build(deps): bump actions/create-github-app-token from 2.2.1 to 3.1.1#1225
build(deps): bump actions/create-github-app-token from 2.2.1 to 3.1.1#1225dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.2.1 to 3.1.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@29824e6...1b10c78) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Semver Impact of This PR🟢 Patch (bug fixes) 📋 Changelog PreviewThis is how your changes will appear in the changelog. Bug Fixes 🐛
Internal Changes 🔧
🤖 This preview updates automatically when you update the PR. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 84c7f2d. Configure here.
| - name: Get auth token | ||
| id: token | ||
| uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 | ||
| uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v2 |
There was a problem hiding this comment.
Deprecated app-id input not migrated to client-id
Medium Severity
The action was bumped to v3.1.1 which deprecated the app-id input in favor of client-id, but the workflow still passes the value via app-id. The variable name SENTRY_RELEASE_BOT_CLIENT_ID strongly suggests it holds a Client ID (a string like Iv23li...), which differs in format from a numeric App ID. Passing a Client ID through the deprecated app-id input may trigger validation warnings or failures in v3's stricter identifier handling. The input key here likely needs to be client-id.
Reviewed by Cursor Bugbot for commit 84c7f2d. Configure here.
Bumps actions/create-github-app-token from 2.2.1 to 3.1.1.
Release notes
Sourced from actions/create-github-app-token's releases.
... (truncated)
Commits
1b10c78build(release): 3.1.1 [skip ci]07e2b76fix: improve error message when app identifier is empty (#362)ea01216ci: remove publish-immutable-action workflow (#361)7bd0371build(release): 3.1.0 [skip ci]e6bd4e6feat: addclient-idinput and deprecateapp-id(#353)076e948feat: update permission inputs (#358)3bbe07dfix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)28a99e3build(deps-dev): bump c8 from 10.1.3 to 11.0.04df5060build(deps-dev): bump open-cli from 8.0.0 to 9.0.04843c53build(deps-dev): bump the development-dependencies group with 3 updatesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)