{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":642580244,"defaultBranch":"main","name":"create-github-app-token","ownerLogin":"actions","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2023-05-18T22:34:57.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/44036562?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1719364292.0","currentOid":""},"activityList":{"items":[{"before":"66a70456860bafc79e37635eea77b8b2a929f6c8","after":"ad38cffc07bac6e3857755914c4c88bfd2db4da4","ref":"refs/heads/main","pushedAt":"2024-06-26T01:11:31.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"create-app-token-action-releaser[bot]","name":null,"path":"/apps/create-app-token-action-releaser","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/342846?s=80&v=4"},"commit":{"message":"build(release): 1.10.2 [skip ci]\n\n## [1.10.2](https://github.com/actions/create-github-app-token/compare/v1.10.1...v1.10.2) (2024-06-26)\n\n### Bug Fixes\n\n* do not revoke token if already expired ([#147](https://github.com/actions/create-github-app-token/issues/147)) ([66a7045](https://github.com/actions/create-github-app-token/commit/66a70456860bafc79e37635eea77b8b2a929f6c8)), closes [#140](https://github.com/actions/create-github-app-token/issues/140) [#95](https://github.com/actions/create-github-app-token/issues/95)","shortMessageHtmlLink":"build(release): 1.10.2 [skip ci]"}},{"before":"d2eeb384dfb21a3993b0c722d1a5d36a4b747982","after":"66a70456860bafc79e37635eea77b8b2a929f6c8","ref":"refs/heads/main","pushedAt":"2024-06-26T01:10:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"gr2m","name":"Gregor Martynus","path":"/gr2m","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39992?s=80&v=4"},"commit":{"message":"fix: do not revoke token if already expired (#147)\n\nCloses #140 \r\n\r\nThe pull request at #95 introduced changes to avoid revoking expired\r\ntokens by saving the `expiresAt` value in the state. The change,\r\nhowever, used `core.setOutput` instead of `core.setState` meaning the\r\nvalue is not saved in the state but rather available in the output.\r\n\r\n```javascript\r\nif (!skipTokenRevoke) {\r\n core.saveState(\"token\", authentication.token);\r\n core.setOutput(\"expiresAt\", authentication.expiresAt);\r\n }\r\n```\r\nThis means that when we use the value downstream, it evaluates to an\r\nempty string and the following code block is never run:\r\n\r\n```javascript\r\n const expiresAt = core.getState(\"expiresAt\"); \r\n if (expiresAt && tokenExpiresIn(expiresAt) < 0) { \r\n core.info(\"Token expired, skipping token revocation\"); \r\n return; \r\n } \r\n```\r\nThis is a tiny PR to correct that typo.","shortMessageHtmlLink":"fix: do not revoke token if already expired (#147)"}},{"before":"29d820b646b6da06260eae0ad04ddec5a10ff8a7","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/braces-3.0.3","pushedAt":"2024-06-22T04:06:18.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"gr2m","name":"Gregor Martynus","path":"/gr2m","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39992?s=80&v=4"}},{"before":"0fd38177ed30e541bb33920ec93084ea48e27968","after":"d2eeb384dfb21a3993b0c722d1a5d36a4b747982","ref":"refs/heads/main","pushedAt":"2024-06-22T04:06:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"gr2m","name":"Gregor Martynus","path":"/gr2m","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39992?s=80&v=4"},"commit":{"message":"build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#146)\n\nBumps [braces](https://github.com/micromatch/braces) from 3.0.2 to\r\n3.0.3.\r\n Sourced from ava's\r\nreleases. Full Changelog: https://github.com/avajs/ava/compare/v6.1.2...v6.1.3 Sourced from esbuild's\r\nreleases. Update support for import assertions and import attributes in node\r\n(#3778) Import assertions (the Did you mean to use "with" instead of "assert"?\r\nCommits
\r\n\r\n
\r\n74b2db2
\r\n3.0.388f1429
\r\nupdate eslint. lint, fix unit tests.415d660
\r\nSnyk js braces 6838727 (#40)190510f
\r\nfix tests, skip 1 test in test/braces.expand716eb9f
\r\nreadme bumpa5851e5
\r\nMerge pull request #37\r\nfrom coderaiser/fix/vulnerability2092bd1
\r\nfeature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
\r\nfix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
\r\nremove funding file665ab5d
\r\nupdate keepEscaping doc (#27)
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=braces&package-manager=npm_and_yarn&previous-version=3.0.2&new-version=3.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Release notes
\r\n\r\n
\r\nv6.1.3
\r\nWhat's Changed
\r\n\r\n
\r\n@lenovouser
in avajs/ava#3328@bitjson
in avajs/ava#3317serial
configuration option by @turadg
in avajs/ava#3321New Contributors
\r\n\r\n
\r\n@bitjson
made\r\ntheir first contribution in avajs/ava#3317@turadg
made\r\ntheir first contribution in avajs/ava#3321@lenovouser
made\r\ntheir first contribution in avajs/ava#3328Commits
\r\n\r\n
\r\nf8bf00c
\r\n6.1.3002b3a0
\r\nInclude Node.js 22 in supported engines and test matrixec1a8d2
\r\nDocument serial
configuration option01ec280
\r\nAdd VS Code debugging instructions for Yarn PnP projects
\r\n\r\nUpdates `esbuild` from 0.20.2 to 0.21.4\r\nRelease notes
\r\n\r\n
v0.21.4
\r\n\r\n
assert
keyword) have been removed\r\nfrom node starting in v22.0.0. So esbuild will now strip them and\r\ngenerate a warning with --target=node22
or above:▲ [WARNING] The "assert" keyword is not supported\r\nin the configured target environment ("node22")\r\n[assert-to-with]\r\n
\r\nexample.mjs:1:40:\r\n1 │ import json from "esbuild/package.json" assert {\r\ntype: "json" }\r\n │ ~~~~~~\r\n ╵ with\r\n
Import attributes (the with
keyword) have been\r\nbackported to node 18 starting in v18.20.0. So esbuild will no longer\r\nstrip them with --target=node18.N
if N
is 20\r\nor greater.
Fix for await
transform when a label is present
This release fixes a bug where the for await
transform,\r\nwhich wraps the loop in a try
statement, previously failed\r\nto also move the loop's label into the try
statement. This\r\nbug only affects code that uses both of these features in combination.\r\nHere's an example of some affected code:
// Original code\r\nasync function test() {\r\n outer: for await (const x of [Promise.resolve([0, 1])]) {\r\n for (const y of x) if (y) break outer\r\n throw 'fail'\r\n }\r\n}\r\n// Old output (with --target=es6)\r\nfunction test() {\r\nreturn __async(this, null, function* () {\r\nouter: try {\r\nfor (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp,\r\nerror; more = !(temp = yield iter.next()).done; more = false) {\r\nconst x = temp.value;\r\nfor (const y of x) if (y) break outer;\r\nthrow "fail";\r\n}\r\n} catch (temp) {\r\nerror = [temp];\r\n} finally {\r\ntry {\r\nmore && (temp = iter.return) && (yield temp.call(iter));\r\n} finally {\r\nif (error)\r\nthrow error[0];\r\n}\r\n}\r\n
\r\n... (truncated)
\r\n\r\nSourced from esbuild's\r\nchangelog.
\r\n\r\n\r\n0.21.4
\r\n\r\n
\r\n\r\n- \r\n
\r\nUpdate support for import assertions and import attributes in node\r\n(#3778)
\r\nImport assertions (the
\r\nassert
keyword) have been removed\r\nfrom node starting in v22.0.0. So esbuild will now strip them and\r\ngenerate a warning with--target=node22
or above:\r\n▲ [WARNING] The "assert" keyword is not supported\r\nin the configured target environment ("node22")\r\n[assert-to-with]\r\n
\r\nexample.mjs:1:40:\r\n1 │ import json from "esbuild/package.json" assert {\r\ntype: "json" }\r\n │ ~~~~~~\r\n ╵ with\r\n
Did you mean to use "with" instead of "assert"?\r\n
Import attributes (the
\r\nwith
keyword) have been\r\nbackported to node 18 starting in v18.20.0. So esbuild will no longer\r\nstrip them with--target=node18.N
ifN
is 20\r\nor greater.- \r\n
\r\nFix
\r\nfor await
transform when a label is presentThis release fixes a bug where the
\r\nfor await
transform,\r\nwhich wraps the loop in atry
statement, previously failed\r\nto also move the loop's label into thetry
statement. This\r\nbug only affects code that uses both of these features in combination.\r\nHere's an example of some affected code:\r\n// Original code\r\nasync function test() {\r\n outer: for await (const x of [Promise.resolve([0, 1])]) {\r\n for (const y of x) if (y) break outer\r\n throw 'fail'\r\n }\r\n}\r\n
// Old output (with --target=es6)\r\nfunction test() {\r\nreturn __async(this, null, function* () {\r\nouter: try {\r\nfor (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp,\r\nerror; more = !(temp = yield iter.next()).done; more = false) {\r\nconst x = temp.value;\r\nfor (const y of x) if (y) break outer;\r\nthrow "fail";\r\n}\r\n} catch (temp) {\r\nerror = [temp];\r\n} finally {\r\ntry {\r\nmore && (temp = iter.return) && (yield temp.call(iter));\r\n} finally {\r\nif (error)\r\nthrow error[0];\r\n}\r\n
... (truncated)
\r\n67cbf87
\r\npublish 0.21.4 to npm4ad11c3
\r\nfix #3639,\r\nfix #3646:\r\npass with
to onResolve
516ca31
\r\nfix #3343:\r\nallow bundle-internal string aliases9e2f304
\r\nfix #3416,\r\nfix #3425:\r\nbetter enum constant folding8f1faf7
\r\nimplement late constant-folding for && || ??
7d50a50
\r\nimplement late constant-folding of string enums1b29ac7
\r\nfold equality checks after cross-module inliningd7a8bf3
\r\nformatting support for @position-try
(for #3773)5069410
\r\nfix #3778:\r\nimport assertions/attributes for node11d568c
\r\nrun make update-compat-table
Sourced from execa's\r\nreleases.
\r\n\r\n\r\nv9.1.0
\r\nFeatures (types)
\r\n\r\n
\r\n- Export
\r\nTemplateExpression
\r\ntype. (#1049)v9.0.2
\r\nBug fixes (types)
\r\n\r\n
\r\n- Do not require using
\r\n--lib dom
for TypeScript users (#1043,\r\n#1044)- Fix type of the
\r\nreject
option (#1046)v9.0.1
\r\nBug fixes (types)
\r\n\r\n
\r\n- Fix types not being importable (#1033)\r\n3bdab60
\r\n- Fix complexity bug with types (#1037)\r\n6cc519b
\r\n- Fix complexity bug with types (#1035)\r\nfee011d
\r\nv9.0.0
\r\nThis major release brings many important features including:
\r\n\r\n
\r\n- Split\r\nthe output into lines, or progressively\r\niterate over them.
\r\n- Transform\r\nor filter the input/output using simple\r\nfunctions.
\r\n- Print the output to\r\nthe terminal while still retrieving it programmatically.
\r\n- Redirect the input/output from/to\r\na file.
\r\n- Advanced\r\npiping between multiple subprocesses.
\r\n- Improved verbose\r\nmode, for debugging.
\r\n- More detailed\r\nerrors, including when terminating\r\nsubprocesses.
\r\n- Enhanced template\r\nstring syntax.
\r\n- Global/shared\r\noptions.
\r\n- Web\r\nstreams and Transform streams support.
\r\n- Convert\r\nthe subprocess to a stream.
\r\n- New\r\ndocumentation with many examples.
\r\nPlease check the release\r\npost for a high-level overview! For the full list of breaking\r\nchanges, features and bug fixes, please read below.
\r\nThanks
\r\n@younggglcy
,@koshic
,@am0o0
and@codesmith-emmy
\r\nfor your help!
\r\nOne of the maintainers
\r\n@ehmicky
is looking\r\nfor a remote full-time position. Specialized in Node.js back-ends and\r\nCLIs, he led Netlify Build, Plugins and\r\nConfiguration for 2.5 years. Feel free to contact him on his website or on LinkedIn!
\r\nBreaking changes (not types)
\r\n\r\n
\r\n- \r\n
\r\nDropped support for Node.js version
\r\n<18.19.0
and\r\n20.0.0 - 20.4.0
. (834e3726)- \r\n
\r\nWhen the
\r\nencoding
\r\noption is'buffer'
, the output (result.stdout
,\r\nresult.stderr
,\r\nresult.all
)\r\nis now anUint8Array
\r\ninstead of aBuffer
.\r\nFor more information, see this blog\r\npost. (by@younggglcy
) (#586)\r\n</tr></table> \r\n
... (truncated)
\r\n62d02af
\r\n9.1.0733d6ff
\r\nSplit CI jobs (#1052)3b11ac8
\r\nCheck types on TypeScript 5.1 + latest (#1051)de8e7da
\r\nDocument minimum TypeScript version (#1050)2d84752
\r\nExport TemplateExpression
type (#1049)b8c131c
\r\n9.0.2e2903e9
\r\nRun TypeScript on the types (#1042)ab2a9ed
\r\nFix type of result when using the reject: false
option (#1046)11bbd9d
\r\nFix type of TransformStream
(#1044)6f4941e
\r\nFix typing of web streams (#1043)Sourced from @octokit/auth-app
's\r\nreleases.
\r\n\r\nv7.1.0
\r\n7.1.0\r\n(2024-05-09)
\r\nFeatures
\r\n\r\n
Sourced from undici's\r\nreleases.
\r\n\r\n\r\nv6.18.2
\r\nWhat's Changed
\r\n\r\n
\r\n- don't use internal header state for cookies by
\r\n@KhafraDev
in nodejs/undici#3295- build(deps-dev): bump borp from 0.13.0 to 0.14.0 by
\r\n@dependabot
in nodejs/undici#3298- fix: retry on body support by
\r\n@metcoder95
in nodejs/undici#3294Full Changelog: https://github.com/nodejs/undici/compare/v6.18.1...v6.18.2
\r\nv6.18.1
\r\nWhat's Changed
\r\n\r\n
\r\n- docs: Update references to dispatcher in docs by
\r\n@haikyuu
in nodejs/undici#3281- fix: compatibility for global headers by
\r\n@tsctx
in nodejs/undici#3286- websocket: pre-calculated length by
\r\n@tsctx
in nodejs/undici#3284- ci: fix autobahn workflow by
\r\n@Uzlopak
in nodejs/undici#3291- revert: "websocket: pre-calculated length" by
\r\n@KhafraDev
in nodejs/undici#3290- websocket: use FixedQueue instead of Set by
\r\n@tsctx
in nodejs/undici#3283New Contributors
\r\n\r\n
\r\n- \r\n
@haikyuu
made\r\ntheir first contribution in nodejs/undici#3281Full Changelog: https://github.com/nodejs/undici/compare/v6.18.0...v6.18.1
\r\nv6.18.0
\r\nWhat's Changed
\r\n\r\n
\r\n- permessage-deflate decompression support in websocket by
\r\n@KhafraDev
in nodejs/undici#3263- fix: Fix server closing in tests. by
\r\n@ShogunPanda
in\r\nnodejs/undici#3279Full Changelog: https://github.com/nodejs/undici/compare/v6.17.0...v6.18.0
\r\nv6.17.0
\r\nWhat's Changed
\r\n\r\n
\r\n\r\n- fetch: fix captureStackTrace by
\r\n@Uzlopak
in nodejs/undici#3227- fetch: fix wpt test request-upload.any.js by
\r\n@Uzlopak
in nodejs/undici#3234- websocket: don't clone buffer by
\r\n@tsctx
in nodejs/undici#3240- Remove unecessary async from writeBuffer by
\r\n@DarkGL
in nodejs/undici#3245- refactor websocket control frame handling by
\r\n@KhafraDev
in nodejs/undici#3241- fix parsing continuation frames in websocket by
\r\n@KhafraDev
in nodejs/undici#3247- ci: node nightly test should use node 23 by
\r\n@Uzlopak
in nodejs/undici#3248- Add test to verify if the connection is correctly aborted on cancel\r\nby
\r\n@mcollina
in\r\nnodejs/undici#3219- Autobahn suite by
\r\n@KhafraDev
in nodejs/undici#3251- websocket: fix 6 autobahn tests by
\r\n@KhafraDev
in nodejs/undici#3254- websocket: checkout correct commit in autobahn workflow by
\r\n@Uzlopak
in nodejs/undici#3258- Cleanup websocket by
\r\n@KhafraDev
in nodejs/undici#3257- websocket: autobahn workflow should fail on error by
\r\n@Uzlopak
in nodejs/undici#3259- add bodymixin bytes by
\r\n@KhafraDev
in nodejs/undici#3262- perf: avoid buffer cloning by
\r\n@tsctx
in nodejs/undici#3264- feat: dump interceptor by
\r\n@metcoder95
in nodejs/undici#3118- use private properties in Headers by
\r\n@KhafraDev
in nodejs/undici#3269
... (truncated)
\r\n665f247
\r\nBumped v6.18.2 (#3301)5f11247
\r\nfix: retry on body support (#3294)18af4b0
\r\nbuild(deps-dev): bump borp from 0.13.0 to 0.14.0 (#3298)a4879b4
\r\ndon't use internal header state for cookies (#3295)eed423a
\r\nBumped v6.18.1 (#3293)eeae378
\r\nwebsocket: use FixedQueue instead of Set (#3283)fcfa4db
\r\nrevert: "websocket: pre-calculated length" (#3290)0564b46
\r\nci: fix autobahn workflow (#3291)13523fd
\r\nwebsocket: pre-calculated length (#3284)064b08d
\r\nfix: compatibility for global headers (#3286)private-key
): escaped newlines will be replaced (#132)"}},{"before":"543f6c2b3fd69cc977a6ea5b3364eb0c31c4fc02","after":"35f361572f24ea7f328c451c3ed947a813a87ea5","ref":"refs/heads/dependabot/npm_and_yarn/production-dependencies-a9f8afad74","pushedAt":"2024-05-01T15:50:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gr2m","name":"Gregor Martynus","path":"/gr2m","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39992?s=80&v=4"},"commit":{"message":"Update tests/main-private-key-with-escaped-newlines.js","shortMessageHtmlLink":"Update tests/main-private-key-with-escaped-newlines.js"}},{"before":"0bba7cab8afdff547268c57425a950fef29d6977","after":"543f6c2b3fd69cc977a6ea5b3364eb0c31c4fc02","ref":"refs/heads/dependabot/npm_and_yarn/production-dependencies-a9f8afad74","pushedAt":"2024-05-01T15:48:11.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gr2m","name":"Gregor Martynus","path":"/gr2m","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39992?s=80&v=4"},"commit":{"message":"Merge branch 'main' into dependabot/npm_and_yarn/production-dependencies-a9f8afad74","shortMessageHtmlLink":"Merge branch 'main' into dependabot/npm_and_yarn/production-dependenc…"}},{"before":"31d28730f585fbcf47c6fa7d91d0d2571277f73e","after":"0bba7cab8afdff547268c57425a950fef29d6977","ref":"refs/heads/dependabot/npm_and_yarn/production-dependencies-a9f8afad74","pushedAt":"2024-05-01T15:39:05.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"fix(deps): bump the production-dependencies group with 3 updates\n\nBumps the production-dependencies group with 3 updates: [@octokit/auth-app](https://github.com/octokit/auth-app.js), [@octokit/request](https://github.com/octokit/request.js) and [undici](https://github.com/nodejs/undici).\n\n\nUpdates `@octokit/auth-app` from 6.0.4 to 7.0.0\n- [Release notes](https://github.com/octokit/auth-app.js/releases)\n- [Commits](https://github.com/octokit/auth-app.js/compare/v6.0.4...v7.0.0)\n\nUpdates `@octokit/request` from 9.0.1 to 9.1.1\n- [Release notes](https://github.com/octokit/request.js/releases)\n- [Commits](https://github.com/octokit/request.js/compare/v9.0.1...v9.1.1)\n\nUpdates `undici` from 6.11.1 to 6.15.0\n- [Release notes](https://github.com/nodejs/undici/releases)\n- [Commits](https://github.com/nodejs/undici/compare/v6.11.1...v6.15.0)\n\n---\nupdated-dependencies:\n- dependency-name: \"@octokit/auth-app\"\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: production-dependencies\n- dependency-name: \"@octokit/request\"\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: production-dependencies\n- dependency-name: undici\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: production-dependencies\n...\n\nSigned-off-by: dependabot[bot]