chore(deps): update peter-evans/create-pull-request action to v8

[renovate-bot-cbcoutinho]

This PR contains the following updates:

Package	Type	Update	Change
peter-evans/create-pull-request	action	major	v7.0.11 → v8.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

peter-evans/create-pull-request (peter-evans/create-pull-request)

v8.0.0: Create Pull Request v8.0.0

Compare Source

What's new in v8

• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

• chore: Update checkout action version to v6 by @​yonas in #​4258
• Update actions/checkout references to @​v6 in docs by @​Copilot in #​4259
• feat: v8 by @​peter-evans in #​4260

New Contributors

• @​yonas made their first contribution in #​4258
• @​Copilot made their first contribution in #​4259

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

PR Review: Update peter-evans/create-pull-request to v8

Summary

This Renovate-generated PR updates the peter-evans/create-pull-request GitHub Action from v7.0.8 → v8.0.0 in two Astrolabe workflow files.

---

✅ Approval Recommendation: APPROVE & MERGE

This is a safe and necessary dependency update with no breaking changes affecting this repository.

---

Analysis

🔍 What Changed

• Files Modified: 2 workflow files in third_party/astrolabe/.github/workflows/
  • npm-audit-fix.yml (line 69)
  • update-nextcloud-ocp-matrix.yml (line 88)
• Change: Updated commit SHA and version tag from v7.0.8 to v8.0.0
• Scope: Only affects Astrolabe submodule workflows, not main MCP server workflows

🔒 Security

• ✅ Pinned commit SHA: Uses full SHA (98357b18bf14b5342f975ff684046ec3b2a07725) for supply chain security
• ✅ Verified release: Official v8.0.0 release from trusted maintainer (peter-evans)
• ✅ No new permissions: No changes to workflow permissions or token usage

🚀 Breaking Changes Assessment

From the v8.0.0 release notes:

• Node 24 requirement: Requires Actions Runner v2.327.1+ for self-hosted runners
• Impact: ❌ NONE for this repository
  • Both affected workflows use runs-on: ubuntu-latest (GitHub-hosted runners)
  • GitHub-hosted runners are automatically updated and already support Node 24
  • No self-hosted runners detected in any workflows

📦 What v8 Provides

• Updated actions/checkout to v6 (internal dependency)
• Node.js 24 runtime support
• Bug fixes from v7.0.9-v7.0.11 (checkout@v6 compatibility, fork handling, remote prune fixes)

🧪 Testing Considerations

• These workflows run on schedule (weekly cron jobs) and workflow_dispatch
• Both workflows use continue-on-error: true for resilience
• Changes only affect PR creation step, not the actual build/audit/update logic
• No immediate testing required; workflows will self-validate on next scheduled run

---

Recommendation Details

Why approve:

1. Standard dependency maintenance (Renovate bot)
2. No breaking changes for GitHub-hosted runners
3. Maintains security with pinned SHA
4. Isolated to Astrolabe submodule workflows
5. Inherits bug fixes and improvements from v7.0.9-v8.0.0

Risk assessment: ⬜ Minimal

• Workflows have built-in error handling
• PR creation is non-critical (can be retried manually)
• No changes to core application code

---

📋 Checklist

• ✅ Code quality: N/A (version bump only)
• ✅ Potential bugs: None identified
• ✅ Performance: No impact
• ✅ Security: Improved (includes v7 security fixes)
• ✅ Test coverage: Self-testing via scheduled runs

---

Action: Merge when ready. No additional testing required.