Bump go.temporal.io/server to v1.31.1 (security patch via OSS server) (…

…#1088)

## What changed?
 Bumps `go.temporal.io/server v1.31.0` → `v1.31.1`.

 Transitively picks up the OSS server v1.31.1 security fixes:
- `apache/thrift v0.21.0` → `v0.23.0` (CVE-2026-41602 /
GHSA-wf45-q9ch-q8gh)
- `golang.org/x/crypto v0.46.0` → `v0.52.0` (GO-2026-5005, -5006, -5013,
-5017, -5018, -5019, -5020, -5021, -5023 CRITICAL/HIGH)
- `golang.org/x/net v0.48.0` → `v0.55.0` (GO-2026-5026 CRITICAL idna +
others)
- Go toolchain `1.26.3` → `1.26.4` (CVE-2026-42504, -42507, -27145,
GO-2026-5037/5038/5039 stdlib HIGH)
- `golang.org/x/sys`, `x/term`, `x/text`, `x/sync`, `x/mod`, `x/tools`
bumped transitively to satisfy the above

Merge remote-tracking branch 'origin/main' into release/1.7.x-standal…

…one-nexus-operations

# Conflicts:
#	go.mod
#	go.sum

fix: use allow instead of ignore for dependency-type in dependabot co…

…nfig (#1057)

## Summary
- `dependency-type` is only valid inside `allow`, not `ignore` in
dependabot.yml
- Replaces the invalid `ignore` entry with `allow: [{dependency-type:
direct}]` to achieve the same goal of skipping indirect/transitive
dependency updates
- Adds a CI workflow using `check-jsonschema` to validate
`dependabot.yml` on PRs and pushes to main
- Fixes the Dependabot config validation failure introduced in #1044

## Test plan
- [ ] Verify the `.github/dependabot.yml` validation check passes on
this PR
- [ ] Verify `check-jsonschema --builtin-schema vendor.dependabot
.github/dependabot.yml` passes locally

Security patch: bump Go 1.26.3 and gomarkdown (#1073)

## What changed?

Security-only dependency bumps for CLI v1.7.1, shipping in the OSS
server v1.31.1 admin-tools image.

- Go toolchain 1.26.2 -> 1.26.3 — clears stdlib HIGH CVEs visible in
admin-tools image scans (CVE-2026-39820, -42499, -39836, -33814, -33811,
-42501).
- github.com/gomarkdown/markdown v0.0.0-20250311... ->
v0.0.0-20260411013819-759bbc3e3207 — clears GHSA-77fj-vx54-gvh7 /
CVE-2026-40890. Indirect dep pulled in via the embedded UI server.

Update server to v1.32.0-155.0

chore: update go dependencies (#1014)

## Summary
- Update `go.temporal.io/server` from `v1.31.0-154.0` (pre-release) to
`v1.31.0` (stable release)
- All other dependency changes (AWS SDK v2, OpenTelemetry, pgx,
golang.org/x/exp, etc.) are transitive updates pulled in by the server
version bump

## Test plan
- [ ] CI passes (build, lint, tests)

`temporal worker deployment create|create-version` (#971)

Adds implementation of the `temporal worker deployment create` and
`temporal worker deployment create-version` CLI commands using only
direct gRPC API calls, not the sdk-go client code.

Adds some basic unit tests for both commands though due to the
server-side validation of proper AWS IAM credentials, the happy-path
`temporal worker deployment create-version` call with AWS Lambda compute
config is skipped until such time as we can figure out adding real AWS
test fixtures.

---------

Signed-off-by: Jay Pipes <jay.pipes@temporal.io>
Co-authored-by: Alex Stanfield <13949480+chaptersix@users.noreply.github.com>
Co-authored-by: Dan Davison <dan.davison@temporal.io>
Co-authored-by: Sean Kane <spkane31@gmail.com>
Co-authored-by: Tasha Alfano <tashalalfano@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

update dev server to 1.30.2 and go to 1.26.1 (#967)

## Summary
- Bump `go.temporal.io/server` from v1.30.1 to v1.30.2
- Bump Go from 1.26.0 to 1.26.1, fixing 5 stdlib vulnerabilities
(GO-2026-4599 through GO-2026-4603)
- Fix flaky
`TestDeployment_Describe_Version_TaskQueueStats_WithPriority` test:
relax rate assertion that assumed task rates < 1, but server can return
rates > 1

## Test plan
- [ ] CI passes
- [ ] govulncheck reports no symbol-level vulnerabilities

bump server version to 151.6 (#961)

SAA drop type and task queue (#959)

## What was changed
Drop execution type and task queue from start standalone activity output

## Why?
They are not currently guaranteed correct in the
`conflictPolicy=UseExisting` case

## Testing

```
$ temporal activity start --start-to-close-timeout 1s --task-queue hello-standalone-activity-task-queue --type compose_greeting --activity-id act-1 --input '{"greeting": "mygreeting", "name": "myname"}'
Running execution:
  ActivityId  act-1
  RunId       019cd407-83cc-7c8e-ba17-5a3125e4e7cd
  Namespace   default
$ temporal activity result -a act-1
Results:
  Status  COMPLETED
  Result  "mygreeting, myname!"
$ temporal activity start --start-to-close-timeout 1s --task-queue hello-standalone-activity-task-queue --type compose_greeting --activity-id act-2 -o json --input '{"greeting": "mygreeting", "name": "myname"}'
{
  "activityId": "act-2",
  "runId": "019cd408-38a3-7e15-8b36-58f966f156de",
  "namespace": "default"
}
```