v2.2.0
205 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 semantic-release-bot
|
7e473efe3c |
build(release): 2.2.0 [skip ci]
# [2.2.0](https://github.com/actions/create-github-app-token/compare/v2.1.4...v2.2.0) (2025-11-21) ### Bug Fixes * **deps:** bump glob from 10.4.5 to 10.5.0 ([#305](https://github.com/actions/create-github-app-token/issues/305)) ([v2.2.0 |
||
|
dependabot[bot]
|
dce3be8b28 |
fix(deps): bump p-retry from 6.2.1 to 7.1.0 (#294)
Bumps [p-retry](https://github.com/sindresorhus/p-retry) from 6.2.1 to 7.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/p-retry/releases">p-retry's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h3>Breaking</h3> <ul> <li>Require Node.js 20 3bdb53a</li> <li><code>onFailedAttempt</code> and <code>shouldRetry</code> now receive a <code>context</code> object instead of a decorated <code>error</code> bff36bb <ul> <li>You must now must access the error as <code>object.error</code> instead of <code>object</code>.</li> <li>The use of <code>.attemptNumber</code> and <code>.retriesLeft</code> did not change.</li> </ul> </li> <li>Remove the <code>forever</code> option (<a href="https://redirect.github.com/sindresorhus/p-retry/issues/79">#79</a>) 6a89827 <ul> <li>Many use-cases can use <code>{retries: Infinity}</code> instead for infinite retries.</li> </ul> </li> </ul> <h3>Improvements</h3> <ul> <li>Rewrite the package to not depend on the <code>retry</code> package (<a href="https://redirect.github.com/sindresorhus/p-retry/issues/79">#79</a>) 6a89827 <ul> <li>This is a full rewrite, so test carefully.</li> </ul> </li> <li>Add <a href="https://github.com/sindresorhus/p-retry#makeretriablefunction-options"><code>makeRetriable</code></a> method 1a81c1e</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-retry/compare/v6.2.1...v7.0.0">https://github.com/sindresorhus/p-retry/compare/v6.2.1...v7.0.0</a></p> <h2>v7.0.0-0</h2> <h3>Breaking</h3> <ul> <li>Require Node.js 20 3bdb53a</li> <li><code>onFailedAttempt</code> and <code>shouldRetry</code> now receive a <code>context</code> object instead of a decorated <code>error</code> bff36bb <ul> <li>You must now must access the error as <code>object.error</code> instead of <code>object</code>.</li> <li>The use of <code>.attemptNumber</code> and <code>.retriesLeft</code> did not change.</li> </ul> </li> <li>Remove the <code>forever</code> option (<a href="https://redirect.github.com/sindresorhus/p-retry/issues/79">#79</a>) 6a89827 <ul> <li>Many use-cases can use <code>{retries: Infinity}</code> instead for infinite retries.</li> </ul> </li> </ul> <h3>Improvements</h3> <ul> <li>Rewrite the package to not depend on the <code>retry</code> package (<a href="https://redirect.github.com/sindresorhus/p-retry/issues/79">#79</a>) 6a89827 <ul> <li>This is a full rewrite, so test carefully.</li> </ul> </li> <li>Add <a href="https://github.com/sindresorhus/p-retry?tab=readme-ov-file#makeretriablefunction-options"><code>makeRetriable</code></a> method 1a81c1e</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-retry/compare/v6.2.1...v7.0.0-0">https://github.com/sindresorhus/p-retry/compare/v6.2.1...v7.0.0-0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/p-retry/commit/e11ca9c9c4a8032182403871593a67a49e948568"><code>e11ca9c</code></a> 7.0.0</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/81608ce107e17b388721ec6377b58e29c52ea55c"><code>81608ce</code></a> Minor tweaks</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/9ef6a73d71c875c06de0090774806eb5ef1b4a7d"><code>9ef6a73</code></a> Clarify <code>shouldRetry</code> documentation (<a href="https://redirect.github.com/sindresorhus/p-retry/issues/93">#93</a>)</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/e05b1017e183db72962fbc8edb5fa1c86d33bc3c"><code>e05b101</code></a> Fix code example typo (<a href="https://redirect.github.com/sindresorhus/p-retry/issues/91">#91</a>)</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/157d06eabbcae7066e8cbf430ad0da759a4ca9a1"><code>157d06e</code></a> 7.0.0-0</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/bff36bb860a8ea8551982cd6bce5a2aaed4135fb"><code>bff36bb</code></a> Stop decorating errors</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/1a81c1e2d25718119d59ce33f9feeceb47a7436a"><code>1a81c1e</code></a> Add <code>makeRetriable</code> method</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/481105165809e0dd47679f5f576a0734bce7bcb9"><code>4811051</code></a> Document mocking</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/777d98f331affb8782eb50bee7d48e7c825224ca"><code>777d98f</code></a> Document signal handling</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/b4e52fcafab4592d353e1901c697f49605193496"><code>b4e52fc</code></a> Add test for async stack traces</li> <li>Additional commits viewable in <a href="https://github.com/sindresorhus/p-retry/compare/v6.2.1...v7.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
dependabot[bot]
|
5480f4325a |
fix(deps): bump glob from 10.4.5 to 10.5.0 (#305)
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 10.5.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1"><code>56774ef</code></a> 10.5.0</li> <li><a href="https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f"><code>1e4e297</code></a> bin: Do not expose filenames to shell expansion</li> <li>See full diff in <a href="https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/actions/create-github-app-token/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
dependabot[bot]
|
d90aa53233 |
feat: update permission inputs (#296)
Bumps [@octokit/openapi](https://github.com/octokit/openapi) from 19.1.0 to 21.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/openapi/releases"><code>@octokit/openapi</code>'s releases</a>.</em></p> <blockquote> <h2>v20.0.0</h2> <h1><a href="https://github.com/octokit/openapi/compare/v19.1.0...v20.0.0">20.0.0</a> (2025-09-16)</h1> <h3>chore</h3> <ul> <li><strong>deps:</strong> update dependency sort-keys to v6 (<a href="https://redirect.github.com/octokit/openapi/issues/500">#500</a>) (<a href="https://github.com/octokit/openapi/commit/262f87fe9825559a2c6edb2bf6534eab4622ee28">262f87f</a>)</li> </ul> <h3>Features</h3> <ul> <li>new Projects v2 endpoints, new code scanning dismissal endpoints, many other endpoints (<a href="https://redirect.github.com/octokit/openapi/issues/503">#503</a>) (<a href="https://github.com/octokit/openapi/commit/0b92729176bd70d4d5274a765fa00107dfd5017d">0b92729</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li><strong>deps:</strong> Remove GHES 3.13</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/openapi/commit/262f87fe9825559a2c6edb2bf6534eab4622ee28"><code>262f87f</code></a> chore(deps): update dependency sort-keys to v6 (<a href="https://redirect.github.com/octokit/openapi/issues/500">#500</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/0b92729176bd70d4d5274a765fa00107dfd5017d"><code>0b92729</code></a> feat: new Projects v2 endpoints, new code scanning dismissal endpoints, many ...</li> <li><a href="https://github.com/octokit/openapi/commit/a74dd44fb2a8c3c20e7143eb71ddaf86b9b0e639"><code>a74dd44</code></a> chore(deps): update dependency <code>@octokit/core</code> to v7 (<a href="https://redirect.github.com/octokit/openapi/issues/496">#496</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/3a7a9ea8cc65a3f7fa27436a2072080b565ab207"><code>3a7a9ea</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/498">#498</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/d6be26fc7e8cd0eb798a512c5107d16ccb2aacb4"><code>d6be26f</code></a> ci(action): update actions/checkout action to v5 (<a href="https://redirect.github.com/octokit/openapi/issues/499">#499</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/6ae358ed6fb0a184cc75e2dab1f06079ff20d66b"><code>6ae358e</code></a> ci(action): update actions/setup-node action to v5 (<a href="https://redirect.github.com/octokit/openapi/issues/502">#502</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/f02c5e21bac37e778aedac8ba39b4d62c4b6a7a5"><code>f02c5e2</code></a> ci(action): update gr2m/release-notifier-action action to v2 (<a href="https://redirect.github.com/octokit/openapi/issues/501">#501</a>)</li> <li>See full diff in <a href="https://github.com/octokit/openapi/compare/v19.1.0...v20.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
dependabot[bot]
|
55e2a4b2cc |
fix(deps): bump the production-dependencies group with 2 updates (#292)
Bumps the production-dependencies group with 2 updates: [@octokit/auth-app](https://github.com/octokit/auth-app.js) and [@octokit/request](https://github.com/octokit/request.js). Updates `@octokit/auth-app` from 8.1.0 to 8.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/auth-app.js/releases"><code>@octokit/auth-app</code>'s releases</a>.</em></p> <blockquote> <h2>v8.1.1</h2> <h2><a href="https://github.com/octokit/auth-app.js/compare/v8.1.0...v8.1.1">8.1.1</a> (2025-09-29)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency <code>@octokit/types</code> to v15 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/721">#721</a>) (<a href="https://github.com/octokit/auth-app.js/commit/8b76e56918edc0e754d397e42b1b968ec9fad800">8b76e56</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/auth-app.js/commit/8b76e56918edc0e754d397e42b1b968ec9fad800"><code>8b76e56</code></a> fix(deps): update dependency <code>@octokit/types</code> to v15 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/721">#721</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/1eb6dbc98053ecd71827edaf0cf47d78444899bb"><code>1eb6dbc</code></a> chore(deps): update dependency node to v22 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/713">#713</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/576769682cfc7a7901bab4678edd9cd1c48aa76e"><code>5767696</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/auth-app.js/issues/715">#715</a>)</li> <li>See full diff in <a href="https://github.com/octokit/auth-app.js/compare/v8.1.0...v8.1.1">compare view</a></li> </ul> </details> <br /> Updates `@octokit/request` from 10.0.3 to 10.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/request.js/releases"><code>@octokit/request</code>'s releases</a>.</em></p> <blockquote> <h2>v10.0.5</h2> <h2><a href="https://github.com/octokit/request.js/compare/v10.0.4...v10.0.5">10.0.5</a> (2025-09-29)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update octokit deps (<a href="https://redirect.github.com/octokit/request.js/issues/772">#772</a>) (<a href="https://github.com/octokit/request.js/commit/30f83b64578eebf6988b44df495d235de8136e6e">30f83b6</a>)</li> </ul> <h2>v10.0.4</h2> <h2><a href="https://github.com/octokit/request.js/compare/v10.0.3...v10.0.4">10.0.4</a> (2025-09-29)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency <code>@octokit/types</code> to v15 (<a href="https://redirect.github.com/octokit/request.js/issues/775">#775</a>) (<a href="https://github.com/octokit/request.js/commit/ad78b4c8099a790d9ac3489342021896cabdbecd">ad78b4c</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/request.js/commit/30f83b64578eebf6988b44df495d235de8136e6e"><code>30f83b6</code></a> fix(deps): update octokit deps (<a href="https://redirect.github.com/octokit/request.js/issues/772">#772</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/b07d5937e628436a399716e2df8e747d5cbb98d5"><code>b07d593</code></a> ci(action): update actions/checkout action to v5 (<a href="https://redirect.github.com/octokit/request.js/issues/770">#770</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/928c3d7e019e38a70eb89b9760ff120eed6acf58"><code>928c3d7</code></a> chore(deps): update dependency prettier to v3.6.2 (<a href="https://redirect.github.com/octokit/request.js/issues/766">#766</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/a84613eab6b231fca05549186fd4fd4c62bd7f02"><code>a84613e</code></a> ci(action): update actions/setup-node action to v5 (<a href="https://redirect.github.com/octokit/request.js/issues/771">#771</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/ad78b4c8099a790d9ac3489342021896cabdbecd"><code>ad78b4c</code></a> fix(deps): update dependency <code>@octokit/types</code> to v15 (<a href="https://redirect.github.com/octokit/request.js/issues/775">#775</a>)</li> <li>See full diff in <a href="https://github.com/octokit/request.js/compare/v10.0.3...v10.0.5">compare view</a></li> </ul> </details> <br /> You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
Parker Brown
|
cc6f999683 |
ci(test): trigger on merge_group (#308)
This pull request makes minor updates to the GitHub Actions workflow configuration in `.github/workflows/test.yml`, focusing on standardizing job naming and adding support for merge group events. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
dependabot[bot]
|
40fa6b52b3 |
build(deps-dev): bump @sinonjs/fake-timers from 14.0.0 to 15.0.0 (#295)
Bumps [@sinonjs/fake-timers](https://github.com/sinonjs/fake-timers) from 14.0.0 to 15.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sinonjs/fake-timers/blob/main/CHANGELOG.md"><code>@sinonjs/fake-timers</code>'s changelog</a>.</em></p> <blockquote> <h1>15.0.0 / 2025-09-18</h1> <ul> <li>feat: Add additional auto advance time controls (<a href="https://redirect.github.com/sinonjs/fake-timers/issues/509">#509</a>)</li> <li>Upgrade dependencies and drop support for Node 18 in favor of Node 24 (<a href="https://redirect.github.com/sinonjs/fake-timers/issues/526">#526</a> and <a href="https://redirect.github.com/sinonjs/fake-timers/issues/523">#523</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sinonjs/fake-timers/commit/6020d9b568ad3edfc0048d672fdfcc73d9437bf0"><code>6020d9b</code></a> 15.0.0</li> <li><a href="https://github.com/sinonjs/fake-timers/commit/959d2379ef971727048c9f9ebd3e22f4976efe62"><code>959d237</code></a> Updated release files for 15.0.0</li> <li><a href="https://github.com/sinonjs/fake-timers/commit/21dcb1334456292184f90a8f1eccdb3129de0133"><code>21dcb13</code></a> Upgrade versions (<a href="https://redirect.github.com/sinonjs/fake-timers/issues/526">#526</a>)</li> <li><a href="https://github.com/sinonjs/fake-timers/commit/108efae524106fb80dc0f767956900fc14a9d57a"><code>108efae</code></a> feat: Add additional auto advance time controls (<a href="https://redirect.github.com/sinonjs/fake-timers/issues/509">#509</a>)</li> <li><a href="https://github.com/sinonjs/fake-timers/commit/1145a3543d06e022cf9afb2a770230f31457c127"><code>1145a35</code></a> Bump esbuild from 0.23.1 to 0.25.0 (<a href="https://redirect.github.com/sinonjs/fake-timers/issues/523">#523</a>)</li> <li>See full diff in <a href="https://github.com/sinonjs/fake-timers/compare/v14.0.0...v15.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
396e5022f0 |
build(deps): bump actions/checkout from 5 to 6 (#306)
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>V5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f48f2eb932 |
build(deps): bump stefanzweifel/git-auto-commit-action from 6.0.1 to 7.0.0 (#300)
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 6.0.1 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>Added</h2> <ul> <li>Restore skip_fetch, skip_checkout, create_branch (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388">#388</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> <li>Restore Detached State Detection (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393">#393</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> <li>Add Support for Tag Messages (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391">#391</a>) <a href="https://github.com/@EliasBoulharts"><code>@EliasBoulharts</code></a></li> </ul> <h2>Changed</h2> <ul> <li>Run Action on Node 24 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389">#389</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2>Dependency Updates</h2> <ul> <li>Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386">#386</a>) [@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.0.0...HEAD">Unreleased</a></h2> <blockquote> <p>TBD</p> </blockquote> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...v7.0.0">v7.0.0</a> - 2025-10-12</h2> <h3>Added</h3> <ul> <li>Restore skip_fetch, skip_checkout, create_branch (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388">#388</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> <li>Restore Detached State Detection (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393">#393</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> <li>Add Support for Tag Messages (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391">#391</a>) <a href="https://github.com/@EliasBoulharts"><code>@EliasBoulharts</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Run Action on Node 24 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389">#389</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386">#386</a>) [@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.0...v6.0.1">v6.0.1</a> - 2025-06-11</h2> <h3>Fixed</h3> <ul> <li>Disable Check if Repo is in Detached State (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379">#379</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...v6.0.0">v6.0.0</a> - 2025-06-10</h2> <h3>Added</h3> <ul> <li>Throw error early if repository is in a detached state (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357">#357</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix PAT instructions with Dependabot (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376">#376</a>) <a href="https://github.com/@Dreamsorcerer"><code>@Dreamsorcerer</code></a></li> </ul> <h3>Removed</h3> <ul> <li>Remove support for <code>create_branch</code>, <code>skip_checkout</code>, <code>skip_Fetch</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314">#314</a>)</li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.1.0...v5.2.0">v5.2.0</a> - 2025-04-19</h2> <h3>Added</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/28e16e81777b558cc906c8750092100bbb34c5e3"><code>28e16e8</code></a> Release preparations for v7 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/394">#394</a>)</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/698fd76863f4609be5d51f1d1fe685aa92f062e9"><code>698fd76</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/391">#391</a> from EliasBoulharts/custom-tag-message</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/c40819ab3b7619623b7d0d760f3296f014f245b8"><code>c40819a</code></a> Update README</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/d7ee275235b337d03e77815bd319db607e2b455b"><code>d7ee275</code></a> Change internal variable names</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/e8684eb0cd3714a844cb825cd29a0afcf6d66dbc"><code>e8684eb</code></a> Fix Tests</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/19497011bbb2eef2859100223224b02b15d7e564"><code>1949701</code></a> Merge branch 'master' into pr/391</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/a88dc49508d9665d5de1616ea00c89de6c57d7cc"><code>a88dc49</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/388">#388</a> from stefanzweifel/v7-next</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/a531deca6b402bd507002fe0877a52a2dbe4d8c6"><code>a531dec</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/386">#386</a> from stefanzweifel/dependabot/github_actions/actions/...</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/acbe8b15bfea3c08ecd23f3a982067a91e34533e"><code>acbe8b1</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/393">#393</a> from stefanzweifel/v7-warn-detached-head</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/d1854850ecc4b10b4ee69a72ea84f78a192779e3"><code>d185485</code></a> Enable Detached State Check</li> <li>Additional commits viewable in <a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/778341af668090896ca464160c2def5d1d1a3eb0...28e16e81777b558cc906c8750092100bbb34c5e3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
b7f83f6278 |
build(deps): bump actions/setup-node from 4 to 6 (#299)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <p><strong>Breaking Changes</strong></p> <ul> <li>Limit automatic caching to npm, update workflows and documentation by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li> </ul> <p><strong>Dependency Upgrades</strong></p> <ul> <li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li> <li>Upgrade prettier from 2.8.8 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Enhance caching in setup-node with automatic package manager detection by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> </ul> <p>This update, introduces automatic caching when a valid <code>packageManager</code> field is present in your <code>package.json</code>. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set <code>package-manager-cache: false</code></p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false </code></pre> <ul> <li>Upgrade action to use node24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">See Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade <code>@octokit/request-error</code> and <code>@actions/github</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1227">actions/setup-node#1227</a></li> <li>Upgrade uuid from 9.0.1 to 11.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1273">actions/setup-node#1273</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1295">actions/setup-node#1295</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1332">actions/setup-node#1332</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1345">actions/setup-node#1345</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v5.0.0">https://github.com/actions/setup-node/compare/v4...v5.0.0</a></p> <h2>v4.4.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903"><code>2028fbc</code></a> Limit automatic caching to npm, update workflows and documentation (<a href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/13427813f706a0f6c9b74603b31103c40ab1c35a"><code>1342781</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/89d709d423dc495668cd762a18dd4a070611be3f"><code>89d709d</code></a> Bump prettier from 2.8.8 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/cd2651c46231bc0d6f48d6b34433b845331235fe"><code>cd2651c</code></a> Bump ts-jest from 29.1.2 to 29.4.1 (<a href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/a0853c24544627f65ddf259abe73b1d18a591444"><code>a0853c2</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-node/issues/1345">#1345</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/b7234cc9fe124f0f4932554b4e5284543083ae7b"><code>b7234cc</code></a> Upgrade action to use node24 (<a href="https://redirect.github.com/actions/setup-node/issues/1325">#1325</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/d7a11313b581b306c961b506cfc8971208bb03f6"><code>d7a1131</code></a> Enhance caching in setup-node with automatic package manager detection (<a href="https://redirect.github.com/actions/setup-node/issues/1348">#1348</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/5e2628c959b9ade56971c0afcebbe5332d44b398"><code>5e2628c</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/setup-node/issues/1332">#1332</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/65beceff8e91358525397bdce9103d999507ab03"><code>65becef</code></a> Bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1295">#1295</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/7e24a656e1c7a0d6f3eaef8d8e84ae379a5b035b"><code>7e24a65</code></a> Bump uuid from 9.0.1 to 11.1.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1273">#1273</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-node/compare/v4...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
dependabot[bot]
|
2a47cfc9ef |
build(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (#304)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> <h2>[4.1.0] - 2021-04-15</h2> <h3>Added</h3> <ul> <li>Types are now exported as <code>yaml.types.XXX</code>.</li> <li>Every type now has <code>options</code> property with original arguments kept as they were (see <code>yaml.types.int.options</code> as an example).</li> </ul> <h3>Changed</h3> <ul> <li><code>Schema.extend()</code> now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as <code>abcd</code> instead of <code>cbad</code>).</li> </ul> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: "unsafe" tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!<!tag></code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as "<code>foo: </code>"), <a href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0"><code>9963d36</code></a> 3.14.2 released</li> <li><a href="https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1"><code>10d3c8e</code></a> dist rebuild</li> <li><a href="https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"><code>5278870</code></a> fix prototype pollution in merge (<<) (<a href="https://redirect.github.com/nodeca/js-yaml/issues/731">#731</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/actions/create-github-app-token/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
1ff8cc40cc |
build(deps-dev): bump the development-dependencies group with 2 updates (#293)
Bumps the development-dependencies group with 2 updates: [dotenv](https://github.com/motdotla/dotenv) and [esbuild](https://github.com/evanw/esbuild). Updates `dotenv` from 17.2.2 to 17.2.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/motdotla/dotenv/compare/v17.2.2...v17.2.3">17.2.3</a> (2025-09-29)</h2> <h3>Changed</h3> <ul> <li>Fixed typescript error definition (<a href="https://redirect.github.com/motdotla/dotenv/pull/912">#912</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/motdotla/dotenv/commit/affe11372f3f1945f922996c092b5be70f30c40c"><code>affe113</code></a> 17.2.3</li> <li><a href="https://github.com/motdotla/dotenv/commit/db1ff1f13a9d8057b3752b63dfe4b811698093a1"><code>db1ff1f</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/7063f161788d66bac52cf5424552ee1baaf9db37"><code>7063f16</code></a> Merge pull request <a href="https://redirect.github.com/motdotla/dotenv/issues/913">#913</a> from motdotla/new-tips</li> <li><a href="https://github.com/motdotla/dotenv/commit/0bbe72c7d9f1c08666b54b099377dc7c5e1a7ae2"><code>0bbe72c</code></a> test against expected tips</li> <li><a href="https://github.com/motdotla/dotenv/commit/017951b8be6aa0e431b528ba7c15644a893a102a"><code>017951b</code></a> only run .js tests</li> <li><a href="https://github.com/motdotla/dotenv/commit/39eda1f7f8773b33716c5da2e6e43dc62dd0ba1c"><code>39eda1f</code></a> add space back</li> <li><a href="https://github.com/motdotla/dotenv/commit/fcc030ed6511ad96226a25d2e6a31a72e7048cba"><code>fcc030e</code></a> update tips</li> <li><a href="https://github.com/motdotla/dotenv/commit/b6c7a0d11bc7769daa4042b7f5bc211757cbc039"><code>b6c7a0d</code></a> updated tips - as Dotenvx Radar has been renamed Dotenvx Ops</li> <li><a href="https://github.com/motdotla/dotenv/commit/b3c8b16bd05e53bc02ca05827a89298cc1064cd6"><code>b3c8b16</code></a> remove unnecessary call to npx</li> <li><a href="https://github.com/motdotla/dotenv/commit/d6e4c17e61abb479cd5c1c06d5b3269a4f41cb3f"><code>d6e4c17</code></a> Merge pull request <a href="https://redirect.github.com/motdotla/dotenv/issues/912">#912</a> from adjerbetian/fix/typescript-error-definition</li> <li>Additional commits viewable in <a href="https://github.com/motdotla/dotenv/compare/v17.2.2...v17.2.3">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.25.9 to 0.25.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.25.10</h2> <ul> <li> <p>Fix a panic in a minification edge case (<a href="https://redirect.github.com/evanw/esbuild/issues/4287">#4287</a>)</p> <p>This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value <code>undefined</code> in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):</p> <pre lang="js"><code>function identity(x) { return x } identity({ y: identity(123) }) </code></pre> </li> <li> <p>Fix <code>@supports</code> nested inside pseudo-element (<a href="https://redirect.github.com/evanw/esbuild/issues/4265">#4265</a>)</p> <p>When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as <code>::placeholder</code> for correctness. The <a href="https://www.w3.org/TR/css-nesting-1/">CSS nesting specification</a> says the following:</p> <blockquote> <p>The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.</p> </blockquote> <p>However, it seems like this behavior is different for nested at-rules such as <code>@supports</code>, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:</p> <pre lang="css"><code>/* Original code */ ::placeholder { color: red; body & { color: green } @supports (color: blue) { color: blue } } <p>/* Old output (with --supported:nesting=false) */<br /> ::placeholder {<br /> color: red;<br /> }<br /> body :is() {<br /> color: green;<br /> }<br /> <a href="https://github.com/supports"><code>@supports</code></a> (color: blue) {<br /> {<br /> color: blue;<br /> }<br /> }</p> <p>/* New output (with --supported:nesting=false) */<br /> ::placeholder {<br /> color: red;<br /> }<br /> body :is() {<br /> color: green;<br /> }<br /> <a href="https://github.com/supports"><code>@supports</code></a> (color: blue) {<br /> ::placeholder {<br /> color: blue;<br /> }<br /> </code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.25.10</h2> <ul> <li> <p>Fix a panic in a minification edge case (<a href="https://redirect.github.com/evanw/esbuild/issues/4287">#4287</a>)</p> <p>This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value <code>undefined</code> in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):</p> <pre lang="js"><code>function identity(x) { return x } identity({ y: identity(123) }) </code></pre> </li> <li> <p>Fix <code>@supports</code> nested inside pseudo-element (<a href="https://redirect.github.com/evanw/esbuild/issues/4265">#4265</a>)</p> <p>When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as <code>::placeholder</code> for correctness. The <a href="https://www.w3.org/TR/css-nesting-1/">CSS nesting specification</a> says the following:</p> <blockquote> <p>The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.</p> </blockquote> <p>However, it seems like this behavior is different for nested at-rules such as <code>@supports</code>, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:</p> <pre lang="css"><code>/* Original code */ ::placeholder { color: red; body & { color: green } @supports (color: blue) { color: blue } } <p>/* Old output (with --supported:nesting=false) */<br /> ::placeholder {<br /> color: red;<br /> }<br /> body :is() {<br /> color: green;<br /> }<br /> <a href="https://github.com/supports"><code>@supports</code></a> (color: blue) {<br /> {<br /> color: blue;<br /> }<br /> }</p> <p>/* New output (with --supported:nesting=false) */<br /> ::placeholder {<br /> color: red;<br /> }<br /> body :is() {<br /> color: green;<br /> }<br /> <a href="https://github.com/supports"><code>@supports</code></a> (color: blue) {<br /> ::placeholder {<br /> color: blue;<br /> </code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/d6b668f96fb00d6a6d035f058e38b6bd2507beb6"><code>d6b668f</code></a> publish 0.25.10 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/5088c198b5ecee18ba903c4099458df98b1b6788"><code>5088c19</code></a> refactor: use strings.Builder (<a href="https://redirect.github.com/evanw/esbuild/issues/4290">#4290</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/755da31752d759f1ea70b8d4f7f677b3557dab3e"><code>755da31</code></a> run <code>make update-compat-table</code></li> <li><a href="https://github.com/evanw/esbuild/commit/a1d9c8649bcbacc59e521171f47d6928fda14043"><code>a1d9c86</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4287">#4287</a>: marked the wrong issue as fixed</li> <li><a href="https://github.com/evanw/esbuild/commit/73a0b2ae491c9d6a069516447292df2afe371b63"><code>73a0b2a</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4286">#4286</a>: minifier panic due to identity function</li> <li><a href="https://github.com/evanw/esbuild/commit/134dadffecf55c5dba20cd9f03996275da06ba49"><code>134dadf</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4265">#4265</a>: <code>@supports</code> nested inside <code>::pseudo</code></li> <li>See full diff in <a href="https://github.com/evanw/esbuild/compare/v0.25.9...v0.25.10">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
b96fde71c0 |
build(deps-dev): bump the development-dependencies group across 1 directory with 2 updates (#286)
Bumps the development-dependencies group with 2 updates in the / directory: [dotenv](https://github.com/motdotla/dotenv) and [esbuild](https://github.com/evanw/esbuild). Updates `dotenv` from 17.2.1 to 17.2.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/motdotla/dotenv/compare/v17.2.1...v17.2.2">17.2.2</a> (2025-09-02)</h2> <h3>Added</h3> <ul> <li>🙏 A big thank you to new sponsor <a href="https://tuple.app/dotenv">Tuple.app</a> - <em>the premier screen sharing app for developers on macOS and Windows.</em> Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/motdotla/dotenv/commit/2ea1a76fd5a8e52955b12b1a49bdeb2e69eda6b2"><code>2ea1a76</code></a> 17.2.2</li> <li><a href="https://github.com/motdotla/dotenv/commit/0947a8308ba7de1b9a0d8ecf569a809b82c46506"><code>0947a83</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/c8fb4aa58e846967a186f76344fc703533c0d68d"><code>c8fb4aa</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/a2b13d2995e8a76a124113150f2f13f781ebeb1b"><code>a2b13d2</code></a> update README</li> <li><a href="https://github.com/motdotla/dotenv/commit/d92a91e200deab36b0b0a05b09443cbe77f95216"><code>d92a91e</code></a> remove</li> <li>See full diff in <a href="https://github.com/motdotla/dotenv/compare/v17.2.1...v17.2.2">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.25.8 to 0.25.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.25.9</h2> <ul> <li> <p>Better support building projects that use Yarn on Windows (<a href="https://redirect.github.com/evanw/esbuild/issues/3131">#3131</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/3663">#3663</a>)</p> <p>With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the <code>C:</code> drive. The problem was as follows:</p> <ol> <li>Yarn in Plug'n'Play mode on Windows stores its global module cache on the <code>C:</code> drive</li> <li>Some developers put their projects on the <code>D:</code> drive</li> <li>Yarn generates relative paths that use <code>../..</code> to get from the project directory to the cache directory</li> <li>Windows-style paths don't support directory traversal between drives via <code>..</code> (so <code>D:\..</code> is just <code>D:</code>)</li> <li>I didn't have access to a Windows machine for testing this edge case</li> </ol> <p>Yarn works around this edge case by pretending Windows-style paths beginning with <code>C:\</code> are actually Unix-style paths beginning with <code>/C:/</code>, so the <code>../..</code> path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.</p> </li> <li> <p>Preserve parentheses around function expressions (<a href="https://redirect.github.com/evanw/esbuild/issues/4252">#4252</a>)</p> <p>The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read <a href="https://v8.dev/blog/preparser">V8's blog post about this</a> for more details.</p> <p>Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:</p> <pre lang="js"><code>// Original code const fn0 = () => 0 const fn1 = (() => 1) console.log(fn0, function() { return fn1() }()) <p>// Old output<br /> const fn0 = () => 0;<br /> const fn1 = () => 1;<br /> console.log(fn0, function() {<br /> return fn1();<br /> }());</p> <p>// New output<br /> const fn0 = () => 0;<br /> const fn1 = (() => 1);<br /> console.log(fn0, (function() {<br /> return fn1();<br /> })());<br /> </code></pre></p> <p>Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.</p> </li> <li> <p>Update Go from 1.23.10 to 1.23.12 (<a href="https://redirect.github.com/evanw/esbuild/issues/4257">#4257</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4258">#4258</a>)</p> <p>This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.25.9</h2> <ul> <li> <p>Better support building projects that use Yarn on Windows (<a href="https://redirect.github.com/evanw/esbuild/issues/3131">#3131</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/3663">#3663</a>)</p> <p>With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the <code>C:</code> drive. The problem was as follows:</p> <ol> <li>Yarn in Plug'n'Play mode on Windows stores its global module cache on the <code>C:</code> drive</li> <li>Some developers put their projects on the <code>D:</code> drive</li> <li>Yarn generates relative paths that use <code>../..</code> to get from the project directory to the cache directory</li> <li>Windows-style paths don't support directory traversal between drives via <code>..</code> (so <code>D:\..</code> is just <code>D:</code>)</li> <li>I didn't have access to a Windows machine for testing this edge case</li> </ol> <p>Yarn works around this edge case by pretending Windows-style paths beginning with <code>C:\</code> are actually Unix-style paths beginning with <code>/C:/</code>, so the <code>../..</code> path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.</p> </li> <li> <p>Preserve parentheses around function expressions (<a href="https://redirect.github.com/evanw/esbuild/issues/4252">#4252</a>)</p> <p>The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read <a href="https://v8.dev/blog/preparser">V8's blog post about this</a> for more details.</p> <p>Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:</p> <pre lang="js"><code>// Original code const fn0 = () => 0 const fn1 = (() => 1) console.log(fn0, function() { return fn1() }()) <p>// Old output<br /> const fn0 = () => 0;<br /> const fn1 = () => 1;<br /> console.log(fn0, function() {<br /> return fn1();<br /> }());</p> <p>// New output<br /> const fn0 = () => 0;<br /> const fn1 = (() => 1);<br /> console.log(fn0, (function() {<br /> return fn1();<br /> })());<br /> </code></pre></p> <p>Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.</p> </li> <li> <p>Update Go from 1.23.10 to 1.23.12 (<a href="https://redirect.github.com/evanw/esbuild/issues/4257">#4257</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4258">#4258</a>)</p> <p>This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/195e05c16f03a341390feef38b8ebf17d3075e14"><code>195e05c</code></a> publish 0.25.9 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/3dac33f2a2ba60387fb9aaca96b3e80b9e0512e0"><code>3dac33f</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/3131">#3131</a>, fix <a href="https://redirect.github.com/evanw/esbuild/issues/3663">#3663</a>: yarnpnp + windows + D drive</li> <li><a href="https://github.com/evanw/esbuild/commit/0f2c5c8c11dc3fa2a4e9e82df202d0b607e59de4"><code>0f2c5c8</code></a> mock fs now supports multiple volumes on windows</li> <li><a href="https://github.com/evanw/esbuild/commit/100a51e791ce714a1a90557bc9e5133fa0d38692"><code>100a51e</code></a> split out yarnpnp snapshot tests</li> <li><a href="https://github.com/evanw/esbuild/commit/13aace38bd1243e440061d1611e90a46ef55029c"><code>13aace3</code></a> remove <code>C:</code> assumption from windows snapshot tests</li> <li><a href="https://github.com/evanw/esbuild/commit/f1f413f18bce15a53fa4251f11a4747be94075e0"><code>f1f413f</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4252">#4252</a>: preserve parentheses around functions</li> <li><a href="https://github.com/evanw/esbuild/commit/1bc809190bdb68ad27fc0a6e6d385b4f635c90e2"><code>1bc8091</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4257">#4257</a>, close <a href="https://redirect.github.com/evanw/esbuild/issues/4258">#4258</a>: go 1.23.10 => 1.23.12</li> <li><a href="https://github.com/evanw/esbuild/commit/bc52135d02f794f28777c8e00db91997e0d98cab"><code>bc52135</code></a> move the go compiler version to <code>go.version</code></li> <li><a href="https://github.com/evanw/esbuild/commit/a0af5d1037c6e2509531151d153e875093f426b6"><code>a0af5d1</code></a> makefile: use <code>ESBUILD_VERSION</code> consistently</li> <li>See full diff in <a href="https://github.com/evanw/esbuild/compare/v0.25.8...v0.25.9">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
semantic-release-bot
|
6701853927 |
build(release): 2.1.4 [skip ci]
## [2.1.4](https://github.com/actions/create-github-app-token/compare/v2.1.3...v2.1.4) (2025-09-13)
### Bug Fixes
* **deps:** bump @octokit/auth-app from 7.2.1 to 8.0.1 ([#257](https://github.com/actions/create-github-app-token/issues/257)) ([
v2.1.4
|
||
|
dependabot[bot]
|
bef1eaf1c0 |
fix(deps): bump @octokit/auth-app from 7.2.1 to 8.0.1 (#257)
Bumps [@octokit/auth-app](https://github.com/octokit/auth-app.js) from 7.2.1 to 8.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/auth-app.js/releases"><code>@octokit/auth-app</code>'s releases</a>.</em></p> <blockquote> <h2>v8.0.1</h2> <h2><a href="https://github.com/octokit/auth-app.js/compare/v8.0.0...v8.0.1">8.0.1</a> (2025-05-20)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update octokit monorepo (major) (<a href="https://redirect.github.com/octokit/auth-app.js/issues/704">#704</a>) (<a href="https://github.com/octokit/auth-app.js/commit/56cded1431d08bd288c05e11f89a1fd07968a57f">56cded1</a>)</li> </ul> <h2>v8.0.0</h2> <h1><a href="https://github.com/octokit/auth-app.js/compare/v7.2.1...v8.0.0">8.0.0</a> (2025-05-20)</h1> <h3>Continuous Integration</h3> <ul> <li>stop testing against NodeJS v18 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/702">#702</a>) (<a href="https://github.com/octokit/auth-app.js/commit/a168de532c0697979b3f5d97f8e9d10dbcba7ff3">a168de5</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li> <p>Drop support for NodeJS v18</p> </li> <li> <p>build: set minimal node version in build script to v20</p> </li> <li> <p>ci: stop testing against NodeJS v18</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/auth-app.js/commit/56cded1431d08bd288c05e11f89a1fd07968a57f"><code>56cded1</code></a> fix(deps): update octokit monorepo (major) (<a href="https://redirect.github.com/octokit/auth-app.js/issues/704">#704</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/a168de532c0697979b3f5d97f8e9d10dbcba7ff3"><code>a168de5</code></a> ci: stop testing against NodeJS v18 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/702">#702</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/4bee524e65261c69f08c38a5e675bcf24a89bd76"><code>4bee524</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/auth-app.js/issues/703">#703</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/8a9a326926c2da7cbd0298fb945dc288c203dd1f"><code>8a9a326</code></a> build(deps-dev): bump vite from 6.3.2 to 6.3.5 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/701">#701</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/b2ad57fcdc93dbf74fe22f26e1848ea94a752460"><code>b2ad57f</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/auth-app.js/issues/697">#697</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/00bb36c205a5fdfeb5806f035f2d7203f10af8b3"><code>00bb36c</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/auth-app.js/issues/696">#696</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/0f9ad9ce6fd1bb16e7944e87fb65b82471bbee33"><code>0f9ad9c</code></a> build(deps-dev): bump vite from 6.2.5 to 6.2.6 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/695">#695</a>)</li> <li>See full diff in <a href="https://github.com/octokit/auth-app.js/compare/v7.2.1...v8.0.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
semantic-release-bot
|
1526738aa4 |
build(release): 2.1.3 [skip ci]
## [2.1.3](https://github.com/actions/create-github-app-token/compare/v2.1.2...v2.1.3) (2025-09-13)
### Bug Fixes
* **deps:** bump undici from 7.8.0 to 7.10.0 in the production-dependencies group ([#254](https://github.com/actions/create-github-app-token/issues/254)) ([
v2.1.3
|
||
|
dependabot[bot]
|
f3d5ec2073 |
fix(deps): bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#254)
Bumps the production-dependencies group with 1 update: [undici](https://github.com/nodejs/undici). Updates `undici` from 7.8.0 to 7.10.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.10.0</h2> <h2>What's Changed</h2> <ul> <li>Add "clientLifetime" option to close and remove connections from the pool after a specified time. by <a href="https://github.com/dhalbrook"><code>@dhalbrook</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4175">nodejs/undici#4175</a></li> <li>remove spurious only by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4207">nodejs/undici#4207</a></li> <li>add node v24 workflow by <a href="https://github.com/tsctx"><code>@tsctx</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4206">nodejs/undici#4206</a></li> <li>Update WPT by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4172">nodejs/undici#4172</a></li> <li>chore: add <code>pnpm-lock.yaml</code> to <code>.gitignore</code> by <a href="https://github.com/styfle"><code>@styfle</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4227">nodejs/undici#4227</a></li> <li>fix: agent memory leak by <a href="https://github.com/styfle"><code>@styfle</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4223">nodejs/undici#4223</a></li> <li>Add ability to detect when MemoryCacheStore reaches max size by <a href="https://github.com/FelixVaughan"><code>@FelixVaughan</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4224">nodejs/undici#4224</a></li> <li>feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections by <a href="https://github.com/caitp"><code>@caitp</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4180">nodejs/undici#4180</a></li> <li>docs: correct example in FormData request by <a href="https://github.com/inyourtime"><code>@inyourtime</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4226">nodejs/undici#4226</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dhalbrook"><code>@dhalbrook</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4175">nodejs/undici#4175</a></li> <li><a href="https://github.com/caitp"><code>@caitp</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4180">nodejs/undici#4180</a></li> <li><a href="https://github.com/inyourtime"><code>@inyourtime</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4226">nodejs/undici#4226</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.9.0...v7.10.0">https://github.com/nodejs/undici/compare/v7.9.0...v7.10.0</a></p> <h2>v7.9.0</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump step-security/harden-runner from 2.10.2 to 2.11.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4134">nodejs/undici#4134</a></li> <li>Update WPT by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4155">nodejs/undici#4155</a></li> <li>Update WPT by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4170">nodejs/undici#4170</a></li> <li>feat: add new <code>acceptNonStandardSearchParameters</code> MockAgent option by <a href="https://github.com/dario-piotrowicz"><code>@dario-piotrowicz</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4148">nodejs/undici#4148</a></li> <li>fix: cache: treat cache-control request header case-insensitively by <a href="https://github.com/alxndrsn"><code>@alxndrsn</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4131">nodejs/undici#4131</a></li> <li>cache: honour unqualified no-cache response directive by <a href="https://github.com/alxndrsn"><code>@alxndrsn</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4178">nodejs/undici#4178</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4079">nodejs/undici#4079</a></li> <li>Ensure conflicting flat headers in HTTP/2 are combined correctly by <a href="https://github.com/pimterry"><code>@pimterry</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4196">nodejs/undici#4196</a></li> <li>Add stats of client and pool to be accessible through agent by <a href="https://github.com/tdeekens"><code>@tdeekens</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4157">nodejs/undici#4157</a></li> <li>Fix missing code in diagnostics example by <a href="https://github.com/islandryu"><code>@islandryu</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4195">nodejs/undici#4195</a></li> <li>Doc cors spec compliance by <a href="https://github.com/FelixVaughan"><code>@FelixVaughan</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4202">nodejs/undici#4202</a></li> <li>Restore cache tests & fix max-age behavior by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4198">nodejs/undici#4198</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tdeekens"><code>@tdeekens</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4157">nodejs/undici#4157</a></li> <li><a href="https://github.com/islandryu"><code>@islandryu</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4195">nodejs/undici#4195</a></li> <li><a href="https://github.com/FelixVaughan"><code>@FelixVaughan</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4202">nodejs/undici#4202</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.8.0...v7.9.0">https://github.com/nodejs/undici/compare/v7.8.0...v7.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/5ad89981bfa528cde5107277beba2f96b3f789d6"><code>5ad8998</code></a> Bumped v7.10.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4231">#4231</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/9e0cfcb81072cdead8a42b83a573952c1490b868"><code>9e0cfcb</code></a> docs: correct example in FormData request (<a href="https://redirect.github.com/nodejs/undici/issues/4226">#4226</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/95fd9d3feebcdede11a4e6b66f57aac34abf482f"><code>95fd9d3</code></a> feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (<a href="https://redirect.github.com/nodejs/undici/issues/4180">#4180</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/a8d280c68d19a00e312982cb67ce8f5722e8479c"><code>a8d280c</code></a> Add ability to detect when MemoryCacheStore reaches max size (<a href="https://redirect.github.com/nodejs/undici/issues/4224">#4224</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/59940c8b330bbe282735fb1ddc820fb991c24ef3"><code>59940c8</code></a> fix: agent memory leak (<a href="https://redirect.github.com/nodejs/undici/issues/4223">#4223</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/1262f6121e870c5ffd3eb55202635ad5068077dc"><code>1262f61</code></a> Revert "chore: update WPT (<a href="https://redirect.github.com/nodejs/undici/issues/4172">#4172</a>)"</li> <li><a href="https://github.com/nodejs/undici/commit/d6deb77a4939d954e0fcaea5d55a0d74723c9fc3"><code>d6deb77</code></a> chore: add <code>pnpm-lock.yaml</code> to <code>.gitignore</code> (<a href="https://redirect.github.com/nodejs/undici/issues/4227">#4227</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/dcf82a729c34430188b9dec3ca3add7c0186ec24"><code>dcf82a7</code></a> chore: update WPT (<a href="https://redirect.github.com/nodejs/undici/issues/4172">#4172</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/2ed2a8a1393b0da3215997e9941ec3a92a93f3d0"><code>2ed2a8a</code></a> add node v24 workflow (<a href="https://redirect.github.com/nodejs/undici/issues/4206">#4206</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/bf4c1999b3250f1382a6abf8a7ebd1611cc32ebc"><code>bf4c199</code></a> remove spurious only (<a href="https://redirect.github.com/nodejs/undici/issues/4207">#4207</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v7.8.0...v7.10.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
semantic-release-bot
|
def152b8a7 |
build(release): 2.1.2 [skip ci]
## [2.1.2](https://github.com/actions/create-github-app-token/compare/v2.1.1...v2.1.2) (2025-09-12)
### Bug Fixes
* **deps:** bump @octokit/request from 9.2.3 to 10.0.2 ([#256](https://github.com/actions/create-github-app-token/issues/256)) ([
v2.1.2
|
||
|
dependabot[bot]
|
5d7307be63 |
fix(deps): bump @octokit/request from 9.2.3 to 10.0.2 (#256)
Bumps [@octokit/request](https://github.com/octokit/request.js) from 9.2.3 to 10.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/request.js/releases"><code>@octokit/request</code>'s releases</a>.</em></p> <blockquote> <h2>v10.0.2</h2> <h2><a href="https://github.com/octokit/request.js/compare/v10.0.1...v10.0.2">10.0.2</a> (2025-05-20)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update octokit monorepo (major) (<a href="https://redirect.github.com/octokit/request.js/issues/759">#759</a>) (<a href="https://github.com/octokit/request.js/commit/fe8bb4b455bc7e28232d594bc8445da6fce72e8a">fe8bb4b</a>), closes <a href="https://redirect.github.com/octokit/request.js/issues/728">#728</a> <a href="https://redirect.github.com/octokit/request.js/issues/760">#760</a></li> </ul> <h2>v10.0.1</h2> <h2><a href="https://github.com/octokit/request.js/compare/v10.0.0...v10.0.1">10.0.1</a> (2025-05-20)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency fast-content-type-parse to v3 (<a href="https://redirect.github.com/octokit/request.js/issues/747">#747</a>) (<a href="https://github.com/octokit/request.js/commit/8cf6d8449991cc143dbe70dfb5e329bb63068612">8cf6d84</a>)</li> </ul> <h2>v10.0.0</h2> <h1><a href="https://github.com/octokit/request.js/compare/v9.2.3...v10.0.0">10.0.0</a> (2025-05-20)</h1> <h3>Continuous Integration</h3> <ul> <li>stop testing against NodeJS v18 (<a href="https://redirect.github.com/octokit/request.js/issues/756">#756</a>) (<a href="https://github.com/octokit/request.js/commit/1eefea8828a0c5dead985da9c0bc9592cd700765">1eefea8</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li> <p>Drop support for NodeJS v18</p> </li> <li> <p>build: set minimal node version in build script to v20</p> </li> <li> <p>ci: stop testing against NodeJS v18</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/request.js/commit/fe8bb4b455bc7e28232d594bc8445da6fce72e8a"><code>fe8bb4b</code></a> fix(deps): update octokit monorepo (major) (<a href="https://redirect.github.com/octokit/request.js/issues/759">#759</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/a4c1f27cb163b57f9d2c3e0ba5115c2cce37d3c3"><code>a4c1f27</code></a> chore(deps): update dependency undici to v7 (<a href="https://redirect.github.com/octokit/request.js/issues/761">#761</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/8cf6d8449991cc143dbe70dfb5e329bb63068612"><code>8cf6d84</code></a> fix(deps): update dependency fast-content-type-parse to v3 (<a href="https://redirect.github.com/octokit/request.js/issues/747">#747</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/1eefea8828a0c5dead985da9c0bc9592cd700765"><code>1eefea8</code></a> ci: stop testing against NodeJS v18 (<a href="https://redirect.github.com/octokit/request.js/issues/756">#756</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/b73d9210afa8c22a964f4bb93feca12bf40b7094"><code>b73d921</code></a> chore(deps): update dependency undici to v6.21.2 [security] (<a href="https://redirect.github.com/octokit/request.js/issues/758">#758</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/9820bbed1c49c7454161a5684d14d1d398763dc0"><code>9820bbe</code></a> build(deps): bump vite from 6.2.6 to 6.3.4 (<a href="https://redirect.github.com/octokit/request.js/issues/755">#755</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/6150627dbd99260ed8a4818d1e50e2155fd0b33c"><code>6150627</code></a> ci: replace <code>OCTOKITBOT_PROJECT_ACTION_TOKEN</code> and <code>OCTOKITBOT_PAT</code> with a tok...</li> <li><a href="https://github.com/octokit/request.js/commit/bcd76d77e4930edda21cdf8e95c2d57a5b0529db"><code>bcd76d7</code></a> build(deps): bump vite from 6.2.5 to 6.2.6 (<a href="https://redirect.github.com/octokit/request.js/issues/754">#754</a>)</li> <li>See full diff in <a href="https://github.com/octokit/request.js/compare/v9.2.3...v10.0.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @parkerbxyz. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
dependabot[bot]
|
525760a53f |
build(deps): bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 (#260)
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.2.0 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>Fixed</h2> <ul> <li>Disable Check if Repo is in Detached State (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379">#379</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2>v6.0.0</h2> <h2>Added</h2> <ul> <li>Throw error early if repository is in a detached state (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357">#357</a>)</li> </ul> <h2>Fixed</h2> <ul> <li>Fix PAT instructions with Dependabot (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376">#376</a>) <a href="https://github.com/@Dreamsorcerer"><code>@Dreamsorcerer</code></a></li> </ul> <h2>Removed</h2> <ul> <li>Remove support for <code>create_branch</code>, <code>skip_checkout</code>, <code>skip_Fetch</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314">#314</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...HEAD">Unreleased</a></h2> <blockquote> <p>TBD</p> </blockquote> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.0...v6.0.1">v6.0.1</a> - 2025-06-11</h2> <h3>Fixed</h3> <ul> <li>Disable Check if Repo is in Detached State (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379">#379</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...v6.0.0">v6.0.0</a> - 2025-06-10</h2> <h3>Added</h3> <ul> <li>Throw error early if repository is in a detached state (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357">#357</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix PAT instructions with Dependabot (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376">#376</a>) <a href="https://github.com/@Dreamsorcerer"><code>@Dreamsorcerer</code></a></li> </ul> <h3>Removed</h3> <ul> <li>Remove support for <code>create_branch</code>, <code>skip_checkout</code>, <code>skip_Fetch</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314">#314</a>)</li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.1.0...v5.2.0">v5.2.0</a> - 2025-04-19</h2> <h3>Added</h3> <ul> <li>Add <code>create_git_tag_only</code> option to skip commiting and always create a git-tag. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364">#364</a>) <a href="https://github.com/@zMynxx"><code>@zMynxx</code></a></li> <li>Add Test for <code>create_git_tag_only</code> feature (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367">#367</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>docs: Update README.md per <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354">#354</a> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361">#361</a>) <a href="https://github.com/@rasa"><code>@rasa</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.1...v5.1.0">v5.1.0</a> - 2025-01-11</h2> <h3>Changed</h3> <ul> <li>Include <code>github.actor_id</code> in default <code>commit_author</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/354">#354</a>) <a href="https://github.com/@parkerbxyz"><code>@parkerbxyz</code></a></li> </ul> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/778341af668090896ca464160c2def5d1d1a3eb0"><code>778341a</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/379">#379</a> from stefanzweifel/disable-detached-state-check</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/33b203d92a47ab2370a88ce03d9825cdb52cc98c"><code>33b203d</code></a> Disable Check if Repo is in Detached State</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/a82d80a75f85e7feb8d2777704c545af1c7affd9"><code>a82d80a</code></a> Update CHANGELOG</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/3cc016cfc892e0844046da36fc68da4e525e081f"><code>3cc016c</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/375">#375</a> from stefanzweifel/v6-next</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/ddb7ae415961225797e0234a7018a30ba1e66bb3"><code>ddb7ae4</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/376">#376</a> from Dreamsorcerer/patch-1</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/b001e5f0ff05d7297c0101f4b44e861799e417dd"><code>b001e5f</code></a> Apply suggestions from code review</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/6494dc61d3e663a9f5166a099d9736ceefc5a3aa"><code>6494dc6</code></a> Fix PAT instructions with Dependabot</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/76180511d9f2354bb712ec6338ce79d4f2061bfe"><code>7618051</code></a> Add deprecated inputs to fix unbound variable issue</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/ae114628ea78fd141aa4fa7730f70c984b29c391"><code>ae11462</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/371">#371</a> from stefanzweifel/dependabot/npm_and_yarn/bats-1.12.0</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/3058f91afb4f03b73d38f33c35023fb22cf546b8"><code>3058f91</code></a> Bump bats from 1.11.1 to 1.12.0</li> <li>Additional commits viewable in <a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/b863ae1933cb653a53c021fe36dbb774e1fb9403...778341af668090896ca464160c2def5d1d1a3eb0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Parker Brown
|
8ab05a8a84 |
Add beta branch support for releases (#282)
Updated release workflow and semantic-release config to include the beta branch and pattern-matched branches for release automation. The beta branch is now marked as a prerelease. |
||
|
dependabot[bot]
|
d00315e88c | build(deps): bump actions/checkout from 4 to 5 (#279) | ||
|
dependabot[bot]
|
fcc6c288e5 | build(deps-dev): bump dotenv from 16.5.0 to 17.2.1 (#269) | ||
|
dependabot[bot]
|
49bb2edce3 | build(deps-dev): bump the development-dependencies group across 1 directory with 3 updates (#272) | ||
|
semantic-release-bot
|
a8d6161485 |
build(release): 2.1.1 [skip ci]
## [2.1.1](https://github.com/actions/create-github-app-token/compare/v2.1.0...v2.1.1) (2025-08-11)
### Bug Fixes
* revert "use `node24` as runner" ([#278](https://github.com/actions/create-github-app-token/issues/278)) ([
v2.1.1
|
||
|
Parker Brown
|
5204204e81 |
fix: revert "use node24 as runner" (#278)
Reverts actions/create-github-app-token#267 and fixes https://github.com/actions/create-github-app-token/issues/274. |
||
|
semantic-release-bot
|
0f859bf9e6 |
build(release): 2.1.0 [skip ci]
# [2.1.0](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.0) (2025-08-08)
### Features
* use `node24` as runner ([#267](https://github.com/actions/create-github-app-token/issues/267)) ([
v2.1.0
|
||
|
Salman Chishti
|
a1cbe0fa3c |
feat: use node24 as runner (#267)
Upgrade to node 24 as runners have node 24 support: https://github.com/actions/runner/pull/3940 |
||
|
dependabot[bot]
|
d7ee281215 |
build(deps-dev): bump the development-dependencies group across 1 directory with 2 updates (#265)
Bumps the development-dependencies group with 2 updates in the / directory: [ava](https://github.com/avajs/ava) and [esbuild](https://github.com/evanw/esbuild). Updates `ava` from 6.3.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/avajs/ava/releases">ava's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <ul> <li>AVA is now tested with Node.js 24 (but no longer v23) <a href="https://redirect.github.com/avajs/ava/pull/3379">avajs/ava#3379</a></li> <li>We're now publishing to npm with <a href="https://www.npmjs.com/package/ava#provenance">provenance attestations</a> <a href="https://redirect.github.com/avajs/ava/pull/3385">avajs/ava#3385</a></li> </ul> <h3>Interactive watch mode filters</h3> <p><a href="https://github.com/mmulet"><code>@mmulet</code></a> did fantastic work to spearhead interactive watch mode filters. You can now filter test files by glob patterns, and tests by matching their titles. It's just like you already could from the CLI itself, but now without exiting AVA 🚀 <a href="https://redirect.github.com/avajs/ava/pull/3372">avajs/ava#3372</a></p> <p>As part of this work we've removed the "sticky" <code>.only()</code> behavior <a href="https://redirect.github.com/avajs/ava/pull/3381">avajs/ava#3381</a></p> <h3>Examples</h3> <p>We've been remiss in merging <a href="https://redirect.github.com/avajs/ava/pull/3335">avajs/ava#3335</a> which updates the examples to use AVA 6. It's done now, examples are up to date and it's all due to <a href="https://github.com/tommy-mitchell"><code>@tommy-mitchell</code></a> 👏</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mmulet"><code>@mmulet</code></a> made their first contribution in <a href="https://redirect.github.com/avajs/ava/pull/3372">avajs/ava#3372</a></li> <li><a href="https://github.com/kebbell"><code>@kebbell</code></a> made their first contribution in <a href="https://redirect.github.com/avajs/ava/pull/3348">avajs/ava#3348</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/avajs/ava/compare/v6.3.0...v6.4.0">https://github.com/avajs/ava/compare/v6.3.0...v6.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/avajs/ava/commit/372c241efbea3bcb790bc2cdcbc11b80d12bbdfd"><code>372c241</code></a> 6.4.0</li> <li><a href="https://github.com/avajs/ava/commit/05ead2812d5723104cb4bf45c040007c9f082ff4"><code>05ead28</code></a> Update release process & maintaining notes</li> <li><a href="https://github.com/avajs/ava/commit/859f3ff2eb72e08c1c254d87ed5ff967c718d900"><code>859f3ff</code></a> Update examples to use AVA 6</li> <li><a href="https://github.com/avajs/ava/commit/eb2b48d3985bbfb9a4649e31a6e449d7e8f9278e"><code>eb2b48d</code></a> Update XO & other dependencies</li> <li><a href="https://github.com/avajs/ava/commit/50e02d5cd64872f9cca7bb543e623a0da8c3acdb"><code>50e02d5</code></a> Remove compiler option override needed for TypeScript 4.x</li> <li><a href="https://github.com/avajs/ava/commit/57a3bbe8d43ea71ce67a2971a90844ae667a93ef"><code>57a3bbe</code></a> Implement file globbing and test matching within watch mode</li> <li><a href="https://github.com/avajs/ava/commit/29cb29accbf82ad8eca4b97544f357e813708853"><code>29cb29a</code></a> Remove special .only() behavior in watch mode</li> <li><a href="https://github.com/avajs/ava/commit/36934b2371889735c8a9209fb41f63574b44e66f"><code>36934b2</code></a> Fix error handling in watcher tests</li> <li><a href="https://github.com/avajs/ava/commit/31a1262e6c5c1b1514453b7a90a6b871e444e50f"><code>31a1262</code></a> Test with Node.js 24, remove v23 test runs</li> <li><a href="https://github.com/avajs/ava/commit/a6f42ea472cfbe7047a0fb89ab0cd728b4e04ae1"><code>a6f42ea</code></a> Upgrade <code>@ava/test</code> to 6.3.0</li> <li>See full diff in <a href="https://github.com/avajs/ava/compare/v6.3.0...v6.4.0">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.25.5 to 0.25.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.25.6</h2> <ul> <li> <p>Fix a memory leak when <code>cancel()</code> is used on a build context (<a href="https://redirect.github.com/evanw/esbuild/issues/4231">#4231</a>)</p> <p>Calling <code>rebuild()</code> followed by <code>cancel()</code> in rapid succession could previously leak memory. The bundler uses a producer/consumer model internally, and the resource leak was caused by the consumer being termianted while there were still remaining unreceived results from a producer. To avoid the leak, the consumer now waits for all producers to finish before terminating.</p> </li> <li> <p>Support empty <code>:is()</code> and <code>:where()</code> syntax in CSS (<a href="https://redirect.github.com/evanw/esbuild/issues/4232">#4232</a>)</p> <p>Previously using these selectors with esbuild would generate a warning. That warning has been removed in this release for these cases.</p> </li> <li> <p>Improve tree-shaking of <code>try</code> statements in dead code (<a href="https://redirect.github.com/evanw/esbuild/issues/4224">#4224</a>)</p> <p>With this release, esbuild will now remove certain <code>try</code> statements if esbuild considers them to be within dead code (i.e. code that is known to not ever be evaluated). For example:</p> <pre lang="js"><code>// Original code return 'foo' try { return 'bar' } catch {} <p>// Old output (with --minify) return"foo";try{return"bar"}catch{}</p> <p>// New output (with --minify) return"foo"; </code></pre></p> </li> <li> <p>Consider negated bigints to have no side effects</p> <p>While esbuild currently considers <code>1</code>, <code>-1</code>, and <code>1n</code> to all have no side effects, it didn't previously consider <code>-1n</code> to have no side effects. This is because esbuild does constant folding with numbers but not bigints. However, it meant that unused negative bigint constants were not tree-shaken. With this release, esbuild will now consider these expressions to also be side-effect free:</p> <pre lang="js"><code>// Original code let a = 1, b = -1, c = 1n, d = -1n <p>// Old output (with --bundle --minify) (()=>{var n=-1n;})();</p> <p>// New output (with --bundle --minify) (()=>{})(); </code></pre></p> </li> <li> <p>Support a configurable delay in watch mode before rebuilding (<a href="https://redirect.github.com/evanw/esbuild/issues/3476">#3476</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/4178">#4178</a>)</p> <p>The <code>watch()</code> API now takes a <code>delay</code> option that lets you add a delay (in milliseconds) before rebuilding when a change is detected in watch mode. If you use a tool that regenerates multiple source files very slowly, this should make it more likely that esbuild's watch mode won't generate a broken intermediate build before the successful final build. This option is also available via the CLI using the <code>--watch-delay=</code> flag.</p> <p>This should also help avoid confusion about the <code>watch()</code> API's options argument. It was previously empty to allow for future API expansion, which caused some people to think that the documentation was missing. It's no longer empty now that the <code>watch()</code> API has an option.</p> </li> <li> <p>Allow mixed array for <code>entryPoints</code> API option (<a href="https://redirect.github.com/evanw/esbuild/issues/4223">#4223</a>)</p> <p>The TypeScript type definitions now allow you to pass a mixed array of both string literals and object literals to the <code>entryPoints</code> API option, such as <code>['foo.js', { out: 'lib', in: 'bar.js' }]</code>. This was always possible to do in JavaScript but the TypeScript type definitions were previously too restrictive.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.25.6</h2> <ul> <li> <p>Fix a memory leak when <code>cancel()</code> is used on a build context (<a href="https://redirect.github.com/evanw/esbuild/issues/4231">#4231</a>)</p> <p>Calling <code>rebuild()</code> followed by <code>cancel()</code> in rapid succession could previously leak memory. The bundler uses a producer/consumer model internally, and the resource leak was caused by the consumer being termianted while there were still remaining unreceived results from a producer. To avoid the leak, the consumer now waits for all producers to finish before terminating.</p> </li> <li> <p>Support empty <code>:is()</code> and <code>:where()</code> syntax in CSS (<a href="https://redirect.github.com/evanw/esbuild/issues/4232">#4232</a>)</p> <p>Previously using these selectors with esbuild would generate a warning. That warning has been removed in this release for these cases.</p> </li> <li> <p>Improve tree-shaking of <code>try</code> statements in dead code (<a href="https://redirect.github.com/evanw/esbuild/issues/4224">#4224</a>)</p> <p>With this release, esbuild will now remove certain <code>try</code> statements if esbuild considers them to be within dead code (i.e. code that is known to not ever be evaluated). For example:</p> <pre lang="js"><code>// Original code return 'foo' try { return 'bar' } catch {} <p>// Old output (with --minify) return"foo";try{return"bar"}catch{}</p> <p>// New output (with --minify) return"foo"; </code></pre></p> </li> <li> <p>Consider negated bigints to have no side effects</p> <p>While esbuild currently considers <code>1</code>, <code>-1</code>, and <code>1n</code> to all have no side effects, it didn't previously consider <code>-1n</code> to have no side effects. This is because esbuild does constant folding with numbers but not bigints. However, it meant that unused negative bigint constants were not tree-shaken. With this release, esbuild will now consider these expressions to also be side-effect free:</p> <pre lang="js"><code>// Original code let a = 1, b = -1, c = 1n, d = -1n <p>// Old output (with --bundle --minify) (()=>{var n=-1n;})();</p> <p>// New output (with --bundle --minify) (()=>{})(); </code></pre></p> </li> <li> <p>Support a configurable delay in watch mode before rebuilding (<a href="https://redirect.github.com/evanw/esbuild/issues/3476">#3476</a>, <a href="https://redirect.github.com/evanw/esbuild/issues/4178">#4178</a>)</p> <p>The <code>watch()</code> API now takes a <code>delay</code> option that lets you add a delay (in milliseconds) before rebuilding when a change is detected in watch mode. If you use a tool that regenerates multiple source files very slowly, this should make it more likely that esbuild's watch mode won't generate a broken intermediate build before the successful final build. This option is also available via the CLI using the <code>--watch-delay=</code> flag.</p> <p>This should also help avoid confusion about the <code>watch()</code> API's options argument. It was previously empty to allow for future API expansion, which caused some people to think that the documentation was missing. It's no longer empty now that the <code>watch()</code> API has an option.</p> </li> <li> <p>Allow mixed array for <code>entryPoints</code> API option (<a href="https://redirect.github.com/evanw/esbuild/issues/4223">#4223</a>)</p> <p>The TypeScript type definitions now allow you to pass a mixed array of both string literals and object literals to the <code>entryPoints</code> API option, such as <code>['foo.js', { out: 'lib', in: 'bar.js' }]</code>. This was always possible to do in JavaScript but the TypeScript type definitions were previously too restrictive.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/d38c1f0bc580b4a8a93f23559d0cd9085d7ba31f"><code>d38c1f0</code></a> publish 0.25.6 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/11e547e2c7b4238a626c1fd10759e058c8477daa"><code>11e547e</code></a> missing <code>)</code> in release notes</li> <li><a href="https://github.com/evanw/esbuild/commit/cc8ac0a5f49589d9a0698728106ffa43d51aa1b3"><code>cc8ac0a</code></a> fix trailing comment whitespace</li> <li><a href="https://github.com/evanw/esbuild/commit/1e3fb57adcbd51b35712ea53e215f5368a8cd708"><code>1e3fb57</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4178">#4178</a>: add the <code>--watch-delay=</code> option</li> <li><a href="https://github.com/evanw/esbuild/commit/c1f5f18e8308be3eaf064c0d059bfee00cc628e7"><code>c1f5f18</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4209">#4209</a>: disable binary executable optimization on WASM platform (<a href="https://redirect.github.com/evanw/esbuild/issues/4210">#4210</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/3ed5ecce847ace6f016290d10fbae9359b0351d3"><code>3ed5ecc</code></a> fix incorrect locations in <code>CHANGELOG.md</code></li> <li><a href="https://github.com/evanw/esbuild/commit/248089c1a8398a219720e8ef5601d2b7001c64d4"><code>248089c</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4224">#4224</a>: allow <code>try</code> statements to become dead</li> <li><a href="https://github.com/evanw/esbuild/commit/42f159cb52e1d7de826b5b52f307c45b587a5646"><code>42f159c</code></a> openharmony: keep makefile targets sorted</li> <li><a href="https://github.com/evanw/esbuild/commit/63256e12bedc47a7bd13d315e5c0712908f31a14"><code>63256e1</code></a> chore: fix some comments (<a href="https://redirect.github.com/evanw/esbuild/issues/4211">#4211</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/d803f72e64c900e6b007501c81b987832ffc3c81"><code>d803f72</code></a> add support for openharmony-arm64 platform (<a href="https://redirect.github.com/evanw/esbuild/issues/4212">#4212</a>)</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.25.5...v0.25.6">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
93c1f04d6f | build(deps-dev): bump the development-dependencies group with 4 updates (#255) | ||
|
Josh Gross
|
dff4b11d10 |
ci(test): set permissions in test workflow (#247)
- https://github.com/actions/create-github-app-token/security/code-scanning/13 - https://github.com/actions/create-github-app-token/security/code-scanning/14 This defines `permissions` on the `test.yml` workflow to align with our Actions security best-practices and ensure workflows only have the minimum required permissions. Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
Gregor Martynus
|
6d44c9fd24 |
docs(README): Client ID can be used as App ID (#251)
closes #136 --------- Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> |
||
|
semantic-release-bot
|
df432ceedc |
build(release): 2.0.6 [skip ci]
## [2.0.6](https://github.com/actions/create-github-app-token/compare/v2.0.5...v2.0.6) (2025-05-03)
### Bug Fixes
* replace `-` with `_` ([#246](https://github.com/actions/create-github-app-token/issues/246)) ([
v2.0.6
|
||
|
Omochice
|
333678481b |
fix: replace - with _ (#246)
|
||
|
semantic-release-bot
|
db3cdf4098 |
build(release): 2.0.5 [skip ci]
## [2.0.5](https://github.com/actions/create-github-app-token/compare/v2.0.4...v2.0.5) (2025-05-02)
### Bug Fixes
* **deps:** bump the production-dependencies group with 3 updates ([#240](https://github.com/actions/create-github-app-token/issues/240)) ([
v2.0.5
|
||
|
dependabot[bot]
|
d64d7d7355 |
fix(deps): bump the production-dependencies group with 3 updates (#240)
Bumps the production-dependencies group with 3 updates: [@octokit/auth-app](https://github.com/octokit/auth-app.js), [@octokit/request](https://github.com/octokit/request.js) and [undici](https://github.com/nodejs/undici). Updates `@octokit/auth-app` from 7.2.0 to 7.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/auth-app.js/releases"><code>@octokit/auth-app</code>'s releases</a>.</em></p> <blockquote> <h2>v7.2.1</h2> <h2><a href="https://github.com/octokit/auth-app.js/compare/v7.2.0...v7.2.1">7.2.1</a> (2025-04-10)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency <code>@octokit/types</code> to v14 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/694">#694</a>) (<a href="https://github.com/octokit/auth-app.js/commit/9c2e7141542188905b55bbb9195bae62bd52e40a">9c2e714</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/auth-app.js/commit/9c2e7141542188905b55bbb9195bae62bd52e40a"><code>9c2e714</code></a> fix(deps): update dependency <code>@octokit/types</code> to v14 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/694">#694</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/834b994238c29c7758c07487e9a6e7e97cc713f1"><code>834b994</code></a> build(deps-dev): bump vite from 6.2.2 to 6.2.5 (<a href="https://redirect.github.com/octokit/auth-app.js/issues/693">#693</a>)</li> <li><a href="https://github.com/octokit/auth-app.js/commit/04a0ad40fb974062384f38770267c610138d8959"><code>04a0ad4</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/auth-app.js/issues/690">#690</a>)</li> <li>See full diff in <a href="https://github.com/octokit/auth-app.js/compare/v7.2.0...v7.2.1">compare view</a></li> </ul> </details> <br /> Updates `@octokit/request` from 9.2.2 to 9.2.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/request.js/releases"><code>@octokit/request</code>'s releases</a>.</em></p> <blockquote> <h2>v9.2.3</h2> <h2><a href="https://github.com/octokit/request.js/compare/v9.2.2...v9.2.3">9.2.3</a> (2025-04-10)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency <code>@octokit/types</code> to v14 (<a href="https://redirect.github.com/octokit/request.js/issues/753">#753</a>) (<a href="https://github.com/octokit/request.js/commit/7d576b003aa8cb2bb73928181d29e599db7ac887">7d576b0</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/request.js/commit/7d576b003aa8cb2bb73928181d29e599db7ac887"><code>7d576b0</code></a> fix(deps): update dependency <code>@octokit/types</code> to v14 (<a href="https://redirect.github.com/octokit/request.js/issues/753">#753</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/c9bfc379fdd7c99bb455bcdd46d9ace779591ffc"><code>c9bfc37</code></a> build(deps): bump vite from 6.1.0 to 6.2.5 (<a href="https://redirect.github.com/octokit/request.js/issues/750">#750</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/f7b961620bba33a1218cb1521f1acd4ca85701d7"><code>f7b9616</code></a> ci(prettier): use Node LTS instead of Node 16 (<a href="https://redirect.github.com/octokit/request.js/issues/748">#748</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/195584720227244a93fb1b49767f3538ebd22e54"><code>1955847</code></a> chore(deps): update dependency prettier to v3.5.3 (<a href="https://redirect.github.com/octokit/request.js/issues/745">#745</a>)</li> <li><a href="https://github.com/octokit/request.js/commit/b71107bc5057222d6e7cf7cefdc3de0d1b6d52f0"><code>b71107b</code></a> chore(deps): update dependency semantic-release-plugin-update-version-in-file...</li> <li><a href="https://github.com/octokit/request.js/commit/c8559437d1efb15845ce67414e87cd0c41cf55b6"><code>c855943</code></a> chore(deps): update dependency prettier to v3.5.2 (<a href="https://redirect.github.com/octokit/request.js/issues/743">#743</a>)</li> <li>See full diff in <a href="https://github.com/octokit/request.js/compare/v9.2.2...v9.2.3">compare view</a></li> </ul> </details> <br /> Updates `undici` from 7.7.0 to 7.8.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v7.8.0</h2> <h2>What's Changed</h2> <ul> <li>cache: more efficient sqlite indices by <a href="https://github.com/ronag"><code>@ronag</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4142">nodejs/undici#4142</a></li> <li>skip now failing wpts by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4145">nodejs/undici#4145</a></li> <li>apply some sqlite pragma optimizations by <a href="https://github.com/ronag"><code>@ronag</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4147">nodejs/undici#4147</a></li> <li>types(websocket): Import from stream/web by <a href="https://github.com/Jiralite"><code>@Jiralite</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4038">nodejs/undici#4038</a></li> <li>cache: don't check size if not necessary by <a href="https://github.com/ronag"><code>@ronag</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4140">nodejs/undici#4140</a></li> <li>docs: fix inteceptors typo by <a href="https://github.com/dario-piotrowicz"><code>@dario-piotrowicz</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4151">nodejs/undici#4151</a></li> <li>Update WPT by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4141">nodejs/undici#4141</a></li> <li>build(deps-dev): bump esbuild from 0.24.2 to 0.25.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/4130">nodejs/undici#4130</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jiralite"><code>@Jiralite</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4038">nodejs/undici#4038</a></li> <li><a href="https://github.com/dario-piotrowicz"><code>@dario-piotrowicz</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/4151">nodejs/undici#4151</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v7.7.0...v7.8.0">https://github.com/nodejs/undici/compare/v7.7.0...v7.8.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/6ea61af38a4ff43bbd7ddab129ca39b394c6a20e"><code>6ea61af</code></a> Bumped v7.8.0 (<a href="https://redirect.github.com/nodejs/undici/issues/4154">#4154</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/c29be3b62702642d2ab505502e740d3212ed4b25"><code>c29be3b</code></a> build(deps-dev): bump esbuild from 0.24.2 to 0.25.2 (<a href="https://redirect.github.com/nodejs/undici/issues/4130">#4130</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/a113b903447f7910aafdff1ab8c982ab98ef25a6"><code>a113b90</code></a> chore: update WPT (<a href="https://redirect.github.com/nodejs/undici/issues/4141">#4141</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/9dd11b8c61c95efd5459f375a196a117184230fa"><code>9dd11b8</code></a> docs: fix inteceptors typo (<a href="https://redirect.github.com/nodejs/undici/issues/4151">#4151</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/03c497c565db265145e2584f9803eeb7cf77d62f"><code>03c497c</code></a> cache: don't check size if not necessary (<a href="https://redirect.github.com/nodejs/undici/issues/4140">#4140</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/d2be897cc1d1109bf654148d415b3cceecd96fa9"><code>d2be897</code></a> types(websocket): Import from stream/web (<a href="https://redirect.github.com/nodejs/undici/issues/4038">#4038</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/c8acc814eddecddac2a6e549018598df47e7f4fa"><code>c8acc81</code></a> apply some sqlite pragma optimizations (<a href="https://redirect.github.com/nodejs/undici/issues/4147">#4147</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/e0058a72403a2c25c516ffc6b5bc025a70b6d0f0"><code>e0058a7</code></a> skip now failing tests (<a href="https://redirect.github.com/nodejs/undici/issues/4145">#4145</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/8a5de7cdad14cee517335c89439c0424bce953df"><code>8a5de7c</code></a> cache: more efficient sqlite indices (<a href="https://redirect.github.com/nodejs/undici/issues/4142">#4142</a>)</li> <li>See full diff in <a href="https://github.com/nodejs/undici/compare/v7.7.0...v7.8.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
1b6f53e48e |
build(deps-dev): bump the development-dependencies group across 1 directory with 3 updates (#244)
Bumps the development-dependencies group with 3 updates in the / directory: [ava](https://github.com/avajs/ava), [dotenv](https://github.com/motdotla/dotenv) and [esbuild](https://github.com/evanw/esbuild). Updates `ava` from 6.2.0 to 6.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/avajs/ava/releases">ava's releases</a>.</em></p> <blockquote> <h2>v6.3.0</h2> <h2>What's Changed</h2> <ul> <li>Update dependencies, addressing <code>npm audit</code> warnings by <a href="https://github.com/novemberborn"><code>@novemberborn</code></a> in <a href="https://redirect.github.com/avajs/ava/pull/3377">avajs/ava#3377</a></li> <li>Do not count writes to stdout/stderr as non-idling activity for timeouts by <a href="https://github.com/mdouglass"><code>@mdouglass</code></a> in <a href="https://redirect.github.com/avajs/ava/pull/3374">avajs/ava#3374</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mdouglass"><code>@mdouglass</code></a> made their first contribution in <a href="https://redirect.github.com/avajs/ava/pull/3374">avajs/ava#3374</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/avajs/ava/compare/v6.2.0...v6.3.0">https://github.com/avajs/ava/compare/v6.2.0...v6.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/avajs/ava/commit/ca4240db7f81f67a540f9e20c4c1375110dbe598"><code>ca4240d</code></a> 6.3.0</li> <li><a href="https://github.com/avajs/ava/commit/f243cab3b3c2dc7d7b882121fe9ce4a54ec882f2"><code>f243cab</code></a> Do not count writes to stdout/stderr as non-idling activity for timeouts</li> <li><a href="https://github.com/avajs/ava/commit/4abb780b5baad1ccbeb9f57de03ce06a75a68c17"><code>4abb780</code></a> Update dependencies</li> <li>See full diff in <a href="https://github.com/avajs/ava/compare/v6.2.0...v6.3.0">compare view</a></li> </ul> </details> <br /> Updates `dotenv` from 16.4.7 to 16.5.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0">16.5.0</a> (2025-04-07)</h2> <h3>Added</h3> <ul> <li>🎉 Added new sponsor <a href="https://graphite.dev/?utm_source=github&utm_medium=repo&utm_campaign=dotenv">Graphite</a> - <em>the AI developer productivity platform helping teams on GitHub ship higher quality software, faster</em>.</li> </ul> <blockquote> <p>[!TIP] <strong><a href="https://github.com/sponsors/motdotla">Become a sponsor</a></strong></p> <p>The dotenvx README is viewed thousands of times DAILY on GitHub and NPM. Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.</p> </blockquote> <h3>Changed</h3> <ul> <li>Remove <code>_log</code> method. Use <code>_debug</code> <a href="https://redirect.github.com/motdotla/dotenv/pull/862">#862</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/motdotla/dotenv/commit/d39cc9a94ef80b534d02401ab99d17463e902385"><code>d39cc9a</code></a> 16.5.0</li> <li><a href="https://github.com/motdotla/dotenv/commit/2f4e407c73e66b822a96b6439b40ea94ced2409f"><code>2f4e407</code></a> Merge pull request <a href="https://redirect.github.com/motdotla/dotenv/issues/863">#863</a> from Fdawgs/patch-1</li> <li><a href="https://github.com/motdotla/dotenv/commit/a1eef11a7064dcdaf56d2bbdca1e58cfdcdcf5a4"><code>a1eef11</code></a> chore(package): add homepage url</li> <li><a href="https://github.com/motdotla/dotenv/commit/fb7e407892824b29817d02bc0ec911d00efe1dc2"><code>fb7e407</code></a> README update</li> <li><a href="https://github.com/motdotla/dotenv/commit/bf9113fad68ba352a02081ac1fada45f9e85e772"><code>bf9113f</code></a> README update</li> <li><a href="https://github.com/motdotla/dotenv/commit/9326f05f95cbac63f88da96a5b02852f789c9380"><code>9326f05</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/2e8da3018af610f18089c9246497b56943cdea6e"><code>2e8da30</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/3257b3adaf4f3a62346ed185869039325aa6e6db"><code>3257b3a</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/c0ca62c841fe36b2de8030d02533a1b80955abe8"><code>c0ca62c</code></a> changelog 🪵</li> <li><a href="https://github.com/motdotla/dotenv/commit/797c5e9d6e9359bfae2b26f5c4aca8890531f7dd"><code>797c5e9</code></a> changelog 🪵</li> <li>Additional commits viewable in <a href="https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0">compare view</a></li> </ul> </details> <br /> Updates `esbuild` from 0.25.2 to 0.25.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.25.3</h2> <ul> <li> <p>Fix lowered <code>async</code> arrow functions before <code>super()</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4141">#4141</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4142">#4142</a>)</p> <p>This change makes it possible to call an <code>async</code> arrow function in a constructor before calling <code>super()</code> when targeting environments without <code>async</code> support, as long as the function body doesn't reference <code>this</code>. Here's an example (notice the change from <code>this</code> to <code>null</code>):</p> <pre lang="js"><code>// Original code class Foo extends Object { constructor() { (async () => await foo())() super() } } <p>// Old output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(this, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }</p> <p>// New output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(null, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }<br /> </code></pre></p> <p>Some background: Arrow functions with the <code>async</code> keyword are transformed into generator functions for older language targets such as <code>--target=es2016</code>. Since arrow functions capture <code>this</code>, the generated code forwards <code>this</code> into the body of the generator function. However, JavaScript class syntax forbids using <code>this</code> in a constructor before calling <code>super()</code>, and this forwarding was problematic since previously happened even when the function body doesn't use <code>this</code>. Starting with this release, esbuild will now only forward <code>this</code> if it's used within the function body.</p> <p>This fix was contributed by <a href="https://github.com/magic-akari"><code>@magic-akari</code></a>.</p> </li> <li> <p>Fix memory leak with <code>--watch=true</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4131">#4131</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4132">#4132</a>)</p> <p>This release fixes a memory leak with esbuild when <code>--watch=true</code> is used instead of <code>--watch</code>. Previously using <code>--watch=true</code> caused esbuild to continue to use more and more memory for every rebuild, but <code>--watch=true</code> should now behave like <code>--watch</code> and not leak memory.</p> <p>This bug happened because esbuild disables the garbage collector when it's not run as a long-lived process for extra speed, but esbuild's checks for which arguments cause esbuild to be a long-lived process weren't updated for the new <code>--watch=true</code> style of boolean command-line flags. This has been an issue since this boolean flag syntax was added in version 0.14.24 in 2022. These checks are unfortunately separate from the regular argument parser because of how esbuild's internals are organized (the command-line interface is exposed as a separate <a href="https://pkg.go.dev/github.com/evanw/esbuild/pkg/cli">Go API</a> so you can build your own custom esbuild CLI).</p> <p>This fix was contributed by <a href="https://github.com/mxschmitt"><code>@mxschmitt</code></a>.</p> </li> <li> <p>More concise output for repeated legal comments (<a href="https://redirect.github.com/evanw/esbuild/issues/4139">#4139</a>)</p> <p>Some libraries have many files and also use the same legal comment text in all files. Previously esbuild would copy each legal comment to the output file. Starting with this release, legal comments duplicated across separate files will now be grouped in the output file by unique comment content.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.25.3</h2> <ul> <li> <p>Fix lowered <code>async</code> arrow functions before <code>super()</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4141">#4141</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4142">#4142</a>)</p> <p>This change makes it possible to call an <code>async</code> arrow function in a constructor before calling <code>super()</code> when targeting environments without <code>async</code> support, as long as the function body doesn't reference <code>this</code>. Here's an example (notice the change from <code>this</code> to <code>null</code>):</p> <pre lang="js"><code>// Original code class Foo extends Object { constructor() { (async () => await foo())() super() } } <p>// Old output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(this, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }</p> <p>// New output (with --target=es2016)<br /> class Foo extends Object {<br /> constructor() {<br /> (() => __async(null, null, function* () {<br /> return yield foo();<br /> }))();<br /> super();<br /> }<br /> }<br /> </code></pre></p> <p>Some background: Arrow functions with the <code>async</code> keyword are transformed into generator functions for older language targets such as <code>--target=es2016</code>. Since arrow functions capture <code>this</code>, the generated code forwards <code>this</code> into the body of the generator function. However, JavaScript class syntax forbids using <code>this</code> in a constructor before calling <code>super()</code>, and this forwarding was problematic since previously happened even when the function body doesn't use <code>this</code>. Starting with this release, esbuild will now only forward <code>this</code> if it's used within the function body.</p> <p>This fix was contributed by <a href="https://github.com/magic-akari"><code>@magic-akari</code></a>.</p> </li> <li> <p>Fix memory leak with <code>--watch=true</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4131">#4131</a>, <a href="https://redirect.github.com/evanw/esbuild/pull/4132">#4132</a>)</p> <p>This release fixes a memory leak with esbuild when <code>--watch=true</code> is used instead of <code>--watch</code>. Previously using <code>--watch=true</code> caused esbuild to continue to use more and more memory for every rebuild, but <code>--watch=true</code> should now behave like <code>--watch</code> and not leak memory.</p> <p>This bug happened because esbuild disables the garbage collector when it's not run as a long-lived process for extra speed, but esbuild's checks for which arguments cause esbuild to be a long-lived process weren't updated for the new <code>--watch=true</code> style of boolean command-line flags. This has been an issue since this boolean flag syntax was added in version 0.14.24 in 2022. These checks are unfortunately separate from the regular argument parser because of how esbuild's internals are organized (the command-line interface is exposed as a separate <a href="https://pkg.go.dev/github.com/evanw/esbuild/pkg/cli">Go API</a> so you can build your own custom esbuild CLI).</p> <p>This fix was contributed by <a href="https://github.com/mxschmitt"><code>@mxschmitt</code></a>.</p> </li> <li> <p>More concise output for repeated legal comments (<a href="https://redirect.github.com/evanw/esbuild/issues/4139">#4139</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/677910b073194b64d5ae01aefd7a7465bbf5b27b"><code>677910b</code></a> publish 0.25.3 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/a41040efdbd6464ee7c3c5590105b4a4ae5a03be"><code>a41040e</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4110">#4110</a>: support custom non-IP <code>host</code> values</li> <li><a href="https://github.com/evanw/esbuild/commit/dfe0e1c632396da248d2d175a24fb0a4fe2c79ef"><code>dfe0e1c</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4114">#4114</a>: add a limit to css nesting expansion</li> <li><a href="https://github.com/evanw/esbuild/commit/a54916b92c128aa0596a65bcbafcde1074acf63d"><code>a54916b</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4139">#4139</a>: deduplicate repeated legal comments</li> <li><a href="https://github.com/evanw/esbuild/commit/dc60e6025da48d13ad2d2cc9e21472738099ce20"><code>dc60e60</code></a> run <code>make update-compat-table</code></li> <li><a href="https://github.com/evanw/esbuild/commit/d917038c97b3e859183cfbe426c46928f54e261a"><code>d917038</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4144">#4144</a>: node path resolution edge case</li> <li><a href="https://github.com/evanw/esbuild/commit/7ed168403b7609f1e557feffb3922955c313070a"><code>7ed1684</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4141">#4141</a>: Avoid redundant <code>this</code> access during async function lowering (<a href="https://redirect.github.com/evanw/esbuild/issues/4142">#4142</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/edc3a2343859404d1ec76e9ed05d01f64d677709"><code>edc3a23</code></a> docs(dev): update alias command for <code>make test-go</code> (<a href="https://redirect.github.com/evanw/esbuild/issues/4113">#4113</a>)</li> <li><a href="https://github.com/evanw/esbuild/commit/1ee8b6717ecd473b7f0d872a811f38fcd7879d85"><code>1ee8b67</code></a> workaround <code>process.exit()</code> not exiting in node</li> <li><a href="https://github.com/evanw/esbuild/commit/5c56e0737c63e209b6679eb97c940081f4d47772"><code>5c56e07</code></a> changelog note with credit for the fix</li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.25.2...v0.25.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
061a84d5f5 |
build(deps-dev): bump @octokit/openapi from 18.2.0 to 19.0.0 (#242)
Bumps [@octokit/openapi](https://github.com/octokit/openapi) from 18.2.0 to 19.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/openapi/releases"><code>@octokit/openapi</code>'s releases</a>.</em></p> <blockquote> <h2>v19.0.0</h2> <h1><a href="https://github.com/octokit/openapi/compare/v18.2.0...v19.0.0">19.0.0</a> (2025-04-09)</h1> <h3>Features</h3> <ul> <li>new <code>/orgs/{org}/campaigns</code>, <code>/orgs/{org}/campaigns/{campaign_number}</code> endpoints, remove Copilot usage endpoints, description updates, remove GHES 3.12 (<a href="https://redirect.github.com/octokit/openapi/issues/491">#491</a>) (<a href="https://github.com/octokit/openapi/commit/709a8f01d55625236867dc02d452edb9545e0cf5">709a8f0</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>Drop GHES 3.12</li> <li>Remove Copilot usage endpoints</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/openapi/commit/709a8f01d55625236867dc02d452edb9545e0cf5"><code>709a8f0</code></a> feat: new <code>/orgs/{org}/campaigns</code>, <code>/orgs/{org}/campaigns/{campaign_number}</code> ...</li> <li><a href="https://github.com/octokit/openapi/commit/329c7ebe3749dc3e7f258df7abbad171a3228c71"><code>329c7eb</code></a> ci(action): update actions/create-github-app-token action to v2 (<a href="https://redirect.github.com/octokit/openapi/issues/490">#490</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/e2e9e6ede217eac96876c9165bc35a35411b51ee"><code>e2e9e6e</code></a> ci: replace <code>OCTOKITBOT_PROJECT_ACTION_TOKEN</code> and <code>OCTOKITBOT_PAT</code> with a tok...</li> <li><a href="https://github.com/octokit/openapi/commit/d59338c42c80d9dd122b7c589a49ba0e773fae8d"><code>d59338c</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/488">#488</a>)</li> <li>See full diff in <a href="https://github.com/octokit/openapi/compare/v18.2.0...v19.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
c8f34a61a8 |
build(deps): bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 in the github-actions group (#239)
Bumps the github-actions group with 1 update: [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action). Updates `stefanzweifel/git-auto-commit-action` from 5.1.0 to 5.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's releases</a>.</em></p> <blockquote> <h2>v5.2.0</h2> <h2>Added</h2> <ul> <li>Add <code>create_git_tag_only</code> option to skip commiting and always create a git-tag. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364">#364</a>) <a href="https://github.com/@zMynxx"><code>@zMynxx</code></a></li> <li>Add Test for <code>create_git_tag_only</code> feature (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367">#367</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>docs: Update README.md per <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354">#354</a> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361">#361</a>) <a href="https://github.com/@rasa"><code>@rasa</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...HEAD">Unreleased</a></h2> <blockquote> <p>TBD</p> </blockquote> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.1.0...v5.2.0">v5.2.0</a> - 2025-04-19</h2> <h3>Added</h3> <ul> <li>Add <code>create_git_tag_only</code> option to skip commiting and always create a git-tag. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364">#364</a>) <a href="https://github.com/@zMynxx"><code>@zMynxx</code></a></li> <li>Add Test for <code>create_git_tag_only</code> feature (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367">#367</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>docs: Update README.md per <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354">#354</a> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361">#361</a>) <a href="https://github.com/@rasa"><code>@rasa</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.1...v5.1.0">v5.1.0</a> - 2025-01-11</h2> <h3>Changed</h3> <ul> <li>Include <code>github.actor_id</code> in default <code>commit_author</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/354">#354</a>) <a href="https://github.com/@parkerbxyz"><code>@parkerbxyz</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>docs(README): fix broken protected branch docs link (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/346">#346</a>) <a href="https://github.com/@scarf005"><code>@scarf005</code></a></li> <li>Update README.md (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/343">#343</a>) <a href="https://github.com/@Kludex"><code>@Kludex</code></a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Bump bats from 1.11.0 to 1.11.1 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/353">#353</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump github/super-linter from 6 to 7 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/342">#342</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump github/super-linter from 5 to 6 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/335">#335</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.0...v5.0.1">v5.0.1</a> - 2024-04-12</h2> <h3>Fixed</h3> <ul> <li>Fail if attempting to execute git commands in a directory that is not a git-repo. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/326">#326</a>) <a href="https://github.com/@ccomendant"><code>@ccomendant</code></a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Bump bats from 1.10.0 to 1.11.0 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/325">#325</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump release-drafter/release-drafter from 5 to 6 (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/319">#319</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/b863ae1933cb653a53c021fe36dbb774e1fb9403"><code>b863ae1</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/367">#367</a> from stefanzweifel/stefanzweifel/git_tag_only_changes</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/adb37b5a29cc6a129145d9d032185cb98f85158c"><code>adb37b5</code></a> Update README</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/8480c68cbb7b1813d49aecb1164b935d6a72b726"><code>8480c68</code></a> Add Tests</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/4f8f3ad16ec3c524651ccc9ca4eb5f40cec44525"><code>4f8f3ad</code></a> Rename Input and add output</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/11a6e5f38f8fa069a6961f13d7e66aa4b78b62da"><code>11a6e5f</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/364">#364</a> from zmynx/master</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/35d037abf5810698ff3d047321be58dda3323986"><code>35d037a</code></a> Update README.md</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/bf425dc136587d034a8be6cec4b7fc67611d6e05"><code>bf425dc</code></a> Merge branch 'master' into master</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/cfd6ac4a3bab2e8adaa26e0374379af334adfc43"><code>cfd6ac4</code></a> Update git-auto-commit.bats</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/19379b46c9475e7b57e9a487de999197e859098a"><code>19379b4</code></a> Update git-auto-commit.bats</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/12e100dacb907a92e0dc82346eaf871f83e7847a"><code>12e100d</code></a> Update entrypoint.sh</li> <li>Additional commits viewable in <a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/e348103e9026cc0eee72ae06630dbe30c8bf7a79...b863ae1933cb653a53c021fe36dbb774e1fb9403">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
semantic-release-bot
|
4821f52fa7 |
build(release): 2.0.4 [skip ci]
## [2.0.4](https://github.com/actions/create-github-app-token/compare/v2.0.3...v2.0.4) (2025-05-02)
### Bug Fixes
* permission input handling ([#243](https://github.com/actions/create-github-app-token/issues/243)) ([
v2.0.4
|
||
|
Parker Brown
|
2950cbc446 |
fix: permission input handling (#243)
This pull request fixes the handling of permissions inputs. - Updated `getPermissionsFromInputs` in `lib/get-permissions-from-inputs.js` to use hyphens (`INPUT_PERMISSION-`) instead of underscores (`INPUT_PERMISSION_`) in input keys, added a check to skip empty values, and clarified behavior when no permissions are set. - Added a `shouldRetry` function to retry requests when server errors (HTTP status 500 or higher) occur in the `main` function in `lib/main.js` to prevent unnecessary retries. - Updated test cases in `tests/main-token-permissions-set.test.js` to match the new input key format with hyphens. - Added a default empty string for unset inputs (e.g., `INPUT_PERMISSION-ADMINISTRATION`) in `tests/main.js` to simulate the behavior of the Actions runner. - Updated snapshots in `tests/snapshots/index.js.md` to reflect the updated hyphenated input keys in permissions. --------- Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com> |
||
|
semantic-release-bot
|
30bf6253fa |
build(release): 2.0.3 [skip ci]
## [2.0.3](https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.0.3) (2025-05-01) ### Bug Fixes * **README:** use `v2` in examples ([#234](https://github.com/actions/create-github-app-token/issues/234)) ([v2.0.3 |
||
|
Yuta Kasai
|
c3c17c79cc |
fix: use core.getBooleanInput() to retrieve boolean input values (#223)
This PR switches from evaluating values passed to `skip-token-revoke` as true if they are truthy in JavaScript, to using `getBooleanInput`. This change ensures that only proper YAML boolean values are recognized, preventing unintended evaluations to true. - The definition of `getBooleanInput` is here: definition of `core#getBooealnInput` is here: https://github.com/actions/toolkit/blob/930c89072712a3aac52d74b23338f00bb0cfcb24/packages/core/src/core.ts#L188-L208 The documentation states, `"If truthy, the token will not be revoked when the current job is complete"`, so this change could be considered a breaking change. This means that if there are users who rely on `truthy` and expect values like whitespace or `"false"` to be evaluated as true (though this is likely rare), it would be a breaking change. - `Boolean(" ")` and `Boolean("false")` are both evaluated as true. Alternatively, it can simply be considered a fix. How to handle this is up to the maintainer. Resolves https://github.com/actions/create-github-app-token/issues/216 |
||
|
CarolMebiom
|
9ba274d954 |
fix(README): use v2 in examples (#234)
Fixes #232 |
||
|
nakatani-yo
|
a3c826a204 | docs: fix typo in CONTRIBUTING.md (#233) | ||
|
semantic-release-bot
|
3ff1caaa28 |
build(release): 2.0.2 [skip ci]
## [2.0.2](https://github.com/actions/create-github-app-token/compare/v2.0.1...v2.0.2) (2025-04-03)
### Bug Fixes
* improve log messages for token creation ([#226](https://github.com/actions/create-github-app-token/issues/226)) ([
v2.0.2
|
||
|
Parker Brown
|
eaef29498f |
fix: improve log messages for token creation (#226)
Updated log messages to provide clearer and more consistent information. |
||
|
semantic-release-bot
|
86e24964d6 |
build(release): 2.0.1 [skip ci]
## [2.0.1](https://github.com/actions/create-github-app-token/compare/v2.0.0...v2.0.1) (2025-04-03)
### Bug Fixes
* **deps:** bump the production-dependencies group across 1 directory with 2 updates ([#228](https://github.com/actions/create-github-app-token/issues/228)) ([
v2.0.1
|
||
|
dependabot[bot]
|
2411bfc792 |
fix(deps): bump the production-dependencies group across 1 directory with 2 updates (#228)
Bumps the production-dependencies group with 2 updates in the / directory: [@octokit/auth-app](https://github.com/octokit/auth-app.js) and [undici](https://github.com/nodejs/undici). |
||
|
dependabot[bot]
|
f17d09a7b5 |
build(deps-dev): bump the development-dependencies group with 3 updates (#225)
Bumps the development-dependencies group with 3 updates: [@octokit/openapi](https://github.com/octokit/openapi), [esbuild](https://github.com/evanw/esbuild), and [yaml](https://github.com/eemeli/yaml). |