Bump peter-evans/create-pull-request from 6 to 7

[dependabot]

Bumps peter-evans/create-pull-request from 6 to 7.

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.0

✨ Now supports commit signing with bot-generated tokens! See "What's new" below. ✍️🤖

Behaviour changes

• Action input git-token has been renamed branch-token, to be more clear about its purpose. The branch-token is the token that the action will use to create and update the branch.
• The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried.
• The pull-request-operation output now returns none when no operation was executed.
• Removed deprecated output environment variable PULL_REQUEST_NUMBER. Please use the pull-request-number action output instead.

What's new

• The action can now sign commits as github-actions[bot] when using GITHUB_TOKEN, or your own bot when using GitHub App tokens. See commit signing for details.
• Action input draft now accepts a new value always-true. This will set the pull request to draft status when the pull request is updated, as well as on creation.
• A new action input maintainer-can-modify indicates whether maintainers can modify the pull request. The default is true, which retains the existing behaviour of the action.
• A new output pull-request-commits-verified returns true or false, indicating whether GitHub considers the signature of the branch's commits to be verified.

What's Changed

• build(deps-dev): bump @​types/node from 18.19.36 to 18.19.39 by @​dependabot in peter-evans/create-pull-request#3000
• build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @​dependabot in peter-evans/create-pull-request#3008
• build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @​dependabot in peter-evans/create-pull-request#3018
• build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @​dependabot in peter-evans/create-pull-request#3019
• build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @​dependabot in peter-evans/create-pull-request#3035
• build(deps-dev): bump @​types/node from 18.19.39 to 18.19.41 by @​dependabot in peter-evans/create-pull-request#3037
• build(deps): bump undici from 6.19.2 to 6.19.4 by @​dependabot in peter-evans/create-pull-request#3036
• build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by @​dependabot in peter-evans/create-pull-request#3038
• build(deps-dev): bump @​types/node from 18.19.41 to 18.19.42 by @​dependabot in peter-evans/create-pull-request#3070
• build(deps): bump undici from 6.19.4 to 6.19.5 by @​dependabot in peter-evans/create-pull-request#3086
• build(deps-dev): bump @​types/node from 18.19.42 to 18.19.43 by @​dependabot in peter-evans/create-pull-request#3087
• build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by @​dependabot in peter-evans/create-pull-request#3088
• build(deps): bump undici from 6.19.5 to 6.19.7 by @​dependabot in peter-evans/create-pull-request#3145
• build(deps-dev): bump @​types/node from 18.19.43 to 18.19.44 by @​dependabot in peter-evans/create-pull-request#3144
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3154
• build(deps): bump undici from 6.19.7 to 6.19.8 by @​dependabot in peter-evans/create-pull-request#3213
• build(deps-dev): bump @​types/node from 18.19.44 to 18.19.45 by @​dependabot in peter-evans/create-pull-request#3214
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3221
• build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1 to 3.6.3 by @​dependabot in peter-evans/create-pull-request#3255
• build(deps-dev): bump @​types/node from 18.19.45 to 18.19.46 by @​dependabot in peter-evans/create-pull-request#3254
• build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by @​dependabot in peter-evans/create-pull-request#3256
• v7 - signed commits by @​peter-evans in peter-evans/create-pull-request#3057

New Contributors

• @​rustycl0ck made their first contribution in peter-evans/create-pull-request#3057

Full Changelog: peter-evans/create-pull-request@v6.1.0...v7.0.0

Create Pull Request v6.1.0

✨ Adds pull-request-branch as an action output.

What's Changed

... (truncated)

Commits

• 271a8d0 fix: suppress output for some git operations (#3776)
• 6f7efd1 test: update cpr-example-command
• 13c47c5 build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (#3754)
• 63e5829 build(deps): bump @​octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 (#3753)
• a92c90f build(deps-dev): bump eslint-import-resolver-typescript (#3752)
• b23b62d build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (#3751)
• dd2324f fix: use showFileAtRefBase64 to read per-commit file contents (#3744)
• 367180c ci: remove testv5 cmd
• 25575a1 build: update distribution (#3736)
• a56e7a5 build(deps): bump @​octokit/core from 6.1.3 to 6.1.4 (#3711)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/peter-evans/create-pull-request	7.*.*	🟢 5	Details Check Score Reason Code-Review 🟢 7 Found 3/4 approved changesets -- score normalized to 7 Maintained 🟢 10 28 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 4 6 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• .github/workflows/pre-commit-autoupdate.yml

[Copilot]

Pull Request Overview

This PR updates the GitHub Action peter-evans/create-pull-request from version 6 to version 7 in the pre-commit autoupdate workflow. This is a dependency bump that brings new features like commit signing support, improved rate limiting handling, and several API improvements.

Key Changes

• Updated action version from v6 to v7 in the pre-commit autoupdate workflow
• Inherits new features including bot commit signing and enhanced rate limiting
• No breaking changes for this specific usage pattern

[Zochory]

@copilot Fix and resolve conversation

[Zochory]

@codex fix

[chatgpt-codex-connector]

For now, I can only help with PRs you've created.

[Copilot]

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.