Skip to content

build(deps): bump taskcluster from 95.1.4 to 98.0.0 in /backend#3274

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/backend/taskcluster-98.0.0
Open

build(deps): bump taskcluster from 95.1.4 to 98.0.0 in /backend#3274
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/backend/taskcluster-98.0.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026

Bumps taskcluster from 95.1.4 to 98.0.0.

Release notes

Sourced from taskcluster's releases.

v98.0.0

GENERAL

▶ [patch] Upgrades @​octokit/core (v3 to v6), @​octokit/rest (v18 to v21), and @​octokit/auth-app (v4 to v6) to resolve peer dependency warnings.

▶ [patch] Upgrades taskgraph decision image to v20.0.0

USERS

▶ [MAJOR] #6689 Breaking change: Generic Worker now evaluates absolute paths inside mounts (properties directory and file) and artifacts (property path) correctly. Previously Generic Worker would effectively strip leading path separators and treat them as relative paths inside the task directory. For example, /tmp would be resolved as the relative path tmp from inside the task directory.

Although this is technically a bug fix, it does change the behaviour of Generic Worker when absolute paths are specified in task payloads. We have examined production tasks on both the Community and Firefox CI deployments of taskcluster, and are reasonably confident that this change should not have adverse effects on existing tasks. However we are bumping the major version number of the taskcluster release, in recognition of the backward incompatibility.

▶ [minor] Generic Worker: Replaced the deprecated github.com/mholt/archiver/v3 library with github.com/mholt/archives, and added support for new archive and compression formats in task payload mounts.

New decompression formats for FileMount: br (Brotli), lz (Lzip), mz (MinLZ), sz (Snappy/S2), zz (Zlib).

New archive formats for ReadOnlyDirectory and WritableDirectoryCache: 7z, tar, tar.br, tar.lz, tar.mz, tar.sz, tar.zz.

Artifact uploads now skip gzip compression for files with extensions matching the newly supported compressed formats (.br, .lz, .lz4, .mz, .sz, .zz).

▶ [patch] Fix a panic in taskcluster task status and taskcluster task artifacts when the task has no runs (e.g., is in the unscheduled state). These commands now return a clear error message instead of crashing.

OTHER

▶ Additional change not described here: #7901.

Automated Package Updates

  • build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (d04733c693)
  • build(deps): bump flatted from 3.4.1 to 3.4.2 (f0a9504b1a)
  • build(deps): bump flatted from 3.2.6 to 3.4.2 in /clients/client-web (e614a7ba4d)

... (truncated)

Changelog

Sourced from taskcluster's changelog.

v98.0.0

GENERAL

▶ [patch] Upgrades @​octokit/core (v3 to v6), @​octokit/rest (v18 to v21), and @​octokit/auth-app (v4 to v6) to resolve peer dependency warnings.

▶ [patch] Upgrades taskgraph decision image to v20.0.0

USERS

▶ [MAJOR] #6689 Breaking change: Generic Worker now evaluates absolute paths inside mounts (properties directory and file) and artifacts (property path) correctly. Previously Generic Worker would effectively strip leading path separators and treat them as relative paths inside the task directory. For example, /tmp would be resolved as the relative path tmp from inside the task directory.

Although this is technically a bug fix, it does change the behaviour of Generic Worker when absolute paths are specified in task payloads. We have examined production tasks on both the Community and Firefox CI deployments of taskcluster, and are reasonably confident that this change should not have adverse effects on existing tasks. However we are bumping the major version number of the taskcluster release, in recognition of the backward incompatibility.

▶ [minor] Generic Worker: Replaced the deprecated github.com/mholt/archiver/v3 library with github.com/mholt/archives, and added support for new archive and compression formats in task payload mounts.

New decompression formats for FileMount: br (Brotli), lz (Lzip), mz (MinLZ), sz (Snappy/S2), zz (Zlib).

New archive formats for ReadOnlyDirectory and WritableDirectoryCache: 7z, tar, tar.br, tar.lz, tar.mz, tar.sz, tar.zz.

Artifact uploads now skip gzip compression for files with extensions matching the newly supported compressed formats (.br, .lz, .lz4, .mz, .sz, .zz).

▶ [patch] Fix a panic in taskcluster task status and taskcluster task artifacts when the task has no runs (e.g., is in the unscheduled state). These commands now return a clear error message instead of crashing.

OTHER

▶ Additional change not described here: #7901.

Automated Package Updates

  • build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (d04733c693)
  • build(deps): bump flatted from 3.4.1 to 3.4.2 (f0a9504b1a)

... (truncated)

Commits
  • ced2e63 v98.0.0
  • 7c4ad55 Merge pull request #8383 from taskcluster/matt-boris/addCheckoutsMountDbTasks
  • afb93ed chore(ci): add a checkouts cache to db tasks
  • f2047c4 Merge pull request #8381 from taskcluster/dependabot/npm_and_yarn/flatted-3.4.2
  • 0e440f3 Merge pull request #8382 from taskcluster/dependabot/go_modules/github.com/bu...
  • d04733c build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2
  • f0a9504 build(deps): bump flatted from 3.4.1 to 3.4.2
  • 7874ffc Merge pull request #8379 from taskcluster/dependabot/npm_and_yarn/clients/cli...
  • e614a7b build(deps): bump flatted from 3.2.6 to 3.4.2 in /clients/client-web
  • ee6ae9a Merge pull request #8376 from taskcluster/dependabot/go_modules/google.golang...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump taskcluster from 95.1.4 to 98.0.0 in /backend
9b5e485 
Bumps [taskcluster](https://github.com/taskcluster/taskcluster) from 95.1.4 to 98.0.0.
- [Release notes](https://github.com/taskcluster/taskcluster/releases)
- [Changelog](https://github.com/taskcluster/taskcluster/blob/main/CHANGELOG.md)
- [Commits](taskcluster/taskcluster@v95.1.4...v98.0.0)

---
updated-dependencies:
- dependency-name: taskcluster
  dependency-version: 98.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the backend Code review backend label Mar 23, 2026
@dependabot dependabot bot mentioned this pull request Mar 23, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend Code review backend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants