build(deps): bump taskcluster from 97.1.0 to 99.1.1 in /bot

[dependabot]

Bumps taskcluster from 97.1.0 to 99.1.1.

Release notes

Sourced from taskcluster's releases.

v99.1.1

GENERAL

▶ [patch] Upgrades to Node.js v24.15.0 and yarn 4.14.1

DEPLOYERS

▶ [patch] #8517 Fixed Azure provider workers getting stuck in STOPPING indefinitely when their backing Azure resources (VM, NIC, IP, disks, or ARM deployment) were deleted out-of-band (e.g. Spot preemption, ARM cascade delete). The deprovisionResource helper now treats a 404 from beginDelete the same way as a 404 from get: mark the resource as deleted and let the reap path continue.

▶ [patch] #8270 Fixed a permission error on startup where nginx could not open its default error log at /var/lib/nginx/logs/error.log when the container runs as a non-root user (UID 1000).

USERS

▶ [patch] #7802 The pending tasks and claimed tasks pages now correctly display errors (such as insufficient scopes) instead of showing a blank page when the worker pool is also absent from worker-manager.

DEVELOPERS

▶ [patch] #8325 Fixed a flaky test in the worker-manager launch config selector suite by increasing the statistical sample size from 100 to 500 draws.

▶ [patch] Yarn will not execute the postinstall scripts from third-party packages when installing the project. This change helps to reduce supply-chain risks by preventing potentially malicious scripts from running automatically.

Note that you also have the ability to disable scripts on a per-package basis using dependenciesMeta, or to re-enable a specific script by combining enableScripts and dependenciesMeta.

Automated Package Updates

• build(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (5950fbfc32)
• build(deps): bump protobufjs from 7.5.3 to 7.5.5 (b1dda113ee)

v99.1.0

GENERAL

▶ [patch] Upgrades to go1.26.2 [SECURITY].

DEPLOYERS

... (truncated)

Changelog

Sourced from taskcluster's changelog.

v99.1.1

GENERAL

▶ [patch] Upgrades to Node.js v24.15.0 and yarn 4.14.1

DEPLOYERS

▶ [patch] #8517 Fixed Azure provider workers getting stuck in STOPPING indefinitely when their backing Azure resources (VM, NIC, IP, disks, or ARM deployment) were deleted out-of-band (e.g. Spot preemption, ARM cascade delete). The deprovisionResource helper now treats a 404 from beginDelete the same way as a 404 from get: mark the resource as deleted and let the reap path continue.

▶ [patch] #8270 Fixed a permission error on startup where nginx could not open its default error log at /var/lib/nginx/logs/error.log when the container runs as a non-root user (UID 1000).

USERS

▶ [patch] #7802 The pending tasks and claimed tasks pages now correctly display errors (such as insufficient scopes) instead of showing a blank page when the worker pool is also absent from worker-manager.

DEVELOPERS

▶ [patch] #8325 Fixed a flaky test in the worker-manager launch config selector suite by increasing the statistical sample size from 100 to 500 draws.

▶ [patch] Yarn will not execute the postinstall scripts from third-party packages when installing the project. This change helps to reduce supply-chain risks by preventing potentially malicious scripts from running automatically.

Note that you also have the ability to disable scripts on a per-package basis using dependenciesMeta, or to re-enable a specific script by combining enableScripts and dependenciesMeta.

Automated Package Updates

• build(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (5950fbfc32)
• build(deps): bump protobufjs from 7.5.3 to 7.5.5 (b1dda113ee)

v99.1.0

GENERAL

▶ [patch] Upgrades to go1.26.2 [SECURITY].

... (truncated)

Commits

• 7a6665d v99.1.1
• 34bc2d4 Merge pull request #8518 from taskcluster/feat/8517-azure-stopping-404
• cef5a1a feat(w-m): Fix azure stuck resource deletion
• c84aaa9 Merge pull request #8513 from nitishagar/fix/8325-flaky-launch-config-test
• c5f1ae4 Merge pull request #8512 from nitishagar/fix/8270-references-nginx-nonroot
• ad89d25 Merge pull request #8509 from taskcluster/matt-boris/node24.15.0
• 317370e fix(deps): disable yarn postinstall scripts by default
• 8e6c78f build(deps): upgrade to node 24.15.0 and yarn 4.14.1
• 3dd0efe Fix flaky weighted distribution test in launch config selector
• 33c1100 Fix nginx log dir permissions for non-root container
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)