build(deps): bump getsentry/github-workflows from 3.3.0 to 3.4.0

[dependabot]

Bumps getsentry/github-workflows from 3.3.0 to 3.4.0.

Release notes

Sourced from getsentry/github-workflows's releases.

3.4.0

Features

• Validate PR - Action is advisory: it posts a single friendly comment on community PRs that don't reference an issue with maintainer discussion. PRs are not closed and no labels are applied. Recommended trigger is types: [opened].
• Validate PR - Skip validation for PRs with fewer than 100 lines changed, excluding common lock files (Cargo.lock, yarn.lock, package-lock.json, Pipfile.lock, etc.). Tiny PRs no longer go through the issue-discussion loop.
• Add validate-pr composite action for validating non-maintainer PRs against contribution guidelines (#153)

Fixes

• Complete script injection hardening across all actions: move remaining step outputs to env vars, validate Danger version against semver (#152)
• Updater - Trigger CI for new PRs without changelog updates (#166)
• Updater - Select the first branch when multiple branches point at HEAD (#165)

Dependencies

• Bump Danger JS from v13.0.4 to v13.0.5 (#160)
  • changelog
  • diff

Commits

• 607fed7 release: 3.4.0
• 82866c1 chore: update getsentry/craft to 2.26.3 (#168)
• 24be696 fix: complete script injection hardening across all actions (#152)
• a940f77 fix(updater): Trigger CI for new PRs without changelog updates (#166)
• 98c1e36 test(updater): Accept either main or master as sentry-cli main branch (#167)
• d81d746 chore: update danger/danger.properties to 13.0.5 (#160)
• 80476a9 fix(updater): Select first matching main branch (#165)
• 43bf14b feat(validate-pr): Make advisory; drop close + labels (#163)
• 71588dd feat(validate-pr): Skip checks for users with write access (#162)
• 02fd7a2 feat(validate-pr): Skip all checks when a maintainer reopens a PR (#161)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit b9d8226. Configure here.}

[cursor]

validate-pr pinned to older commit, not 3.4.0

Medium Severity

The validate-pr action is being pinned to commit 26f565c which is the 3.3.0 release hash (it's the same hash that danger.yml was previously pinned to). This is actually a downgrade from the previous 71588dd commit. The correct 3.4.0 release commit is 607fed74f812e69201531a5185b6c3c57caa4e89, which is what danger.yml was correctly updated to. It looks like Dependabot swapped the hashes incorrectly.

 

^{Reviewed by Cursor Bugbot for commit b9d8226. Configure here.}