Skip to content

build(deps): bump @octokit/action from 6.1.0 to 8.0.2 #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump @octokit/action from 6.1.0 to 8.0.2 #50

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 27, 2025
edited
Loading

Bumps @octokit/action from 6.1.0 to 8.0.2.

Release notes

Sourced from @​octokit/action's releases.

v8.0.2

8.0.2 (2025-05-26)

Bug Fixes

  • deps: update dependency @​octokit/plugin-rest-endpoint-methods to v16 (#703) (25f537f)

v8.0.1

8.0.1 (2025-05-21)

Bug Fixes

  • deps: update octokit monorepo (major) (#702) (76679e4)

v8.0.0

8.0.0 (2025-05-20)

Continuous Integration

BREAKING CHANGES

  • Drop support for NodeJS v18

  • build: set minimal node version in build script to v20

  • ci: stop testing against NodeJS v18

v7.0.2

7.0.2 (2025-04-10)

Bug Fixes

  • deps: update octokit monorepo (major) (#694) (82d96c1)

v7.0.1

7.0.1 (2025-02-15)

Bug Fixes

  • deps: update Octokit dependencies to mitigate ReDos vulnerabilities [security] (#682) (715671e)

v7.0.0

... (truncated)

Commits
  • 25f537f fix(deps): update dependency @​octokit/plugin-rest-endpoint-methods to v16 (#703)
  • 76679e4 fix(deps): update octokit monorepo (major) (#702)
  • b6a290e ci: stop testing against NodeJS v18 (#700)
  • 249ff46 build(deps): lock file maintenance (#701)
  • d36e0ef build(deps-dev): bump vite from 6.3.2 to 6.3.5 (#699)
  • 74128c3 build(deps): lock file maintenance (#697)
  • a3b34c9 build(deps): lock file maintenance (#696)
  • de907e7 build(deps-dev): bump vite from 6.2.5 to 6.2.6 (#695)
  • 82d96c1 fix(deps): update octokit monorepo (major) (#694)
  • ab658ce build(deps-dev): bump vite from 6.2.0 to 6.2.5 (#693)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
### Summary by AIGNE

Release Notes

Chore

  • Updated @octokit/action to v8.0.2 and related dependencies for improved security and stability
  • Upgraded minimum Node.js requirement to v20+

Security

  • Fixed ReDos vulnerabilities in dependencies

Note: This is primarily a maintenance update that improves the underlying security and stability of the system. No direct user-facing changes or features are included in this update, but users should upgrade to continue receiving security patches and improvements.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump @octokit/action from 6.1.0 to 8.0.2
7a2ad3f 
Bumps [@octokit/action](https://github.com/octokit/action.js) from 6.1.0 to 8.0.2.
- [Release notes](https://github.com/octokit/action.js/releases)
- [Commits](octokit/action.js@v6.1.0...v8.0.2)

---
updated-dependencies:
- dependency-name: "@octokit/action"
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 27, 2025
@dependabot dependabot bot mentioned this pull request May 27, 2025
Closed
@github-actions
Copy link
Contributor

github-actions bot commented May 27, 2025
edited
Loading

Image description AIGNE Framework

Walkthrough

This update focuses on modernizing the GitHub Actions workflow by upgrading the @octokit/action package from v6.1.0 to v8.0.2. The upgrade includes critical security fixes for ReDos vulnerabilities and requires Node.js v20+. The change also updates several core Octokit dependencies to their latest versions, improving the overall security and reliability of GitHub API interactions.

Changes

Files Summary
package.json, pnpm-lock.yaml - Upgrades @octokit/action to v8.0.2
- Updates Octokit monorepo dependencies (auth-token, core, endpoint, graphql, plugins)
- Drops Node.js v18 support, requires v20+
- Patches ReDos vulnerabilities

github-actions[bot]
github-actions bot reviewed May 27, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description AIGNE Framework

Commits Files that changed from the base of the PR and between 4a8d19e and 7a2ad3f commits.
Files selected (2)
  • package.json (1)
  • pnpm-lock.yaml (19)
Review comments generated (10)
  • Review: 0
  • LGTM: 10
提示

Image description AIGNE Reviewer (@aignebot) 聊天

  • 回复此机器人留下的审查评论以提出后续问题。审查评论是对差异或文件的评论。
  • 通过在回复中标记 @aignebot 邀请机器人加入审查评论链。

代码建议

  • 机器人可能会提出代码建议,但在提交前请仔细审查它们,因为行号范围可能会不对齐。
  • 你可以编辑机器人做出的评论,并在建议稍有偏差时手动调整。

暂停增量审查

  • 在 PR 描述中的任何位置添加 @aignebot: ignore 以暂停机器人的进一步审查。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant