fix(deps): update dependency @anthropic-ai/sdk to v0.20.8

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@anthropic-ai/sdk	0.20.7 -> 0.20.8

---

Release Notes

anthropics/anthropic-sdk-typescript (@​anthropic-ai/sdk)

v0.20.8

Full Changelog: sdk-v0.20.7...sdk-v0.20.8

Chores

• internal: add scripts/test and scripts/mock (#​403) (bdc6011)
• internal: use actions/checkout@v4 for codeflow (#​400) (6d565d3)

---

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

anthropic debug - [puLL-Merge] - anthropics/anthropic-sdk-typescript@sdk-v0.20.7..sdk-v0.20.8

Description

This PR updates the Anthropic SDK TypeScript repository to version 0.20.8. The changes include updating GitHub Actions workflows to use actions/checkout@v4, adding new testing scripts, and ignoring the scripts directory in Jest tests.

Changes

Changes

• .github/workflows/create-releases.yml, .github/workflows/handle-release-pr-title-edit.yml, .github/workflows/release-doctor.yml:
  • Updated actions/checkout to use version 4 (@v4)
• .release-please-manifest.json:
  • Bumped SDK version from 0.20.7 to 0.20.8
• CHANGELOG.md:
  • Added changelog entry for version 0.20.8
• jest.config.ts:
  • Added scripts directory to testPathIgnorePatterns to exclude it from Jest tests
• package.json:
  • Updated SDK version to 0.20.8
  • Changed test script to run ./scripts/test
• scripts/mock:
  • Added new script to run Prism mock server for testing
• scripts/test:
  • Added new script to start mock server and run Jest tests
• src/version.ts:
  • Updated VERSION constant to '0.20.8'

Security Hotspots

No major security hotspots identified in this PR. The changes are primarily related to updating version numbers, changelogs, and improving the testing setup. The new testing scripts (scripts/mock and scripts/test) should be reviewed to ensure they don't introduce any unintended behaviors or vulnerabilities, but the risk seems low based on the provided code.

[github-actions]

bedrock debug - [puLL-Merge] - anthropics/anthropic-sdk-typescript@sdk-v0.20.7..sdk-v0.20.8

Description

This PR updates the Anthropic SDK TypeScript repository to version 0.20.8. It includes updates to GitHub Actions workflows, adds new testing scripts, and bumps the version number across various files.

Changes

Changes

• .github/workflows/create-releases.yml, .github/workflows/handle-release-pr-title-edit.yml, .github/workflows/release-doctor.yml:
  • Updated actions/checkout to use version 4 instead of version 3.
• .release-please-manifest.json:
  • Bumped the version number to 0.20.8.
• CHANGELOG.md:
  • Added release notes for version 0.20.8, including chores for adding test/mock scripts and updating actions/checkout.
• jest.config.ts:
  • Added scripts to testPathIgnorePatterns to exclude the new testing scripts from Jest tests.
• package.json:
  • Bumped the version to 0.20.8.
  • Changed the test script to run ./scripts/test instead of bin/check-test-server && yarn jest.
• scripts/mock, scripts/test:
  • Added new bash scripts for mocking the API and running tests.
  • mock runs Prism to mock the API based on the OpenAPI spec.
  • test starts the mock server if not already running, then runs Jest tests.
• src/version.ts:
  • Bumped the VERSION constant to 0.20.8.

Security Hotspots

No major security concerns identified in this PR. The changes are mostly related to build/test infrastructure and version bumps. The new testing scripts use Bash and standard Unix utilities which should be safe. However, a few minor points to consider:

1. The mock script executes commands based on a URL parsed from a YAML file (.stats.yml). Ensure this file is trusted and the URL is validated.

2. The test script kills processes based on a port number. Ensure the port is not used by other important processes.

3. As with any script changes, ensure the new Bash scripts have appropriate permissions and are not writable by untrusted users.

[github-actions]

openai debug - [puLL-Merge] - anthropics/anthropic-sdk-typescript@sdk-v0.20.7..sdk-v0.20.8

Description

This PR introduces several updates across multiple GitHub Actions, updates the SDK version, and refactors test scripts for efficiency and maintainability. The motivation seems to be the routine increment of the SDK version along with improvements in the continuous integration processes to adapt to the latest versions of dependencies and to streamline testing.

Changes

Changes

Workflow Files

• .github/workflows/create-releases.yml:
  • Updated actions/checkout from v3 to v4.
• .github/workflows/handle-release-pr-title-edit.yml:
  • Updated actions/checkout from v3 to v4.
• .github/workflows/release-doctor.yml:
  • Updated actions/checkout from v3 to v4.

Configuration and JSON Files

• .release-please-manifest.json:
  • SDK version incremented from "0.20.7" to "0.20.8".
• jest.config.ts:
  • Added scripts directory to testPathIgnorePatterns to exclude it from Jest test paths.

Documentation and Logs

• CHANGELOG.md:
  • Updated with a new section for version 0.20.8 detailing changes and referencing relevant commits and issues.

Scripts

• scripts/mock:
  • New script added to handle API mocking using Prism. Includes error handling and daemon processing.
• scripts/test:
  • New script to manage testing which checks for a running Prism instance and handles its lifecycle during testing period.

Package and Version Files

• package.json:
  • SDK version updated from "0.20.7" to "0.20.8".
  • Updated the test script to use the new test script located in ./scripts/test.
• src/version.ts:
  • Updated SDK version constant from "0.20.7" to "0.20.8".

Security Hotspots

1. Scripts Execution (High Risk):

   • New bash scripts scripts/mock and scripts/test have been added with potentially executable permissions. It's crucial to verify that these scripts do not expose any sensitive information, handle input/output correctly without spillage, and do not allow arbitrary command execution.

2. Workflow Actions Version Update (Medium Risk):

   • Updating GitHub Actions (e.g., actions/checkout to v4) should be checked against release notes of the actions to ensure there are no backward compatibility issues or newer vulnerabilities introduced by these newer versions.

3. Automated Changelog Generation (Low Risk):

   • Ensure that the automated generation and modification of CHANGELOG.md does not accidentally leak sensitive information, especially since contents here usually become public. This includes careful review of linked issues and commits.

Overall, the PR seems structured towards maintenance and simplification, with significant changes to automation scripts to enhance the development process. Ensure testing strategies are comprehensive to cover these changes, and contingency plans are in place, especially focusing on the new script functionalities.