ci(deps): update bfra-me/.github to v4.16.31#1474
Merged
Merged
Conversation
bfra-me
Bot
added
automerge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v4.16.28→v4.16.31Release Notes
bfra-me/.github (bfra-me/.github)
v4.16.31Compare Source
Patch Changes
Fix
fro-botworkflow skippingissue_commentevents on pull requests. The (#2350)ifcondition'sgithub.event.issue.pull_request == nullclause (added duringPR-fork hardening) filtered out
@fro-botmentions on PR conversation threads,because GitHub populates
issue.pull_request(with the PR URL) for any commenton a PR. The clause has been removed; the top-level fork-hardening and
author_association(OWNER/MEMBER/COLLABORATOR) check still gateuntrusted triggers.
Also add an explicit "DELIVERY CONTRACT" to the
AUTOHEAL_PROMPTso futuredispatched runs always finish with
git push+gh pr createinstead ofstopping at "the caller will push" — the caller is the agent itself.
Fix intermittent
git exit 128in theupdate-repo-settingsreusable workflow'sFilter Changed Filesstep on push events. The push-event checkout now usesfetch-depth: 0sodorny/paths-filteralways has the history it needs to diff against the parent commit, instead of the default shallow clone that could fail the diff. (#2346)📦 Group update for dependencies dependencies:
Node.js,node(#2339)fro-bot/agentfromv0.74.0tov0.76.2(#2338)⚙️ Update GitHub Actions workflow dependency
fro-bot/agentfromv0.76.2tov0.76.3(#2347)⚙️ Update GitHub Actions workflow dependency
bfra-me/renovate-actionfrom9.125.1to9.125.2(#2345)v4.16.30Compare Source
Patch Changes
Bump bfra-me/renovate-action to 9.125.1 (resolves bfra-me/renovate-action#3418, includes bfra-me/renovate-action#3419). (#2336)
📦 Update npm dependency
pnpmfrom10.34.3to10.34.4(#2337)🔒 Remediate undici vulnerabilities via pnpm override (>=6.27.0) addressing GHSA-vxpw-j846-p89q (HIGH/CVSS 7.5, WebSocket DoS via fragment count bypass), GHSA-p88m-4jfj-68fv (MEDIUM/CVSS 5.9, Set-Cookie header injection), GHSA-35p6-xmwp-9g52 (LOW, keep-alive socket reuse response queue poisoning), and GHSA-g8m3-5g58-fq7m (LOW, Set-Cookie SameSite downgrade) (#2322)
v4.16.29Compare Source
Patch Changes
fro-bot/agentfromv0.73.0tov0.74.0(#2326)⚙️ Update GitHub Actions workflow dependency
bfra-me/renovate-actionfrom9.124.0to9.124.1(#2330)⚙️ Update GitHub Actions workflow dependency
bfra-me/renovate-actionfrom9.124.1to9.124.2(#2331)⚙️ Update GitHub Actions workflow dependency
bfra-me/renovate-actionfrom9.124.2to9.124.3(#2332)Configuration
📅 Schedule: (in timezone America/Phoenix)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.