Subject: CVS commit: pkgsrc/net/gh
From: Benny Siegert
Date: 2025-03-08 20:50:08
Message id: 20250308195009.17362FBE1@cvs.NetBSD.org

Log Message:
gh: update to 2.68.1

2.68.1

Fix secret command panic when base repo is determined via cwd

2.68.0

-   [gh repo view] Improve error message for forked repo
-   Add signer-digest, source-ref, and source-digest options for gh attestation
    verify
-   [gh pr checkout] Add --no-tags option to git fetch commands in checkout
-   [gh issue/pr comment] Add --create-if-none and prompts to create a comment
    if no comment already exists
-   [gh cache delete --all] Add --succeed-on-no-caches flag to return exit code
    0
-   [gh release create] Fail when there are no new commits since the last
    release
-   update default upstream when forking repo during PR creation

2.67.0

A bug in gh attestation verify may return an incorrect zero exit status when no
matching attestations are found for the specified --predicate-type <value> or
the default https://slsa.dev/provenance/v1 if not specified. This issue only
arises if an artifact has an attestation with a predicate type different from
the one provided in the command. As a result, users relying solely on these
exit codes may mistakenly believe the attestation has been verified, despite
the absence of an attestation with the specified predicate type and the tool
printing a verification failure.

Users are advised to update gh to version v2.67.0 as soon as possible.

For more information, see GHSA-fgw4-v983-mgp8

Files:
RevisionActionfile
1.90modifypkgsrc/net/gh/Makefile
1.45modifypkgsrc/net/gh/distinfo
1.39modifypkgsrc/net/gh/go-modules.mk