chore(deps): bump getsentry/github-workflows/validate-pr from 71588ddf95134f804e82c5970a8098588e2eaecd to 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613

[dependabot]

Bumps getsentry/github-workflows/validate-pr from 71588ddf95134f804e82c5970a8098588e2eaecd to 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613.

Changelog

Sourced from getsentry/github-workflows/validate-pr's changelog.

Changelog

Unreleased

Fixes

• Danger - Harden extra-install-packages handling: pass the package list into the container via env var instead of host-shell string interpolation (defense in depth) (#169)

3.4.0

Features

• Validate PR - Action is advisory: it posts a single friendly comment on community PRs that don't reference an issue with maintainer discussion. PRs are not closed and no labels are applied. Recommended trigger is types: [opened].
• Validate PR - Skip validation for PRs with fewer than 100 lines changed, excluding common lock files (Cargo.lock, yarn.lock, package-lock.json, Pipfile.lock, etc.). Tiny PRs no longer go through the issue-discussion loop.
• Add validate-pr composite action for validating non-maintainer PRs against contribution guidelines (#153)

Fixes

• Complete script injection hardening across all actions: move remaining step outputs to env vars, validate Danger version against semver (#152)
• Updater - Trigger CI for new PRs without changelog updates (#166)
• Updater - Select the first branch when multiple branches point at HEAD (#165)

Dependencies

• Bump Danger JS from v13.0.4 to v13.0.5 (#160)
  • changelog
  • diff

3.3.0

Features

• Updater - Support CMake GIT_TAG with variable references like ${FOO_REF}, resolving and updating the corresponding set() definition (#149)

3.2.1

Fixes

• Sentry-CLI integration test action - Accept chunked ProGuard uploads for compatibility with Sentry CLI 3.x (#140)

3.2.0

Features

• Danger - Add support for repository-specific dangerfiles (#129)
  • Add extra-dangerfile input parameter to run custom Danger checks alongside shared workflow checks
  • Add extra-install-packages input to install additional apt packages required by custom dangerfiles
  • Custom dangerfiles receive full Danger API access (fail, warn, message, markdown, danger)
  • Enables repositories to extend Danger checks without overwriting shared workflow comments
• Sentry-CLI integration test action - Add InvokeSentryResult::Events() method to extract events from envelopes (#137)

... (truncated)

Commits

• 4013fc6 ci: bump danger tests to Node.js 24 (#170)
• c802283 fix(danger): harden extra-install-packages against host-shell interpolation (...
• b6d9e26 Merge branch 'release/3.4.0'
• 607fed7 release: 3.4.0
• 82866c1 chore: update getsentry/craft to 2.26.3 (#168)
• 24be696 fix: complete script injection hardening across all actions (#152)
• a940f77 fix(updater): Trigger CI for new PRs without changelog updates (#166)
• 98c1e36 test(updater): Accept either main or master as sentry-cli main branch (#167)
• d81d746 chore: update danger/danger.properties to 13.0.5 (#160)
• 80476a9 fix(updater): Select first matching main branch (#165)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• chore(deps): bump getsentry/github-workflows/validate-pr from 71588ddf95134f804e82c5970a8098588e2eaecd to 4013fc6e1aeb1be1f9d3b4d232624f0ec1afa613 by dependabot[bot] in #6364

• chore(deps): update CLI to v3.6.0 by github-actions in #6362
• chore(deps): bump faraday from 1.10.5 to 1.10.6 in /samples/react-native by dependabot in #6363
• chore(deps): update JavaScript SDK to v10.62.0 by github-actions in #6361
• Expo Router ErrorBoundary auto wrapped by alwx in #6347
• chore(ci): Move sample app iOS build jobs to GitHub Actions runners by itaybre in #6356
• docs: Add missing 8.14.1 to changelog and SDK versions table by antonis in #6360
• chore(deps): update Android SDK to v8.46.0 by github-actions in #6357
• chore(ci): Move testflight and size-analysis iOS jobs to GitHub Actions macos-26 by itaybre in #6355
• feat(core): Use native btoa for envelope base64 encoding by alwx in #6351

---

_{🤖 This preview updates automatically when you update the PR.}