chore(deps): update stefanzweifel/git-auto-commit-action action to v5.2.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
stefanzweifel/git-auto-commit-action	action	minor	v5 → v5.2.0

---

Release Notes

stefanzweifel/git-auto-commit-action (stefanzweifel/git-auto-commit-action)

v5.2.0

Compare Source

Added

• Add create_git_tag_only option to skip commiting and always create a git-tag. (#​364) @​zMynxx
• Add Test for create_git_tag_only feature (#​367) @​stefanzweifel

Fixed

• docs: Update README.md per #​354 (#​361) @​rasa

v5.1.0

Compare Source

Changed

• Include github.actor_id in default commit_author (#​354) @​parkerbxyz

Fixed

• docs(README): fix broken protected branch docs link (#​346) @​scarf005
• Update README.md (#​343) @​Kludex

Dependency Updates

• Bump bats from 1.11.0 to 1.11.1 (#​353) @​dependabot
• Bump github/super-linter from 6 to 7 (#​342) @​dependabot
• Bump github/super-linter from 5 to 6 (#​335) @​dependabot

v5.0.1

Compare Source

Fixed

• Fail if attempting to execute git commands in a directory that is not a git-repo. (#​326) @​ccomendant

Dependency Updates

• Bump bats from 1.10.0 to 1.11.0 (#​325) @​dependabot
• Bump release-drafter/release-drafter from 5 to 6 (#​319) @​dependabot

Misc

• Clarify commit_author input option (#​315) @​npanuhin
• Add step id explanation for output in README.md (#​324) @​ChristianVermeulen
• Linux is not UNIX (#​321) @​couling

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sentry]

Bug: The bundled Axios v1.6.2 mishandles DNS lookup failures, throwing a TypeError instead of the original DNS error, which can crash the workflow.
_{Severity: CRITICAL | Confidence: High}

🔍 Detailed Analysis

The bundled git-auto-commit-action includes Axios v1.6.2, which contains a known bug. When a custom DNS lookup function fails, the callback is invoked with an err and an undefined address. The code then attempts to process this undefined address in buildAddressEntry and resolveFamily, which throws a TypeError because the address is not a string. This TypeError completely masks the original DNS error, causing the workflow to crash with a misleading message and making debugging difficult. This affects any HTTP request made by the action in an environment with a custom DNS resolver.

💡 Suggested Fix

The version of Axios bundled in dist/index.js is v1.6.2, which has a known DNS lookup bug. This was fixed in Axios v1.6.5. The dependency should be updated to use at least Axios v1.6.5 to ensure DNS errors are handled correctly.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: dist/index.js#L8941-L8956

Potential issue: The bundled `git-auto-commit-action` includes Axios v1.6.2, which
contains a known bug. When a custom DNS lookup function fails, the callback is invoked
with an `err` and an `undefined` address. The code then attempts to process this
`undefined` address in `buildAddressEntry` and `resolveFamily`, which throws a
`TypeError` because the address is not a string. This `TypeError` completely masks the
original DNS error, causing the workflow to crash with a misleading message and making
debugging difficult. This affects any HTTP request made by the action in an environment
with a custom DNS resolver.

_{Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8074479}