Skip to content

chore: bump actions/create-github-app-token from 3.0.0 to 3.1.1#306

Merged
thomson-t merged 2 commits intomainfrom
dependabot/github_actions/actions/create-github-app-token-3.1.1
Apr 14, 2026
Merged

chore: bump actions/create-github-app-token from 3.0.0 to 3.1.1#306
thomson-t merged 2 commits intomainfrom
dependabot/github_actions/actions/create-github-app-token-3.1.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026

Bumps actions/create-github-app-token from 3.0.0 to 3.1.1.

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

  • improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

  • deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

Commits
  • 1b10c78 build(release): 3.1.1 [skip ci]
  • 07e2b76 fix: improve error message when app identifier is empty (#362)
  • ea01216 ci: remove publish-immutable-action workflow (#361)
  • 7bd0371 build(release): 3.1.0 [skip ci]
  • e6bd4e6 feat: add client-id input and deprecate app-id (#353)
  • 076e948 feat: update permission inputs (#358)
  • 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
  • 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
  • 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
  • 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore: bump actions/create-github-app-token from 3.0.0 to 3.1.1
6253814 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.0.0 to 3.1.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@f8d387b...1b10c78)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner April 13, 2026 10:10
@cursor
Copy link
Copy Markdown

cursor bot commented Apr 13, 2026
edited
Loading

PR Summary

Low Risk
Low risk CI-only change updating a GitHub Action and its inputs; main risk is release/trunk workflows failing if the new client-id secret is missing or misconfigured.

Overview
Updates the GitHub App token generation in release-draft.yml and trunk-upgrade.yml to actions/create-github-app-token@v3.1.1, switching configuration to use the new client-id secret input.

Removes trivy from the Trunk enabled linters list in .trunk/trunk.yaml.

Reviewed by Cursor Bugbot for commit d301e6b. Bugbot is set up for automated code reviews on this repo. Configure here.

@thomson-t
ci(actions): use client id and remove Trivy from Trunk
d301e6b 
Switch the GitHub App token action to use SDK_RELEASE_GITHUB_CLIENT_ID via the recommended client-id input in the release and trunk upgrade workflows.

Remove Trivy from the Trunk linter set to match the other SDK repos and avoid the current Trivy bundle crash in the Trunk Check job.
cursor[bot]
cursor bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit d301e6b. Configure here.

@thomson-t thomson-t merged commit 1c5c8c3 into main Apr 14, 2026
11 checks passed
@thomson-t thomson-t deleted the dependabot/github_actions/actions/create-github-app-token-3.1.1 branch April 14, 2026 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@BrandonStalnaker BrandonStalnaker BrandonStalnaker approved these changes

@thomson-t thomson-t thomson-t approved these changes

Assignees

No one assigned

Labels

dependabot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BrandonStalnaker @thomson-t