Conversation
Updated [Serilog](https://github.com/serilog/serilog) from 4.3.1 to 4.4.0. <details> <summary>Release notes</summary> _Sourced from [Serilog's releases](https://github.com/serilog/serilog/releases)._ ## 4.4.0 ## What's Changed * Emit SelfLog warning when extra arguments are provided by @matantsach in serilog/serilog#2222 * dont WriteQuotedJsonString for null by @SimonCropp in serilog/serilog#2216 * Pin System.Security.Cryptography.Xml to 8.0.3 in tests by @ArieGato in serilog/serilog#2232 * Route optional interfaces through OptionalInterfaceForwardingSink for restricted sinks by @ArieGato in serilog/serilog#2234 * `SelfMetrics` by @nblumhardt in serilog/serilog#2237 ## New Contributors * @matantsach made their first contribution in serilog/serilog#2222 * @ArieGato made their first contribution in serilog/serilog#2232 **Full Changelog**: serilog/serilog@v4.3.1...v4.4.0 Commits viewable in [compare view](serilog/serilog@v4.3.1...v4.4.0). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…eps group (#268) Bumps the actions-deps group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `softprops/action-gh-release` from 3.0.1 to 3.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v3.0.2</h2> <p><code>3.0.2</code> is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since <code>3.0.1</code>.</p> <p>This release fixes <a href="https://redirect.github.com/softprops/action-gh-release/issues/795">#795</a>, <a href="https://redirect.github.com/softprops/action-gh-release/issues/438">#438</a>, and <a href="https://redirect.github.com/softprops/action-gh-release/issues/803">#803</a>. The upload transport hardening covers the historical failure reported in <a href="https://redirect.github.com/softprops/action-gh-release/issues/790">#790</a>, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to <a href="https://redirect.github.com/softprops/action-gh-release/issues/786">#786</a> and does not claim a reproducible release-creation fix.</p> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: improve release error reporting and test coverage by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/813">softprops/action-gh-release#813</a></li> </ul> <h3>Bug fixes 🐛</h3> <ul> <li>fix: publish existing draft releases as prereleases by <a href="https://github.com/godfengliang"><code>@godfengliang</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/801">softprops/action-gh-release#801</a></li> <li>fix: upload small checksum assets reliably by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/815">softprops/action-gh-release#815</a></li> <li>fix: replace existing release assets on Gitea by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/816">softprops/action-gh-release#816</a></li> <li>fix: clarify release creation 404 errors by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/817">softprops/action-gh-release#817</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): upgrade TypeScript to 7 by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/812">softprops/action-gh-release#812</a></li> <li>chore(deps): remove unused TypeScript tooling by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/814">softprops/action-gh-release#814</a></li> <li>dependency, Node 24 pin, and CI maintenance merged since <code>3.0.1</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>3.0.2</h2> <p><code>3.0.2</code> is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since <code>3.0.1</code>.</p> <p>This release fixes <a href="https://redirect.github.com/softprops/action-gh-release/issues/795">#795</a>, <a href="https://redirect.github.com/softprops/action-gh-release/issues/438">#438</a>, and <a href="https://redirect.github.com/softprops/action-gh-release/issues/803">#803</a>. The upload transport hardening covers the historical failure reported in <a href="https://redirect.github.com/softprops/action-gh-release/issues/790">#790</a>, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to <a href="https://redirect.github.com/softprops/action-gh-release/issues/786">#786</a> and does not claim a reproducible release-creation fix.</p> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: improve release error reporting and test coverage by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/813">softprops/action-gh-release#813</a></li> </ul> <h3>Bug fixes 🐛</h3> <ul> <li>fix: publish existing draft releases as prereleases by <a href="https://github.com/godfengliang"><code>@godfengliang</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/801">softprops/action-gh-release#801</a></li> <li>fix: upload small checksum assets reliably by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/815">softprops/action-gh-release#815</a></li> <li>fix: replace existing release assets on Gitea by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/816">softprops/action-gh-release#816</a></li> <li>fix: clarify release creation 404 errors by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/817">softprops/action-gh-release#817</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): upgrade TypeScript to 7 by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/812">softprops/action-gh-release#812</a></li> <li>chore(deps): remove unused TypeScript tooling by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/814">softprops/action-gh-release#814</a></li> <li>dependency, Node 24 pin, and CI maintenance merged since <code>3.0.1</code></li> </ul> <h2>3.0.1</h2> <ul> <li>maintenance release with updated dependencies</li> </ul> <h2>3.0.0</h2> <p><code>3.0.0</code> is a major release that moves the action runtime from Node 20 to Node 24. Use <code>v3</code> on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. <code>v2.6.2</code> was the final Node 20-compatible release and is no longer maintained or supported.</p> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>Move the action runtime and bundle target to Node 24</li> <li>Update <code>@types/node</code> to the Node 24 line and allow future Dependabot updates</li> <li>Keep the floating major tag on <code>v3</code>; freeze <code>v2</code> at the final <code>v2.6.2</code> release</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/3d0d9888cb7fd7b750713d6e236d1fcb99157228"><code>3d0d988</code></a> release 3.0.2 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/818">#818</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/7e13ed4ac596a4adf801d3812be5a089356949aa"><code>7e13ed4</code></a> fix: clarify release creation 404 errors (<a href="https://redirect.github.com/softprops/action-gh-release/issues/817">#817</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/e6c70a53cf67373fbff7eeebca7782b4fe8f106c"><code>e6c70a5</code></a> fix: replace existing release assets on Gitea (<a href="https://redirect.github.com/softprops/action-gh-release/issues/816">#816</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/f3453378888d5ef6208e2788af1c5ba50d8a898d"><code>f345337</code></a> fix: publish existing draft releases as prereleases (<a href="https://redirect.github.com/softprops/action-gh-release/issues/801">#801</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/d8a89a206684ded8435bf16d6f698bf04ab05164"><code>d8a89a2</code></a> fix: upload small checksum assets reliably (<a href="https://redirect.github.com/softprops/action-gh-release/issues/815">#815</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/45ece40c3178522904ac6c51c21d8a4e3565f3c8"><code>45ece40</code></a> chore(deps): remove unused TypeScript tooling (<a href="https://redirect.github.com/softprops/action-gh-release/issues/814">#814</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/f6b913c3f95302d88e8ef7cb2859c2e7656aa01e"><code>f6b913c</code></a> feat: improve release error reporting and test coverage (<a href="https://redirect.github.com/softprops/action-gh-release/issues/813">#813</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/15f193d7d8aa9623b5181913a31fafceb4e8cef9"><code>15f193d</code></a> chore(deps): upgrade TypeScript to 7 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/812">#812</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/cc8268d46a81d57ec9b061f27b0dd68ebd7fb17f"><code>cc8268d</code></a> chore(deps): bump actions/checkout in the github-actions group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/810">#810</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/fd0ed1e85b6730f87f5c67d7355751c46ad513d6"><code>fd0ed1e</code></a> chore(deps): bump the npm group with 3 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/811">#811</a>)</li> <li>Additional commits viewable in <a href="https://github.com/softprops/action-gh-release/compare/718ea10b132b3b2eba29c1007bb80653f286566b...3d0d9888cb7fd7b750713d6e236d1fcb99157228">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## What Adds the fleet **author-identity** git rule to `AGENTS.md`, inserting it in the *Git and Commit Rules* section immediately after the existing commit-signing bullet. ## Why A fleet governance audit found this repo's `AGENTS.md` carries the signing rule and the default-to-staging rule but is missing the author-identity rule that the canonical template already defines. This PR restores consistency. The new bullet requires every agent-authored commit to use the committing account's GitHub `noreply` identity (`ptr727@users.noreply.github.com` for this single-maintainer fleet) - never a private, personal, or invented address - and explains why: a private email trips GitHub's email-privacy push protection (GH007), and invented authors pollute history. It also clarifies that identity is separate from signing. ## Notes - Single-line insertion; no other content changed. - CRLF line endings preserved (repo's `AGENTS.md` is CRLF); zero mixed endings. - ASCII-only, US English. - Commit is SSH-signed; author/committer is the owner's GitHub `noreply` identity. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This promotion PR brings the git-governance guidance changes into main by updating AGENTS.md (agent commit identity rule), while also carrying along a dependency bump and a workflow action pin update that affect release and CI behavior.
Changes:
- Add an AGENTS.md rule requiring agent-authored commits to use the committing account’s GitHub
noreplyidentity. - Bump Serilog from 4.3.1 to 4.4.0 in centralized package version management.
- Update the pinned SHA for
softprops/action-gh-releasefrom v3.0.1 to v3.0.2 in the release workflow.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| AGENTS.md | Documents a new commit author/committer identity requirement for agent-authored commits. |
| Directory.Packages.props | Updates the centrally-managed Serilog package version. |
| .github/workflows/build-release-task.yml | Advances the SHA-pinned softprops/action-gh-release action to v3.0.2. |
This was referenced Jul 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Promotes develop->main: the AGENTS.md git-governance additions (author-identity rule / signing / staging), part of the fleet governance-conformance sweep.
🤖 Generated with Claude Code