ci(deps): bump The-PR-Agent/pr-agent from 0.36.0 to 0.37.0

[dependabot]

Bumps The-PR-Agent/pr-agent from 0.36.0 to 0.37.0.

Release notes

Sourced from The-PR-Agent/pr-agent's releases.

v0.36.1

⚠️ Security

This release temporarily disables the /help_docs command as a mitigation for a credential-exposure vulnerability (#2445).

/help_docs accepted an untrusted runtime override of its git clone target (e.g. --pr_help_docs.repo_url=... from a PR comment), and the clone-URL host validation only checked substring containment. A host that merely contained the allowed host — e.g. github.com.attacker.tld — passed validation, so the git provider token was embedded into a clone URL pointing at an attacker-controlled host, exposing GITHUB_TOKEN (and the equivalent token on other providers).

What's Changed

• Publish Docker Hub image attestations and document digest verification by @copilot-swe-agent[bot] in #2433
• feat: add Gemini 3.1 stable and 3.5 model identifiers to supported model registry by @copilot-swe-agent[bot] in #2432

🚀 Features

• feat(config): add --extra_config_url to merge external .pr_agent.toml by @​kiennt2 in #2406
• feat: add Claude Opus 4.8 support by @​PeterDaveHello in #2423

🐛 Bug Fixes

• fix: add claude-opus-4-7 to NO_SUPPORT_TEMPERATURE_MODELS (#2400) by @​raywcm in #2448
• fix: remove closed Discord community links by @​IsmaelMartinez in #2446
• fix(security)!: temporarily disable /help_docs command (#2445) by @​naorpeled in #2451
• fix: handle missing [github] settings section at import time by @​PraneelBhatia in #2428
• fix: run gitlab_webhook under gunicorn for worker isolation by @​pdecat in #2412
• fix: update reference link to configuration.toml by @​arsalanyavari in #2425
• fix: readme-markdown-spacing by @​DoraC7 in #2333

📚 Documentation

• docs: Fix broken list markup in gitea installation document by @​brlin-tw in #2413

Full Changelog: The-PR-Agent/pr-agent@v0.36.0...v0.37.0

Commits

• 85178be fix: make GitHub PR-description ticket selection deterministic (#2422)
• ef851b5 chore: improve pr-agent maintenance path (#2431)
• 4b00f3d chore: let Qodo auto-approve PRs after self-review (#2463)
• 72504dd docs: use shell-portable env var names in install examples (#2439)
• f45b6e0 fix(gitea): return repo settings as bytes so .pr_agent.toml loads (#2435)
• 992cdef Add configurable .pr_agent.toml branch selection via CLI/env with GitHub fa...
• 98e2b7c Create FUNDING.yml (#2462)
• ea10b68 feat(A2A): migrate to A2A 1.0 protocol with artifact-based task completion (#...
• 426951f feat(sambanova): add MiniMax-M3, keep M2.5 (#2461)
• 3852765 test: strengthen focused unit coverage for core behavior (#2397)
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Failed to generate code suggestions for PR

[dependabot]

Superseded by #303.