chore(deps): bump sigra from 0.2.5 to 1.20.0

[dependabot]

Bumps sigra from 0.2.5 to 1.20.0.

Changelog

Sourced from sigra's changelog.

1.20.0 (2026-04-28)

Summary

• v1.20.0 GA Launch: Sigra reaches General Availability. This release finalizes the audit completeness evidence and production UAT documentation, providing operators the guarantees needed to deploy with confidence.

Changed

• planning: Phase 85 / AUD-21 closes the impersonation audit-atomicity gap: the default Ecto session store now co-fates impersonation session writes with admin.impersonation.start / admin.impersonation.stop, while non-Ecto stores keep the legacy create / delete + log_safe path.
• planning (Phase 87 / GAUAT-03..06 verification-approach correction): v1.20 GAUAT OAuth slice (gen smoke + Google register/login + provider linking + email-match confirmation) reshaped from "human runs mix sigra.gen.oauth + clicks real Google + captures screenshots" to a fully automated end-to-end harness — Sigra.Testing.OAuthIssuer (TestServer-backed in-process OIDC issuer mirroring Assent's own OIDCTestCase) drives Sigra's real HTTP stack from three Playwright specs (oauth-register / oauth-link / oauth-email-match) on every PR. Generator smoke extends scripts/ci/install-smoke.sh to add mix test on the freshly-generated host. Adopter-side real-credential check ships as mix sigra.oauth.smoketest --provider=google + docs/oauth-google-setup.md. 0 human UAT for v1.20 launch — matches Auth.js / Spring Security / Assent / pow_assent / Devise+omniauth ecosystem convention. REQUIREMENTS.md GAUAT-03..06, ROADMAP.md Phase 87, and docs/uat-ci-coverage.md SEED-001 row updated in the same commit (Phase 86 D-86-08 precedent).

Commits

• 788d614 fix: test failures blocking v1.20.0 release
• 2d77717 chore: release v1.20.0
• e751854 docs(89-01): complete 89-01-PLAN.md
• 8bb6dd1 docs(89-01): update CHANGELOG and README for v1.20 GA
• c1873e7 feat(89-01): bump version to 1.20.0 and add upgrading guide
• 9d4faf0 docs(gauat): mark Phase 87 provenance as PASS and disposition GO
• f26212c fix(ci): add CLOAK_KEY to email_visual_regression job
• effdf42 trigger ci
• d45aea2 chore(gauat): finalize Phase 87 and Phase 88 UAT evidence and Phase 89 prep
• 8aefe62 docs(phase-88): evolve PROJECT.md after phase completion
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)