chore(deps): bump anthropics/claude-code-action from 1.0.133 to 1.0.140#17195
Closed
dependabot[bot] wants to merge 7692 commits into
Closed
chore(deps): bump anthropics/claude-code-action from 1.0.133 to 1.0.140#17195dependabot[bot] wants to merge 7692 commits into
dependabot[bot] wants to merge 7692 commits into
Conversation
…6566) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Use sandboxed iframe with sandbox="" attribute instead of opening blob URL - Fetch circuit HTML server-side in modal instead of exposing blob URL in same origin - Add CSP and X-Content-Type-Options headers to quantum proxy - Prevents CWE-79 XSS vulnerability from malicious upstream quantum services Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* 🔒 Restrict rate-limit status endpoint to admin users Adds admin authorization check to GetRateLimitStatus handler to prevent information disclosure of user IDs and IP addresses to non-admin users. Fixes #16481 (CWE-862: Missing Authorization) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore: retrigger CI after Docker registry timeout Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * fix(admin): update test for NewAdminHandler store.Store parameter Signed-off-by: kubestellar-hive <hive-bot@kubestellar.io> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: kubestellar-hive <hive-bot@kubestellar.io> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: kubestellar-hive <hive-bot@kubestellar.io>
…6524) * 🔒 Restrict NPS endpoint to prevent unauthorized feedback exposure - Removes user feedback comments from public GET /api/nps endpoint - Feedback field no longer exposed in recent responses array - Maintains aggregate NPS metrics for dashboard functionality - Feedback comments may contain PII (emails, incident details, internal URLs) - Admin endpoint with proper authorization required to access raw feedback Fixes #16486 Security Impact: - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - CWE-862: Missing Authorization - Prevents unauthorized access to user-submitted feedback with potential PII Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore: retrigger CI after Docker registry timeout Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…16535) * 🔒 Require editor-or-admin role on stellar actions execute endpoint Add requireEditorOrAdmin check to ExecuteAction handler so that viewer-role users can no longer invoke destructive K8s operations (DeletePod, ScaleDeployment, RestartDeployment, CordonNode). Also removes a duplicate RequireAdmin declaration in auth_helpers.go that was introduced by a recent commit and broke compilation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Add RBAC tests for stellar actions execute endpoint Tests verify that viewer role is rejected (403) and editor/admin roles are permitted on POST /api/stellar/actions/execute. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* 🌱 Extract cmd/watcher business logic into pkg/watcher Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🐛 Fix Kagenti provider import alias Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Fix service exports handler test expectations Reset the test kubeconfig before injecting ServiceExport clusters so\nListServiceExports only probes the fake clusters configured by the\ntest. This avoids the placeholder test-cluster triggering a real\ndynamic client lookup and Fiber test timeout.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…#16551) * 🔒 Fix percent-encoded path traversal bypass in missions-file function Harden hasInvalidPathInput and hasInvalidRefInput to iteratively decode percent-encoded values before checking for traversal patterns. Previously, payloads like %252e%252e would bypass the literal '..' check after a single URL decode pass. Matches the defense-in-depth pattern already used in the Go backend's sanitizePath function (pkg/api/handlers/missions_cache.go). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Fix duplicate RequireAdmin declaration Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Add unit test for percent-encoded path traversal fix Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…6529) * 🔒 Restrict admin bootstrap to prevent unauthorized auto-promotion Fixes #16485 Removes the privilege escalation vulnerability where any authenticated user could be silently promoted to admin if all admins were deleted or if the admin count reached zero. ## Security Changes - **Removed auto-bootstrap from requireAdmin()**: The admin role check no longer automatically promotes users even when admin count is zero. This prevents privilege escalation if all admins are removed (manually, via bug, or via DB corruption). - **Bootstrap now controlled via environment variable**: Added BOOTSTRAP_ADMIN_ALLOWED environment variable (defaults to false) to explicitly control whether bootstrap promotion is allowed at all. - **Bootstrap only during initial OAuth setup**: Bootstrap promotion now only occurs during the initial user creation in auth_handler.go during OAuth login flow, not on every admin endpoint check. ## Impact - Self-hosted consoles must set BOOTSTRAP_ADMIN_ALLOWED=true to enable first-user admin bootstrap during initial setup. - Once an admin is created, the bootstrap mechanism is effectively disabled unless BOOTSTRAP_ADMIN_ALLOWED is explicitly set. - If all admins are removed, no new admins can be auto-promoted. ## CWE CWE-269: Improper Privilege Management Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore: retrigger CI after Docker registry timeout Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Fix auth_helpers test expectations for restricted bootstrap Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * � Fix admin bootstrap to allow first-user promotion while restricting subsequent Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* 🌱 Split Store interface into focused sub-interfaces (ISP) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🐛 Fix interface signatures to match SQLiteStore implementation Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🐛 Fix interface compliance after Store ISP split Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
) * 🔒 Sanitize nightly E2E image parsing against prototype pollution Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore: retrigger CI after Docker registry timeout Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Add test for nightly E2E image sanitization Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🐛 Fix prototype pollution rejection in nested image parsing Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add requireEditorOrAdmin check to Chat and CallTool handlers so viewer-role users can no longer invoke arbitrary kagent agents/tools that may execute privileged Kubernetes operations. Also removes the duplicate RequireAdmin declaration that broke build. Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add Owner field (uuid.UUID) to OrbitMission struct - Set mission owner to current user on creation via middleware.GetUserID - Filter ListMissions by owner (admins see all missions) - Restrict RunMission to mission owner or admin - Pass store.Store to OrbitHandler for role checks - Update NewOrbitHandler signature and all callers Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* 🔒 Add authorization checks to kagent proxy endpoints Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🔒 Require editor role for kagent proxy endpoints Add authorization checks to kagent Chat and CallTool handlers to prevent viewer-role users from invoking agents and tools. - Require editor or admin role for /api/kagent/chat - Require editor or admin role for /api/kagent/tools/call - Log all kagent invocations with user identity for audit Fixes CWE-862: Missing Authorization Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🔒 Require editor role for kagent proxy endpoints Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* 🔒 Add CSRF state validation to manifest OAuth callback Generate and persist a single-use OAuth state during manifest setup, include it in the GitHub redirect URL, and require it on callback before exchanging the manifest code for credentials. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * fix: handle demo mode in CSRF state validation DemoEvaluation was seeded with rand.Uint64() (non-deterministic), so with the minimal 2-check test framework used by TestGenerateDemo the probability of score=0 was ~6.25% — a flaky test. Seed the RNG deterministically from the cluster name using FNV-64a so that demo reports are reproducible across runs for the same cluster, eliminating the flakiness entirely. Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 9.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7.0.1...3a2844b) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…16540) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 7.2.1 to 7.2.2. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@1a80836...5daf1e9) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.36.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@95e58e9...87557b9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@ce36039...0611638) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* 🔒 Require admin role on rate-limit status endpoint Add requireAdmin check to GetRateLimitStatus so viewer-role users cannot enumerate active user IDs, IP addresses, and lockout windows. Also removes the duplicate RequireAdmin declaration that broke build. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Add admin authorization test for rate-limit status endpoint Verify that non-admin users receive 403 on the rate-limit status endpoint and admin users can access it successfully. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com>
* 🔒 Restrict persistence config endpoints to admin users Adds admin authorization checks to persistence configuration and test endpoints that expose cluster topology information. Affected endpoints: - GET /api/persistence/config - GET /api/persistence/status - POST /api/persistence/test Fixes #16484 Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * chore: retrigger CI after Docker registry timeout Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🌱 Add admin authorization test for persistence endpoints Verify that non-admin users receive 403 on persistence config/test endpoints and admin users can access them successfully. Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* 🔒 Restrict CORS to explicit subdomain allowlist Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * 🔒 Restrict CORS to explicit subdomain allowlist Replace wildcard *.kubestellar.io CORS matching with a strict allowlist of known production subdomains. This prevents subdomain takeover attacks from gaining cross-origin API access. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com>
