Skip to content

Bump taskcluster from 100.1.0 to 100.2.0 in /tools#60253

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/tools/taskcluster-100.2.0
Open

Bump taskcluster from 100.1.0 to 100.2.0 in /tools#60253
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/tools/taskcluster-100.2.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps taskcluster from 100.1.0 to 100.2.0.

Release notes

Sourced from taskcluster's releases.

v100.2.0

DEPLOYERS

▶ [minor] #8574 The Azure provider in worker-manager now submits VM beginDelete inline from removeWorker, removing one scanner cycle of latency before cloud-side deletion. Brings Azure to parity with GCP and AWS; the worker-scanner remains the fallback and verifier.

USERS

▶ [patch] bug 2042324 Enforce a 10 minutes lifetime to provided oauth2 authorization tokens

▶ [patch] Fix the changelog page filters to actually reflect what's in the URL.

▶ [patch] bug 2042324 Invalidate oauth2 authorization codes immediately on exchange

▶ [patch] #8658 UI: fixes Queue Workers table appearing unsorted after navigating away and back to the page.

▶ [patch] Use the current version for taskcluster in API code examples instead of a hardcoded '93'.

DEVELOPERS

▶ [patch] Bump local-dev nginx image from 1.29.4 to 1.30.1 (CVE-2026-42945).

▶ [patch] Drop yarn minify from our commands. It's been broken for 3 years without anyone complaining. To minify lockfiles, use the builtin yarn dedupe instead.

OTHER

▶ Additional changes not described here: #8377, #8372.

Automated Package Updates

  • build(deps): bump tmp from 0.2.5 to 0.2.7 in /clients/client-web (4590240864)
  • build(deps): bump qs from 6.14.2 to 6.15.2 in /ui (26e9adaaef)
  • build(deps): bump qs from 6.15.1 to 6.15.2 (be733191f9)
  • build(deps): bump @​tootallnate/once in /clients/client-test (b53b8e4391)
  • build(deps): bump @​tootallnate/once in /clients/client-web (ea5d13fb71)
  • build(deps): bump sanitize-html from 2.17.3 to 2.17.4 (db315c593e)
  • build(deps): bump idna from 3.11 to 3.15 in /clients/client-py (d5465a3265)
  • build(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (ea49072b27)
  • build(deps): bump github.com/modelcontextprotocol/registry (95cd86e6cb)

... (truncated)

Changelog

Sourced from taskcluster's changelog.

v100.2.0

DEPLOYERS

▶ [minor] #8574 The Azure provider in worker-manager now submits VM beginDelete inline from removeWorker, removing one scanner cycle of latency before cloud-side deletion. Brings Azure to parity with GCP and AWS; the worker-scanner remains the fallback and verifier.

USERS

▶ [patch] bug 2042324 Enforce a 10 minutes lifetime to provided oauth2 authorization tokens

▶ [patch] Fix the changelog page filters to actually reflect what's in the URL.

▶ [patch] bug 2042324 Invalidate oauth2 authorization codes immediately on exchange

▶ [patch] #8658 UI: fixes Queue Workers table appearing unsorted after navigating away and back to the page.

▶ [patch] Use the current version for taskcluster in API code examples instead of a hardcoded '93'.

DEVELOPERS

▶ [patch] Bump local-dev nginx image from 1.29.4 to 1.30.1 (CVE-2026-42945).

▶ [patch] Drop yarn minify from our commands. It's been broken for 3 years without anyone complaining. To minify lockfiles, use the builtin yarn dedupe instead.

OTHER

▶ Additional changes not described here: #8377, #8372.

Automated Package Updates

  • build(deps): bump tmp from 0.2.5 to 0.2.7 in /clients/client-web (4590240864)
  • build(deps): bump qs from 6.14.2 to 6.15.2 in /ui (26e9adaaef)
  • build(deps): bump qs from 6.15.1 to 6.15.2 (be733191f9)
  • build(deps): bump @​tootallnate/once in /clients/client-test (b53b8e4391)
  • build(deps): bump @​tootallnate/once in /clients/client-web (ea5d13fb71)
  • build(deps): bump sanitize-html from 2.17.3 to 2.17.4 (db315c593e)
  • build(deps): bump idna from 3.11 to 3.15 in /clients/client-py (d5465a3265)
  • build(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (ea49072b27)

... (truncated)

Commits
  • 57c5394 v100.2.0
  • 1ddee45 Merge pull request #8687 from taskcluster/feat/nginx-rift
  • 8effe4c feat(dev): Upgrade local nginx version
  • 9adb0ef Merge pull request #8686 from taskcluster/dependabot/npm_and_yarn/clients/cli...
  • 4590240 build(deps): bump tmp from 0.2.5 to 0.2.7 in /clients/client-web
  • 91abd17 Merge pull request #8685 from Eijebong/oauth-codes
  • 87f7e6e Bug 2042324 - Invalidate oauth2 authorization codes on exchange
  • 5e609ad Bug 2042324 - Enforce proper lifetime of issued oauth2 authorization codes
  • 4fcfb85 Merge pull request #8680 from Eijebong/biome
  • 62ba18b Merge pull request #8683 from taskcluster/dependabot/npm_and_yarn/ui/qs-6.15.2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump taskcluster from 100.1.0 to 100.2.0 in /tools
dfd74ca 
Bumps [taskcluster](https://github.com/taskcluster/taskcluster) from 100.1.0 to 100.2.0.
- [Release notes](https://github.com/taskcluster/taskcluster/releases)
- [Changelog](https://github.com/taskcluster/taskcluster/blob/main/CHANGELOG.md)
- [Commits](taskcluster/taskcluster@v100.1.0...v100.2.0)

---
updated-dependencies:
- dependency-name: taskcluster
  dependency-version: 100.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 28, 2026
@dependabot dependabot Bot mentioned this pull request May 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DanielRyanSmith DanielRyanSmith Awaiting requested review from DanielRyanSmith

@foolip foolip Awaiting requested review from foolip

@jgraham jgraham Awaiting requested review from jgraham

@jonathan-j-lee jonathan-j-lee Awaiting requested review from jonathan-j-lee

At least 1 approving review is required to merge this pull request.

Assignees

@DanielRyanSmith DanielRyanSmith

Labels

ci dependencies Pull requests that update a dependency file infra python Pull requests that update Python code requirements_tests.txt

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wpt-pr-bot @DanielRyanSmith