build(release): 1.11.6 [skip ci]

## [1.11.6](https://github.com/actions/create-github-app-token/compare/v1.11.5...v1.11.6) (2025-03-03)

### Bug Fixes

* **deps:** bump the production-dependencies group with 2 updates ([#210](https://github.com/actions/create-github-app-token/issues/210)) ([1ff1dea](https://github.com/actions/create-github-app-token/commit/1ff1dea6a9d1de5b4795e5314291e04acc63c38b))

dist/main.cjs

@@ -25550,7 +25550,7 @@ var require_body2 = __commonJS({
       const crypto = require("node:crypto");
       random = (max) => crypto.randomInt(0, max);
     } catch {
-      random = (max) => Math.floor(Math.random(max));
+      random = (max) => Math.floor(Math.random() * max);
     }
     var textEncoder = new TextEncoder();
     function noop() {
@@ -28815,7 +28815,6 @@ var require_env_http_proxy_agent = __commonJS({
       "http:": 80,
       "https:": 443
     };
-    var experimentalWarned = false;
     var EnvHttpProxyAgent = class extends DispatcherBase {
       #noProxyValue = null;
       #noProxyEntries = null;
@@ -28823,12 +28822,6 @@ var require_env_http_proxy_agent = __commonJS({
       constructor(opts = {}) {
         super();
         this.#opts = opts;
-        if (!experimentalWarned) {
-          experimentalWarned = true;
-          process.emitWarning("EnvHttpProxyAgent is experimental, expect them to change at any time.", {
-            code: "UNDICI-EHPA"
-          });
-        }
         const { httpProxy, httpsProxy, noProxy, ...agentOpts } = opts;
         this[kNoProxyAgent] = new Agent(agentOpts);
         const HTTP_PROXY = httpProxy ?? process.env.http_proxy ?? process.env.HTTP_PROXY;
@@ -30579,8 +30572,10 @@ var require_mock_utils2 = __commonJS({
         return data;
       } else if (typeof data === "object") {
         return JSON.stringify(data);
-      } else {
+      } else if (data) {
         return data.toString();
+      } else {
+        return "";
       }
     }
     function getMockDispatch(mockDispatches, key) {
@@ -32043,10 +32038,13 @@ var require_cache2 = __commonJS({
           if (typeof key !== "string" || typeof val !== "string") {
             throw new Error("opts.headers is not a valid header map");
           }
-          headers[key] = val;
+          headers[key.toLowerCase()] = val;
         }
       } else if (typeof opts.headers === "object") {
-        headers = opts.headers;
+        headers = {};
+        for (const key of Object.keys(opts.headers)) {
+          headers[key.toLowerCase()] = opts.headers[key];
+        }
       } else {
         throw new Error("opts.headers is not an object");
       }
@@ -32201,17 +32199,13 @@ var require_cache2 = __commonJS({
         return headers;
       }
       const output = (
-        /** @type {Record<string, string | string[]>} */
+        /** @type {Record<string, string | string[] | null>} */
         {}
       );
       const varyingHeaders = typeof varyHeader === "string" ? varyHeader.split(",") : varyHeader;
       for (const header of varyingHeaders) {
         const trimmedHeader = header.trim().toLowerCase();
-        if (headers[trimmedHeader]) {
-          output[trimmedHeader] = headers[trimmedHeader];
-        } else {
-          return void 0;
-        }
+        output[trimmedHeader] = headers[trimmedHeader] ?? null;
       }
       return output;
     }
@@ -32793,7 +32787,12 @@ var require_memory_cache_store = __commonJS({
         assertCacheKey(key);
         const topLevelKey = `${key.origin}:${key.path}`;
         const now = Date.now();
-        const entry = this.#entries.get(topLevelKey)?.find((entry2) => entry2.deleteAt > now && entry2.method === key.method && (entry2.vary == null || Object.keys(entry2.vary).every((headerName) => entry2.vary[headerName] === key.headers?.[headerName])));
+        const entry = this.#entries.get(topLevelKey)?.find((entry2) => entry2.deleteAt > now && entry2.method === key.method && (entry2.vary == null || Object.keys(entry2.vary).every((headerName) => {
+          if (entry2.vary[headerName] === null) {
+            return key.headers[headerName] === void 0;
+          }
+          return entry2.vary[headerName] === key.headers[headerName];
+        })));
         return entry == null ? void 0 : {
           statusMessage: entry.statusMessage,
           statusCode: entry.statusCode,
@@ -33379,7 +33378,7 @@ var require_sqlite_cache_store = __commonJS({
         assertCacheKey(key);
         const value = this.#findValue(key);
         return value ? {
-          body: value.body ? Buffer.from(value.body.buffer) : void 0,
+          body: value.body ? Buffer.from(value.body.buffer, value.body.byteOffset, value.body.byteLength) : void 0,
           statusCode: value.statusCode,
           statusMessage: value.statusMessage,
           headers: value.headers ? JSON.parse(value.headers) : void 0,
@@ -33524,9 +33523,6 @@ var require_sqlite_cache_store = __commonJS({
           }
           let matches = true;
           if (value.vary) {
-            if (!headers) {
-              return void 0;
-            }
             const vary = JSON.parse(value.vary);
             for (const header in vary) {
               if (!headerValueEquals(headers[header], vary[header])) {
@@ -33543,16 +33539,17 @@ var require_sqlite_cache_store = __commonJS({
       }
     };
     function headerValueEquals(lhs, rhs) {
+      if (lhs == null && rhs == null) {
+        return true;
+      }
+      if (lhs == null && rhs != null || lhs != null && rhs == null) {
+        return false;
+      }
       if (Array.isArray(lhs) && Array.isArray(rhs)) {
         if (lhs.length !== rhs.length) {
           return false;
         }
-        for (let i = 0; i < lhs.length; i++) {
-          if (rhs.includes(lhs[i])) {
-            return false;
-          }
-        }
-        return true;
+        return lhs.every((x, i) => x === rhs[i]);
       }
       return lhs === rhs;
     }
@@ -34518,6 +34515,12 @@ var require_request4 = __commonJS({
       signal.removeEventListener("abort", abort);
     });
     var dependentControllerMap = /* @__PURE__ */ new WeakMap();
+    var abortSignalHasEventHandlerLeakWarning;
+    try {
+      abortSignalHasEventHandlerLeakWarning = getMaxListeners(new AbortController().signal) > 0;
+    } catch {
+      abortSignalHasEventHandlerLeakWarning = false;
+    }
     function buildAbort(acRef) {
       return abort;
       function abort() {
@@ -34745,11 +34748,8 @@ var require_request4 = __commonJS({
             this[kAbortController] = ac;
             const acRef = new WeakRef(ac);
             const abort = buildAbort(acRef);
-            try {
-              if (typeof getMaxListeners === "function" && getMaxListeners(signal) === defaultMaxListeners) {
-                setMaxListeners(1500, signal);
-              }
-            } catch {
+            if (abortSignalHasEventHandlerLeakWarning && getMaxListeners(signal) === defaultMaxListeners) {
+              setMaxListeners(1500, signal);
             }
             util.addAbortListener(signal, abort);
             requestFinalizer.register(ac, { signal, abort }, abort);
@@ -40524,7 +40524,7 @@ var RequestError = class extends Error {
     if (options.request.headers.authorization) {
       requestCopy.headers = Object.assign({}, options.request.headers, {
         authorization: options.request.headers.authorization.replace(
-          / .*$/,
+          /(?<! ) .*$/,
           " [REDACTED]"
         )
       });
@@ -40612,7 +40612,7 @@ async function fetchWrapper(requestOptions) {
     data: ""
   };
   if ("deprecation" in responseHeaders) {
-    const matches = responseHeaders.link && responseHeaders.link.match(/<([^>]+)>; rel="deprecation"/);
+    const matches = responseHeaders.link && responseHeaders.link.match(/<([^<>]+)>; rel="deprecation"/);
     const deprecationLink = matches && matches.pop();
     log.warn(
       `[@octokit/request] "${requestOptions.method} ${requestOptions.url}" is deprecated. It is scheduled to be removed on ${responseHeaders.sunset}${deprecationLink ? `. See ${deprecationLink}` : ""}`
@@ -40739,8 +40739,7 @@ async function oauthRequest(request2, route, parameters) {
   return response;
 }
 async function exchangeWebFlowCode(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const response = await oauthRequest(
     request2,
     "POST /login/oauth/access_token",
@@ -40777,8 +40776,7 @@ function toTimestamp(apiTimeInMs, expirationInSeconds) {
   return new Date(apiTimeInMs + expirationInSeconds * 1e3).toISOString();
 }
 async function createDeviceCode(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const parameters = {
     client_id: options.clientId
   };
@@ -40788,8 +40786,7 @@ async function createDeviceCode(options) {
   return oauthRequest(request2, "POST /login/device/code", parameters);
 }
 async function exchangeDeviceCode(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const response = await oauthRequest(
     request2,
     "POST /login/oauth/access_token",
@@ -40827,8 +40824,7 @@ function toTimestamp2(apiTimeInMs, expirationInSeconds) {
   return new Date(apiTimeInMs + expirationInSeconds * 1e3).toISOString();
 }
 async function checkToken(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const response = await request2("POST /applications/{client_id}/token", {
     headers: {
       authorization: `basic ${btoa(
@@ -40853,8 +40849,7 @@ async function checkToken(options) {
   return { ...response, authentication };
 }
 async function refreshToken(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const response = await oauthRequest(
     request2,
     "POST /login/oauth/access_token",
@@ -40884,8 +40879,7 @@ function toTimestamp3(apiTimeInMs, expirationInSeconds) {
   return new Date(apiTimeInMs + expirationInSeconds * 1e3).toISOString();
 }
 async function resetToken(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const auth5 = btoa(`${options.clientId}:${options.clientSecret}`);
   const response = await request2(
     "PATCH /applications/{client_id}/token",
@@ -40912,8 +40906,7 @@ async function resetToken(options) {
   return { ...response, authentication };
 }
 async function deleteToken(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const auth5 = btoa(`${options.clientId}:${options.clientSecret}`);
   return request2(
     "DELETE /applications/{client_id}/token",
@@ -40927,8 +40920,7 @@ async function deleteToken(options) {
   );
 }
 async function deleteAuthorization(options) {
-  const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */
-  request;
+  const request2 = options.request || request;
   const auth5 = btoa(`${options.clientId}:${options.clientSecret}`);
   return request2(
     "DELETE /applications/{client_id}/grant",
@@ -41962,7 +41954,7 @@ async function sendRequestWithRetries(state, request2, options, createdAt, retri
     return sendRequestWithRetries(state, request2, options, createdAt, retries);
   }
 }
-var VERSION6 = "7.1.4";
+var VERSION6 = "7.1.5";
 function createAppAuth(options) {
   if (!options.appId) {
     throw new Error("[@octokit/auth-app] appId option is required");

dist/post.cjs

@@ -25317,7 +25317,7 @@ var require_body2 = __commonJS({
       const crypto = require("node:crypto");
       random = (max) => crypto.randomInt(0, max);
     } catch {
-      random = (max) => Math.floor(Math.random(max));
+      random = (max) => Math.floor(Math.random() * max);
     }
     var textEncoder = new TextEncoder();
     function noop() {
@@ -28582,7 +28582,6 @@ var require_env_http_proxy_agent = __commonJS({
       "http:": 80,
       "https:": 443
     };
-    var experimentalWarned = false;
     var EnvHttpProxyAgent = class extends DispatcherBase {
       #noProxyValue = null;
       #noProxyEntries = null;
@@ -28590,12 +28589,6 @@ var require_env_http_proxy_agent = __commonJS({
       constructor(opts = {}) {
         super();
         this.#opts = opts;
-        if (!experimentalWarned) {
-          experimentalWarned = true;
-          process.emitWarning("EnvHttpProxyAgent is experimental, expect them to change at any time.", {
-            code: "UNDICI-EHPA"
-          });
-        }
         const { httpProxy, httpsProxy, noProxy, ...agentOpts } = opts;
         this[kNoProxyAgent] = new Agent(agentOpts);
         const HTTP_PROXY = httpProxy ?? process.env.http_proxy ?? process.env.HTTP_PROXY;
@@ -30346,8 +30339,10 @@ var require_mock_utils2 = __commonJS({
         return data;
       } else if (typeof data === "object") {
         return JSON.stringify(data);
-      } else {
+      } else if (data) {
         return data.toString();
+      } else {
+        return "";
       }
     }
     function getMockDispatch(mockDispatches, key) {
@@ -31810,10 +31805,13 @@ var require_cache2 = __commonJS({
           if (typeof key !== "string" || typeof val !== "string") {
             throw new Error("opts.headers is not a valid header map");
           }
-          headers[key] = val;
+          headers[key.toLowerCase()] = val;
         }
       } else if (typeof opts.headers === "object") {
-        headers = opts.headers;
+        headers = {};
+        for (const key of Object.keys(opts.headers)) {
+          headers[key.toLowerCase()] = opts.headers[key];
+        }
       } else {
         throw new Error("opts.headers is not an object");
       }
@@ -31968,17 +31966,13 @@ var require_cache2 = __commonJS({
         return headers;
       }
       const output = (
-        /** @type {Record<string, string | string[]>} */
+        /** @type {Record<string, string | string[] | null>} */
         {}
       );
       const varyingHeaders = typeof varyHeader === "string" ? varyHeader.split(",") : varyHeader;
       for (const header of varyingHeaders) {
         const trimmedHeader = header.trim().toLowerCase();
-        if (headers[trimmedHeader]) {
-          output[trimmedHeader] = headers[trimmedHeader];
-        } else {
-          return void 0;
-        }
+        output[trimmedHeader] = headers[trimmedHeader] ?? null;
       }
       return output;
     }
@@ -32560,7 +32554,12 @@ var require_memory_cache_store = __commonJS({
         assertCacheKey(key);
         const topLevelKey = `${key.origin}:${key.path}`;
         const now = Date.now();
-        const entry = this.#entries.get(topLevelKey)?.find((entry2) => entry2.deleteAt > now && entry2.method === key.method && (entry2.vary == null || Object.keys(entry2.vary).every((headerName) => entry2.vary[headerName] === key.headers?.[headerName])));
+        const entry = this.#entries.get(topLevelKey)?.find((entry2) => entry2.deleteAt > now && entry2.method === key.method && (entry2.vary == null || Object.keys(entry2.vary).every((headerName) => {
+          if (entry2.vary[headerName] === null) {
+            return key.headers[headerName] === void 0;
+          }
+          return entry2.vary[headerName] === key.headers[headerName];
+        })));
         return entry == null ? void 0 : {
           statusMessage: entry.statusMessage,
           statusCode: entry.statusCode,
@@ -33146,7 +33145,7 @@ var require_sqlite_cache_store = __commonJS({
         assertCacheKey(key);
         const value = this.#findValue(key);
         return value ? {
-          body: value.body ? Buffer.from(value.body.buffer) : void 0,
+          body: value.body ? Buffer.from(value.body.buffer, value.body.byteOffset, value.body.byteLength) : void 0,
           statusCode: value.statusCode,
           statusMessage: value.statusMessage,
           headers: value.headers ? JSON.parse(value.headers) : void 0,
@@ -33291,9 +33290,6 @@ var require_sqlite_cache_store = __commonJS({
           }
           let matches = true;
           if (value.vary) {
-            if (!headers) {
-              return void 0;
-            }
             const vary = JSON.parse(value.vary);
             for (const header in vary) {
               if (!headerValueEquals(headers[header], vary[header])) {
@@ -33310,16 +33306,17 @@ var require_sqlite_cache_store = __commonJS({
       }
     };
     function headerValueEquals(lhs, rhs) {
+      if (lhs == null && rhs == null) {
+        return true;
+      }
+      if (lhs == null && rhs != null || lhs != null && rhs == null) {
+        return false;
+      }
       if (Array.isArray(lhs) && Array.isArray(rhs)) {
         if (lhs.length !== rhs.length) {
           return false;
         }
-        for (let i = 0; i < lhs.length; i++) {
-          if (rhs.includes(lhs[i])) {
-            return false;
-          }
-        }
-        return true;
+        return lhs.every((x, i) => x === rhs[i]);
       }
       return lhs === rhs;
     }
@@ -34285,6 +34282,12 @@ var require_request4 = __commonJS({
       signal.removeEventListener("abort", abort);
     });
     var dependentControllerMap = /* @__PURE__ */ new WeakMap();
+    var abortSignalHasEventHandlerLeakWarning;
+    try {
+      abortSignalHasEventHandlerLeakWarning = getMaxListeners(new AbortController().signal) > 0;
+    } catch {
+      abortSignalHasEventHandlerLeakWarning = false;
+    }
     function buildAbort(acRef) {
       return abort;
       function abort() {
@@ -34512,11 +34515,8 @@ var require_request4 = __commonJS({
             this[kAbortController] = ac;
             const acRef = new WeakRef(ac);
             const abort = buildAbort(acRef);
-            try {
-              if (typeof getMaxListeners === "function" && getMaxListeners(signal) === defaultMaxListeners) {
-                setMaxListeners(1500, signal);
-              }
-            } catch {
+            if (abortSignalHasEventHandlerLeakWarning && getMaxListeners(signal) === defaultMaxListeners) {
+              setMaxListeners(1500, signal);
             }
             util.addAbortListener(signal, abort);
             requestFinalizer.register(ac, { signal, abort }, abort);
@@ -40332,7 +40332,7 @@ var RequestError = class extends Error {
     if (options.request.headers.authorization) {
       requestCopy.headers = Object.assign({}, options.request.headers, {
         authorization: options.request.headers.authorization.replace(
-          / .*$/,
+          /(?<! ) .*$/,
           " [REDACTED]"
         )
       });
@@ -40420,7 +40420,7 @@ async function fetchWrapper(requestOptions) {
     data: ""
   };
   if ("deprecation" in responseHeaders) {
-    const matches = responseHeaders.link && responseHeaders.link.match(/<([^>]+)>; rel="deprecation"/);
+    const matches = responseHeaders.link && responseHeaders.link.match(/<([^<>]+)>; rel="deprecation"/);
     const deprecationLink = matches && matches.pop();
     log.warn(
       `[@octokit/request] "${requestOptions.method} ${requestOptions.url}" is deprecated. It is scheduled to be removed on ${responseHeaders.sunset}${deprecationLink ? `. See ${deprecationLink}` : ""}`

package-lock.json

@@ -1,19 +1,19 @@
 {
   "name": "create-github-app-token",
-  "version": "1.11.3",
+  "version": "1.11.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "create-github-app-token",
-      "version": "1.11.3",
+      "version": "1.11.5",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.11.1",
-        "@octokit/auth-app": "^7.1.4",
-        "@octokit/request": "^9.2.0",
+        "@octokit/auth-app": "^7.1.5",
+        "@octokit/request": "^9.2.2",
         "p-retry": "^6.2.1",
-        "undici": "^7.3.0"
+        "undici": "^7.4.0"
       },
       "devDependencies": {
         "@sinonjs/fake-timers": "^14.0.0",
@@ -670,16 +670,16 @@
       }
     },
     "node_modules/@octokit/auth-app": {
-      "version": "7.1.4",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-app/-/auth-app-7.1.4.tgz",
-      "integrity": "sha512-5F+3l/maq9JfWQ4bV28jT2G/K8eu9OJ317yzXPTGe4Kw+lKDhFaS4dQ3Ltmb6xImKxfCQdqDqMXODhc9YLipLw==",
+      "version": "7.1.5",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-app/-/auth-app-7.1.5.tgz",
+      "integrity": "sha512-boklS4E6LpbA3nRx+SU2fRKRGZJdOGoSZne/i3Y0B5rfHOcGwFgcXrwDLdtbv4igfDSnAkZaoNBv1GYjPDKRNw==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/auth-oauth-app": "^8.1.2",
-        "@octokit/auth-oauth-user": "^5.1.2",
-        "@octokit/request": "^9.1.4",
-        "@octokit/request-error": "^6.1.6",
-        "@octokit/types": "^13.6.2",
+        "@octokit/auth-oauth-app": "^8.1.3",
+        "@octokit/auth-oauth-user": "^5.1.3",
+        "@octokit/request": "^9.2.1",
+        "@octokit/request-error": "^6.1.7",
+        "@octokit/types": "^13.8.0",
         "toad-cache": "^3.7.0",
         "universal-github-app-jwt": "^2.2.0",
         "universal-user-agent": "^7.0.0"
@@ -689,14 +689,14 @@
       }
     },
     "node_modules/@octokit/auth-oauth-app": {
-      "version": "8.1.2",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-app/-/auth-oauth-app-8.1.2.tgz",
-      "integrity": "sha512-3woNZgq5/S6RS+9ZTq+JdymxVr7E0s4EYxF20ugQvgX3pomdPUL5r/XdTY9wALoBM2eHVy4ettr5fKpatyTyHw==",
+      "version": "8.1.3",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-app/-/auth-oauth-app-8.1.3.tgz",
+      "integrity": "sha512-4e6OjVe5rZ8yBe8w7byBjpKtSXFuro7gqeGAAZc7QYltOF8wB93rJl2FE0a4U1Mt88xxPv/mS+25/0DuLk0Ewg==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/auth-oauth-device": "^7.1.2",
-        "@octokit/auth-oauth-user": "^5.1.2",
-        "@octokit/request": "^9.1.4",
+        "@octokit/auth-oauth-device": "^7.1.3",
+        "@octokit/auth-oauth-user": "^5.1.3",
+        "@octokit/request": "^9.2.1",
         "@octokit/types": "^13.6.2",
         "universal-user-agent": "^7.0.0"
       },
@@ -705,13 +705,13 @@
       }
     },
     "node_modules/@octokit/auth-oauth-device": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-device/-/auth-oauth-device-7.1.2.tgz",
-      "integrity": "sha512-gTOIzDeV36OhVfxCl69FmvJix7tJIiU6dlxuzLVAzle7fYfO8UDyddr9B+o4CFQVaMBLMGZ9ak2CWMYcGeZnPw==",
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-device/-/auth-oauth-device-7.1.3.tgz",
+      "integrity": "sha512-BECO/N4B/Uikj0w3GCvjf/odMujtYTP3q82BJSjxC2J3rxTEiZIJ+z2xnRlDb0IE9dQSaTgRqUPVOieSbFcVzg==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/oauth-methods": "^5.1.3",
-        "@octokit/request": "^9.1.4",
+        "@octokit/oauth-methods": "^5.1.4",
+        "@octokit/request": "^9.2.1",
         "@octokit/types": "^13.6.2",
         "universal-user-agent": "^7.0.0"
       },
@@ -720,14 +720,14 @@
       }
     },
     "node_modules/@octokit/auth-oauth-user": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-user/-/auth-oauth-user-5.1.2.tgz",
-      "integrity": "sha512-PgVDDPJgZYb3qSEXK4moksA23tfn68zwSAsQKZ1uH6IV9IaNEYx35OXXI80STQaLYnmEE86AgU0tC1YkM4WjsA==",
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-user/-/auth-oauth-user-5.1.3.tgz",
+      "integrity": "sha512-zNPByPn9K7TC+OOHKGxU+MxrE9SZAN11UHYEFLsK2NRn3akJN2LHRl85q+Eypr3tuB2GrKx3rfj2phJdkYCvzw==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/auth-oauth-device": "^7.1.2",
-        "@octokit/oauth-methods": "^5.1.2",
-        "@octokit/request": "^9.1.4",
+        "@octokit/auth-oauth-device": "^7.1.3",
+        "@octokit/oauth-methods": "^5.1.3",
+        "@octokit/request": "^9.2.1",
         "@octokit/types": "^13.6.2",
         "universal-user-agent": "^7.0.0"
       },
@@ -758,14 +758,14 @@
       }
     },
     "node_modules/@octokit/oauth-methods": {
-      "version": "5.1.3",
-      "resolved": "https://registry.npmjs.org/@octokit/oauth-methods/-/oauth-methods-5.1.3.tgz",
-      "integrity": "sha512-M+bDBi5H8FnH0xhCTg0m9hvcnppdDnxUqbZyOkxlLblKpLAR+eT2nbDPvJDp0eLrvJWA1I8OX0KHf/sBMQARRA==",
+      "version": "5.1.4",
+      "resolved": "https://registry.npmjs.org/@octokit/oauth-methods/-/oauth-methods-5.1.4.tgz",
+      "integrity": "sha512-Jc/ycnePClOvO1WL7tlC+TRxOFtyJBGuTDsL4dzXNiVZvzZdrPuNw7zHI3qJSUX2n6RLXE5L0SkFmYyNaVUFoQ==",
       "license": "MIT",
       "dependencies": {
         "@octokit/oauth-authorization-url": "^7.0.0",
-        "@octokit/request": "^9.1.4",
-        "@octokit/request-error": "^6.1.6",
+        "@octokit/request": "^9.2.1",
+        "@octokit/request-error": "^6.1.7",
         "@octokit/types": "^13.6.2"
       },
       "engines": {
@@ -773,18 +773,19 @@
       }
     },
     "node_modules/@octokit/openapi-types": {
-      "version": "22.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz",
-      "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg=="
+      "version": "23.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-23.0.1.tgz",
+      "integrity": "sha512-izFjMJ1sir0jn0ldEKhZ7xegCTj/ObmEDlEfpFrx4k/JyZSMRHbO3/rBwgE7f3m2DHt+RrNGIVw4wSmwnm3t/g==",
+      "license": "MIT"
     },
     "node_modules/@octokit/request": {
-      "version": "9.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.2.0.tgz",
-      "integrity": "sha512-kXLfcxhC4ozCnAXy2ff+cSxpcF0A1UqxjvYMqNuPIeOAzJbVWQ+dy5G2fTylofB/gTbObT8O6JORab+5XtA1Kw==",
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.2.2.tgz",
+      "integrity": "sha512-dZl0ZHx6gOQGcffgm1/Sf6JfEpmh34v3Af2Uci02vzUYz6qEN6zepoRtmybWXIGXFIK8K9ylE3b+duCWqhArtg==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/endpoint": "^10.0.0",
-        "@octokit/request-error": "^6.0.1",
+        "@octokit/endpoint": "^10.1.3",
+        "@octokit/request-error": "^6.1.7",
         "@octokit/types": "^13.6.2",
         "fast-content-type-parse": "^2.0.0",
         "universal-user-agent": "^7.0.2"
@@ -794,9 +795,9 @@
       }
     },
     "node_modules/@octokit/request-error": {
-      "version": "6.1.6",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.6.tgz",
-      "integrity": "sha512-pqnVKYo/at0NuOjinrgcQYpEbv4snvP3bKMRqHaD9kIsk9u1LCpb2smHZi8/qJfgeNqLo5hNW4Z7FezNdEo0xg==",
+      "version": "6.1.7",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.7.tgz",
+      "integrity": "sha512-69NIppAwaauwZv6aOzb+VVLwt+0havz9GT5YplkeJv7fG7a40qpLt/yZKyiDxAhgz0EtgNdNcb96Z0u+Zyuy2g==",
       "license": "MIT",
       "dependencies": {
         "@octokit/types": "^13.6.2"
@@ -806,11 +807,12 @@
       }
     },
     "node_modules/@octokit/types": {
-      "version": "13.6.2",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.6.2.tgz",
-      "integrity": "sha512-WpbZfZUcZU77DrSW4wbsSgTPfKcp286q3ItaIgvSbBpZJlu6mnYXAkjZz6LVZPXkEvLIM8McanyZejKTYUHipA==",
+      "version": "13.8.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.8.0.tgz",
+      "integrity": "sha512-x7DjTIbEpEWXK99DMd01QfWy0hd5h4EN+Q7shkdKds3otGQP+oWE/y0A76i1OvH9fygo4ddvNf7ZvF0t78P98A==",
+      "license": "MIT",
       "dependencies": {
-        "@octokit/openapi-types": "^22.2.0"
+        "@octokit/openapi-types": "^23.0.1"
       }
     },
     "node_modules/@pkgjs/parseargs": {
@@ -3637,9 +3639,9 @@
       }
     },
     "node_modules/undici": {
-      "version": "7.3.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-7.3.0.tgz",
-      "integrity": "sha512-Qy96NND4Dou5jKoSJ2gm8ax8AJM/Ey9o9mz7KN1bb9GP+G0l20Zw8afxTnY2f4b7hmhn/z8aC2kfArVQlAhFBw==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.4.0.tgz",
+      "integrity": "sha512-PUQM3/es3noM24oUn10u3kNNap0AbxESOmnssmW+dOi9yGwlUSi5nTNYl3bNbTkWOF8YZDkx2tCmj9OtQ3iGGw==",
       "license": "MIT",
       "engines": {
         "node": ">=20.18.1"

package.json

@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "1.11.4",
+  "version": "1.11.6",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
@@ -13,10 +13,10 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@octokit/auth-app": "^7.1.4",
-    "@octokit/request": "^9.2.0",
+    "@octokit/auth-app": "^7.1.5",
+    "@octokit/request": "^9.2.2",
     "p-retry": "^6.2.1",
-    "undici": "^7.3.0"
+    "undici": "^7.4.0"
   },
   "devDependencies": {
     "@sinonjs/fake-timers": "^14.0.0",