…#16568) Iteratively decode path and ref parameters before validation to catch %2e%2e, %252e%252e, and other encoded traversal patterns. Also reject null bytes in decoded values. While raw.githubusercontent.com treats %2e literally (limiting current exploitability), this closes the defense-in-depth gap and prevents cache-key pollution attacks. Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…16567) Replace unsafe shell-out to 'tar xzf' with a pure-Go archive/tar implementation that validates every entry path stays within the staging directory. The new safeTarExtract function: - Rejects entries with '..' prefixes or absolute paths - Rejects symlinks and hard links (escape vectors) - Enforces per-file and total-file-count limits - Respects context cancellation for user abort - Is fully tested with path traversal, symlink, and valid cases Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add repo allowlist to the GitHub API proxy to prevent confused deputy attacks. /repos/ requests are validated against GITHUB_PROXY_REPOS env var (defaults to KubeStellar org repos). /search/ requests are scoped. Signed-off-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> Co-authored-by: kubestellar-hive[bot] <kubestellar-hive[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add iterative decodeURIComponent to hasInvalidPathInput and hasInvalidRefInput so double/triple-encoded dot segments (%252e%252e) are caught before reaching cache keys or upstream URLs. Mirrors the existing defense-in-depth already present in the Go handler (pkg/api/handlers/missions_cache.go sanitizePath). Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…16605) Remove the path that allowed requests with no Origin AND no Referer headers through the Umami analytics proxy. These headerless requests are server-to-server calls that can trivially inject spoofed analytics data. Legitimate browser requests always include at least one of these headers. Fixes #16513 Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
kubestellar-prow
Bot
added
the
dco-signoff: yes
Contributor
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
kubestellar-prow
Bot
added
the
size/XS
Contributor
|
👋 Hey @dependabot[bot] — thanks for opening this PR!
This is an automated message. |
github-actions
Bot
added
tier/3-restricted
ai-generated
✅ Deploy Preview for kubestellarconsole canceled.
|
Contributor
|
@dependabot rebase |
Contributor
Author
|
Sorry, only users with push access can use that command. |
Contributor
|
@dependabot rebase |
Contributor
Author
|
Sorry, only users with push access can use that command. |
Contributor
|
@dependabot rebase |
Contributor
Author
|
Sorry, only users with push access can use that command. |
Contributor
|
@dependabot rebase |
Contributor
Author
|
Sorry, only users with push access can use that command. |
Contributor
|
@dependabot rebase |
Contributor
Author
|
Sorry, only users with push access can use that command. |
Contributor
|
@dependabot rebase |
Contributor
Author
|
Sorry, only users with push access can use that command. |
Contributor
|
Closing in favor of #17269 which applies the same version bumps cleanly on top of current main (avoiding the merge conflict). |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/github_actions/anthropics/claude-code-action-1.0.140
branch
kubestellar-hive Bot
added a commit
that referenced
this pull request
Jun 9, 2026
- github/codeql-action: v4.36.1 → v4.36.2 - docker/metadata-action: v6.0.0 → v6.1.0 - anthropics/claude-code-action: v1.0.133 → v1.0.140 Replaces dependabot PRs #17204, #17198, #17195 which had unresolvable merge conflicts. SHA-pinned references updated to verified commit SHAs. Signed-off-by: kubestellar-hive[bot] <kubestellar-hive@users.noreply.github.com> Co-authored-by: kubestellar-hive[bot] <kubestellar-hive@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps anthropics/claude-code-action from 1.0.133 to 1.0.140.
Release notes
Sourced from anthropics/claude-code-action's releases.
Commits
fbda2ebchore: bump Claude Code to 2.1.168 and Agent SDK to 0.3.16864de744chore: bump Claude Code to 2.1.167 and Agent SDK to 0.3.1674101658chore: bump Claude Code to 2.1.166 and Agent SDK to 0.3.16641ea764chore: bump Claude Code to 2.1.165 and Agent SDK to 0.3.1650b1b620chore: bump Claude Code to 2.1.163 and Agent SDK to 0.3.16370a6e52chore: bump Claude Code to 2.1.162 and Agent SDK to 0.3.16236a69b6chore: bump Claude Code to 2.1.161 and Agent SDK to 0.3.161bfad70dci: bump checkout and setup-bun in test workflows to Node 24 releases (#1379)dc081a3chore: bump actions/setup-node from v4.4.0 to v6.4.0 (Node.js 24) (#1377)420335dAdd workload identity federation support to base-action (#1378)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)