build(deps): bump the github-actions group across 1 directory with 10 updates

[dependabot]

Bumps the github-actions group with 10 updates in the / directory:

Package	From	To
actions/setup-node	4.4.0	6.3.0
actions/cache	4.3.0	5.0.4
anthropics/claude-code-action	1.0.39	1.0.77
actions/upload-artifact	4.6.2	7.0.0
actions/create-github-app-token	1.12.0	3.0.0
inkeep/inkeep-agents-action	f2ccac1f117a171cac1e9e65852e2196769f50b5	39c725a2bf4d24acb89ae70139e13bf50f637c20
dorny/paths-filter	2.11.1	4.0.1
inkeep/pr-commenter-action	10	11
speakeasy-api/sdk-generation-action	15.58.9	15.60.0
peter-evans/create-pull-request	7.0.8	8.1.0

Updates actions/setup-node from 4.4.0 to 6.3.0

Release notes

Sourced from actions/setup-node's releases.

v6.3.0

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in actions/setup-node#1491
• Replace uuid with crypto.randomUUID() by @​trivikr in actions/setup-node#1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in actions/setup-node#1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in actions/setup-node#1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in actions/setup-node#1495

New Contributors

• @​susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

• Documentation update related to absence of Lockfile by @​mahabaleshwars in actions/setup-node#1454
• Correct mirror option typos by @​MikeMcC399 in actions/setup-node#1442
• Readme update on checkout version v6 by @​deining in actions/setup-node#1446
• Readme typo fixes @​munyari in actions/setup-node#1226
• Advanced document update on checkout version v6 by @​aparnajyothi-y in actions/setup-node#1468

Dependency updates:

• Upgrade @​actions/cache to v5.0.1 by @​salmanmkc in actions/setup-node#1449

New Contributors

• @​mahabaleshwars made their first contribution in actions/setup-node#1454
• @​MikeMcC399 made their first contribution in actions/setup-node#1442
• @​deining made their first contribution in actions/setup-node#1446
• @​munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

v6.1.0

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in actions/setup-node#1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in actions/setup-node#1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in actions/setup-node#1439

... (truncated)

Commits

• 53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
• 54045ab Scope test lockfiles by package manager and update cache tests (#1495)
• c882bff Replace uuid with crypto.randomUUID() (#1378)
• 774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
• efcb663 fix: remove hardcoded bearer (#1467)
• d02c89d Fix npm audit issues (#1491)
• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• 621ac41 README.md: bump to latest released checkout version v6 (#1446)
• 2951748 Bump @​actions/cache to v5.0.1 (#1449)
• Additional commits viewable in compare view

Updates actions/cache from 4.3.0 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

• Add release instructions and update maintainer docs by @​Link- in actions/cache#1696
• Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @​Link- in actions/cache#1697
• Fix workflow permissions and cleanup workflow names / formatting by @​Link- in actions/cache#1699
• docs: Update examples to use the latest version by @​XZTDean in actions/cache#1690
• Fix proxy integration tests by @​Link- in actions/cache#1701
• Fix cache key in examples.md for bun.lock by @​RyPeck in actions/cache#1722
• Update dependencies & patch security vulnerabilities by @​Link- in actions/cache#1738

New Contributors

• @​XZTDean made their first contribution in actions/cache#1690
• @​RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

---

v5.0.1

What's Changed

• fix: update @​actions/cache for Node.js 24 punycode deprecation by @​salmanmkc in actions/cache#1685
• prepare release v5.0.1 by @​salmanmkc in actions/cache#1686

v5.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 6682284 Merge pull request #1738 from actions/prepare-v5.0.4
• e340396 Update RELEASES
• 8a67110 Add licenses
• 1865903 Update dependencies & patch security vulnerabilities
• 5656298 Merge pull request #1722 from RyPeck/patch-1
• 4e380d1 Fix cache key in examples.md for bun.lock
• b7e8d49 Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests
• 984a21b Add traffic sanity check step
• acf2f1f Fix resolution
• 95a07c5 Add wait for proxy
• Additional commits viewable in compare view

Updates anthropics/claude-code-action from 1.0.39 to 1.0.77

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.77

Subprocess environment scrubbing for untrusted-input workflows

Workflows that configure allowed_non_write_users now automatically get CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1, which makes Claude Code (v2.1.79+) strip Anthropic and cloud provider credentials from the environment of subprocesses it spawns (Bash tool, hooks, MCP stdio servers). The parent Claude process keeps these vars for its own API calls — only child subprocess environments are scrubbed.

Why: Workflows that process untrusted input (issue triage, PR review from non-write users) are exposed to prompt injection. A malicious issue body could trick Claude into running a Bash command that reads $ANTHROPIC_API_KEY via shell expansion and leaks it through an observable side channel. Scrubbing the subprocess environment removes the read primitive entirely.

What's scrubbed: Anthropic auth tokens, cloud provider credentials, GitHub Actions OIDC and runtime tokens, OTEL auth headers.

What's kept: GITHUB_TOKEN / GH_TOKEN — so wrapper scripts can still call the GitHub API.

Opt out: Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB: "0" at the job or step level if your workflow legitimately needs a subprocess to inherit these credentials.

No action required for most users — if you've configured allowed_non_write_users, scrubbing is now on automatically. If your workflow breaks because a subprocess expected inherited credentials, re-inject them explicitly (e.g., via MCP server env: config) or use the opt-out.

What's Changed

• Auto-set subprocess env scrub when allowed_non_write_users is configured by @​OctavianGuzu in anthropics/claude-code-action#1093

Full Changelog: anthropics/claude-code-action@v1.0.76...v1.0.77

v1.0.76

Full Changelog: anthropics/claude-code-action@v1...v1.0.76

v1.0.75

Full Changelog: anthropics/claude-code-action@v1...v1.0.75

v1.0.74

What's Changed

• Restore .claude/ and .mcp.json from PR base branch before CLI runs by @​km-anthropic in anthropics/claude-code-action#1066
• Remove redundant git status/diff/log from tag mode allowlist by @​ddworken in anthropics/claude-code-action#1075

Full Changelog: anthropics/claude-code-action@v1...v1.0.74

v1.0.73

Full Changelog: anthropics/claude-code-action@v1...v1.0.73

v1.0.72

What's Changed

• Harden tag mode tool permissions against prompt injection by @​km-anthropic in anthropics/claude-code-action#1002

Full Changelog: anthropics/claude-code-action@v1...v1.0.72

v1.0.71

What's Changed

• docs: warn that allowed_bots can expose the action to external triggers by @​an-dustin in anthropics/claude-code-action#1039
• feat(inline-comment): add confirmed param + probe-pattern safety net by @​km-anthropic in anthropics/claude-code-action#1048

New Contributors

... (truncated)

Commits

• ff9acae Auto-set subprocess env scrub when allowed_non_write_users is configured (#1093)
• 6062f37 chore: bump Claude Code to 2.1.81 and Agent SDK to 0.2.81
• df37d2f chore: bump Claude Code to 2.1.79 and Agent SDK to 0.2.79
• 1ba15be Remove redundant git status/diff/log from tag mode allowlist (#1075)
• 9ddce40 Restore .claude/ and .mcp.json from PR base branch before CLI runs (#1066)
• 1b422b3 chore: bump Claude Code to 2.1.78 and Agent SDK to 0.2.77
• 4c044bb chore: bump Claude Code to 2.1.77 and Agent SDK to 0.2.77
• cd77b50 chore: bump Claude Code to 2.1.76 and Agent SDK to 0.2.76
• 0e80d3c chore: bump Claude Code to 2.1.75 and Agent SDK to 0.2.75
• f956510 Harden tag mode tool permissions against prompt injection (#1002)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

