Skip to content

chore(deps): bump taskcluster from 99.2.1 to 100.0.1#951

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/taskcluster-100.0.1
Open

chore(deps): bump taskcluster from 99.2.1 to 100.0.1#951
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/taskcluster-100.0.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps taskcluster from 99.2.1 to 100.0.1.

Release notes

Sourced from taskcluster's releases.

v100.0.1

WORKER-DEPLOYERS

▶ [patch] #7388 Generic Worker (FreeBSD): taskcluster-proxy now cross-compiles for freebsd/amd64 and freebsd/arm64 again. The new connection-verification feature (--allowed-user / --allowed-network) only has darwin, linux, and windows implementations; on FreeBSD the proxy refuses to start if either flag is set. FreeBSD support for taskcluster-proxy is experimental.

This release also contains the changes for v100, which had a broken release. Here's v100's changelog:

v100.0.0

GENERAL

▶ [MAJOR] #8437 Removed docker-worker from the monorepo. Docker-worker has been decommissioned across Taskcluster deployments and is no longer released. The d2g translation layer remains, so generic-worker continues to accept the legacy docker-worker payload format on Linux and the docker-worker:* scope namespace is unchanged. Existing tasks using the docker-worker payload format continue to run unchanged on generic-worker.

Notes for deployers:

  • The docker-worker worker-runner implementation has been removed; deployments must run generic-worker (or a third-party worker that uses the Queue's worker protocol). worker-runner's --help no longer lists docker-worker.
  • The docker-worker entry has been removed from the task-creator UI's TASK_PAYLOAD_SCHEMAS map. Deployments that set SITE_SPECIFIC.tutorial_worker_schema to docker-worker should change it to a generic-worker schema key (e.g. generic-multi-posix on Linux, generic-multi-win on Windows). Deployments that did not set this variable now default to generic-multi-posix instead of docker-worker.
  • The workers/docker-worker/ source tree is gone; deployments that built the docker-worker image themselves from this monorepo must source it from a docker-worker fork instead.
  • The docker-worker payload schema has moved from workers/docker-worker/schemas/v1/payload.yml to tools/d2g/schemas/docker-worker/v1/payload.yml. The published service-schema URL (schemas/docker-worker/v1/payload.json) is unchanged, so consumers fetching the schema from a running deployment are unaffected.

DEPLOYERS

▶ [patch] #8569 Fix Azure worker registration in regions whose Azure IMDS attested-data leaf certificates have rotated to the new Microsoft TLS RSA Root G2 hierarchy (uksouth as of 2026-04-29; other regions follow as their leaves renew). The G2 root is bundled in worker-manager's azure CA store, so addIntermediateCert succeeds for the dynamically fetched Microsoft TLS G2 RSA CA OCSP NN intermediates and registerWorker returns 200 again.

WORKER-DEPLOYERS

▶ [minor] #7388 Generic Worker now supports running multiple tasks concurrently via the new capacity configuration option.

Configuration:

  • capacity (uint8, default: 1, max: 255) - the number of tasks the worker will claim and execute in parallel.
  • When capacity is 1, behavior is unchanged from previous releases.
  • When capacity > 1, each task slot is allocated a block of 4 ports offset from the configured base ports (livelogPortBase, interactivePort, taskclusterProxyPort). Deployers must ensure these base ports are spaced far enough apart to avoid overlapping ranges. The worker validates this at startup and exits with an error if ranges collide.

Engine support:

  • Insecure engine: supported.
  • Multiuser engine: supported only when headlessTasks is enabled. Non-headless multiuser mode (which reboots between tasks) is restricted to capacity = 1.

Task isolation:

  • Each concurrent task receives its own task directory under tasksDir, its own set of dynamically allocated ports for LiveLog, Interactive, and TaskclusterProxy, and (in multiuser mode) its own OS user.
  • Caches and mounts are protected by per-cache read/write locks so that multiple tasks can read from the same cache concurrently while writes are serialized.
  • Docker image loading (D2G) uses file-level locking so parallel tasks sharing the same image coordinate without redundant loads.
  • In multiuser mode, TaskclusterProxy now verifies that incoming connections originate from the OS user running the task, preventing one task from accessing another task's credentials. This is implemented via /proc/net/tcp on Linux, lsof on macOS, and GetExtendedTcpTable on Windows. Note: in insecure mode, all tasks run as the same OS user, so UID-based connection verification is not possible; insecure mode with capacity > 1 does not provide credential isolation between concurrent tasks.

... (truncated)

Changelog

Sourced from taskcluster's changelog.

v100.0.1

WORKER-DEPLOYERS

▶ [patch] #7388 Generic Worker (FreeBSD): taskcluster-proxy now cross-compiles for freebsd/amd64 and freebsd/arm64 again. The new connection-verification feature (--allowed-user / --allowed-network) only has darwin, linux, and windows implementations; on FreeBSD the proxy refuses to start if either flag is set. FreeBSD support for taskcluster-proxy is experimental.

v100.0.0

GENERAL

▶ [MAJOR] #8437 Removed docker-worker from the monorepo. Docker-worker has been decommissioned across Taskcluster deployments and is no longer released. The d2g translation layer remains, so generic-worker continues to accept the legacy docker-worker payload format on Linux and the docker-worker:* scope namespace is unchanged. Existing tasks using the docker-worker payload format continue to run unchanged on generic-worker.

