Chore: bump lfreleng-actions/github2gerrit-action from 0.1.22 to 1.0.3

[dependabot]

Bumps lfreleng-actions/github2gerrit-action from 0.1.22 to 1.0.3.

Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.0.3

💥 Breaking Change 💥

• Feat!: GitHub/Gerrit closed loop testing fixes @​ModeSevenIndustrialSolutions (#58)

✨ New Features ✨

• Feat!: GitHub/Gerrit closed loop testing fixes @​ModeSevenIndustrialSolutions (#58)

🐛 Bug Fixes 🐛

• Fix: Update PyNaCl to 1.6.2 to fix CVE-2025-69277 @​ModeSevenIndustrialSolutions (#92)

🔧 Maintenance 🔧

• Chore: Bump step-security/harden-runner from 2.13.2 to 2.13.3 @dependabot[bot] (#59)
• Chore: Bump actions/checkout from 6.0.0 to 6.0.1 @dependabot[bot] (#61)
• Chore: Bump astral-sh/setup-uv from 7.1.4 to 7.1.5 @dependabot[bot] (#60)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml @dependabot[bot] (#62)
• Chore: Bump Python dependencies, fix tests @​ModeSevenIndustrialSolutions (#64)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#63)
• Chore: Bump step-security/harden-runner from 2.13.3 to 2.14.0 @dependabot[bot] (#66)
• Chore: Bump actions/download-artifact from 6.0.0 to 7.0.0 @dependabot[bot] (#69)
• Chore: Bump lfreleng-actions/python-test-action from 1.0.0 to 1.0.1 @dependabot[bot] (#68)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#70)
• Chore: Bump lfreleng-actions/python-build-action from 0.1.22 to 1.0.0 @dependabot[bot] (#65)
• Chore: Bump lfreleng-actions/python-audit-action from 0.2.3 to 0.2.4 @dependabot[bot] (#67)
• Chore: Bump anchore/scan-action from 7.2.1 to 7.2.2 @dependabot[bot] (#73)
• Chore: Bump actions/upload-artifact from 5.0.0 to 6.0.0 @dependabot[bot] (#72)
• Chore: Bump astral-sh/setup-uv from 7.1.5 to 7.1.6 @dependabot[bot] (#71)
• Chore: Bump actions/download-artifact from 6.0.0 to 7.0.0 @dependabot[bot] (#75)
• Chore: Bump ruff from 0.14.8 to 0.14.10 @dependabot[bot] (#79)
• Chore: Bump mypy from 1.19.0 to 1.19.1 @dependabot[bot] (#78)
• Chore: Bump typer from 0.20.0 to 0.20.1 @dependabot[bot] (#77)
• Chore: Update repository prior to next major code drop @​ModeSevenIndustrialSolutions (#80)
• Chore: Bump types-requests from 2.31.0.0 to 2.32.4.20250913 @dependabot[bot] (#84)
• Chore: Bump mypy from 1.17.1 to 1.19.1 @dependabot[bot] (#83)
• Chore: Bump ruff from 0.6.3 to 0.14.10 @dependabot[bot] (#82)
• Chore: Bump lfreleng-actions/pypi-publish-action from 0.1.1 to 0.1.2 @dependabot[bot] (#81)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#85)
• Chore: Bump lfreleng-actions/python-build-action from 1.0.0 to 1.0.1 @dependabot[bot] (#86)
• Chore: Bump typer from 0.20.1 to 0.21.0 @dependabot[bot] (#87)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#91)
• Chore: Bump lfreleng-actions/python-audit-action from 0.2.4 to 0.2.5 @dependabot[bot] (#90)
• Chore: Bump lfreleng-actions/python-build-action from 1.0.1 to 1.0.2 @dependabot[bot] (#89)
• Chore: Bump lfreleng-actions/pypi-publish-action from 0.1.2 to 0.1.3 @dependabot[bot] (#88)
• Chore: Bump ruff from 0.14.10 to 0.14.11 @dependabot[bot] (#97)
• Chore: Bump typer from 0.21.0 to 0.21.1 @dependabot[bot] (#98)
• Chore: Bump lfreleng-actions/repository-metadata-action from 0.1.2 to 0.2.0 @dependabot[bot] (#94)
• Chore: Bump lfreleng-actions/tag-validate-action from 0.1.0 to 0.1.2 @dependabot[bot] (#95)

... (truncated)

Changelog

Sourced from lfreleng-actions/github2gerrit-action's changelog.

Release Notes - v0.2.0

Overview

Version 0.2.0 introduces important behavioral changes and improvements to the GitHub2Gerrit action. This release includes two breaking changes to default settings: PRESERVE_GITHUB_PRS now defaults to true (was false) and SIMILARITY_FILES now defaults to false (was true). These changes make the default behavior more aligned with common use cases while improving the handling of push events and commit reconciliation.

Breaking Changes

⚠️ PRESERVE_GITHUB_PRS Default Changed from false to true

Impact: HIGH - This is a breaking change that affects default workflow behavior

Previous Behavior (v0.1.x):

• Default: PRESERVE_GITHUB_PRS="false"
• GitHub pull requests closed automatically when the action pushed them to Gerrit
• Users had to explicitly set PRESERVE_GITHUB_PRS="true" to keep PRs open

New Behavior (v0.2.0):

• Default: PRESERVE_GITHUB_PRS="true"
• GitHub pull requests now remain open by default when the action pushes them to Gerrit
• Users must explicitly set PRESERVE_GITHUB_PRS="false" to close PRs after submission

Rationale:

We changed the default for these reasons:

1. Common Use Case: Most projects using this action want to maintain GitHub PRs as a reference point even after they submit changes to Gerrit
2. Safer Default: Preserving PRs is a non-destructive operation, making it a safer default behavior
3. Alignment with Documentation: The README already recommended PRESERVE_GITHUB_PRS=true as the typical configuration
4. Two-Way Workflow: The new CLOSE_MERGED_PRS feature (default: true) closes PRs automatically when maintainers merge Gerrit changes, offering a complete bidirectional workflow

Migration Guide:

If your workflow relied on the previous default behavior of closing PRs after submission:

</tr></table> 

... (truncated)

Commits

• 99ac9d4 Merge pull request #108 from lfreleng-actions/dependabot/github_actions/relea...
• 7a642bd Chore: Bump release-drafter/release-drafter from 6.1.0 to 6.1.1
• a467010 Merge pull request #107 from lfreleng-actions/pre-commit-ci-update-config
• 5a19365 Chore: pre-commit autoupdate
• b932838 Merge pull request #106 from modeseven-lfreleng-actions/update-workflows
• c8814ba CI: Update build-test-release.yaml workflow
• fdc10cc Merge pull request #105 from lfreleng-actions/dependabot/github_actions/lfrel...
• 462503b Chore: Bump lfreleng-actions/tag-validate-action from 0.1.2 to 0.3.0
• d71030c Merge pull request #104 from lfreleng-actions/dependabot/uv/ruff-0.14.13
• 10ca98d Chore: Bump ruff from 0.14.11 to 0.14.13
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

PR: #70
Mode: squash
Topic: GH-portal-ng-bff-70
Change-Ids:
I8a5b0671e615fbfa15e68b47dc045fe123ac305c
Digest: 750a6c8e1ab6
GitHub-Hash: 3d4512ff8d3b1a78

Note: This metadata is also included in the Gerrit commit message for reconciliation.

[github-actions]

Change raised in Gerrit by GitHub2Gerrit: https://gerrit.onap.org/r/c/portal-ng/bff/+/143022

[dependabot]

Superseded by #72.