Path to this page:
Subject: CVS commit: pkgsrc/net/gh
From: Benny Siegert
Date: 2025-03-08 20:50:08
Message id: 20250308195009.17362FBE1@cvs.NetBSD.org
Log Message:
gh: update to 2.68.1
2.68.1
Fix secret command panic when base repo is determined via cwd
2.68.0
- [gh repo view] Improve error message for forked repo
- Add signer-digest, source-ref, and source-digest options for gh attestation
verify
- [gh pr checkout] Add --no-tags option to git fetch commands in checkout
- [gh issue/pr comment] Add --create-if-none and prompts to create a comment
if no comment already exists
- [gh cache delete --all] Add --succeed-on-no-caches flag to return exit code
0
- [gh release create] Fail when there are no new commits since the last
release
- update default upstream when forking repo during PR creation
2.67.0
A bug in gh attestation verify may return an incorrect zero exit status when no
matching attestations are found for the specified --predicate-type <value> or
the default https://slsa.dev/provenance/v1 if not specified. This issue only
arises if an artifact has an attestation with a predicate type different from
the one provided in the command. As a result, users relying solely on these
exit codes may mistakenly believe the attestation has been verified, despite
the absence of an attestation with the specified predicate type and the tool
printing a verification failure.
Users are advised to update gh to version v2.67.0 as soon as possible.
For more information, see GHSA-fgw4-v983-mgp8
Files: