chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0

[dependabot]

Bumps getsentry/craft from 2.18.3 to 2.19.0.

Release notes

Sourced from getsentry/craft's releases.

2.19.0

New Features ✨

• (action) Emit publish request issue URL as annotation by @​BYK in #708

Bug Fixes 🐛

Docker

• Add image template var and strict template validation by @​BYK in #713
• Add GITHUB_API_TOKEN and x-access-token fallbacks for ghcr.io by @​BYK in #710

Other

• (action) Use environment variables for complex inputs by @​BYK in #716
• (aws-lambda) Skip layer publication for pre-release versions by @​BYK in #714
• (prepare) Make NEW-VERSION optional and auto-create changelog by @​BYK in #715
• Don't mention PRs to avoid linking in changelog previews by @​BYK in #712

Changelog

Sourced from getsentry/craft's changelog.

Changelog

2.19.0

New Features ✨

• (action) Emit publish request issue URL as annotation by @​BYK in #708

Bug Fixes 🐛

Docker

• Add image template var and strict template validation by @​BYK in #713
• Add GITHUB_API_TOKEN and x-access-token fallbacks for ghcr.io by @​BYK in #710

Other

• (action) Use environment variables for complex inputs by @​BYK in #716
• (aws-lambda) Skip layer publication for pre-release versions by @​BYK in #714
• (prepare) Make NEW-VERSION optional and auto-create changelog by @​BYK in #715
• Don't mention PRs to avoid linking in changelog previews by @​BYK in #712

2.18.3

Bug Fixes 🐛

• (changelog-preview) Replace deleted install sub-action with inline install by @​BYK in #706

2.18.2

Bug Fixes 🐛

Action

• Simplify install by using build artifact with release fallback by @​BYK in #705
• Resolve install sub-action path for external repos by @​BYK in #704

2.18.1

Bug Fixes 🐛

• (changelog) Add retry and robust error handling for GitHub GraphQL by @​seer-by-sentry in #701
• Add permissions and docs for changelog-preview reusable workflow by @​BYK in #703

2.18.0

New Features ✨

• (dry-run) Add worktree-based dry-run mode with real diff output by @​BYK in #692

... (truncated)

Commits

• c6e2f04 release: 2.19.0
• 32c2e8e fix(action): Use environment variables for complex inputs (#716)
• ec24326 fix(aws-lambda): Skip layer publication for pre-release versions (#714)
• 86aa29b fix(prepare): Make NEW-VERSION optional and auto-create changelog (#715)
• 15e3969 feat(action): emit publish request issue URL as annotation (#708)
• bca0ad7 fix: Don't mention PRs to avoid linking in changelog previews (#712)
• 1e970f4 fix(docker): Add image template var and strict template validation (#713)
• fa3407a fix(docker): Add GITHUB_API_TOKEN and x-access-token fallbacks for ghcr.io (#...
• c216c1a meta: Bump new development version
• b6b2fb2 Merge branch 'release/2.18.3'
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0 by dependabot[bot] in #5551

• chore: Use pull_request_target for changelog preview by BYK in #5546

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0 by dependabot[bot] in #5551

• chore: Use pull_request_target for changelog preview by BYK in #5546

---

_{🤖 This preview updates automatically when you update the PR.}

[sentry]

Bug: Upgrading getsentry/craft may break the release process. The craft-pre-release.sh script expects a positional argument that the new version of the action might no longer provide.
_{Severity: HIGH}

Suggested Fix

Verify the invocation signature for preReleaseCommand in the new version of getsentry/craft. If the positional argument is no longer passed, update craft-pre-release.sh to retrieve the version from an environment variable or another source, or modify the script to handle a missing argument gracefully.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/workflows/release.yml#L46

Potential issue: The `release.yml` workflow upgrades the `getsentry/craft` action to a
new version. The release notes for this new version suggest that the `NEW-VERSION`
argument is now optional. The `craft-pre-release.sh` script, which is executed by this
action, expects the version to be passed as the second positional argument (`$2`). The
script also uses `set -u`, which will cause it to exit with an error if an unset
variable is referenced. If the upgraded `craft` action no longer passes this positional
argument, the release script will fail, breaking the release process.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[antonis]

LGTM and a test release was 🟢
getsentry/publish#6942
https://github.com/getsentry/sentry-react-native/actions/runs/21130877507/job/60761429025