Skip to content

[deps]: Update actions/create-github-app-token action to v2 #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[deps]: Update actions/create-github-app-token action to v2 #126

wants to merge 1 commit into from
+2 −2

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 26, 2025
edited
Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package Type Update Change
actions/create-github-app-token action major v1.12.0 -> v2.1.4

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v2.1.4

Compare Source

Bug Fixes

v2.1.3

Compare Source

Bug Fixes
  • deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#​254) (f3d5ec2)

v2.1.2

Compare Source

Bug Fixes

v2.1.1

Compare Source

Bug Fixes

v2.1.0

Compare Source

Features

v2.0.6

Compare Source

Bug Fixes

v2.0.5

Compare Source

Bug Fixes
  • deps: bump the production-dependencies group with 3 updates (#​240) (d64d7d7)

v2.0.4

Compare Source

Bug Fixes

v2.0.3

Compare Source

Bug Fixes

v2.0.2

Compare Source

Bug Fixes

v2.0.1

Compare Source

Bug Fixes
  • deps: bump the production-dependencies group across 1 directory with 2 updates (#​228) (2411bfc)

v2.0.0

Compare Source

BREAKING CHANGES
  • Removed deprecated inputs (app_id, private_key, skip_token_revoke) and made app-id and private-key required in the action configuration.

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner May 26, 2025 01:07
@renovate renovate bot requested a review from mimartin12 May 26, 2025 01:07
@bitwarden-bot bitwarden-bot changed the title [deps]: Update actions/create-github-app-token action to v2 [PM-22025] [deps]: Update actions/create-github-app-token action to v2 May 26, 2025
@bitwarden-bot
Copy link

Internal tracking:

@renovate renovate bot changed the title [PM-22025] [deps]: Update actions/create-github-app-token action to v2 [deps]: Update actions/create-github-app-token action to v2 May 26, 2025
mimartin12
mimartin12 previously approved these changes Jun 9, 2025
View reviewed changes
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 9, 2025

Logo
Checkmarx One – Scan Summary & Details71be740b-50a6-47b3-ad1c-0f64abfc7306

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2024-21538 Npm-cross-spawn-7.0.3
detailsRecommended version: 7.0.5
Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: JCLBIpqSj6dPXVbntxy7KZ5TODCypm4ScSDCTfnneWU%3D
Vulnerable Package
MEDIUM CVE-2024-4067 Npm-micromatch-4.0.7
detailsRecommended version: 4.0.8
Description: The NPM package "micromatch" prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in "micromatch....
Attack Vector: NETWORK
Attack Complexity: LOW

ID: YFSorXXQ9nB81wjLV%2F8IUovh79bfVWXrQ6SaCYvbhh8%3D
Vulnerable Package
LOW Cx8bc4df28-fcf5 Npm-debug-4.3.4
detailsRecommended version: 4.4.0
Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e...
Attack Vector: NETWORK
Attack Complexity: HIGH

ID: Qmoo4ZuTXWEMzK%2BrM2GxOo%2F1fz%2FNZ8Kwk8W4vDRkV90%3D
Vulnerable Package

@renovate renovate bot force-pushed the renovate/actions-create-github-app-token-2.x branch from 291a43c to f370845 Compare July 11, 2025 15:09
@renovate renovate bot force-pushed the renovate/actions-create-github-app-token-2.x branch from f370845 to cceab6b Compare July 28, 2025 19:08
@renovate renovate bot force-pushed the renovate/actions-create-github-app-token-2.x branch 2 times, most recently from 2c5f58c to e3990b2 Compare August 16, 2025 02:58
@renovate renovate bot force-pushed the renovate/actions-create-github-app-token-2.x branch from e3990b2 to 1034348 Compare August 18, 2025 16:23
@renovate renovate bot force-pushed the renovate/actions-create-github-app-token-2.x branch 2 times, most recently from 9349b8c to 3d5ef8b Compare September 20, 2025 02:22
@renovate renovate bot force-pushed the renovate/actions-create-github-app-token-2.x branch from 3d5ef8b to ab7ba01 Compare September 25, 2025 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mimartin12 mimartin12 mimartin12 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
version:patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bitwarden-bot @mimartin12