refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter

[jd]

ci queue-info::write_github_output formatted a unique
ghadelimiter_<uuid-v4> to guard against a metadata payload that
happens to contain its own heredoc delimiter. The actual contract
is "32 unpredictable hex chars", not "a UUID per RFC 4122" — the
delimiter is never parsed by anyone, only matched as a string.

Pull 16 random bytes straight from getrandom::fill and hex-encode
them. Drops uuid from the direct deps (it stays unreferenced and
disappears from Cargo.lock), with getrandom taking its place —
which uuid was already pulling in transitively, so the net add
is zero new code shipped to the binary.

The local helper is six lines. Same blast radius for a
maintainer-attack story, smaller surface to read.

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

Depends-On: #1445

[jd]

This pull request is part of a Mergify stack:

#	Pull Request	Link
1	test(freeze): add live smoke test for freeze create/update/delete	#1436
2	feat(rust): port freeze create/update/delete to native Rust	#1437
3	refactor(rust): dedupe emit-helper boilerplate across command crates	#1438
4	refactor(rust): share test scaffolding via mergify-test-support crate	#1439
5	refactor(core): introduce CommandContext for the queue+freeze prelude	#1441
6	refactor(ci): consolidate the CI-env scrubber into a shared testing module	#1442
7	refactor: drop stale Phase X.Y doc markers and one inline color branch	#1443
8	refactor(tui): share StyledGlyph across queue show/status renderers	#1444
9	refactor(queue): drop indexmap, group_by_scope returns a Vec<(K, V)>	#1445
10	refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter	#1446	👈
11	refactor(config): standardize the workspace on serde_yaml_ng for YAML parsing	#1447

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🔴 ⛓️ Depends-On Requirements

Waiting for

• depends-on=Mergifyio/mergify-cli#1436 [⛓️ test(freeze): add live smoke test for freeze create/update/delete #1436 [stack]]
• depends-on=Mergifyio/mergify-cli#1437 [⛓️ feat(rust): port freeze create/update/delete to native Rust #1437 [stack]]
• depends-on=Mergifyio/mergify-cli#1438 [⛓️ refactor(rust): dedupe emit-helper boilerplate across command crates #1438 [stack]]
• depends-on=Mergifyio/mergify-cli#1439 [⛓️ refactor(rust): share test scaffolding via mergify-test-support crate #1439 [stack]]
• depends-on=Mergifyio/mergify-cli#1441 [⛓️ refactor(core): introduce CommandContext for the queue+freeze prelude #1441 [stack]]
• depends-on=Mergifyio/mergify-cli#1442 [⛓️ refactor(ci): consolidate the CI-env scrubber into a shared testing module #1442 [stack]]
• depends-on=Mergifyio/mergify-cli#1443 [⛓️ refactor: drop stale Phase X.Y doc markers and one inline color branch #1443 [stack]]
• depends-on=Mergifyio/mergify-cli#1444 [⛓️ refactor(tui): share StyledGlyph across queue show/status renderers #1444 [stack]]
• depends-on=Mergifyio/mergify-cli#1445 [⛓️ refactor(queue): drop indexmap, group_by_scope returns a Vec<(K, V)> #1445 [stack]]

This rule is failing.

Requirement based on the presence of Depends-On in the body of the pull request

• depends-on=Mergifyio/mergify-cli#1436 [⛓️ test(freeze): add live smoke test for freeze create/update/delete #1436 [stack]]
• depends-on=Mergifyio/mergify-cli#1437 [⛓️ feat(rust): port freeze create/update/delete to native Rust #1437 [stack]]
• depends-on=Mergifyio/mergify-cli#1438 [⛓️ refactor(rust): dedupe emit-helper boilerplate across command crates #1438 [stack]]
• depends-on=Mergifyio/mergify-cli#1439 [⛓️ refactor(rust): share test scaffolding via mergify-test-support crate #1439 [stack]]
• depends-on=Mergifyio/mergify-cli#1441 [⛓️ refactor(core): introduce CommandContext for the queue+freeze prelude #1441 [stack]]
• depends-on=Mergifyio/mergify-cli#1442 [⛓️ refactor(ci): consolidate the CI-env scrubber into a shared testing module #1442 [stack]]
• depends-on=Mergifyio/mergify-cli#1443 [⛓️ refactor: drop stale Phase X.Y doc markers and one inline color branch #1443 [stack]]
• depends-on=Mergifyio/mergify-cli#1444 [⛓️ refactor(tui): share StyledGlyph across queue show/status renderers #1444 [stack]]
• depends-on=Mergifyio/mergify-cli#1445 [⛓️ refactor(queue): drop indexmap, group_by_scope returns a Vec<(K, V)> #1445 [stack]]

🔴 👀 Review Requirements

Waiting for

• #approved-reviews-by>=2

This rule is failing.

• any of:
  • #approved-reviews-by>=2
  • author = dependabot[bot]
  • author = mergify-ci-bot
  • author = renovate[bot]

🔴 🔎 Reviews

Waiting for

• #review-requested = 0

This rule is failing.

• #review-requested = 0
• #changes-requested-reviews-by = 0
• #review-threads-unresolved = 0

🟢 🤖 Continuous Integration

Wonderful, this rule succeeded.

• all of:
  • check-success=ci-gate

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:

🟢 📕 PR description

Wonderful, this rule succeeded.

• body ~= (?ms:.{48,})

[jd]

Revision history

#	Type	Changes	Reason	Date
1	initial	2cd6b4f		2026-05-20 08:42 UTC
2	rebase	2cd6b4f → 5cd88c9 (rebase only)		2026-05-20 08:42 UTC
3	rebase	5cd88c9 → 8468caf (rebase only)		2026-05-20 09:05 UTC
4	rebase	8468caf → 73811d4 (rebase only)		2026-05-21 07:25 UTC
5	rebase	73811d4 → d61afc0 (rebase only)		2026-05-21 07:56 UTC
6	rebase	d61afc0 → 637e6a8 (rebase only)		2026-05-21 12:39 UTC

Pull request has been modified.