie...</li>
<li><a
href="e02e816e55"><code>e02e816</code></a>
build(deps-dev): bump undici from 7.24.6 to 8.2.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/366">#366</a>)</li>
<li><a
href="8d835bfd37"><code>8d835bf</code></a>
build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the
development-depend...</li>
<li><a
href="952a2a7073"><code>952a2a7</code></a>
feat: add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)</li>
<li><a
href="43e5c345bf"><code>43e5c34</code></a>
fix(deps): bump <code>@​actions/core</code> from 3.0.0 to 3.0.1 in the
production-dependenc...</li>
<li>Additional commits viewable in <a
href="1b10c78c78...bcd2ba4921">compare
view</a></li>
</ul>
</details>
<br />

Updates `aws-actions/configure-aws-credentials` from 6.1.0 to 6.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1722">aws-actions/configure-aws-credentials#1722</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.5.0 to
25.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1723">aws-actions/configure-aws-credentials#1723</a></li>
<li>chore(deps-dev): bump <code>@​smithy/property-provider</code> from
4.2.12 to 4.2.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1724">aws-actions/configure-aws-credentials#1724</a></li>
<li>chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1726">aws-actions/configure-aws-credentials#1726</a></li>
<li>chore(deps): bump <code>@​smithy/node-http-handler</code> from 4.5.1
to 4.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1725">aws-actions/configure-aws-credentials#1725</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1020.0 to
3.1025.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1727">aws-actions/configure-aws-credentials#1727</a></li>
<li>chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1728">aws-actions/configure-aws-credentials#1728</a></li>
<li>chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1729">aws-actions/configure-aws-credentials#1729</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.5.2 to
25.6.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1730">aws-actions/configure-aws-credentials#1730</a></li>
<li>chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code>
from 3.972.24 to 3.972.25 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1733">aws-actions/configure-aws-credentials#1733</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1025.0 to
3.1030.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1732">aws-actions/configure-aws-credentials#1732</a></li>
<li>chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.10 to
2.4.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1734">aws-actions/configure-aws-credentials#1734</a></li>
<li>chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1736">aws-actions/configure-aws-credentials#1736</a></li>
<li>chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1737">aws-actions/configure-aws-credentials#1737</a></li>
<li>chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1740">aws-actions/configure-aws-credentials#1740</a></li>
<li>chore(deps-dev): bump <code>@​smithy/property-provider</code> from
4.2.13 to 4.2.14 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1741">aws-actions/configure-aws-credentials#1741</a></li>
<li>chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code>
from 3.972.25 to 3.972.28 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1742">aws-actions/configure-aws-credentials#1742</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1030.0 to
3.1033.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1743">aws-actions/configure-aws-credentials#1743</a></li>
<li>chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.11 to
2.4.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1739">aws-actions/configure-aws-credentials#1739</a></li>
<li>chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.12 to
2.4.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1747">aws-actions/configure-aws-credentials#1747</a></li>
<li>chore(deps): bump postcss from 8.5.6 to 8.5.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1752">aws-actions/configure-aws-credentials#1752</a></li>
<li>chore(deps): bump <code>@​smithy/node-http-handler</code> from 4.6.0
to 4.6.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1750">aws-actions/configure-aws-credentials#1750</a></li>
<li>chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code>
from 3.972.28 to 3.972.32 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1751">aws-actions/configure-aws-credentials#1751</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1033.0 to
3.1038.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1749">aws-actions/configure-aws-credentials#1749</a></li>
<li>chore: release 6.1.1 by <a
href="https://github.com/lehmanmj"><code>@​lehmanmj</code></a> in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1757">aws-actions/configure-aws-credentials#1757</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1">https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1">6.1.1</a>
(2026-05-05)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>various dependency updates</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.0.0...v6.1.0">6.1.0</a>
(2026-04-06)</h2>
<h3>Features</h3>
<ul>
<li>add skip cleanup option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1716">#1716</a>)
(<a
href="11b1c58b24">11b1c58</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1545">#1545</a></li>
<li>Support usage of AWS Profiles (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1696">#1696</a>)
(<a
href="a7f0c828ac">a7f0c82</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.1...v6.0.0">6.0.0</a>
(2026-02-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Update action to use node24 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1632">#1632</a>)
(<a
href="a7a2c1125c">a7a2c11</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add support to define transitive tag keys (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1316">#1316</a>)
(<a
href="232435c0c0">232435c</a>)
(<a
href="930ebd9bca">930ebd9</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>properly output <code>aws-account-id</code> and
<code>authenticated-arn</code> when using role-chaining (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1633">#1633</a>)
(<a
href="7ceaf96edc">7ceaf96</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.0...v5.1.1">5.1.1</a>
(2025-11-24)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 5.1.1 (<a
href="56d6a583f0">56d6a58</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.0.0...v5.1.0">5.1.0</a>
(2025-10-06)</h2>
<h3>Features</h3>
<ul>
<li>Add global timeout support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1487">#1487</a>)
(<a
href="1584b8b0e2">1584b8b</a>)</li>
<li>add no-proxy support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482">#1482</a>)
(<a
href="dde9b22a8e">dde9b22</a>)</li>
<li>Improve debug logging in retry logic (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1485">#1485</a>)
(<a
href="97ef425d73">97ef425</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d979d5b3a7"><code>d979d5b</code></a>
chore: release 6.1.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1757">#1757</a>)</li>
<li><a
href="d4a9acd8d3"><code>d4a9acd</code></a>
chore: Update dist</li>
<li><a
href="fc44f4ae40"><code>fc44f4a</code></a>
chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1033.0 to
3.1038.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1749">#1749</a>)</li>
<li><a
href="0b8336f1ba"><code>0b8336f</code></a>
chore: Update dist</li>
<li><a
href="8c5bf33eed"><code>8c5bf33</code></a>
chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code> (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1751">#1751</a>)</li>
<li><a
href="53df0c1c32"><code>53df0c1</code></a>
chore: Update dist</li>
<li><a
href="c2c55827d2"><code>c2c5582</code></a>
chore(deps): bump <code>@​smithy/node-http-handler</code> from 4.6.0 to
4.6.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1750">#1750</a>)</li>
<li><a
href="bd0031d7c3"><code>bd0031d</code></a>
chore(deps): bump postcss from 8.5.6 to 8.5.12 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1752">#1752</a>)</li>
<li><a
href="6ab499a698"><code>6ab499a</code></a>
chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.12 to 2.4.13
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1747">#1747</a>)</li>
<li><a
href="bc94895858"><code>bc94895</code></a>
chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.11 to 2.4.12
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1739">#1739</a>)</li>
<li>Additional commits viewable in <a
href="ec61189d14...d979d5b3a7">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 22:31:48 +00:00
dependabot[bot]
f2d0878d23 chore: bump actions/github-script from 8.0.0 to 9.0.0 (#37121)
Bumps [actions/github-script](https://github.com/actions/github-script)
from 8.0.0 to 9.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v9.0.0</h2>
<p><strong>New features:</strong></p>
<ul>
<li><strong><code>getOctokit</code> factory function</strong> —
Available directly in the script context. Create additional
authenticated Octokit clients with different tokens for multi-token
workflows, GitHub App tokens, and cross-org access. See <a
href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating
additional clients with <code>getOctokit</code></a> for details and
examples.</li>
<li><strong>Orchestration ID in user-agent</strong> — The
<code>ACTIONS_ORCHESTRATION_ID</code> environment variable is
automatically appended to the user-agent string for request
tracing.</li>
</ul>
<p><strong>Breaking changes:</strong></p>
<ul>
<li><strong><code>require('@actions/github')</code> no longer works in
scripts.</strong> The upgrade to <code>@actions/github</code> v9
(ESM-only) means <code>require('@actions/github')</code> will fail at
runtime. If you previously used patterns like <code>const { getOctokit }
= require('@actions/github')</code> to create secondary clients, use the
new injected <code>getOctokit</code> function instead — it's available
directly in the script context with no imports needed.</li>
<li><code>getOctokit</code> is now an injected function parameter.
Scripts that declare <code>const getOctokit = ...</code> or <code>let
getOctokit = ...</code> will get a <code>SyntaxError</code> because
JavaScript does not allow <code>const</code>/<code>let</code>
redeclaration of function parameters. Use the injected
<code>getOctokit</code> directly, or use <code>var getOctokit =
...</code> if you need to redeclare it.</li>
<li>If your script accesses other <code>@actions/github</code> internals
beyond the standard <code>github</code>/<code>octokit</code> client, you
may need to update those references for v9 compatibility.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li>
<li>ci: use deployment: false for integration test environments by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li>
<li>feat!: add getOctokit to script context, upgrade
<code>@​actions/github</code> v9, <code>@​octokit/core</code> v7, and
related packages by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Copilot"><code>@​Copilot</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3a2844b7e9"><code>3a2844b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/700">#700</a>
from actions/salmanmkc/expose-getoctokit + prepare re...</li>
<li><a
href="ca10bbdd1a"><code>ca10bbd</code></a>
fix: use <code>@​octokit/core/</code>types import for v7
compatibility</li>
<li><a
href="86e48e20ac"><code>86e48e2</code></a>
merge: incorporate main branch changes</li>
<li><a
href="c1084728b5"><code>c108472</code></a>
chore: rebuild dist for v9 upgrade and getOctokit factory</li>
<li><a
href="afff112e4f"><code>afff112</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/712">#712</a>
from actions/salmanmkc/deployment-false + fix user-ag...</li>
<li><a
href="ff8117e5b7"><code>ff8117e</code></a>
ci: fix user-agent test to handle orchestration ID</li>
<li><a
href="81c6b78760"><code>81c6b78</code></a>
ci: use deployment: false to suppress deployment noise from integration
tests</li>
<li><a
href="3953caf885"><code>3953caf</code></a>
docs: update README examples from <a
href="https://github.com/v8"><code>@​v8</code></a> to <a
href="https://github.com/v9"><code>@​v9</code></a>, add getOctokit docs
and v9 brea...</li>
<li><a
href="c17d55b90d"><code>c17d55b</code></a>
ci: add getOctokit integration test job</li>
<li><a
href="a047196d9a"><code>a047196</code></a>
test: add getOctokit integration tests via callAsyncFunction</li>
<li>Additional commits viewable in <a
href="ed597411d8...3a2844b7e9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=8.0.0&new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 10:11:35 -04:00
dependabot[bot]
5c27249e27 chore: bump the minor-and-patch group with 5 updates (#37119)
Bumps the minor-and-patch group with 5 updates:

