ci(deps): bump the github-actions group with 3 updates

[dependabot]

Bumps the github-actions group with 3 updates: actions/checkout, pnpm/action-setup and anomalyco/opencode.

Updates actions/checkout from 6.0.3 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

• block checking out fork pr for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462
• getting ready for checkout v7 release by @​aiqiaoy in actions/checkout#2464
• update error wording by @​aiqiaoy in actions/checkout#2467

New Contributors

• @​aiqiaoy made their first contribution in actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Commits

• 9c091bb update error wording (#2467)
• 1044a6d getting ready for checkout v7 release (#2464)
• f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
• d914b26 upgrade module to esm and update dependencies (#2463)
• 537c7ef Bump @​actions/core and @​actions/tool-cache and Remove uuid (#2459)
• 130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
• 7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
• 0f9f3aa Bump actions/publish-immutable-action (#2458)
• f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
• See full diff in compare view

Updates pnpm/action-setup from 6.0.8 to 6.0.9

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.9

What's Changed

• fix: update pnpm to v11.7.0 by @​zkochan in pnpm/action-setup#267

Full Changelog: pnpm/action-setup@v6...v6.0.9

Commits

• 0ebf471 fix: update pnpm to v11.7.0 (#267)
• See full diff in compare view

Updates anomalyco/opencode from 1.17.4 to 1.17.8

Release notes

Sourced from anomalyco/opencode's releases.

v1.17.8

Core

Improvements

• Session timelines load much faster and avoid flicker or scroll jumps.

Bugfixes

• OpenAI-compatible providers now accept MCP tool schemas that previously failed validation. (@​jquense)
• Cloudflare AI Gateway now receives the configured API key correctly. (@​keefetang)
• MCP tools without declared schema properties now work with providers that expect object properties.
• Long-running MCP tools now keep their timeout alive when they report progress. (@​Nomadcxx)
• The MCP OAuth callback server now shuts down once authorization finishes or is cancelled.
• MCP tool failures now surface the server's error text instead of a generic failure.
• MCP OAuth error pages now escape provider error text correctly.

Desktop

Improvements

• Added a Home tab toggle so you can quickly switch between Home and your last tab.
• The new desktop file and folder picker is faster and easier to navigate in the v2 layout.

Thank you to 3 community contributors:

• @​Nomadcxx:
  • fix(mcp): enable progress timeout resets (#32477)
• @​keefetang:
  • fix(provider): pass apiKey to createUnified for Cloudflare AI Gateway (#32052)
• @​jquense:
  • fix(opencode): sanitize OpenAI MCP tool schemas (#32489)

v1.17.7

Core

Bugfixes

• Plugin client requests now reuse the active server instead of assuming the default local port.
• ACP shell tool calls now show the command and working directory from the start.
• Plugin-provided shell environment variables now apply to PTY sessions.

Improvements

• MCP servers can now receive the current workspace as a client root.

TUI

Bugfixes

• MCP debug now uses the SDK's latest protocol version.

Desktop

Bugfixes

... (truncated)

Commits

• 11e47f9 release: v1.17.8
• 10b6672 go: glm 5.2
• 85a7929 fix(stats): map lab aliases
• 5c9e4ff feat(app): add v2 home tab toggle (#32191)
• 417ad24 chore: generate
• 1e63e76 fix(stats): scope model pages to go
• 213ff3f fix(opencode): sanitize OpenAI MCP tool schemas (#32489)
• 3ab3d04 chore: update nix node_modules hashes
• 8fd5753 fix(provider): pass apiKey to createUnified for Cloudflare AI Gateway (#32052)
• 273efde chore: generate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions