build(deps): Bump layervai/ops-routines-workflows/.github/workflows/issue-priority.yml from 0.6.1 to 0.6.2

[dependabot]

Bumps layervai/ops-routines-workflows/.github/workflows/issue-priority.yml from 0.6.1 to 0.6.2.

Release notes

Sourced from layervai/ops-routines-workflows/.github/workflows/issue-priority.yml's releases.

v0.6.2 — comment-on-failure: surface unverifiable pins too

Fix

In v0.6.0/v0.6.1, the sticky PR comment only fired when a pin failed for being too new. Transient upstream failures (gh api / docker registry / proxy.golang.org / pypi.org / npmjs unreachable) left PRs with a red required check and no PR-level explanation — the reviewer had to dig into the run log to learn whether to re-run the check or open an upstream issue.

Live observation: layervai/nhp#1616, where dependabot bumped aquasecurity/trivy-action to a SHA that's actually 20 days old, but gh api flaked during the run; the check went red with no comment.

Now: unverifiable failures get the same sticky-comment treatment as too-new pins, with re-run guidance instead of an eligible-after date. Two sections (#### Pins below quarantine and #### Pins that could not be verified) are rendered independently — each is suppressed when its bucket is empty.

Hardening folded in alongside the headline fix:

• record_unverifiable strips \t\n| from the reason arg so future callers forwarding upstream error text can't break the markdown table layout.
• Same pin landing as both too_new and unverifiable (transient mid-run flake across two changed files) is deduped — too_new wins because we have a valid age from the file where the fetch succeeded; the unverifiable from the other file is just transient noise.
• awk failure under set -euo pipefail no longer silently suppresses the comment — wrapped in if ! with a fallback that dumps the deduped data into the too_new bucket and emits a ::warning.

See layervai/ops-routines#64 for the full implementation and cold-eyes review.

Migration

No caller-side changes. Bump <SHA> # v0.6.1 to <SHA> # v0.6.2:

uses: layervai/ops-routines-workflows/.github/workflows/age-check-actions.yml@ca41c7123c507ad45331a723851da6c010541154 # v0.6.2

(Same SHA bump applies to age-check-{docker,go,npm,pip}.yml.)

Commits

• ca41c71 sync: regenerated from ops-routines@de626bc
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)