| Package | From | To |
| --- | --- | --- |
|
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
| `3.0.0` | `3.1.1` |
|
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
| `8.1.0` | `8.1.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `7.0.0` | `7.0.1` |
|
[pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish)
| `1.13.0` | `1.14.0` |
|
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials)
| `6.0.0` | `6.1.0` |

Updates `actions/create-github-app-token` from 3.0.0 to 3.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.1</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1">3.1.1</a>
(2026-04-11)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>improve error message when app identifier is empty (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/362">#362</a>)
(<a
href="07e2b76066">07e2b76</a>),
closes <a
href="https://redirect.github.com/actions/create-github-app-token/issues/249">#249</a></li>
</ul>
<h2>v3.1.0</h2>
<h1><a
href="https://github.com/actions/create-github-app-token/compare/v3.0.0...v3.1.0">3.1.0</a>
(2026-04-11)</h1>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump p-retry from 7.1.1 to 8.0.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/357">#357</a>)
(<a
href="3bbe07d928">3bbe07d</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add <code>client-id</code> input and deprecate <code>app-id</code>
(<a
href="https://redirect.github.com/actions/create-github-app-token/issues/353">#353</a>)
(<a
href="e6bd4e6970">e6bd4e6</a>)</li>
<li>update permission inputs (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/358">#358</a>)
(<a
href="076e9480ca">076e948</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1b10c78c78"><code>1b10c78</code></a>
build(release): 3.1.1 [skip ci]</li>
<li><a
href="07e2b76066"><code>07e2b76</code></a>
fix: improve error message when app identifier is empty (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/362">#362</a>)</li>
<li><a
href="ea0121618b"><code>ea01216</code></a>
ci: remove publish-immutable-action workflow (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/361">#361</a>)</li>
<li><a
href="7bd0371149"><code>7bd0371</code></a>
build(release): 3.1.0 [skip ci]</li>
<li><a
href="e6bd4e6970"><code>e6bd4e6</code></a>
feat: add <code>client-id</code> input and deprecate <code>app-id</code>
(<a
href="https://redirect.github.com/actions/create-github-app-token/issues/353">#353</a>)</li>
<li><a
href="076e9480ca"><code>076e948</code></a>
feat: update permission inputs (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/358">#358</a>)</li>
<li><a
href="3bbe07d928"><code>3bbe07d</code></a>
fix(deps): bump p-retry from 7.1.1 to 8.0.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/357">#357</a>)</li>
<li><a
href="28a99e369c"><code>28a99e3</code></a>
build(deps-dev): bump c8 from 10.1.3 to 11.0.0</li>
<li><a
href="4df50600ef"><code>4df5060</code></a>
build(deps-dev): bump open-cli from 8.0.0 to 9.0.0</li>
<li><a
href="4843c538d9"><code>4843c53</code></a>
build(deps-dev): bump the development-dependencies group with 3
updates</li>
<li>See full diff in <a
href="f8d387b68d...1b10c78c78">compare
view</a></li>
</ul>
</details>
<br />

Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v8.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump the npm group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4305">peter-evans/create-pull-request#4305</a></li>
<li>build(deps): bump minimatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4311">peter-evans/create-pull-request#4311</a></li>
<li>build(deps): bump the github-actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4316">peter-evans/create-pull-request#4316</a></li>
<li>build(deps): bump <code>@​tootallnate/once</code> and
jest-environment-jsdom by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4323">peter-evans/create-pull-request#4323</a></li>
<li>build(deps-dev): bump undici from 6.23.0 to 6.24.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4328">peter-evans/create-pull-request#4328</a></li>
<li>build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4334">peter-evans/create-pull-request#4334</a></li>
<li>build(deps): bump picomatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4339">peter-evans/create-pull-request#4339</a></li>
<li>build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4344">peter-evans/create-pull-request#4344</a></li>
<li>build(deps-dev): bump the npm group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4349">peter-evans/create-pull-request#4349</a></li>
<li>fix: retry post-creation API calls on 422 eventual consistency
errors by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4356">peter-evans/create-pull-request#4356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1">https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5f6978faf0"><code>5f6978f</code></a>
fix: retry post-creation API calls on 422 eventual consistency errors
(<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4356">#4356</a>)</li>
<li><a
href="d32e88dac7"><code>d32e88d</code></a>
build(deps-dev): bump the npm group with 3 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4349">#4349</a>)</li>
<li><a
href="8170bccad1"><code>8170bcc</code></a>
build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4344">#4344</a>)</li>
<li><a
href="00418193b4"><code>0041819</code></a>
build(deps): bump picomatch (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4339">#4339</a>)</li>
<li><a
href="b993918c85"><code>b993918</code></a>
build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4334">#4334</a>)</li>
<li><a
href="36d7c8468b"><code>36d7c84</code></a>
build(deps-dev): bump undici from 6.23.0 to 6.24.0 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4328">#4328</a>)</li>
<li><a
href="a45d1fb447"><code>a45d1fb</code></a>
build(deps): bump <code>@​tootallnate/once</code> and
jest-environment-jsdom (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4323">#4323</a>)</li>
<li><a
href="3499eb6183"><code>3499eb6</code></a>
build(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4316">#4316</a>)</li>
<li><a
href="3f3b473b8c"><code>3f3b473</code></a>
build(deps): bump minimatch (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4311">#4311</a>)</li>
<li><a
href="6699836a21"><code>6699836</code></a>
build(deps-dev): bump the npm group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4305">#4305</a>)</li>
<li>See full diff in <a
href="c0f553fe54...5f6978faf0">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update the readme with direct upload details by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/795">actions/upload-artifact#795</a></li>
<li>Readme: bump all the example versions to v7 by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/796">actions/upload-artifact#796</a></li>
<li>Include changes in typespec/ts-http-runtime 0.3.5 by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/797">actions/upload-artifact#797</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v7...v7.0.1">https://github.com/actions/upload-artifact/compare/v7...v7.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="043fb46d1a"><code>043fb46</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/797">#797</a>
from actions/yacaovsnc/update-dependency</li>
<li><a
href="634250c138"><code>634250c</code></a>
Include changes in typespec/ts-http-runtime 0.3.5</li>
<li><a
href="e454baaac2"><code>e454baa</code></a>
Readme: bump all the example versions to v7 (<a
href="https://redirect.github.com/actions/upload-artifact/issues/796">#796</a>)</li>
<li><a
href="74fad66b98"><code>74fad66</code></a>
Update the readme with direct upload details (<a
href="https://redirect.github.com/actions/upload-artifact/issues/795">#795</a>)</li>
<li>See full diff in <a
href="bbbca2ddaa...043fb46d1a">compare
view</a></li>
</ul>
</details>
<br />

Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/gh-action-pypi-publish/releases">pypa/gh-action-pypi-publish's
releases</a>.</em></p>
<blockquote>
<h2>v1.14.0</h2>
<!-- raw HTML omitted -->
<h2> What's Changed</h2>
<p>The main change in this release is that <code>verbose</code> and
<code>print-hash</code> inputs are now on by default. This was
contributed by <a
href="https://github.com/whitequark"><code>@​whitequark</code></a><a
href="https://github.com/sponsors/whitequark">💰</a> in <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397">#397</a>.</p>
<h2>📝 Docs</h2>
<p><a href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> updated the mentions
of PEP 740 to stop implying that it might be experimental (it hasn't
been for quite a while!) in <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388">#388</a>
and <a href="https://github.com/him2him2"><code>@​him2him2</code></a><a
href="https://github.com/sponsors/him2him2">💰</a> brushed up some
grammar in the README and SECURITY docs via <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395">#395</a>.</p>
<h2>🛠️ Internal Updates</h2>
<p><a href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> bumped
<code>sigstore</code> and <code>pypi-attestations</code> in the lock
file (<a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/391">#391</a>)
and <a href="https://github.com/webknjaz"><code>@​webknjaz</code></a><a
href="https://github.com/sponsors/webknjaz">💰</a> added infra for using
type annotations in the project (<a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/381">#381</a>).</p>
<h2>💪 New Contributors</h2>
<ul>
<li><a href="https://github.com/him2him2"><code>@​him2him2</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395">#395</a></li>
<li><a
href="https://github.com/whitequark"><code>@​whitequark</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397">#397</a></li>
</ul>
<p><strong>🪞 Full Diff</strong>: <a
href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0">https://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0</a></p>
<p><strong>🧔‍♂️ Release Manager:</strong> <a
href="https://github.com/sponsors/webknjaz"><code>@​webknjaz</code></a>
<a href="https://stand-with-ukraine.pp.ua">🇺🇦</a></p>
<p><strong>🙏 Special Thanks</strong> to <a
href="https://github.com/facutuesca"><code>@​facutuesca</code></a><a
href="https://github.com/sponsors/facutuesca">💰</a> and <a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a
href="https://github.com/sponsors/woodruffw">💰</a> for helping maintain
this project when <a href="https://github.com/sponsors/webknjaz">I</a>
can't!</p>
<p><strong>💬 Discuss</strong> <a
href="https://bsky.app/profile/webknjaz.me/post/3mivwsz3qzk2e">on
Bluesky 🦋</a>, <a
href="https://mastodon.social/@webknjaz/116363779997051422">on Mastodon
🐘</a> and <a
href="https://github.com/pypa/gh-action-pypi-publish/discussions/404">on
GitHub</a>.</p>
<p><a href="https://github.com/sponsors/webknjaz"><img
src="https://img.shields.io/badge/%40webknjaz-transparent?logo=githubsponsors&amp;logoColor=%23EA4AAA&amp;label=Sponsor&amp;color=2a313c"
alt="GH Sponsors badge" /></a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cef221092e"><code>cef2210</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397">#397</a>
from whitequark/patch-1</li>
<li><a
href="b4595e2555"><code>b4595e2</code></a>
Enable <code>verbose</code> and <code>print-hash</code> by default.</li>
<li><a
href="e2bab26859"><code>e2bab26</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395">#395</a>
from him2him2/docs/fix-typos-and-grammar</li>
<li><a
href="7495c384ec"><code>7495c38</code></a>
docs: fix typos and grammar in README and SECURITY</li>
<li><a
href="03f86fee9a"><code>03f86fe</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388">#388</a>
from woodruffw-forks/ww/rm-experimental</li>
<li><a
href="4c78f1c53c"><code>4c78f1c</code></a>
Merge branch 'unstable/v1' into ww/rm-experimental</li>
<li><a
href="b5a6e8ba26"><code>b5a6e8b</code></a>
deps: bump sigstore and pypi-attestations</li>
<li><a
href="a48a03e758"><code>a48a03e</code></a>
remove another experimental mention</li>
<li><a
href="8087a88a46"><code>8087a88</code></a>
action: remove a lingering mention of PEP 740 being experimental</li>
<li><a
href="3317ede93a"><code>3317ede</code></a>
🧪 Integrate actionlint via pre-commit framework</li>
<li>Additional commits viewable in <a
href="ed0c53931b...cef221092e">compare
view</a></li>
</ul>
</details>
<br />

Updates `aws-actions/configure-aws-credentials` from 6.0.0 to 6.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.0.0...v6.1.0">6.1.0</a>
(2026-04-06)</h2>
<h3>Features</h3>
<ul>
<li>add skip cleanup option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1716">#1716</a>)
(<a
href="11b1c58b24">11b1c58</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1545">#1545</a></li>
<li>Support usage of AWS Profiles (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1696">#1696</a>)
(<a
href="a7f0c828ac">a7f0c82</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.0.0...v6.1.0">6.1.0</a>
(2026-04-06)</h2>
<h3>Features</h3>
<ul>
<li>add skip cleanup option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1716">#1716</a>)
(<a
href="11b1c58b24">11b1c58</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1545">#1545</a></li>
<li>Support usage of AWS Profiles (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1696">#1696</a>)
(<a
href="a7f0c828ac">a7f0c82</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.1...v6.0.0">6.0.0</a>
(2026-02-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Update action to use node24 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1632">#1632</a>)
(<a
href="a7a2c1125c">a7a2c11</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add support to define transitive tag keys (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1316">#1316</a>)
(<a
href="232435c0c0">232435c</a>)
(<a
href="930ebd9bca">930ebd9</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>properly output <code>aws-account-id</code> and
<code>authenticated-arn</code> when using role-chaining (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1633">#1633</a>)
(<a
href="7ceaf96edc">7ceaf96</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.0...v5.1.1">5.1.1</a>
(2025-11-24)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 5.1.1 (<a
href="56d6a583f0">56d6a58</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.0.0...v5.1.0">5.1.0</a>
(2025-10-06)</h2>
<h3>Features</h3>
<ul>
<li>Add global timeout support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1487">#1487</a>)
(<a
href="1584b8b0e2">1584b8b</a>)</li>
<li>add no-proxy support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482">#1482</a>)
(<a
href="dde9b22a8e">dde9b22</a>)</li>
<li>Improve debug logging in retry logic (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1485">#1485</a>)
(<a
href="97ef425d73">97ef425</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>properly expose getProxyForUrl (introduced in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482">#1482</a>)
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1486">#1486</a>)
(<a
href="cea42985ac">cea4298</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0">5.0.0</a>
(2025-09-03)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec61189d14"><code>ec61189</code></a>
chore(main): release 6.1.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1717">#1717</a>)</li>
<li><a
href="81676eb9eb"><code>81676eb</code></a>
chore(deps): bump vite from 7.1.11 to 7.3.2 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1721">#1721</a>)</li>
<li><a
href="dc64d28371"><code>dc64d28</code></a>
chore(deps-dev): bump lodash from 4.17.23 to 4.18.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1720">#1720</a>)</li>
<li><a
href="bc0a50afbe"><code>bc0a50a</code></a>
chore: Update dist</li>
<li><a
href="9ea6412aba"><code>9ea6412</code></a>
chore(deps): bump proxy-agent from 6.5.0 to 7.0.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1686">#1686</a>)</li>
<li><a
href="0a8759496b"><code>0a87594</code></a>
chore: Update dist</li>
<li><a
href="a7f0c828ac"><code>a7f0c82</code></a>
feat: Support usage of AWS Profiles (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1696">#1696</a>)</li>
<li><a
href="e6bb6e5ff3"><code>e6bb6e5</code></a>
chore: add text to CONTRIBUTING.md (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1719">#1719</a>)</li>
<li><a
href="11b1c58b24"><code>11b1c58</code></a>
feat: add skip cleanup option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1716">#1716</a>)</li>
<li><a
href="51635dbf41"><code>51635db</code></a>
chore: Update dist</li>
<li>Additional commits viewable in <a
href="8df5847569...ec61189d14">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 10:09:34 -04:00
Mason Daugherty
6443612fa3 ci: pin all actions to full-length commit SHAs (#36621)
Pin all remaining GitHub Actions references to full-length commit SHAs,
matching the convention already established by third-party actions in
this repo. This is a prerequisite for enabling GitHub's "Require actions
to be pinned to a full-length commit SHA" repository ruleset, which
mitigates tag-hijacking supply chain attacks.
2026-04-08 19:02:58 -04:00
Mason Daugherty
cf1f510d77 fix(infra): resolve module crash blocking external PR enforcement (#36059)
`pr-labeler.js` used `require('@actions/core')` to access GitHub Actions
logging/failure helpers, but that module is bundled inside
`actions/github-script`'s dist — it's not resolvable via Node's
`require()` from a checked-out file on disk. Two of the three call sites
were in rarely-hit error branches, so the bug was latent. The third
(`applyTierLabel`) ran unconditionally, crashing the tier-label step on
every external PR. Because the tier step runs *before* the "add external
label" step, the crash prevented the `external` label from ever being
applied — which meant `require_issue_link.yml` never triggered and
unapproved external PRs stayed open.

