chore(deps): bump actions/create-github-app-token from 1.11.6 to 3.2.0#12591
Conversation
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.11.6 to 3.2.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](actions/create-github-app-token@21cfef2...bcd2ba4) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
dj4oC
left a comment
There was a problem hiding this comment.
Bumps actions/create-github-app-token from v1.11.6 to v3.2.0 (SHA-pinned) in translate.yml, used to mint a GitHub App token for the transifex translation sync (consumes TRANSLATION_APP_ID/TRANSLATION_APP_PRIVATE_KEY secrets).
Findings
Nothing blocking. Official GitHub-owned action, SHA-pinned per OSPO policy. Major version bump on a secrets-adjacent action — worth a routine sanity check that the pinned SHA matches the labeled v3.2.0 tag, but no functional regression expected for this token-generation usage.
Cross-platform check
N/A — CI workflow only.
Verdict
Approved
🤖 Automated review by Claude Code (security · stability · performance · coverage)
Generated by Claude Code
🤖 Automated review by Claude Code (security · stability · performance · coverage) Generated by Claude Code |
🤖 Automated review by Claude Code (security · stability · performance · coverage) Generated by Claude Code |
🤖 Automated review by Claude Code (security · stability · performance · coverage) Generated by Claude Code |
…ithub-app-token-3.2.0
Bumps actions/create-github-app-token from 1.11.6 to 3.2.0.
Release notes
Sourced from actions/create-github-app-token's releases.
... (truncated)
Changelog
Sourced from actions/create-github-app-token's changelog.
Commits
bcd2ba4chore(main): release 3.2.0 (#370)f24bbd8fix: validate private-key input (#376)363531bdocs: capitalize Git as a proper noun in README (#374)fd28011docs: update procedure to configure Git (#287)85eb8ddfeat: support full repository names inrepositoriesinput (#372)c9aabb8build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...e02e816build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)8d835bfbuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...952a2a7feat: add support for enterprise-level GitHub Apps (#263)43e5c34fix(deps): bump@actions/corefrom 3.0.0 to 3.0.1 in the production-dependenc...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)