Skip to content

Bump @octokit/request-error and @actions/github#27

Merged
ahernandez411 merged 10 commits intomainfrom
dependabot/npm_and_yarn/multi-939339bafa
Mar 4, 2026
Merged

Bump @octokit/request-error and @actions/github#27
ahernandez411 merged 10 commits intomainfrom
dependabot/npm_and_yarn/multi-939339bafa

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 14, 2025

Bumps @octokit/request-error to 5.1.1 and updates ancestor dependency @actions/github. These dependencies need to be updated together.

Updates @octokit/request-error from 2.1.0 to 5.1.1

Release notes

Sourced from @​octokit/request-error's releases.

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

  • upgrade @octokit/types to v13 (3af20bd)

Features

v5.0.1

5.0.1 (2023-09-23)

Bug Fixes

  • deps: update dependency @​octokit/types to v12 (#366) (590fc39)

v5.0.0

5.0.0 (2023-07-07)

Bug Fixes

  • deps: update dependency @​octokit/types to v11 (#348) (372097e)

BREAKING CHANGES

  • deps: upgrade @octokit/types to v11

v4.0.2

4.0.2 (2023-06-16)

Bug Fixes

  • deps: update dependency @​octokit/types to v10 (#343) (28b1958)

... (truncated)

Commits
  • b51ed27 test: ReDos regex vulnerability, reported by @​dayshift
  • 12a14f0 fix: ReDos regex vulnerability, reported by @​dayshift
  • 3af20bd fix: upgrade @octokit/types to v13
  • 94147e8 feat(security): Add provenance (#416)
  • 590fc39 fix(deps): update dependency @​octokit/types to v12 (#366)
  • 4b9c57e ci(action): update peter-evans/create-or-update-comment digest to 46da6c0
  • 710afc3 ci(action): update peter-evans/create-or-update-comment digest to 1f6c514
  • c82c8ce ci(action): update peter-evans/create-or-update-comment digest to 223779b
  • ec24ead ci(action): update peter-evans/create-or-update-comment digest to 46846e5 (#362)
  • 365f18d ci(action): update actions/checkout action to v4
  • Additional commits viewable in compare view

Updates @actions/github from 5.1.1 to 6.0.0

Changelog

Sourced from @​actions/github's changelog.

6.0.0

  • Support the latest Octokit in @​actions/github #1553
    • Drop support of NodeJS v14, v16
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump @octokit/request-error and @actions/github
ddd3e14 
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together.


Updates `@octokit/request-error` from 2.1.0 to 5.1.1
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v2.1.0...v5.1.1)

Updates `@actions/github` from 5.1.1 to 6.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: indirect
- dependency-name: "@actions/github"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 14, 2025
@dependabot dependabot bot requested a review from a team February 14, 2025 23:30
@ahernandez411 ahernandez411 requested a review from a team as a code owner March 4, 2026 21:47
@ahernandez411
Copy link
Contributor

ahernandez411 commented Mar 4, 2026

@copilot

two of the builds failed can you look at them?

This is the synopsis of the failures

build-and-review-pr
Upgrade Node to v16+.
Add --platform=node and --external:node:* to ESBuild options.
Ensure dependencies are updated.
Apply these updates in your workflow and ESBuild config, then re-run the job. If issues persist, share your workflow step where ESBuild runs for more tailored help.

test
Run tests from a main-branch (not forks) for full token permissions.
Use unique or clean tags for each release.
Ensure asset upload steps have both asset-name and asset-path defined and not empty.
If you share your workflow YAML or relevant job steps, I can provide targeted code changes for those sections.

Copy link
Contributor

Copilot AI commented Mar 4, 2026

@ahernandez411 I've opened a new pull request, #31, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Mar 4, 2026
Merged
10 tasks
Copilot AI and others added 4 commits March 4, 2026 21:57
@ahernandez411
Fix ESBuild configuration and update to v0.20.2 to support Node.js bu…
a1b942c 
…ilt-in modules

Co-authored-by: ahernandez411 <11199284+ahernandez411@users.noreply.github.com>
@ahernandez411
Update README to v3.2.1 and recompile with formatting fixes
b4df41b 
Co-authored-by: ahernandez411 <11199284+ahernandez411@users.noreply.github.com>
@ahernandez411
Fix test expectations for auto-generated release notes format
e26d7e2 
Co-authored-by: ahernandez411 <11199284+ahernandez411@users.noreply.github.com>
@ahernandez411
Merge pull request #31 from im-open/copilot/sub-pr-27
610607d 
Fix ESBuild configuration for @actions/github v6.0.0 compatibility
@github-actions
Copy link

github-actions bot commented Mar 4, 2026

The action's Contributing Guidelines have been met:

  • The action's version in the Usage Examples section of README.md has been updated to @v3.2.1
  • The action has been recompiled (if needed) by running the build command from the root of the repository

@ahernandez411
Copy link
Contributor

ahernandez411 commented Mar 4, 2026

@copilot

The index.js has a code ql vunlerability

[Check failure on line 16630 in dist/index.js](https://github.com/im-open/create-release/pull/27/files#annotation_46848570329) 

Code scanning
/ CodeQL

Use of a broken or weak cryptographic algorithm
High

A broken or weak cryptographic algorithm
 depends on sensitive data from an access to uid
.
A broken or weak cryptographic algorithm
 depends on sensitive data from an access to uid
.
[Show more details](https://github.com/im-open/create-release/security/code-scanning/4)

Copilot AI mentioned this pull request Mar 4, 2026
Merged
Copy link
Contributor

Copilot AI commented Mar 4, 2026

@ahernandez411 I've opened a new pull request, #32, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI and others added 2 commits March 4, 2026 22:37
@ahernandez411
Upgrade @actions/core to 2.0.3 and @actions/github to 8.0.1 to fix SH…
88ee234 
…A-1 vulnerability

Co-authored-by: ahernandez411 <11199284+ahernandez411@users.noreply.github.com>
@ahernandez411
Merge pull request #32 from im-open/copilot/sub-pr-27
1276cb6 
Upgrade @actions/core and @actions/github to resolve CodeQL SHA-1 alert
@github-actions
Copy link

github-actions bot commented Mar 4, 2026

The action's Contributing Guidelines have been met:

  • The action's version in the Usage Examples section of README.md has been updated to @v3.2.1
  • The action has been recompiled (if needed) by running the build command from the root of the repository

@ahernandez411 ahernandez411 merged commit 028f998 into main Mar 4, 2026
6 checks passed
@ahernandez411 ahernandez411 deleted the dependabot/npm_and_yarn/multi-939339bafa branch March 4, 2026 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahernandez411 ahernandez411 ahernandez411 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ahernandez411