## Changes
- Thread the `core` object (provided by `actions/github-script` at eval
time) through `loadAndInit()` → `init()` instead of calling
`require('@actions/core')` from the checked-out script — fixes the
`MODULE_NOT_FOUND` crash on all three call sites (`ensureLabel`,
`getContributorInfo`, `applyTierLabel`)
- Add a console-based fallback in `loadAndInit` so callers that don't
need `core.setFailed` still work without passing it
- Update all 9 `loadAndInit(github, owner, repo)` call sites across
`pr_labeler.yml`, `pr_labeler_backfill.yml`, and
`tag-external-issues.yml` to pass `core`
2026-03-18 00:53:18 -04:00
Mason Daugherty
07fa576de1 ci: avoid unnecessary dep installs in lint targets (#36046)
CI lint jobs use `uv run --all-groups` for all tools, but ruff doesn't
need dependency resolution — only mypy does. By splitting into
`UV_RUN_LINT` (ruff) and `UV_RUN_TYPE` (mypy), the CI-facing targets run
ruff with `--group lint` only, giving fast-fail feedback before mypy
triggers the full environment sync.

For packages where source code only conditionally imports heavy deps
(text-splitters, huggingface), `lint_package` also overrides
`UV_RUN_TYPE` to `--group lint --group typing`, skipping the ~3.5GB
`test_integration` download entirely. `lint_tests` keeps `--all-groups`
since test code legitimately imports those deps.

Additionally, `lint_imports.sh` was inconsistently wired — most packages
had the script but weren't calling it.

## Changes

**Makefile optimization**
- Introduce `UV_RUN_LINT` and `UV_RUN_TYPE` Make variables, both
defaulting to `uv run --all-groups`. For `lint_package` and
`lint_tests`, `UV_RUN_LINT` is overridden to `uv run --group lint` so
ruff runs instantly without syncing heavy deps
- For `text-splitters` and `huggingface`, override `UV_RUN_TYPE` on
`lint_package` to `uv run --group lint --group typing` — mypy runs
without downloading torch, CUDA, spacy, etc.

**mypy config for lean groups**
- Add `transformers` and `transformers.*` to `ignore_missing_imports` in
`text-splitters` pyproject.toml (conditional `try/except` import, same
treatment as existing `konlpy`/`nltk` entries)
- Add `torch`, `torch.*`, `langchain_community`, `langchain_community.*`
to `ignore_missing_imports` in `huggingface` pyproject.toml
- Add dual `# type: ignore[unreachable, unused-ignore]` in
`text-splitters/base.py` to handle the `PreTrainedTokenizerBase`
isinstance check that behaves differently depending on whether
transformers is installed

**lint_imports.sh consistency**
- Add `./scripts/lint_imports.sh` to the lint recipe in every package
that wasn't calling it (standard-tests, model-profiles, all 15
partners), and create the script for the two packages missing it
entirely (`model-profiles`, `openrouter`)
- Update all `lint_imports.sh` scripts to allow `from langchain.agents`
and `from langchain.tools` imports (legitimate v1 middleware
dependencies used by `langchain-anthropic` and `langchain-openai`)
2026-03-17 21:23:29 -04:00
Mason Daugherty
58f3d1a633 ci: consolidate PR labeling into unified workflows (#36042)
Consolidate four separate PR labeling workflows (`pr_labeler_file.yml`,
`pr_labeler_title.yml`, `pr_size_labeler.yml`, and the PR-handling half
of `tag-external-contributions.yml`) into a single `pr_labeler.yml`
workflow. The old workflows raced against each other — concurrent label
mutations could drop or duplicate labels depending on execution order. A
unified workflow with concurrency grouping eliminates that class of bug.
2026-03-17 20:29:33 -04:00