... (truncated)

Commits

• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• Additional commits viewable in compare view

Updates actions/create-github-app-token from 1.12.0 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

• feat!: node 24 support (#275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)
• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)
• deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits

• f8d387b build(release): 3.0.0 [skip ci]
• d2129bd style: remove extra blank line in release workflow
• 77b94ef build: refresh generated artifacts
• 3ab4c66 chore: move undici to devDependencies
• 739cf66 docs: update README action versions
• db40289 build(deps): bump actions versions in test.yml
• 496a7ac test: migrate from AVA to Node.js native test runner (#346)
• 3870dc3 Rename end-to-end proxy job in test workflow
• 4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
• dce0ab0 fix: remove custom proxy handling (#143)
• Additional commits viewable in compare view

Updates inkeep/inkeep-agents-action from f2ccac1f117a171cac1e9e65852e2196769f50b5 to 39c725a2bf4d24acb89ae70139e13bf50f637c20

Commits

• See full diff in compare view

Updates dorny/paths-filter from 2.11.1 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.1

What's Changed

• Support merge queue by @​masaru-iritani in dorny/paths-filter#255

New Contributors

• @​masaru-iritani made their first contribution in dorny/paths-filter#255

Full Changelog: dorny/paths-filter@v4.0.0...v4.0.1

v4.0.0

What's Changed

• feat: update action runtime to node24 by @​saschabratton in dorny/paths-filter#294

New Contributors

• @​saschabratton made their first contribution in dorny/paths-filter#294

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

• Add missing predicate-quantifier by @​wardpeet in dorny/paths-filter#279

New Contributors

• @​wardpeet made their first contribution in dorny/paths-filter#279

Full Changelog: dorny/paths-filter@v3...v3.0.3

v3.0.2

What's Changed

• feat: add config parameter for predicate quantifier by @​petermetz in dorny/paths-filter#224

New Contributors

• @​petermetz made their first contribution in dorny/paths-filter#224

Full Changelog: dorny/paths-filter@v3...v3.0.2

v3.0.1

What's Changed

• Compare base and ref when token is empty by @​frouioui in dorny/paths-filter#133

New Contributors

• @​frouioui made their first contribution in dorny/paths-filter#133

Full Changelog: dorny/paths-filter@v3...v3.0.1

v3.0.0

What's Changed

• Update README.md: added real world usage example by @​iamtodor in dorny/paths-filter#178
• Update Node.js to version 20 by @​danielhjacobs in dorny/paths-filter#206
• Update to nodejs 20 by @​dorny in dorny/paths-filter#210

... (truncated)

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

• Update action runtime to node24

v3.0.3

• Add missing predicate-quantifier

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

• fbd0ab8 feat: add merge_group event support
• efb1da7 feat: add dist/ freshness check to PR workflow
• d8f7b06 Merge pull request #302 from dorny/issue-299
• addbc14 Update README for v4
• 9d7afb8 Update CHANGELOG for v4.0.0
• 782470c Merge branch 'releases/v3'
• d1c1ffe Update CHANGELOG for v3.0.3
• ce10459 Merge pull request #294 from saschabratton/master
• 5f40380 feat: update action runtime to node24
• 668c092 Merge pull request #279 from wardpeet/patch-1
• Additional commits viewable in compare view

Updates inkeep/pr-commenter-action from 10 to 11

Commits

• 21aef02 initial
• See full diff in compare view

Updates speakeasy-api/sdk-generation-action from 15.58.9 to 15.60.0

Release notes

Sourced from speakeasy-api/sdk-generation-action's releases.

v15.60.0

What's Changed

• feat: add CLI publish job by @​TristanSpeakEasy in speakeasy-api/sdk-generation-action#318
• chore: release cli distribution by @​TristanSpeakEasy in speakeasy-api/sdk-generation-action#320

Full Changelog: speakeasy-api/sdk-generation-action@v15.59.2...v15.60.0

v15.59.2

What's Changed

• fix: Prevent non-published targets from overwriting publish outputs by @​bflad in speakeasy-api/sdk-generation-action#319

Full Changelog: speakeasy-api/sdk-generation-action@v15.59.1...v15.59.2

v15.59.1

What's Changed

• chore: release cli action support by @​TristanSpeakEasy in speakeasy-api/sdk-generation-action#317

Full Changelog: speakeasy-api/sdk-generation-action@v15.59.0...v15.59.1

Commits

• fe37b33 chore: release cli distribution (#320)
• 6cd5ba5 feat: add CLI publish job (#318)
• 7c8dcd1 fix: Prevent non-published targets from overwriting publish outputs (#319)
• c134c5a chore: release cli action support (#317)
• 53442e2 feat: add cli target support (#316)
• See full diff in compare view

Updates peter-evans/create-pull-request from 7.0.8 to 8.1.0

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.1.0

What's Changed

• README.md: bump given GitHub actions to their latest versions by @​deining in peter-evans/create-pull-request#4265
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4273
• build(deps-dev): bump the npm group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4274
• build(deps-dev): bump undici from 6.22.0 to 6.23.0 by @​dependabot[bot] in peter-evans/create-pull-request#4284
• Update distribution by @​actions-bot in peter-evans/create-pull-request#4289
• fix: Handle remote prune failures gracefully on self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4295
• feat: add @​octokit/plugin-retry to handle retriable server errors by @​peter-evans in peter-evans/create-pull-request#4298

New Contributors

• @​deining made their first contribution in peter-evans/create-pull-request#4265

Full Changelog: peter-evans/create-pull-request@v8.0.0...v8.1.0

Create Pull Request v8.0.0

What's new in v8

• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

• chore: Update checkout action version to v6 by @​yonas in peter-evans/create-pull-request#4258
• Update actions/checkout references to @​v6 in docs by @​Copilot in peter-evans/create-pull-request#4259
• feat: v8 by @​peter-evans in peter-evans/create-pull-request#4260

New Contributors

• @​yonas made their first contribution in peter-evans/create-pull-request#4258
• @​Copilot made their first contribution in peter-evans/create-pull-request#4259

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

Create Pull Request v7.0.11

What's Changed

• fix: restrict remote prune to self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4250

Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11

Create Pull Request v7.0.10

⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.

What's Changed

• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4235
• build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by @​dependabot[bot] in peter-evans/create-pull-request#4240
• fix: provider list pulls fallback for multi fork same owner by @​peter-evans in peter-evans/create-pull-request#4245

New Contributors

• @​obnyis made their first contribution in peter-evans/create-pull-request#4064

Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10

... (truncated)

Commits

• c0f553f feat: add @​octokit/plugin-retry to handle retriable server errors (#4298)
• 7000124 fix: Handle remote prune failures gracefully (#4295)
• 34aa40e build: update distribution (#4289)
• 641099d build(deps-dev): bump undici from 6.22.0 to 6.23.0 (#4284)
• 2271f1d build(deps-dev): bump the npm group with 2 updates (#4274)
• 437c31a build(deps): bump the github-actions group with 2 updates (#4273)
• 0979079 docs: update readme
• 5b751cd README.md: bump given GitHub actions to their latest versions (#4265)
• 98357b1 feat: v8 (#4260)
• 41c0e4b Update actions/checkout references to @​v6 in docs (#4259)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabo...

Description has been truncated

[changeset-bot]

⚠️ No Changeset found

Latest commit: 61bcc7c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agents-api	Ready	Preview, Comment	Mar 24, 2026 6:50pm
agents-docs	Ready	Preview, Comment	Mar 24, 2026 6:50pm
agents-manage-ui	Ready	Preview, Comment	Mar 24, 2026 6:50pm