Skip to content

Bump getsentry/github-workflows/validate-pr from 71588ddf95134f804e82c5970a8098588e2eaecd to 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613#95

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/getsentry/github-workflows/validate-pr-4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613
Open

Bump getsentry/github-workflows/validate-pr from 71588ddf95134f804e82c5970a8098588e2eaecd to 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613#95
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/getsentry/github-workflows/validate-pr-4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps getsentry/github-workflows/validate-pr from 71588ddf95134f804e82c5970a8098588e2eaecd to 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613.

Changelog

Sourced from getsentry/github-workflows/validate-pr's changelog.

Changelog

Unreleased

Fixes

  • Danger - Harden extra-install-packages handling: pass the package list into the container via env var instead of host-shell string interpolation (defense in depth) (#169)

3.4.0

Features

  • Validate PR - Action is advisory: it posts a single friendly comment on community PRs that don't reference an issue with maintainer discussion. PRs are not closed and no labels are applied. Recommended trigger is types: [opened].
  • Validate PR - Skip validation for PRs with fewer than 100 lines changed, excluding common lock files (Cargo.lock, yarn.lock, package-lock.json, Pipfile.lock, etc.). Tiny PRs no longer go through the issue-discussion loop.
  • Add validate-pr composite action for validating non-maintainer PRs against contribution guidelines (#153)

Fixes

  • Complete script injection hardening across all actions: move remaining step outputs to env vars, validate Danger version against semver (#152)
  • Updater - Trigger CI for new PRs without changelog updates (#166)
  • Updater - Select the first branch when multiple branches point at HEAD (#165)

Dependencies

3.3.0

Features

  • Updater - Support CMake GIT_TAG with variable references like ${FOO_REF}, resolving and updating the corresponding set() definition (#149)

3.2.1

Fixes

  • Sentry-CLI integration test action - Accept chunked ProGuard uploads for compatibility with Sentry CLI 3.x (#140)

3.2.0

Features

  • Danger - Add support for repository-specific dangerfiles (#129)
    • Add extra-dangerfile input parameter to run custom Danger checks alongside shared workflow checks
    • Add extra-install-packages input to install additional apt packages required by custom dangerfiles
    • Custom dangerfiles receive full Danger API access (fail, warn, message, markdown, danger)
    • Enables repositories to extend Danger checks without overwriting shared workflow comments
  • Sentry-CLI integration test action - Add InvokeSentryResult::Events() method to extract events from envelopes (#137)

... (truncated)

Commits
  • 4013fc6 ci: bump danger tests to Node.js 24 (#170)
  • c802283 fix(danger): harden extra-install-packages against host-shell interpolation (...
  • b6d9e26 Merge branch 'release/3.4.0'
  • 607fed7 release: 3.4.0
  • 82866c1 chore: update getsentry/craft to 2.26.3 (#168)
  • 24be696 fix: complete script injection hardening across all actions (#152)
  • a940f77 fix(updater): Trigger CI for new PRs without changelog updates (#166)
  • 98c1e36 test(updater): Accept either main or master as sentry-cli main branch (#167)
  • d81d746 chore: update danger/danger.properties to 13.0.5 (#160)
  • 80476a9 fix(updater): Select first matching main branch (#165)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [getsentry/github-workflows/validate-pr](https://github.com/getsentry/github-workflows) from 71588ddf95134f804e82c5970a8098588e2eaecd to 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613.
- [Release notes](https://github.com/getsentry/github-workflows/releases)
- [Changelog](https://github.com/getsentry/github-workflows/blob/main/CHANGELOG.md)
- [Commits](getsentry/github-workflows@71588dd...4013fc6)

---
updated-dependencies:
- dependency-name: getsentry/github-workflows/validate-pr
  dependency-version: 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from dharrigan as a code owner June 29, 2026 22:22
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants