Bump taskcluster from 98.0.0 to 99.0.2 in /tools by dependabot[bot] · Pull Request #58934 · web-platform-tests/wpt

dependabot · 2026-04-02T02:30:47Z

Bumps taskcluster from 98.0.0 to 99.0.2.

Release notes

v99.0.2

Release v99.0.1 was sacrificed to the release Gods. Here were its changelogs:

v99.0.1

DEPLOYERS

▶ [patch] #6898 Azure workers that report a failed provisioning state (e.g., OSProvisioningClientError) but are actually running (PowerState/running) are no longer immediately terminated. Instead, they are allowed to attempt registration, with the existing terminateAfter timeout serving as a safety net for truly broken workers.

▶ [patch] Web Server: OAuth2 token scopes are now intersected with the registered client's allowed scopes in addition to the user's scopes, preventing a tampered consent form submission from requesting scopes beyond what the client was registered for. A warning is logged when a scope mismatch is detected.

WORKER-DEPLOYERS

▶ [patch] #8410 Generic Worker: Fix panic "close of closed channel" in Command.Kill() when multiple abort paths (e.g., reclaim failure and graceful termination) race to kill a task's processes.

OTHER

▶ Additional changes not described here: #8013, #8013, #8013.

v99.0.0

WORKER-DEPLOYERS

▶ [patch] D2G: limits concurrent docker cp artifact extractions to 10 to reduce RAM usage and avoid overwhelming the Docker daemon.

▶ [patch] D2G: performance improvements to docker run for d2g tasks. Adds --pull=never to skip redundant registry checks (image is already loaded), --log-driver=none to eliminate duplicate log writes, and parallelizes artifact extraction from stopped containers.

USERS

▶ [MAJOR] The taskcluster/websocktunnel Docker image tags now include a v prefix (e.g., v99.0.0 instead of 99.0.0), matching the convention used by all other Taskcluster Docker images. A duplicate task definition in the release tooling was silently overriding the correct tag format since v36.0.0. If you reference websocktunnel images by tag, update your configurations to use the v-prefixed format.

Automated Package Updates

build(deps): bump pygments from 2.19.2 to 2.20.0 in /clients/client-py (a418693297)

build(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 (df949f6f14)

build(deps): bump brace-expansion from 1.1.12 to 1.1.13 (480b0afbef)

build(deps): bump brace-expansion from 1.1.12 to 1.1.13 in /ui (95ebf2e576)

build(deps): bump brace-expansion in /clients/client-web (3632239116)

v98.0.1

... (truncated)

Changelog

Sourced from taskcluster's changelog.

v99.0.2

OTHER

▶ Additional change not described here: #8013.

v99.0.1

DEPLOYERS

▶ [patch] #6898 Azure workers that report a failed provisioning state (e.g., OSProvisioningClientError) but are actually running (PowerState/running) are no longer immediately terminated. Instead, they are allowed to attempt registration, with the existing terminateAfter timeout serving as a safety net for truly broken workers.

▶ [patch] Web Server: OAuth2 token scopes are now intersected with the registered client's allowed scopes in addition to the user's scopes, preventing a tampered consent form submission from requesting scopes beyond what the client was registered for. A warning is logged when a scope mismatch is detected.

WORKER-DEPLOYERS

▶ [patch] #8410 Generic Worker: Fix panic "close of closed channel" in Command.Kill() when multiple abort paths (e.g., reclaim failure and graceful termination) race to kill a task's processes.

OTHER

▶ Additional changes not described here: #8013, #8013, #8013.

v99.0.0

WORKER-DEPLOYERS

▶ [patch] D2G: limits concurrent docker cp artifact extractions to 10 to reduce RAM usage and avoid overwhelming the Docker daemon.

▶ [patch] D2G: performance improvements to docker run for d2g tasks. Adds --pull=never to skip redundant registry checks (image is already loaded), --log-driver=none to eliminate duplicate log writes, and parallelizes artifact extraction from stopped containers.

USERS

▶ [MAJOR] The taskcluster/websocktunnel Docker image tags now include a v prefix (e.g., v99.0.0 instead of 99.0.0), matching the convention used by all other Taskcluster Docker images. A duplicate task definition in the release tooling was silently overriding the correct tag format since v36.0.0. If you reference websocktunnel images by tag, update your configurations to use the v-prefixed format.

Automated Package Updates

build(deps): bump pygments from 2.19.2 to 2.20.0 in /clients/client-py (a418693297)

build(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 (df949f6f14)

build(deps): bump brace-expansion from 1.1.12 to 1.1.13 (480b0afbef)

... (truncated)

Commits

faaa9f5 v99.0.2
49867fc Merge pull request #8418 from taskcluster/matt-boris/cleanupNpmPack
dfc956a fix(release): remove npm tarball after copy
9137b70 v99.0.1
36665a4 Merge pull request #8417 from taskcluster/matt-boris/oauth2-fix
1ea0308 fix: bound OAuth2 token scopes to registered client scopes
11f8a28 test: add OAuth2 scope tampering tests
bc872af Merge pull request #8354 from taskcluster/claude-md-updates
e0b4a0b Update changelog/issue-8354.md
7536cf5 Add CLAUDE.md for generic-worker and improve root CLAUDE.md
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [taskcluster](https://github.com/taskcluster/taskcluster) from 98.0.0 to 99.0.2. - [Release notes](https://github.com/taskcluster/taskcluster/releases) - [Changelog](https://github.com/taskcluster/taskcluster/blob/main/CHANGELOG.md) - [Commits](taskcluster/taskcluster@v98.0.0...v99.0.2) --- updated-dependencies: - dependency-name: taskcluster dependency-version: 99.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 2, 2026

dependabot bot assigned DanielRyanSmith Apr 2, 2026

dependabot bot mentioned this pull request Apr 2, 2026

Bump taskcluster from 98.0.0 to 99.0.0 in /tools #58863

Closed

wpt-pr-bot added ci infra requirements_tests.txt labels Apr 2, 2026

wpt-pr-bot requested review from DanielRyanSmith, foolip, jgraham and jonathan-j-lee April 2, 2026 02:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump taskcluster from 98.0.0 to 99.0.2 in /tools#58934

Bump taskcluster from 98.0.0 to 99.0.2 in /tools#58934
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/tools/taskcluster-99.0.2

dependabot bot commented on behalf of github Apr 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Apr 2, 2026

v99.0.2

v99.0.1

DEPLOYERS

WORKER-DEPLOYERS

OTHER

v99.0.0

WORKER-DEPLOYERS

USERS

Automated Package Updates

v98.0.1

v99.0.2

OTHER

v99.0.1

DEPLOYERS

WORKER-DEPLOYERS

OTHER

v99.0.0

WORKER-DEPLOYERS

USERS

Automated Package Updates

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants