Skip to content

chore(release): pending release v0.31.0#339

Merged
marcusrbrown merged 13 commits intoreleasefrom
next
Mar 22, 2026
Merged

chore(release): pending release v0.31.0#339
marcusrbrown merged 13 commits intoreleasefrom
next

Conversation

@fro-bot
Copy link
Copy Markdown
Contributor

@fro-bot fro-bot bot commented Mar 19, 2026
edited
Loading

Pending Release: v0.31.0

This PR tracks changes pending release. Released on the next auto-release cycle (Sunday/Wednesday) or via manual dispatch.

Merge this PR to trigger a release. Releases also run automatically on Sunday/Wednesday at 20:00 UTC, or via manual workflow dispatch.

Commits Since Last Release

Auto-generated by the release pipeline. Updated: 2026-03-22 07:43 UTC

fro-bot bot and others added 2 commits March 19, 2026 11:37
@fro-bot
ci(deps): update bfra-me/.github to v4.13.1 (#330)
2972949 
Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
@marcusrbrown
fix(settings): remove users/teams from bypass_pull_request_allowances (
9745c42 
…#338)

GitHub API rejects users and teams restrictions on user-owned repos
(only org repos support them). Removing the empty arrays from all
three branch protection blocks fixes the update-repo-settings error.
@fro-bot fro-bot bot requested review from fro-bot and marcusrbrown as code owners March 19, 2026 11:53
@fro-bot fro-bot mentioned this pull request Mar 19, 2026
Open
10 tasks
@marcusrbrown
fix(settings): drop bypass_pull_request_allowances entirely (#343)
074833c 
The update-repository-settings action deep-merges config over the
current GitHub state. Even with users/teams removed from YAML, the
action reads them from the existing protection and sends them back.
GitHub rejects users/teams on user-owned repos (bfra-me/.github#1837).

Workaround: remove bypass_pull_request_allowances from all branches.
Manage fro-bot app bypass via GitHub UI until upstream is fixed.
@marcusrbrown
fix(settings): use literal branch name v0 instead of glob v? (#344)
bb22c6e 
fix(settings): use literal branch name v0 instead of glob pattern v?

The update-repository-settings action passes branch names directly to
the GitHub API, which requires literal names. The glob pattern v? was
treated as a literal branch name, causing a 'Branch not found' error.
@fro-bot
build(deps): update dependency oh-my-openagent to v3.12.0 (#342)
c13fd29 
Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
@fro-bot
build(dev): update dependency tsdown to v0.21.3 (#332)
eba2b5d 
Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
@fro-bot
ci(deps): update github/codeql-action action to v4.34.1 (#341)
24bc788 
Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
@marcusrbrown
fix(settings): update action to v4.13.4 and restore bypass_pull_reque…
5895029 
…st_allowances (#345)

bfra-me/.github#1837 was fixed in update-repository-settings@0.1.3
(shipped in v4.13.4). The action now strips users/teams from
bypass_pull_request_allowances on user-owned repos before sending
to the API.

Restores bypass config:
- main: apps: [] (no bypass — OpenSSF Scorecard compliance)
- v0: apps: [fro-bot] (release workflow bypass)
- release: apps: [fro-bot] (release workflow bypass)
@fro-bot
chore(dev): update dependency lint-staged to v16.4.0 (#328)
f601ee8 
Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
@fro-bot fro-bot mentioned this pull request Mar 22, 2026
Open
3 tasks
@marcusrbrown
feat: add execution deduplication to prevent redundant agent runs (#347)
ae70cf9 
* feat: add execution deduplication to prevent redundant agent runs

Skip agent execution when it already ran for the same PR or issue within
a configurable window (default 10 minutes). Uses @actions/cache sentinel
files scoped per entity to track recent completions.

New dedup phase runs between routing and acknowledge. Configurable via
dedup-window action input (milliseconds, 0 = disabled). Fail-open design:
cache miss or error always proceeds. Tolerates ±60s clock skew between
runners.

1024 tests, 0 lint errors, 0 type errors.

* fix: move dedup sentinel dir from /tmp to ~/.cache to satisfy CodeQL

CodeQL flagged insecure temp file creation in /tmp (predictable path).
Move sentinel base dir to os.homedir()/.cache/fro-bot-dedup/ which is
deterministic across runs but not under the OS temp directory.
@fro-bot fro-bot bot changed the title chore(release): pending release v0.30.11 chore(release): pending release v0.31.0 Mar 22, 2026
@fro-bot
build(deps): update dependency oh-my-openagent to v3.12.3 (#346)
45d887d 
Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
fro-bot bot added 2 commits March 22, 2026 07:41
@fro-bot
ci(deps): update bfra-me/.github to v4.13.5 (#340)
63a90a3 
Co-authored-by: fro-bot[bot] <109017866+fro-bot[bot]@users.noreply.github.com>
@fro-bot
skip: merge (63a90a3) [skip release]
ae07072
@marcusrbrown marcusrbrown enabled auto-merge (squash) March 22, 2026 07:45
@marcusrbrown marcusrbrown merged commit 0f4367a into release Mar 22, 2026
1 check passed
@marcusrbrown marcusrbrown deleted the next branch March 22, 2026 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcusrbrown marcusrbrown marcusrbrown approved these changes

@fro-bot fro-bot Awaiting requested review from fro-bot fro-bot is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcusrbrown