Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 10 commits
- 15 files changed
- 6 contributors
Commits on Apr 10, 2026
-
build(deps-dev): bump the development-dependencies group with 3 updates
Bumps the development-dependencies group with 3 updates: [esbuild](https://github.com/evanw/esbuild), [undici](https://github.com/nodejs/undici) and [yaml](https://github.com/eemeli/yaml). Updates `esbuild` from 0.27.3 to 0.27.4 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.3...v0.27.4) Updates `undici` from 7.24.1 to 7.24.6 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.24.1...v7.24.6) Updates `yaml` from 2.8.2 to 2.8.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.8.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: undici dependency-version: 7.24.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: yaml dependency-version: 2.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
-
build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
Bumps [open-cli](https://github.com/sindresorhus/open-cli) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/sindresorhus/open-cli/releases) - [Commits](sindresorhus/open-cli@v8.0.0...v9.0.0) --- updated-dependencies: - dependency-name: open-cli dependency-version: 9.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
-
build(deps-dev): bump c8 from 10.1.3 to 11.0.0
Bumps [c8](https://github.com/bcoe/c8) from 10.1.3 to 11.0.0. - [Release notes](https://github.com/bcoe/c8/releases) - [Changelog](https://github.com/bcoe/c8/blob/main/CHANGELOG.md) - [Commits](bcoe/c8@v10.1.3...v11.0.0) --- updated-dependencies: - dependency-name: c8 dependency-version: 11.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Commits on Apr 11, 2026
-
fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
Bumps [p-retry](https://github.com/sindresorhus/p-retry) from 7.1.1 to 8.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/p-retry/releases">p-retry's releases</a>.</em></p> <blockquote> <h2>v8.0.0</h2> <h3>Breaking</h3> <ul> <li>Require Node.js 22 85cdece</li> <li>Change retry callback order 616306e <ul> <li>Callback order changed from <code>onFailedAttempt</code> → <code>shouldConsumeRetry</code> → <code>shouldRetry</code> to <code>shouldConsumeRetry</code> → <code>onFailedAttempt</code> → <code>shouldRetry</code>.</li> <li>Consumption decisions are now made before failure notifications and retry decisions.</li> </ul> </li> </ul> <h3>Improvements</h3> <ul> <li>Add <a href="https://github.com/sindresorhus/p-retry#retrydelay"><code>retryDelay</code></a> to <code>onFailedAttempt</code> context (<a href="https://redirect.github.com/sindresorhus/p-retry/issues/66">#66</a>) 96cce98</li> <li>Fix <code>TypeError</code> retry handling f011d2e</li> <li>Harden retry timing and callback validation 9d47b60</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/p-retry/compare/v7.1.1...v8.0.0">https://github.com/sindresorhus/p-retry/compare/v7.1.1...v8.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/p-retry/commit/35681f6c70f8ca2bdcb9542281147679184269fa"><code>35681f6</code></a> 8.0.0</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/9d47b60e2c8fb324d35cce1987b8591464de24fe"><code>9d47b60</code></a> Harden retry timing and callback validation</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/f011d2e837166f1bea3e739e59754caed4a2dde6"><code>f011d2e</code></a> Fix <code>TypeError</code> retry handling</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/85cdece1c48f3c3fe09d995d86bf59c0d0e4b44f"><code>85cdece</code></a> Require Node.js 22</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/616306ee84f828ffa17f0f02ae4e589815d4f767"><code>616306e</code></a> Change retry callback order</li> <li><a href="https://github.com/sindresorhus/p-retry/commit/96cce98ea2f95c78a4abd780498b2d6af32ac7a4"><code>96cce98</code></a> Add <code>retryDelay</code> to <code>onFailedAttempt</code> context</li> <li>See full diff in <a href="https://github.com/sindresorhus/p-retry/compare/v7.1.1...v8.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
feat: update permission inputs (#358)
Bumps [@octokit/openapi](https://github.com/octokit/openapi) from 21.0.0 to 22.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/openapi/releases"><code>@octokit/openapi</code>'s releases</a>.</em></p> <blockquote> <h2>v22.0.0</h2> <h1><a href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0">22.0.0</a> (2025-12-09)</h1> <h3>Features</h3> <ul> <li>drop projects-classic endpoints, add GitHub API endpoints: cache limits (retention & storage) for repos/orgs/enterprises, billing budgets & usage, artifacts deployment metadata, and projectsV2 drafts & fields (<a href="https://redirect.github.com/octokit/openapi/issues/518">#518</a>) (<a href="https://github.com/octokit/openapi/commit/b0c44a4ab1b07a5524890cef1e8321cfc430bebb">b0c44a4</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>Removed <code>/orgs/{org}/projects</code></li> <li>Removed <code>/orgs/{org}/settings/billing/actions</code></li> <li>Removed <code>/orgs/{org}/settings/billing/packages</code></li> <li>Removed <code>/orgs/{org}/settings/billing/shared-storage</code></li> <li>Removed <code>/orgs/{org}/teams/{team_slug}/projects</code></li> <li>Removed <code>/orgs/{org}/teams/{team_slug}/projects/{project_id}</code></li> <li>Removed <code>/projects/columns/{column_id}</code></li> <li>Removed <code>/projects/columns/{column_id}/moves</code></li> <li>Removed <code>/projects/{project_id}</code></li> <li>Removed <code>/projects/{project_id}/collaborators</code></li> <li>Removed <code>/projects/{project_id}/collaborators/{username}</code></li> <li>Removed <code>/projects/{project_id}/collaborators/{username}/permission</code></li> <li>Removed <code>/repos/{owner}/{repo}/projects</code></li> <li>Removed <code>/teams/{team_id}/projects</code></li> <li>Removed <code>/teams/{team_id}/projects/{project_id}</code></li> <li>Removed <code>/user/projects</code></li> <li>Removed <code>/users/{username}/projects</code></li> <li>Removed <code>/users/{username}/settings/billing/actions</code></li> <li>Removed <code>/users/{username}/settings/billing/packages</code></li> <li>Removed <code>/users/{username}/settings/billing/shared-storage</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/openapi/commit/6f63b86ab7d2057cb62574681918a34b3d43f66b"><code>6f63b86</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/520">#520</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/b0c44a4ab1b07a5524890cef1e8321cfc430bebb"><code>b0c44a4</code></a> feat: drop projects-classic endpoints, add GitHub API endpoints: cache limits...</li> <li><a href="https://github.com/octokit/openapi/commit/a8043eb055618a1a9a779b6807bba796d9664604"><code>a8043eb</code></a> ci(action): update actions/checkout action to v6 (<a href="https://redirect.github.com/octokit/openapi/issues/519">#519</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/af315cd293aac70c81874623769bdb091da614be"><code>af315cd</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/514">#514</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/170f3965b9432f4171117aacb6b88339d5c2a937"><code>170f396</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/octokit/openapi/issues/516">#516</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/077a1b94a2e77bf56fa07ed8dc112055958b97ab"><code>077a1b9</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/508">#508</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/cfca956d308018be25c1405b52c6a4b8c924bdd6"><code>cfca956</code></a> ci(action): update github/codeql-action action to v4 (<a href="https://redirect.github.com/octokit/openapi/issues/510">#510</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/f15da93d54d4de07c1025b0984c5613a8ddd8acd"><code>f15da93</code></a> ci(action): update peter-evans/create-or-update-comment action to v5 (<a href="https://redirect.github.com/octokit/openapi/issues/509">#509</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/64bef332f5e1b11ead74082d8aaf0376409de9d0"><code>64bef33</code></a> chore(deps): update dependency map-obj to v6 (<a href="https://redirect.github.com/octokit/openapi/issues/507">#507</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/4e8e223e564f467a455d7f39de15a0fb233f189e"><code>4e8e223</code></a> chore(deps): update dependency github-enterprise-server-versions to v3 (<a href="https://redirect.github.com/octokit/openapi/issues/511">#511</a>)</li> <li>Additional commits viewable in <a href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for <code>@octokit/openapi</code> since your current version.</p> </details> <br /> Resolves github/gh-aw#18921. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
feat: add
client-idinput and deprecateapp-id(#353)GitHub now recommends using a GitHub App's Client ID for authentication. This PR adds a first-class `client-id` input, keeps `app-id` available for compatibility, and makes the migration path explicit in both runtime behavior and documentation. ### Action inputs - Adds a new `client-id` input - Removes `required` from `app-id` - Marks `app-id` as deprecated in `action.yml` ### Runtime behavior - Updates input parsing to prefer `client-id` - Falls back to `app-id` for existing workflows - Adds a clear error when neither `client-id` nor `app-id` is provided ### Docs - Updates the README to recommend `client-id` - Switches usage examples to `client-id` - Documents that `app-id` is deprecated and that `client-id` takes precedence if both are set ### Regression coverage - Adds a focused test proving a client-ID-shaped value works through the new `client-id` input - Adds coverage for the missing-ID validation path - Updates snapshots to lock in the new metadata and runtime behavior ### Resulting usage Users can migrate to the new input name directly: ```yaml - uses: actions/create-github-app-token@v3 with: client-id: ${{ vars.GITHUB_APP_CLIENT_ID }} private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }} ``` --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkerbxyz <17183625+parkerbxyz@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> -
-
ci: remove publish-immutable-action workflow (#361)
The `publish-immutable-action` workflow uses `actions/publish-immutable-action@v0.0.4`. The Immutable Actions Publishing feature (OCI-based) has been paused with no GA timeline. This removes the workflow; it can be re-added when the feature becomes generally available. To fully address #352, the repository-level **immutable releases** setting has also be enabled. This [feature](https://github.blog/changelog/2025-10-28-immutable-releases-are-now-generally-available/) locks release tags and assets after publication, directly preventing the class of attack described in [GHSA-mrrh-fwg8-r2c3](GHSA-mrrh-fwg8-r2c3). The existing release workflow is compatible with immutable releases. Build artifacts are committed via `@semantic-release/git` before the tag is created, and major version tags (`v3`, etc.) are plain git tags (not releases) so they remain updatable.
-
fix: improve error message when app identifier is empty (#362)
When `client-id` (or the deprecated `app-id`) resolves to an empty string, for example because a secret or variable is not available in the workflow context, the error message from `@octokit/auth-app` is not very helpful: ``` [@octokit/auth-app] appId option is required ``` A validation check was added recently to catch this earlier, but its message could be more informative: ``` Either 'client-id' or 'app-id' input must be set ``` This updates the message to clarify that the value resolved to empty and nudges users toward checking their secret or variable availability: ``` The 'client-id' input must be set to a non-empty string. If using a secret or variable, ensure it is available in this workflow context. ``` Closes #249 --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
-
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v3.0.0...v3.1.1