chore(deps): bump changesets/action from 1.7.0 to 1.9.0

[dependabot]

Bumps changesets/action from 1.7.0 to 1.9.0.

Release notes

Sourced from changesets/action's releases.

v1.9.0

Minor Changes

• #636 b072bcc Thanks @​bluwy! - Add a new @changesets/action/pr-comment sub-action to comment on PRs

• #625 8795eee Thanks @​bluwy! - Add a new @changesets/action/pr-status sub-action to generate the changeset status comment for PRs as an alternative to the Changesets Bot.

Patch Changes

• #535 34f64f6 Thanks @​Andarist! - Fixed an issue with GitHub releases not being created for successfully published packages when some packages failed to be published to the registry.

• #632 1d54b9e Thanks @​bluwy! - Simplify internal implementation to get changelog entries for a package version

• #629 e0c90aa Thanks @​bluwy! - Fix custom version and publish command argument parsing

• #645 f9585d9 Thanks @​Andarist! - Improved force-push handling when using commitMode: "github-api" so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.

v1.8.0

Minor Changes

• #258 f5dbf72 Thanks @​tom-sherman! - Support draft version PR modes with a new prDraft input. Use create to create new version PRs as drafts, or always to also convert existing version PRs back to draft when updating them.

Patch Changes

• #502 6002dbd Thanks @​oshytiko! - Fixed initial .changeset state being picked up, when cwd parameter is provided

• #536 81b3f61 Thanks @​radnan! - Fixed .changeset state being picked for the version command when cwd parameter is provided

Changelog

Sourced from changesets/action's changelog.

@​changesets/action

2.0.0-next.2

Patch Changes

• #670 5a8b9b7 Thanks @​Andarist! - Authenticate git CLI pushes with the configured GitHub token using Git extra headers instead of writing to a global .netrc file.

• #670 5a8b9b7 Thanks @​Andarist! - Derive the Git server URL from the GitHub Actions context when configuring git CLI authentication to support GitHub Enterprise Server setups.

2.0.0-next.1

Patch Changes

• #663 ccb3811 Thanks @​Andarist! - Fix the computed publish plan path passed internally to changeset pack by the /pack subaction.

• #662 5c88881 Thanks @​Andarist! - Fixed usage of --from-publish-plan flag used by the /pack subaction

• #666 dc29b73 Thanks @​Andarist! - Fix the /version subaction to not crash on missing pr-base-branch input. This input is meant to be optional.

2.0.0-next.0

Major Changes

• #657 4f718b5 Thanks @​Andarist! - Removed compatibility support for old Changesets v1.

• #659 5649ff4 Thanks @​bluwy! - Remove cwd option for changesets/action. Use the step working-directory option instead to change the directory.

Minor Changes

• #656 a12d90d Thanks @​bluwy! - Add new /select-mode, /version, and /publish sub-actions to better control version and publish steps

1.9.0

Minor Changes

• #636 b072bcc Thanks @​bluwy! - Add a new @changesets/action/pr-comment sub-action to comment on PRs

• #625 8795eee Thanks @​bluwy! - Add a new @changesets/action/pr-status sub-action to generate the changeset status comment for PRs as an alternative to the Changesets Bot.

Patch Changes

• #535 34f64f6 Thanks @​Andarist! - Fixed an issue with GitHub releases not being created for successfully published packages when some packages failed to be published to the registry.

• #632 1d54b9e Thanks @​bluwy! - Simplify internal implementation to get changelog entries for a package version

• #629 e0c90aa Thanks @​bluwy! - Fix custom version and publish command argument parsing

• #645 f9585d9 Thanks @​Andarist! - Improved force-push handling when using commitMode: "github-api" so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.

... (truncated)

Commits

• a45c4d5 v1.9.0
• b459b1e Version Packages (#637)
• f9585d9 Update @changesets/ghcommit (#645)
• 020e8cc Use internal bot for versioning (#643)
• b072bcc Add simple PR comment sub-action (#636)
• 8795eee Comment changeset status in PRs (#625)
• 34f64f6 Fixed an issue with GitHub releases not being created for successfully publis...
• 1d54b9e Simplify getChangelogEntry (#632)
• 031358f Update to typescript v6 (#633)
• a0c05f7 Bump @​changesets/changelog-github from 0.5.2 to 0.7.0 (#620)
• Additional commits viewable in compare view

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9b37f55

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@2260

@modelcontextprotocol/codemod

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/codemod@2260

@modelcontextprotocol/core

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/core@2260

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@2260

@modelcontextprotocol/server-legacy

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server-legacy@2260

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@2260

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/fastify@2260

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@2260

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@2260

commit: 9b37f55

[claude]

LGTM — routine Dependabot bump of changesets/action 1.7.0 → 1.9.0 with the SHA pin correctly matching the v1.9.0 release commit.

Extended reasoning...

Overview

This PR touches a single file, .github/workflows/release.yml, updating the SHA-pinned changesets/action reference from 6a0a831 (v1.7.0) to a45c4d5 (v1.9.0) in both the version-PR step and the publish step. The pinned SHA matches the v1.9.0 release commit listed in the upstream changelog/commit list, and the # v1 version comment remains accurate.

Security risks

The change is in the release workflow, which is supply-chain-sensitive (it has contents: write, pull-requests: write, and id-token: write for npm OIDC publishing). However, the action remains pinned to a full commit SHA from the official changesets/action repository, the upstream 1.8.0/1.9.0 changes are additive (new optional sub-actions, draft-PR input, and bug fixes) and do not alter the publish path used here (publish: pnpm run ci:publish), and no permissions or secrets are changed. No new tokens or scopes are required per the action's docs.

Level of scrutiny

This is a mechanical, Dependabot-style dependency bump following the repo's established SHA-pinning convention. Per the repo review conventions' CI guidance, no claims of breakage should be made without verification, and none are warranted — the workflow inputs used (publish, GITHUB_TOKEN, NPM_CONFIG_PROVENANCE) are unchanged between 1.7.0 and 1.9.0.

Other factors

The bug-hunting system found no issues, the timeline contains only standard bot comments (changeset-bot correctly notes no changeset is needed for a workflow-only change), and both usages of the action were updated consistently.