Auto bump MDC Web deps to 5.0.0-canary.a5dbd8a2a.0

[github-actions]

This PR was auto generated by the bump-mdc-deps GitHub action.

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[googlebot]

A Googler has manually verified that the CLAs look good.

(Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.)

ℹ️ Googlers: Go here for more info.

[e111077]

@aomarks where is the CI for these?

[aomarks]

@aomarks where is the CI for these?

Heh, I was just looking into this yesterday. Turns out PRs created by GitHub Actions don't trigger other GitHub Actions, it's a deliberate limitation to prevent bad loops. peter-evans/create-pull-request#48 explains it, and gives a solution, which is to get a personal access token from some account, put it in the repo secrets, and use that instead of the automatic authentication it uses by default. But that means the PR will come from whoever's account the token was from. I was thinking maybe we should create a special robot github account for this purpose, or use one that already exists.

[e111077]

I guess we can merge and master should trigger CI and we can revert this branch if fails?

[aomarks]

I guess we can merge and master should trigger CI and we can revert this branch if fails?

Yeah that's what I've been doing lately. Not ideal but not that big a deal to roll back. Also if we merge MDC/MWC repos this will be a non-issue of course.