chore(deps): update dependency github-cli to v2.67.0

[renovate]

This PR contains the following updates:

Package	Update	New value	References	Sourcegraph
github-cli	minor	2.67.0	source

Test plan: CI should pass with updated dependencies. No review required: this is an automated dependency update PR.

---

Release Notes

cli/cli (github-cli)

v2.67.0

Compare Source

v2.66.1: GitHub CLI 2.66.1

Compare Source

Hotfix: gh pr view fails with provided URL

This addresses a regression in gh pr view was reported in #​10352. This regression was due to a change in v2.66.0 that no longer allowed gh pr subcommands to execute properly outside of a git repo.

What's Changed

• Hotfix: gh pr view fails with provided URL by @​jtmcg in https://github.com/cli/cli/pull/10354

Full Changelog: cli/cli@v2.66.0...v2.66.1

v2.66.0: GitHub CLI 2.66.0

Compare Source

gh pr view and gh pr status now respect common triangular workflow configurations

Previously, gh pr view and gh pr status would fail for pull request's (PR) open in triangular workflows. This was due to gh being unable to identify the PR's corresponding remote and branch refs on GitHub.

Now, gh pr view and gh pr status should successfully identify the PR's refs when the following common git configurations are used:

• branch.<branchName>.pushremote is set
• remote.pushDefault is set

Branch specific configuration, the former, supersedes repo specific configuration, the latter.

Additionally, if the @{push} revision syntax for git resolves for a branch, gh pr view and gh pr status should work regardless of additional config settings.

For more information, see

• https://github.com/cli/cli/issues/9363
• https://github.com/cli/cli/issues/9364
• https://github.com/cli/cli/issues/9365
• https://github.com/cli/cli/issues/9374

gh secret list, gh secret set, and gh secret delete now require repository selection when multiple git remotes are present

Previously, gh secret list, gh secret set, and gh secret delete would determine which remote to target for interacting with GitHub Actions secrets. Remotes marked as default using gh repo set-default or through other gh commands had higher priority when figuring out which repository to interact with. This could have unexpected outcomes when using gh secret commands with forked repositories as the upstream repository would generally be selected.

Now, gh secret commands require users to disambiguate which repository should be the target if multiple remotes are present and the -R, --repo flag is not provided.

For more information, see https://github.com/cli/cli/issues/4688

Extension update notices now notify once every 24 hours per extension and can be disabled

Previously, the GitHub CLI would notify users about newer versions every time an extension was executed. This did not match GitHub CLI notices, which only notified users once every 24 hours and could be disabled through an environment variable.

Now, extension update notices will behave similar to GitHub CLI notices. To disable extension update notices, set the GH_NO_EXTENSION_UPDATE_NOTIFIER environment variable.

For more information, see https://github.com/cli/cli/issues/9925

What's Changed

✨ Features

• Draft for discussing testing around extension update checking behavior by @​andyfeller in https://github.com/cli/cli/pull/9985
• Make extension update check non-blocking by @​andyfeller in https://github.com/cli/cli/pull/10239
• Ensure extension update notices only notify once within 24 hours, provide ability to disable all extension update notices by @​andyfeller in https://github.com/cli/cli/pull/9934
• feat: make the extension upgrade fancier by @​nobe4 in https://github.com/cli/cli/pull/10194
• fix: padded display by @​nobe4 in https://github.com/cli/cli/pull/10216
• Update gh attestation attestation bundle fetching logic by @​malancas in https://github.com/cli/cli/pull/10185
• Require repo disambiguation for secret commands by @​williammartin in https://github.com/cli/cli/pull/10209
• show error message for rerun workflow older than a month ago by @​iamrajhans in https://github.com/cli/cli/pull/10227
• Update gh attestation verify table output by @​malancas in https://github.com/cli/cli/pull/10104
• Enable MSI building for Windows arm64 by @​dennisameling in https://github.com/cli/cli/pull/10297
• feat: Add support for creating autolink references by @​hoffm in https://github.com/cli/cli/pull/10180
• Find PRs using @{push} by @​Frederick888 in https://github.com/cli/cli/pull/9208
• feat: Add support for viewing autolink references by @​hoffm in https://github.com/cli/cli/pull/10324
• Update gh attestation bundle fetching logic by @​malancas in https://github.com/cli/cli/pull/10339

🐛 Fixes

• gh gist delete: prompt for gist id by @​danochoa in https://github.com/cli/cli/pull/10154
• Better handling for waiting for codespaces to become ready by @​cmbrose in https://github.com/cli/cli/pull/10198
• Fix: gh gist view and gh gist edit prompts with no TTY by @​mateusmarquezini in https://github.com/cli/cli/pull/10048
• Remove naked return values from ReadBranchConfig and prSelectorForCurrentBranch by @​jtmcg in https://github.com/cli/cli/pull/10197
• Add job to deployment workflow to validate the tag name for a given release by @​jtmcg in https://github.com/cli/cli/pull/10121
• [gh run list] Stop progress indicator on failure from --workflow flag by @​iamazeem in https://github.com/cli/cli/pull/10323
• Update deployment.yml by @​andyfeller in https://github.com/cli/cli/pull/10340

📚 Docs & Chores

• Add affected version heading to bug report issue form by @​BagToad in https://github.com/cli/cli/pull/10269
• chore: fix some comments by @​petercover in https://github.com/cli/cli/pull/10296
• Update triage.md to reflect FR experiment outcome by @​jtmcg in https://github.com/cli/cli/pull/10196
• Clear up --with-token fine grained PAT usage by @​williammartin in https://github.com/cli/cli/pull/10186
• Correct help documentation around template use in gh issue create by @​andyfeller in https://github.com/cli/cli/pull/10208
• chore: fix some function names in comment by @​zhuhaicity in https://github.com/cli/cli/pull/10225
• Tiny typo fix by @​robmorgan in https://github.com/cli/cli/pull/10265
• add install instructions for Manjaro Linux by @​AMS21 in https://github.com/cli/cli/pull/10236
• Update test to be compatible with latest Glamour v0.8.0 by @​ottok in https://github.com/cli/cli/pull/10151
• Add more gh attestation verify integration tests by @​malancas in https://github.com/cli/cli/pull/10102

Dependencies

• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot in https://github.com/cli/cli/pull/10215
• Bump github.com/sigstore/protobuf-specs from 0.3.2 to 0.3.3 by @​dependabot in https://github.com/cli/cli/pull/10214
• Bump github.com/gabriel-vasile/mimetype from 1.4.7 to 1.4.8 by @​dependabot in https://github.com/cli/cli/pull/10184
• Bump google.golang.org/protobuf from 1.36.2 to 1.36.3 by @​dependabot in https://github.com/cli/cli/pull/10250
• Bump golangci-linter and address failures to prepare for Go 1.24 strictness by @​mikelolasagasti in https://github.com/cli/cli/pull/10279
• Bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3 by @​dependabot in https://github.com/cli/cli/pull/10257
• Bump actions/attest-build-provenance from 2.1.0 to 2.2.0 by @​dependabot in https://github.com/cli/cli/pull/10300
• Bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by @​dependabot in https://github.com/cli/cli/pull/10306
• Upgrade sigstore-go to v0.7.0: fixes #​10114 formatting issue by @​codysoyland in https://github.com/cli/cli/pull/10309
• Bump github.com/in-toto/attestation from 1.1.0 to 1.1.1 by @​dependabot in https://github.com/cli/cli/pull/10319

New Contributors

Big thank you to our many new and longtime contributors making this release happen!! ❤️ ✨

• @​zhuhaicity made their first contribution in https://github.com/cli/cli/pull/10225
• @​danochoa made their first contribution in https://github.com/cli/cli/pull/10154
• @​robmorgan made their first contribution in https://github.com/cli/cli/pull/10265
• @​iamrajhans made their first contribution in https://github.com/cli/cli/pull/10227
• @​AMS21 made their first contribution in https://github.com/cli/cli/pull/10236
• @​petercover made their first contribution in https://github.com/cli/cli/pull/10296
• @​ottok made their first contribution in https://github.com/cli/cli/pull/10151
• @​dennisameling made their first contribution in https://github.com/cli/cli/pull/10297
• @​iamazeem made their first contribution in https://github.com/cli/cli/pull/10323
• @​Frederick888 made their first contribution in https://github.com/cli/cli/pull/9208

Full Changelog: cli/cli@v2.65.0...v2.66.0

v2.65.0: GitHub CLI 2.65.0

Compare Source

What's Changed

• Document the base repo resolution functions by @​williammartin in https://github.com/cli/cli/pull/10110
• Update releasing.md by @​andyfeller in https://github.com/cli/cli/pull/10116
• Document how to set gh-merge-base by @​heaths in https://github.com/cli/cli/pull/10112
• Upgrade golang.org/x/net to v0.33.0 by @​jtmcg in https://github.com/cli/cli/pull/10135
• add pending status for workflow runs by @​dziamidchyk in https://github.com/cli/cli/pull/10143
• Remove release discussion posts and clean up related block in deployment yml by @​shauryatiwari1 in https://github.com/cli/cli/pull/10145
• docs(repo): make explicit which branch is used when creating a repo by @​nobe4 in https://github.com/cli/cli/pull/10163
• feat: Add support for listing autolink references by @​hoffm in https://github.com/cli/cli/pull/10124
• Add mention of classic token in gh auth login docs by @​jtmcg in https://github.com/cli/cli/pull/10164
• Feat: Allow setting security_and_analysis settings in gh repo edit by @​ChandranshuRao14 in https://github.com/cli/cli/pull/10139
• Upgrade generated workflows by @​jsoref in https://github.com/cli/cli/pull/10181
• Myriad fixes to provide clarity on determining tracking ref in PR create by @​williammartin in https://github.com/cli/cli/pull/10187
• Handle missing upstream configs for gh pr create by @​cmbrose in https://github.com/cli/cli/pull/10177
• fix(repo fork): add non-TTY output when fork is newly created by @​aryanbhosale in https://github.com/cli/cli/pull/10158
• Bump cli/go-gh for indirect security vulnerability by @​andyfeller in https://github.com/cli/cli/pull/10190

New Contributors

• @​dziamidchyk made their first contribution in https://github.com/cli/cli/pull/10143
• @​shauryatiwari1 made their first contribution in https://github.com/cli/cli/pull/10145
• @​hoffm made their first contribution in https://github.com/cli/cli/pull/10124
• @​ChandranshuRao14 made their first contribution in https://github.com/cli/cli/pull/10139

Full Changelog: cli/cli@v2.64.0...v2.65.0

v2.64.0: GitHub CLI 2.64.0

Compare Source

What's Changed

• docs: improve docs for browse command as of #​5352 by @​ankddev in https://github.com/cli/cli/pull/10025
• Open PR against gh-merge-base by @​heaths in https://github.com/cli/cli/pull/9712
• Add integration tests for gh attestation verify when the bundle-from-oci flag is specified by @​malancas in https://github.com/cli/cli/pull/10020
• gh repo rename help text clarifies new repo name should not include owner by @​BagToad in https://github.com/cli/cli/pull/10044
• fix: list branches in square brackets in gh run and gh codespace by @​uday-rana in https://github.com/cli/cli/pull/10043
• Bump actions/attest-build-provenance from 1.4.4 to 2.1.0 by @​dependabot in https://github.com/cli/cli/pull/10056
• Bump golang.org/x/crypto from 0.29.0 to 0.31.0 by @​dependabot in https://github.com/cli/cli/pull/10070
• Improve documentation and error messaging for local extension installations without executables by @​BagToad in https://github.com/cli/cli/pull/9933
• docs: better document auth scopes by @​ankddev in https://github.com/cli/cli/pull/10026
• Sigstore verifier logic updates by @​malancas in https://github.com/cli/cli/pull/9999
• gh pr merge --delete-branch exits with error when merge requested via merge queue by @​BagToad in https://github.com/cli/cli/pull/10074
• sundry gh at inspect improvements by @​phillmv in https://github.com/cli/cli/pull/9954
• Support pr view for intra-org forks by @​williammartin in https://github.com/cli/cli/pull/10078
• Print policy information before verifying attestations by @​malancas in https://github.com/cli/cli/pull/9891
• Improve error handling in apt setup script by @​jobegrabber in https://github.com/cli/cli/pull/10055
• Use Windows compatible file name for downloaded attestations when running gh attestation download by @​malancas in https://github.com/cli/cli/pull/10051
• Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6 by @​dependabot in https://github.com/cli/cli/pull/10094
• Perform all gh attestation verify policy options configuration in the newEnforcementCriteria() function by @​malancas in https://github.com/cli/cli/pull/10012

New Contributors

• @​ankddev made their first contribution in https://github.com/cli/cli/pull/10025
• @​uday-rana made their first contribution in https://github.com/cli/cli/pull/10043
• @​jobegrabber made their first contribution in https://github.com/cli/cli/pull/10055

Full Changelog: cli/cli@v2.63.2...v2.64.0

v2.63.2: GitHub CLI 2.63.2

Compare Source

What's Changed

• Use consistent slice ordering in run download tests by @​williammartin in https://github.com/cli/cli/pull/10006
• Fix bug when fetching bundles from OCI registry by @​malancas in https://github.com/cli/cli/pull/10019
• Use safepaths for run download by @​williammartin in https://github.com/cli/cli/pull/10009
• Error for mutually exclusive json and watch flags by @​andyfeller in https://github.com/cli/cli/pull/10016

Full Changelog: cli/cli@v2.63.1...v2.63.2

v2.63.1: GitHub CLI 2.63.1

Compare Source

What's Changed

• Fix formatting in git/client_test.go comments for linter by @​BagToad in https://github.com/cli/cli/pull/9969
• Bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7 by @​dependabot in https://github.com/cli/cli/pull/9942
• Clarify which commands correspond to which DNF version under Linux install instructions by @​BagToad in https://github.com/cli/cli/pull/9976
• When renaming an existing remote as part of remote creation in gh repo fork, log the change by @​timrogers in https://github.com/cli/cli/pull/9983
• Fix PR checkout panic when base repo is not in remotes by @​williammartin in https://github.com/cli/cli/pull/9992

Security

• A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download.

  For more information, see GHSA-2m9h-r57g-45pj

Full Changelog: cli/cli@v2.63.0...v2.63.1

v2.63.0: GitHub CLI 2.63.0

Compare Source

What's Changed

• Support bare repo creation by @​williammartin in https://github.com/cli/cli/pull/9905
• Refactor the getAttestations functions by @​malancas in https://github.com/cli/cli/pull/9892
• Added a section on manual verification of the relases. by @​kommendorkapten in https://github.com/cli/cli/pull/9936
• Adding option to return baseRefOid in pr view by @​daliusd in https://github.com/cli/cli/pull/9938
• Update verification results printing by @​malancas in https://github.com/cli/cli/pull/9937
• Fix some multiline command documentation to use heredoc strings by @​BagToad in https://github.com/cli/cli/pull/9948
• Print friendly error when release create fails due to missing workflow OAuth scope by @​BagToad in https://github.com/cli/cli/pull/9791

Full Changelog: cli/cli@v2.62.0...v2.63.0

Security

• A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com.

  For more information, see GHSA-jwcm-9g39-pmcw

New Contributors

• @​daliusd made their first contribution in https://github.com/cli/cli/pull/9938

v2.62.0: GitHub CLI 2.62.0

Compare Source

What's Changed

• Update monotonic verification logic and testing by @​malancas in https://github.com/cli/cli/pull/9856
• Check extension for latest version when executed by @​andyfeller in https://github.com/cli/cli/pull/9866
• Shorten extension release checking from 3s to 1s by @​andyfeller in https://github.com/cli/cli/pull/9914
• Mention GitHub CLI team on discussion issues by @​andyfeller in https://github.com/cli/cli/pull/9920

Full Changelog: cli/cli@v2.61.0...v2.62.0

Security

• A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands.

  For more information, see GHSA-p2h2-3vg9-4p87

GitHub CLI notifies users about latest extension upgrades

Similar to the notification of latest gh releases, the v2.62.0 version of GitHub CLI will notify users about latest extension upgrades when the extension is used:

$ gh ado2gh
...

A new release of ado2gh is available: 1.7.0 → 1.8.0
To upgrade, run: gh extension upgrade ado2gh --force
https://github.com/github/gh-ado2gh

Why does this matter?

This removes a common pain point of extension authors as they have had to reverse engineer and implement a similar mechanism within their extensions directly.

With this quality of life improvement, there are 2 big benefits:

1. Extension authors will hopefully see increased adoption of newer releases while having lower bar to maintaining their extensions.
2. GitHub CLI users will have greater awareness of new features, bug fixes, and security fixes to the extensions used.

What do you need to do?

Extension authors should review their extensions and consider removing any custom logic previously implemented to notify users of new releases.

v2.61.0: GitHub CLI 2.61.0

Compare Source

Ensure users understand consequences before making repository visibility changes

In v2.61.0, gh repo edit command has been enhanced to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes:

1. Interactive gh repo edit visibility change requires confirmation when changing from public, private, or internal
2. Non-interactive gh repo edit --visibility change requires new --accept-visibility-change-consequences flag to confirm
3. New content to inform users of consequences
   • Incorporate GitHub Docs content into help usage and interactive gh repo edit experience
   • Expanded help usage to call out most concerning consequences
   • Display repository star and watcher counts to understand impact before confirming

What's Changed

• Add acceptance test for project command by @​jtmcg in https://github.com/cli/cli/pull/9816
• Add comprehensive testscript for gh ruleset by @​andyfeller in https://github.com/cli/cli/pull/9815
• Add comprehensive testscript for gh ext commandset by @​andyfeller in https://github.com/cli/cli/pull/9810
• Require visibility confirmation in gh repo edit by @​andyfeller in https://github.com/cli/cli/pull/9845
• Clean up skipped online tests for gh attestation verify by @​malancas in https://github.com/cli/cli/pull/9838
• gh attestation verify should only verify provenance attestations by default by @​malancas in https://github.com/cli/cli/pull/9825
• Set dnf5 commands as default by @​its-miroma in https://github.com/cli/cli/pull/9844
• Fix verbiage for deleting workflow runs by @​akx in https://github.com/cli/cli/pull/9876
• Bump github.com/creack/pty from 1.1.23 to 1.1.24 by @​dependabot in https://github.com/cli/cli/pull/9862
• gh attestation verify policy enforcement refactor by @​malancas in https://github.com/cli/cli/pull/9848
• Simplify Sigstore verification result handling in gh attestation verify by @​malancas in https://github.com/cli/cli/pull/9877
• Print empty array for gh cache list when --json is provided by @​williammartin in https://github.com/cli/cli/pull/9883
• Bump actions/attest-build-provenance from 1.4.3 to 1.4.4 by @​dependabot in https://github.com/cli/cli/pull/9884
• Create the automatic key when specified with -i by @​cmbrose in https://github.com/cli/cli/pull/9881
• fix: gh pr create -w ignore template flag by @​nilvng in https://github.com/cli/cli/pull/9863

New Contributors

• @​akx made their first contribution in https://github.com/cli/cli/pull/9876
• @​nilvng made their first contribution in https://github.com/cli/cli/pull/9863

Full Changelog: cli/cli@v2.60.1...v2.61.0

v2.60.1: GitHub CLI 2.60.1

Compare Source

This is a small patch release to fix installing gh via go install which was broken with v2.60.0.

What's Changed

• Update testscript to use hard fork by @​williammartin in https://github.com/cli/cli/pull/9821

Full Changelog: cli/cli@v2.60.0...v2.60.1

v2.60.0: GitHub CLI 2.60.0

Compare Source

What's Changed

• Add ArchivedAt field by @​tsukasaI in https://github.com/cli/cli/pull/9790
• Include startedAt, completedAt in run steps data by @​andyfeller in https://github.com/cli/cli/pull/9774
• Adjust environment help for host and tokens by @​williammartin in https://github.com/cli/cli/pull/9809
• Add handling of empty titles for Issues and PRs by @​jtmcg in https://github.com/cli/cli/pull/9701
• LiveSigstoreVerifier.Verify should error if no attestations are present by @​phillmv in https://github.com/cli/cli/pull/9742
• gh at verify retries fetching attestations if it receives a 5xx by @​phillmv in https://github.com/cli/cli/pull/9797
• Prevent local extension installations with invalid names and conflicts with core commands and other extensions by @​BagToad in https://github.com/cli/cli/pull/9794
• Rewrite a sentence in CONTRIBUTING.md by @​muzimuzhi in https://github.com/cli/cli/pull/9772
• Use new GitHub preview terms in working-with-us.md by @​BagToad in https://github.com/cli/cli/pull/9800
• Use new GitHub previews terminology in attestation commands' help docs by @​BagToad in https://github.com/cli/cli/pull/9799
• Clarify in README that gh is supported on GitHub Enterprise Cloud by @​BagToad in https://github.com/cli/cli/pull/9805
• build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 by @​dependabot in https://github.com/cli/cli/pull/9752

Acceptance Test Changes

• Add acceptance tests for workflow, run, and cache commands by @​BagToad in https://github.com/cli/cli/pull/9766
• Add basic api acceptance tests by @​BagToad in https://github.com/cli/cli/pull/9770
• Add acceptance tests for release commands by @​BagToad in https://github.com/cli/cli/pull/9771
• Add acceptance tests for org and ssh-key commands by @​BagToad in https://github.com/cli/cli/pull/9812
• Add acceptance tests for gh auth commands by @​jtmcg in https://github.com/cli/cli/pull/9787
• Add acceptance tests for repo commands by @​jtmcg in https://github.com/cli/cli/pull/9783
• Add acceptance tests for search command by @​BagToad in https://github.com/cli/cli/pull/9786
• Add acceptance tests for variable commands by @​andyfeller in https://github.com/cli/cli/pull/978
• Add testscripts for gpg-key and label commands by @​williammartin in https://github.com/cli/cli/pull/9811
• Use forked testscript for token redaction by @​williammartin in https://github.com/cli/cli/pull/9804
• Add acceptance tests for secret commands by @​andyfeller in https://github.com/cli/cli/pull/9782
• Note token redaction in Acceptance test README by @​williammartin in https://github.com/cli/cli/pull/9813

New Contributors

• @​tsukasaI made their first contribution in https://github.com/cli/cli/pull/9790

Full Changelog: cli/cli@v2.59.0...v2.60.0

v2.59.0: GitHub CLI 2.59.0

Compare Source

What's Changed

• Allow community submitted design work by @​BagToad in https://github.com/cli/cli/pull/9683
• Improve SECURITY.md with expectations for privately reported vulnerabilities by @​BagToad in https://github.com/cli/cli/pull/9687
• Emit a log message when extension installation falls back to a darwin-amd64 binary on an Apple Silicon macOS device by @​timrogers in https://github.com/cli/cli/pull/9650
• Print the login URL even when opening a browser by @​ulfjack in https://github.com/cli/cli/pull/7091
• configurable maxwidth for markdown WithWrap() by @​smemsh in https://github.com/cli/cli/pull/9626
• Handle errors when parsing hostname in auth flow by @​BagToad in https://github.com/cli/cli/pull/9729
• Add repo license list/view and repo gitignore list/view by @​BagToad in https://github.com/cli/cli/pull/9721
• Introduce testscript acceptance tests generally, and for the PR command specifically by @​williammartin in https://github.com/cli/cli/pull/9745
• Support GH_ACCEPTANCE_SCRIPT env var to target a single script by @​williammartin in https://github.com/cli/cli/pull/9756
• Ensure Acceptance defer failures are debuggable by @​williammartin in https://github.com/cli/cli/pull/9754
• Add acceptance task to makefile by @​williammartin in https://github.com/cli/cli/pull/9748
• Add Acceptance tests for issue command by @​williammartin in https://github.com/cli/cli/pull/9757
• Update IsEnterprise and IsTenancy for orthogonality using go-gh by @​jtmcg in https://github.com/cli/cli/pull/9755
• Supporting filtering on gist list by @​heaths in https://github.com/cli/cli/pull/9728

New Contributors

• @​ulfjack made their first contribution in https://github.com/cli/cli/pull/7091
• @​smemsh made their first contribution in https://github.com/cli/cli/pull/9626

Full Changelog: cli/cli@v2.58.0...v2.59.0

v2.58.0: GitHub CLI 2.58.0

Compare Source

What's Changed

• Better messaging for attestation verify custom issuer mismatch error by @​bdehamer in https://github.com/cli/cli/pull/9616
• Enhance gh repo create docs, fix random cmd link by @​andyfeller in https://github.com/cli/cli/pull/9630
• Add HasActiveToken method to AuthConfig to refactor auth check for attestation trusted-root command by @​BagToad in https://github.com/cli/cli/pull/9635
• Improve the suggested command for creating an issue when an extension doesn't have a binary for your platform by @​timrogers in https://github.com/cli/cli/pull/9608
• Disable auth check for attestation trusted-root command by @​bdehamer in https://github.com/cli/cli/pull/9610
• build(deps): bump github.com/henvic/httpretty from 0.1.3 to 0.1.4 by @​dependabot in https://github.com/cli/cli/pull/9645
• Fix tenant-awareness for trusted-root command by @​bdehamer in https://github.com/cli/cli/pull/9638
• Replace "GitHub Enterprise Server" option with "other" in gh auth login prompting by @​jtmcg in https://github.com/cli/cli/pull/9642
• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.4 to 2.0.5 by @​dependabot in https://github.com/cli/cli/pull/9634
• Add dnf5 instructions to docs/install_linux.md by @​its-miroma in https://github.com/cli/cli/pull/9660
• build(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1 by @​dependabot in https://github.com/cli/cli/pull/9688

New Contributors

• @​its-miroma made their first contribution in https://github.com/cli/cli/pull/9660

Full Changelog: cli/cli@v2.57.0...v2.58.0

v2.57.0: GitHub CLI 2.57.0

Compare Source

What's Changed

• Move non-integration tests to different test file by @​codysoyland in https://github.com/cli/cli/pull/9577
• Added tenancy aware attestation commands by @​kommendorkapten in https://github.com/cli/cli/pull/9542
• Added --active flag to the gh auth status command by @​velumuruganr in https://github.com/cli/cli/pull/9520
• build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 by @​dependabot in https://github.com/cli/cli/pull/9601
• gh attestation verify test for custom OIDC issuers by @​bdehamer in https://github.com/cli/cli/pull/9595
• Suggest installing Rosetta when extension installation fails due to missing darwin-arm64 binary, but a darwin-amd64 binary is available by @​timrogers in https://github.com/cli/cli/pull/9599
• Update gh attestation verify bundle parsing and validation errors by @​malancas in https://github.com/cli/cli/pull/9564
• Suppress attestation verify output when no TTY present by @​bdehamer in https://github.com/cli/cli/pull/9612
• Use api subdomains for tenant hosts by @​williammartin in https://github.com/cli/cli/pull/9618

New Contributors

• @​kommendorkapten made their first contribution in https://github.com/cli/cli/pull/9542
• @​velumuruganr made their first contribution in https://github.com/cli/cli/pull/9520
• @​bdehamer made their first contribution in https://github.com/cli/cli/pull/9595
• @​timrogers made their first contribution in https://github.com/cli/cli/pull/9599

Full Changelog: cli/cli@v2.56.0...v2.57.0

v2.56.0: GitHub CLI 2.56.0

Compare Source

Important note about renewed GPG key

The Debian and RedHat releases have been signed with a new GPG key. If you are experiencing issues updating your .deb or .rpm packages, please read cli/cli#9569.

What's Changed

• Always print URL scheme to stdout by @​heaths in https://github.com/cli/cli/pull/9471
• Quote repo names consistently in gh repo sync stdout by @​muzimuzhi in https://github.com/cli/cli/pull/9491
• Fetch bundle from OCI registry for verify by @​ejahnGithub in https://github.com/cli/cli/pull/9421
• Remove Internal from gh repo create prompt when owner is not an org by @​jtmcg in https://github.com/cli/cli/pull/9465
• Drop surplus trailing space char in flag names in web by @​muzimuzhi in https://github.com/cli/cli/pull/9495
• fix the trimming of log filenames for gh run view by @​benebsiny in https://github.com/cli/cli/pull/9482
• "offline" verification using the bundle of attestations without any additional handling of the file by @​aryanbhosale in https://github.com/cli/cli/pull/9523
• build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 by @​dependabot in https://github.com/cli/cli/pull/9518
• Fix doc typo for repo sync by @​muzimuzhi in https://github.com/cli/cli/pull/9509
• Correct the help message for -F by @​Goooler in https://github.com/cli/cli/pull/9525
• chore: fix some function names by @​crystalstall in https://github.com/cli/cli/pull/9555
• verify 2nd artifact without swapping order by @​aryanbhosale in https://github.com/cli/cli/pull/9532
• gh attestation verify handles empty JSONL files by @​malancas in https://github.com/cli/cli/pull/9541
• Enhance Linux installation docs to redirect users to GPG renewal issue, better troubleshooting support by @​andyfeller in https://github.com/cli/cli/pull/9573
• Upgrade sigstore-go to v0.6.1 by @​codysoyland in https://github.com/cli/cli/pull/9566
• Check for nil values to prevent nil dereference panic by @​codysoyland in https://github.com/cli/cli/pull/9578
• build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3 by @​dependabot in https://github.com/cli/cli/pull/9575

New Contributors

• @​aryanbhosale made their first contribution in https://github.com/cli/cli/pull/9523
• @​Goooler made their first contribution in https://github.com/cli/cli/pull/9525
• @​crystalstall made their first contribution in https://github.com/cli/cli/pull/9555

Full Changelog: cli/cli@v2.55.0...v2.56.0

v2.55.0: GitHub CLI 2.55.0

Compare Source

What's Changed

• Update gh variable get to use repo host by @​andyfeller in https://github.com/cli/cli/pull/9411
• build(deps): bump actions/attest-build-provenance from 1.3.3 to 1.4.0 by @​dependabot in https://github.com/cli/cli/pull/9400
• Unify use of tab indent in non-test source files by @​muzimuzhi in https://github.com/cli/cli/pull/9407
• Add Acceptance Criteria requirement to triage.md for accepted issues by @​jtmcg in https://github.com/cli/cli/pull/9435
• Improve Unix compliance gh repo set-default by @​thecaffeinedev in https://github.com/cli/cli/pull/9431
• Document that gh run download downloads the latest artifact by default by @​sato11 in https://github.com/cli/cli/pull/9412
• build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @​dependabot in https://github.com/cli/cli/pull/9432
• Replace --project.* flags' name with title in docs by @​jtmcg in [https://github.com/Replace --project.* flags' name with title in docs cli/cli#9443](https://redirect.gith

---

Configuration

📅 Schedule: Branch creation - "on the 1st through 7th day of the month" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.