build(deps): bump lfreleng-actions/github2gerrit-action from 0.1.22 to 1.0.4

[dependabot]

Bumps lfreleng-actions/github2gerrit-action from 0.1.22 to 1.0.4.

Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.0.4

✨ New Features ✨

• Feat: add .netrc file support for Gerrit @​ModeSevenIndustrialSolutions (#116)

🔧 Maintenance 🔧

• Chore: Bump release-drafter/release-drafter from 6.1.1 to 6.2.0 @dependabot[bot] (#109)
• Chore: Bump actions/checkout from 6.0.1 to 6.0.2 @dependabot[bot] (#112)
• Chore: Bump actions/setup-python from 6.1.0 to 6.2.0 @dependabot[bot] (#110)
• Chore: Bump anchore/scan-action from 7.2.3 to 7.3.0 @dependabot[bot] (#111)
• Chore: Bump ruff from 0.14.13 to 0.14.14 @dependabot[bot] (#113)
• Chore: Bump rich from 14.2.0 to 14.3.1 @dependabot[bot] (#114)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#115)
• Chore: Bump step-security/harden-runner from 2.14.0 to 2.14.1 @dependabot[bot] (#119)
• Chore: Bump lfreleng-actions/tag-validate-action from 0.3.0 to 1.0.0 @dependabot[bot] (#117)
• Chore: Bump anchore/scan-action from 7.3.0 to 7.3.1 @dependabot[bot] (#118)
• Chore: Bump astral-sh/setup-uv from 7.2.0 to 7.2.1 @dependabot[bot] (#120)
• Chore: Bump rich from 14.3.1 to 14.3.2 @dependabot[bot] (#121)
• Chore: Bump lfreleng-actions/tag-validate-action from 1.0.0 to 1.0.1 @dependabot[bot] (#122)

Links

• Submit bugs/feature requests

v1.0.3

💥 Breaking Change 💥

• Feat!: GitHub/Gerrit closed loop testing fixes @​ModeSevenIndustrialSolutions (#58)

✨ New Features ✨

• Feat!: GitHub/Gerrit closed loop testing fixes @​ModeSevenIndustrialSolutions (#58)

🐛 Bug Fixes 🐛

• Fix: Update PyNaCl to 1.6.2 to fix CVE-2025-69277 @​ModeSevenIndustrialSolutions (#92)

🔧 Maintenance 🔧

• Chore: Bump step-security/harden-runner from 2.13.2 to 2.13.3 @dependabot[bot] (#59)
• Chore: Bump actions/checkout from 6.0.0 to 6.0.1 @dependabot[bot] (#61)
• Chore: Bump astral-sh/setup-uv from 7.1.4 to 7.1.5 @dependabot[bot] (#60)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml @dependabot[bot] (#62)
• Chore: Bump Python dependencies, fix tests @​ModeSevenIndustrialSolutions (#64)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#63)
• Chore: Bump step-security/harden-runner from 2.13.3 to 2.14.0 @dependabot[bot] (#66)
• Chore: Bump actions/download-artifact from 6.0.0 to 7.0.0 @dependabot[bot] (#69)
• Chore: Bump lfreleng-actions/python-test-action from 1.0.0 to 1.0.1 @dependabot[bot] (#68)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#70)
• Chore: Bump lfreleng-actions/python-build-action from 0.1.22 to 1.0.0 @dependabot[bot] (#65)

... (truncated)

Changelog

Sourced from lfreleng-actions/github2gerrit-action's changelog.

Release Notes - v0.2.0

Overview

Version 0.2.0 introduces important behavioral changes and improvements to the GitHub2Gerrit action. This release includes two breaking changes to default settings: PRESERVE_GITHUB_PRS now defaults to true (was false) and SIMILARITY_FILES now defaults to false (was true). These changes make the default behavior more aligned with common use cases while improving the handling of push events and commit reconciliation.

Breaking Changes

⚠️ PRESERVE_GITHUB_PRS Default Changed from false to true

Impact: HIGH - This is a breaking change that affects default workflow behavior

Previous Behavior (v0.1.x):

• Default: PRESERVE_GITHUB_PRS="false"
• GitHub pull requests closed automatically when the action pushed them to Gerrit
• Users had to explicitly set PRESERVE_GITHUB_PRS="true" to keep PRs open

New Behavior (v0.2.0):

• Default: PRESERVE_GITHUB_PRS="true"
• GitHub pull requests now remain open by default when the action pushes them to Gerrit
• Users must explicitly set PRESERVE_GITHUB_PRS="false" to close PRs after submission

Rationale:

We changed the default for these reasons:

1. Common Use Case: Most projects using this action want to maintain GitHub PRs as a reference point even after they submit changes to Gerrit
2. Safer Default: Preserving PRs is a non-destructive operation, making it a safer default behavior
3. Alignment with Documentation: The README already recommended PRESERVE_GITHUB_PRS=true as the typical configuration
4. Two-Way Workflow: The new CLOSE_MERGED_PRS feature (default: true) closes PRs automatically when maintainers merge Gerrit changes, offering a complete bidirectional workflow

Migration Guide:

If your workflow relied on the previous default behavior of closing PRs after submission:

</tr></table> 

... (truncated)

Commits

• e74141e Merge pull request #122 from lfreleng-actions/dependabot/github_actions/lfrel...
• fb0a0c3 Chore: Bump lfreleng-actions/tag-validate-action from 1.0.0 to 1.0.1
• b33f068 Merge pull request #121 from lfreleng-actions/dependabot/uv/rich-14.3.2
• 2dca167 Chore: Bump rich from 14.3.1 to 14.3.2
• 95c21f9 Merge pull request #120 from lfreleng-actions/dependabot/github_actions/astra...
• 40457e8 Merge pull request #118 from lfreleng-actions/dependabot/github_actions/ancho...
• ade6300 Merge pull request #117 from lfreleng-actions/dependabot/github_actions/lfrel...
• d78dc1e Merge pull request #119 from lfreleng-actions/dependabot/github_actions/step-...
• 47924f2 Chore: Bump astral-sh/setup-uv from 7.2.0 to 7.2.1
• 3843c46 Chore: Bump step-security/harden-runner from 2.14.0 to 2.14.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)