Notes for deployers:

  • The docker-worker worker-runner implementation has been removed; deployments must run generic-worker (or a third-party worker that uses the Queue's worker protocol). worker-runner's --help no longer lists docker-worker.
  • The docker-worker entry has been removed from the task-creator UI's TASK_PAYLOAD_SCHEMAS map. Deployments that set SITE_SPECIFIC.tutorial_worker_schema to docker-worker should change it to a generic-worker schema key (e.g. generic-multi-posix on Linux, generic-multi-win on Windows). Deployments that did not set this variable now default to generic-multi-posix instead of docker-worker.
  • The workers/docker-worker/ source tree is gone; deployments that built the docker-worker image themselves from this monorepo must source it from a docker-worker fork instead.
  • The docker-worker payload schema has moved from workers/docker-worker/schemas/v1/payload.yml to tools/d2g/schemas/docker-worker/v1/payload.yml. The published service-schema URL (schemas/docker-worker/v1/payload.json) is unchanged, so consumers fetching the schema from a running deployment are unaffected.

DEPLOYERS

▶ [patch] #8569 Fix Azure worker registration in regions whose Azure IMDS attested-data leaf certificates have rotated to the new Microsoft TLS RSA Root G2 hierarchy (uksouth as of 2026-04-29; other regions follow as their leaves renew). The G2 root is bundled in worker-manager's azure CA store, so addIntermediateCert succeeds for the dynamically fetched Microsoft TLS G2 RSA CA OCSP NN intermediates and registerWorker returns 200 again.

WORKER-DEPLOYERS

▶ [minor] #7388 Generic Worker now supports running multiple tasks concurrently via the new capacity configuration option.

Configuration:

  • capacity (uint8, default: 1, max: 255) - the number of tasks the worker will claim and execute in parallel.
  • When capacity is 1, behavior is unchanged from previous releases.
  • When capacity > 1, each task slot is allocated a block of 4 ports offset from the configured base ports (livelogPortBase, interactivePort, taskclusterProxyPort). Deployers must ensure these base ports are spaced far enough apart to avoid overlapping ranges. The worker validates this at startup and exits with an error if ranges collide.

Engine support:

  • Insecure engine: supported.
  • Multiuser engine: supported only when headlessTasks is enabled. Non-headless multiuser mode (which reboots between tasks) is restricted to capacity = 1.

Task isolation:

  • Each concurrent task receives its own task directory under tasksDir, its own set of dynamically allocated ports for LiveLog, Interactive, and TaskclusterProxy, and (in multiuser mode) its own OS user.
  • Caches and mounts are protected by per-cache read/write locks so that multiple tasks can read from the same cache concurrently while writes are serialized.
  • Docker image loading (D2G) uses file-level locking so parallel tasks sharing the same image coordinate without redundant loads.
  • In multiuser mode, TaskclusterProxy now verifies that incoming connections originate from the OS user running the task, preventing one task from accessing another task's credentials. This is implemented via /proc/net/tcp on Linux, lsof on macOS, and GetExtendedTcpTable on Windows. Note: in insecure mode, all tasks run as the same OS user, so UID-based connection verification is not possible; insecure mode with capacity > 1 does not provide credential isolation between concurrent tasks.

Constraints:

... (truncated)

Commits
  • fcf9d8e v100.0.1
  • 00b01fb Merge pull request #8585 from taskcluster/matt-boris/freeBsdTcProxyFix
  • b453303 fix(tc-proxy): stub freebsd connection verifier (fixes release build)
  • 835240c v100.0.0
  • 8977b1f Merge pull request #8577 from Eijebong/fix-intermittent-interactive
  • be6a7e5 Merge pull request #8583 from taskcluster/matt-boris/formatBytesFractionalTes...
  • 8483b4d Merge pull request #8582 from taskcluster/dependabot/npm_and_yarn/axios-1.16.0
  • 676a614 build(deps): bump axios from 1.15.0 to 1.16.0
  • c2acd1b fix(tests): fix fractional digit test
  • fcf9a4e Merge pull request #8581 from Eijebong/fun-fact-the-ipv6-rfc-is-28-years-old
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump taskcluster from 99.2.1 to 100.0.1
87ab8d7 
Bumps [taskcluster](https://github.com/taskcluster/taskcluster) from 99.2.1 to 100.0.1.
- [Release notes](https://github.com/taskcluster/taskcluster/releases)
- [Changelog](https://github.com/taskcluster/taskcluster/blob/main/CHANGELOG.md)
- [Commits](taskcluster/taskcluster@v99.2.1...v100.0.1)

---
updated-dependencies:
- dependency-name: taskcluster
  dependency-version: 100.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 12, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 12, 2026 02:18
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 12, 2026
@dependabot dependabot Bot requested a review from hneiva May 12, 2026 02:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hneiva hneiva Awaiting requested review from hneiva hneiva is a code owner automatically assigned from taskcluster/releng

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants