openSUSE-SU-2025:0021-1

Описание

This update for gh fixes the following issues:

• Update to version 2.65.0:

  • Bump cli/go-gh for indirect security vulnerability
  • Panic mustParseTrackingRef if format is incorrect
  • Move trackingRef into pr create package
  • Make tryDetermineTrackingRef tests more respective of reality
  • Rework tryDetermineTrackingRef tests
  • Avoid pointer return from determineTrackingBranch
  • Doc determineTrackingBranch
  • Don't use pointer for determineTrackingBranch branchConfig
  • Panic if tracking ref can't be reconstructed
  • Document and rework pr create tracking branch lookup
  • Upgrade generated workflows
  • Fixed test for stdout in non-tty use case of repo fork
  • Fix test
  • Alternative: remove LocalBranch from BranchConfig
  • Set LocalBranch even if the git config fails
  • Add test for permissions check for security and analysis edits (#1)
  • print repo url to stdout
  • Update pkg/cmd/auth/login/login.go
  • Move mention of classic token to correct line
  • Separate type decrarations
  • Add mention of classic token in gh auth login docs
  • Update pkg/cmd/repo/create/create.go
  • docs(repo): make explicit which branch is used when creating a repo
  • fix(repo fork): add non-TTY output when fork is newly created
  • Move api call to editRun
  • Complete get -> list renaming
  • Better error testing for autolink TestListRun
  • Decode instead of unmarshal
  • Use 'list' instead of 'get' for autolink list type and method
  • Remove NewAutolinkClient
  • Break out autolink list json fields test
  • PR nits
  • Refactor autolink subcommands into their own packages
  • Whitespace
  • Refactor out early return in test code
  • Add testing for AutoLinkGetter
  • Refactor autolink list and test to use http interface for simpler testing
  • Apply PR comment changes
  • Introduce repo autolinks list commands
  • Remove release discussion posts and clean up related block in deployment yml
  • Extract logic into helper function
  • add pending status for workflow runs
  • Feat: Allow setting security_and_analysis settings in gh repo edit
  • Upgrade golang.org/x/net to v0.33.0
  • Document SmartBaseRepoFunc
  • Document BaseRepoFunc
  • Update releasing.md
  • Document how to set gh-merge-base

• Update to version 2.64.0:

  • add test for different SAN and SourceRepositoryURI values
  • add test for signerRepo and tenant
  • add some more fields to test that san, sanregex are set properly
  • Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6
  • update san and sanregex configuration for readability
  • reduce duplication when creating policy content
  • tweak output of build policy info
  • Name conditionals in PR finder
  • Support pr view for intra-org forks
  • Return err instead of silentError in merge queue check
  • linting pointed out this var is no longer used
  • Removed fun, but inaccessible ASCII header
  • further tweaks to the long description
  • Exit on pr merge with -d and merge queue
  • Addressed PR review feedback; expanded Long command help string, used ghrepo, clarified some abbreviations
  • Update pkg/cmd/attestation/inspect/inspect.go
  • Update gh auth commands to point to GitHub Docs
  • Reformat ext install long
  • Mention Windows quirk in ext install help text
  • Fix error mishandling in local ext install
  • Assert on err msg directly in ext install tests
  • Clarify hosts in ext install help text
  • Bump golang.org/x/crypto from 0.29.0 to 0.31.0
  • Removed now redundant file
  • minor tweak to language
  • go mod tidy
  • Deleted no-longer-used code.
  • deleted now-invalid tests, added a tiny patina of new testing.
  • Tightened up docs, deleted dead code, improved printing
  • fix file name creation on windows
  • wording
  • hard code expected digest
  • fix download test
  • use bash shell with integration tests
  • simplify var creation
  • update integration test scripts
  • fix: list branches in square brackets in gh codespace
  • try nesting scripts
  • run all tests in a single script
  • windows for loop syntax
  • use replaceAll
  • update expected file path on windows
  • run integration tests with windows specific syntax
  • run all attestation cmd integration tests automatically
  • Bump actions/attest-build-provenance from 1.4.4 to 2.1.0
  • Improve error handling in apt setup script
  • use different file name for attestation files on windows
  • test(gh run): assert branch names are enclosed in square brackets
  • docs: enhance help text and prompt for rename command
  • Revert 'Confirm auto-detected base branch'
  • Confirm auto-detected base branch
  • Merge changes from #10004
  • Set gh-merge-base from issue develop
  • Open PR against gh-merge-base
  • Refactor extension executable error handling
  • fix: list branches in square brackets in gh run view (#10038)
  • docs: update description of command
  • style: reformat files
  • docs: update sentence case
  • use github owned oci image
  • docs: add mention of scopes help topic in auth refresh command help
  • docs: add mention of scopes help topic in auth login command help
  • docs: add help topic for auth scopes
  • docs: improve help for browse command
  • docs: improve docs for browse command as of #5352
  • fix package reference
  • add gh attestation verify integration test for oci bundles
  • add integration test for bundle-from-oci option
  • update tests
  • update tests
  • move content of veriy policy options function into enforcement criteria
  • comment
  • try switch statement
  • remove duplicate err checking
  • get bundle issuer in another func
  • more logic updating to remove nesting
  • inverse logic for less nesting
  • remove unneeded nesting
  • wip, linting, getting tests to pass
  • wording
  • var naming
  • drop table view
  • order policy info so relevant info is printed next to each other
  • Update pkg/cmd/attestation/verification/policy.go
  • Update pkg/cmd/attestation/verification/policy.go
  • Update pkg/cmd/attestation/verification/policy.go
  • wip: added new printSummaryInspection
  • Improve error handling for missing executable
  • experiment with table output
  • Assert stderr is empty in manager_test.go
  • Update error message wording
  • Change: exit zero, still print warning to stderr
  • wording
  • Improve docs on installing extensions
  • Update language for missing extension executable
  • Update test comments about Windows behavior
  • wording
  • wording
  • wording
  • add newlines for additional policy info
  • Document requirements for local extensions
  • Warn when installing local ext with no executable
  • wording
  • formatting
  • print policy information before verifying
  • add initial policy info method
  • more wip poking around, now with table printing
  • wip, gh at inspect will check the signature on the bundle
  • wip: inspect now prints various bundle fields in a nice json

• Update to version 2.63.2:

  • include alg with digest when fetching bundles from OCI
  • Error for mutually exclusive json and watch flags
  • Use safepaths for run download
  • Use consistent slice ordering in run download tests
  • Consolidate logic for isolating artifacts
  • Fix PR checkout panic when base repo is not in remotes
  • When renaming an existing remote in gh repo fork, log the change
  • Improve DNF version clarity in install steps
  • Fix formatting in client_test.go comments for linter
  • Expand logic and tests to handle edge cases
  • Refactor download testing, simpler file descends
  • Bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7
  • Improve test names so there is no repetition
  • Second attempt to address exploit

• Update to version 2.63.0:

  • Add checkout test that uses ssh git remote url
  • Rename backwards compatible credentials pattern
  • Fix CredentialPattern doc typos
  • Remove TODOs
  • Fix typos and add tests for CredentialPatternFrom* functions
  • Add SSH remote todo
  • General cleanup and docs
  • Allow repo sync fetch to use insecure credentials pattern
  • Allow client fetch to use insecure credentials pattern
  • Allow client push to use insecure credential pattern
  • Allow client pull to use insecure credential pattern
  • Allow opt-in to insecure pattern
  • Support secure credential pattern
  • Refactor error handling for missing 'workflow' scope in createRelease
  • ScopesResponder wraps StatusScopesResponder
  • Refactor workflow scope checking
  • pr feedback
  • pr feedback
  • Update pkg/cmd/attestation/verify/attestation_integration_test.go
  • Apply suggestions from code review
  • Refactor command documentation to use heredoc
  • pr feedback
  • remove unused test file
  • undo change
  • add more testing testing fixtures
  • update test with new test bundle
  • naming
  • update test
  • update test
  • Fix README.md code block formatting
  • clean up
  • wrap sigstore and cert ext verification into a single function
  • Adding option to return baseRefOid in pr view
  • verify cert extensions function should return filtered result list
  • pr feedback
  • Update pkg/cmd/attestation/download/download.go
  • fix function param calls
  • Update pkg/cmd/attestation/verification/extensions.go
  • Formatting fix
  • Updated formatting to be more clear
  • Updated markdown syntax for a note.
  • Added a section on manual verification of the relases.
  • Handle missing 'workflow' scope in createRelease
  • Modify push prompt on repo create when bare
  • Doc push behaviour for bare repo create
  • Push --mirror on bare repo create
  • Add acceptance test for bare repo create
  • Doc isLocalRepo and git.Client IsLocalRepo differences
  • Use errWithExitCode interface in repo create isLocalRepo
  • Backfill repo creation failure tests
  • Support bare repo creation
  • use logger println method
  • simplify verifyCertExtensions
  • rename type
  • refactor fetch attestations funcs

• Update to version 2.62.0

  • CVE-2024-52308: remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands (boo#1233387, GHSA-p2h2-3vg9-4p87)
  • Check extension for latest version when executed
  • Shorten extension release checking from 3s to 1s

• includes changes from 2.61.0:

  • Enhance gh repo edit command to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes

• Update to version 2.60.1:

  • Note token redaction in Acceptance test README
  • Refactor gpg-key delete to align with ssh-key delete
  • Add acceptance tests for org command
  • Adjust environment help for host and tokens (#9809)
  • Add SSH Key Acceptance test
  • Add Acceptance test for label command
  • Add acceptance test for gpg-key
  • Update go-internal to redact more token types in Acceptance tests
  • Address PR feedback
  • Clarify gh is available for GitHub Enterprise Cloud
  • Remove comment from gh auth logout
  • Add acceptance tests for auth-setup-git and formattedStringToEnv helper func
  • Use forked testscript for token redaction
  • Use new GitHub preview terms in working-with-us.md
  • Use new GitHub previews terminology in attestation
  • Test json flags for repo view and list
  • Clean up auth-login-logout acceptance test with native functionality
  • Add --token flag to gh auth login to accept a PAT as a flag
  • Setup acceptance testing for auth and tests for auth-token and auth-status
  • Update variable testscripts based on secret
  • Check extOwner for no value instead
  • Fix tests for invalid extension name
  • Refactor to remove code duplication
  • Linting: now that mockDataGenerator has an embedded mock, we ought to have pointer receivers in its funcs.
  • Minor tweaks, added backoff to getTrustDomain
  • added test for verifying we do 3 retries when fetching attestations.
  • Fix single quote not expanding vars
  • Added constant backoff retry to getAttestations.
  • Address @williammartin PR feedback
  • wip: added test that fails in the absence of a backoff.
  • add validation for local ext install
  • feat: add ArchivedAt field to Repository struct
  • Refactor gh secret testscript
  • Wrap true in '' in repo-fork-sync
  • Rename acceptance test directory from repos to repo
  • Remove unnecessary flags from repo-delete testscript
  • Replace LICENSE Makefile README.md acceptance api bin build cmd context docs git go.mod go.sum internal pkg script share test utils commands with
  • Wrap boolean strings in '' so it is clear they are strings
  • Remove unnecessary gh auth setup-git steps
  • Cleanup some inconsistencies and improve collapse some functionality
  • Add acceptance tests for repo deploy-key add/list/delete
  • Add acceptance tests for repo-fork and repo-sync
  • Add acceptance test for repo-set-default
  • Add acceptance test for repo-edit
  • Add acceptance tests for repo-list and repo-rename
  • Acceptance testing for repo-archive and repo-unarchive
  • Add acceptance test for repo-clone
  • Added acceptance test for repo-delete
  • Added test function for repos and repo-create test
  • Implement acceptance tests for search commands
  • Remove . from test case for TestTitleSurvey
  • Clean up Title Survey empty title message code
  • Add missing test to trigger acceptance tests
  • Add acceptance tests for gh variable
  • Minor polish / consistency
  • Fix typo in custom command doc
  • Refactor env2upper, env2lower; add docs
  • Update secret note about potential failure
  • Add testscripts for gh secret, helper cmds
  • Remove stdout assertion from release
  • Rename test files
  • Add acceptance tests for release commands
  • Implement basic API acceptance test
  • Remove unnecesary mkdir from download Acceptance test
  • Remove empty stdout checks
  • Adjust sleeps to echos in Acceptance workflows
  • Use regex assert for enable disable workflow Acceptance test
  • Watch for run to end for cancel Acceptance test
  • Include startedAt, completedAt in run steps data
  • Rewrite a sentence in CONTRIBUTING.md
  • Add filtered content output to docs
  • sleep 10s before checking for workflow run
  • Update run-rerun.txtar
  • Create cache-list-delete.txtar
  • Create run-view.txtar
  • Create run-rerun.txtar
  • Create run-download.txtar
  • Create run-delete.txtar
  • Remove IsTenancy and relevant tests from gists as they are unsupported
  • Remove unnecessary code branches
  • Add ghe.com to tests describing ghec data residency
  • Remove comment
  • auth: Removed redundant ghauth.IsTenancy(host) check
  • Use go-gh/auth package for IsEnterprise, IsTenancy, and NormalizeHostname
  • Upgrade go-gh version to 2.11.0
  • Add test coverage to places where IsEnterprise incorrectly covers Tenancy
  • Fix issue creation with metadata regex
  • Create run-cancel.txtar
  • Create workflow-run.txtar
  • Create workflow-view.txtar
  • implement workflow enable/disable acceptance test
  • implement base workflow list acceptance test
  • Add comment to acceptance make target
  • Resolve PR feedback
  • Acceptance test issue command
  • Support GH_ACCEPTANCE_SCRIPT
  • Ensure Acceptance defer failures are debuggable
  • Add acceptance task to makefile
  • build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6
  • Ensure pr create with metadata has assignment
  • Document sharedCmds func in acceptance tests
  • Correct testscript description in Acceptance readme
  • Add link to testscript pkg documentation
  • Add VSCode extension links to Acceptance README
  • Fix GH_HOST / GH_ACCEPTANCE_HOST misuse
  • Acceptance test PR list
  • Support skipping Acceptance test cleanup
  • Acceptance test PR creation with metadata
  • Suggest using legacy PAT for acceptance tests
  • Add host recommendation to Acceptance test docs
  • Don't append remaining text if more matches
  • Highlight matches in table and content
  • Split all newlines, and output no-color to non-TTY
  • Print filtered gists similar to code search
  • Show progress when filtering
  • Simplify description
  • Disallow use of --include-content without --filter
  • Improve help docs
  • Refactor filtering into existing gist list
  • Improve performance
  • Add gist search command
  • Fix api tests after function signature changes
  • Return nil instead of empty objects when err
  • Fix license list and view tests
  • Validate required env vars not-empty for Acceptance tests
  • Add go to test instructions in Acceptance README
  • Apply suggestions from code review
  • Error if acceptance tests are targeting github or cli orgs
  • Add codecoverage to Acceptance README
  • Isolate acceptance env vars
  • Add Writing Tests section to Acceptance README
  • Add Debug and Authoring sections to Acceptance README
  • Acceptance test PR comment
  • Acceptance test PR merge and rebase
  • Note syntax highlighting support for txtar files
  • Refactor acceptance test environment handling
  • Add initial acceptance test README
  • Use txtar extension for testscripts
  • Support targeting other hosts in acceptance tests
  • Use stdout2env in PR acceptance tests
  • Acceptance test PR checkout
  • Add pr view test script
  • Initial testscript introduction
  • While we're at it, let's ensure VerifyCertExtensions can't be tricked the same way.
  • Add examples for creating .gitignore files
  • Update help for license view
  • Refactor http error handling
  • implement --web flag for license view
  • Fix license view help doc, add LICENSE.md example
  • Update help and fix heredoc indentation
  • Add SPDX ID to license list output
  • Fix ExactArgs invocation
  • Add Long for license list indicating limitations
  • Update function names
  • Reverse repo/shared package name change
  • If provided with zero attestations to verify, the LiveSigstoreVerifier.Verify func should return an error.
  • Bump cli/oauth to 1.1.1
  • Add test coverage for TitleSurvey change
  • Fix failing test for pr and issue create
  • Make the X in the error message red and print with io writer
  • Handle errors from parsing hostname in auth flow
  • Apply suggestions from code review
  • Refactor tests and add new tests
  • Move API calls to queries_repo.go
  • Allow user to override markdown wrap width via $GH_MDWIDTH from environment
  • Add handling of empty titles for Issues and PRs
  • Print the login URL even when opening a browser
  • Apply suggestions from code review
  • Update SECURITY.md
  • Fix typo and wordsmithing
  • fix typo
  • Remove trailing space from heading
  • Revise wording
  • Update docs to allow community submitted designs
  • Implement license view
  • Implement gitignore view
  • implement gitignore list
  • Update license table headings and tests
  • Fix ListLicenseTemplates doc
  • fix output capitalization
  • Cleanup rendering and tests
  • Remove json output option
  • Divide shared repo package and add queries tests
  • First pass at implementing gh repo license list
  • Emit a log message when extension installation falls back to a darwin-amd64 binary on an Apple Silicon macOS machine

• Update to version 2.58.0:

  • build(deps): bump github.com/theupdateframework/go-tuf/v2
  • Include dnf5 commands
  • Add GPG key instructions to appropriate sections
  • Update docs language to remove possible confusion around 'where you log in'
  • Change conditional in promptForHostname to better reflect prompter changes
  • Shorten language on Authenticate with a GitHub host.
  • Update language on docstring for gh auth login
  • Change prompts for gh auth login to reflect change from GHE to Other
  • Sentence case 'Other' option in hostname prompt
  • build(deps): bump github.com/henvic/httpretty from 0.1.3 to 0.1.4
  • Add documentation explaining how to use hostname for gh auth login
  • Replace 'GitHub Enterprise Server' with 'other' in gh auth login prompt
  • fix tenant-awareness for trusted-root command
  • Fix test
  • Update pkg/cmd/extension/manager.go
  • Update comment formatting
  • Use new HasActiveToken method in trustedroot.go
  • Add HasActiveToken method to AuthConfig interface
  • Add HasActiveToken to AuthConfig.
  • Improve error presentation
  • Improve the suggested command for creating an issue when an extension doesn't have a binary for your platform
  • Update pkg/cmd/attestation/trustedroot/trustedroot_test.go
  • build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.4 to 2.0.5
  • enforce auth for tenancy
  • disable auth check for att trusted-root cmd
  • better error for att verify custom issuer mismatch
  • Enhance gh repo create docs, fix random cmd link