Skip to content

Bump actions/create-github-app-token from 1.11.6 to 3.2.0#157

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions/create-github-app-token-3.1.1
Open

Bump actions/create-github-app-token from 1.11.6 to 3.2.0#157
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions/create-github-app-token-3.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/create-github-app-token from 1.11.6 to 3.2.0.

Release notes

Sourced from actions/create-github-app-token's releases.

v3.2.0

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

  • improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

  • deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

... (truncated)

Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Commits
  • bcd2ba4 chore(main): release 3.2.0 (#370)
  • f24bbd8 fix: validate private-key input (#376)
  • 363531b docs: capitalize Git as a proper noun in README (#374)
  • fd28011 docs: update procedure to configure Git (#287)
  • 85eb8dd feat: support full repository names in repositories input (#372)
  • c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
  • e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
  • 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
  • 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
  • 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 12, 2026
@dependabot dependabot Bot changed the title Bump actions/create-github-app-token from 1.11.6 to 3.1.1 Bump actions/create-github-app-token from 1.11.6 to 3.2.0 May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/create-github-app-token-3.1.1 branch from 7df21fa to 5cf6978 Compare May 18, 2026 13:11

@dj4oC dj4oC left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump: actions/create-github-app-token 1.11.6 → 3.2.0 (GitHub Actions ecosystem, covered by .github/dependabot.yml, excluded from the minor-and-patch group since it's a major bump).

Findings

Stability (1 finding, not auto-merged)

  • This is a major version bump spanning two major versions — does not qualify for the Dependabot fast-lane. Upstream release notes for the 3.0.0 series list explicit BREAKING CHANGES: custom HTTP_PROXY/HTTPS_PROXY handling was removed (now requires NODE_USE_ENV_PROXY=1 set explicitly on the step), and it requires Actions Runner v2.327.1+. This action is used here to mint a GitHub App token for pull-transifex.yml's automated PR creation — if that runner or org network setup relies on implicit proxy handling, token issuance could silently break in a way GitHub-hosted-runner CI wouldn't catch. Needs explicit human confirmation that no proxy env vars are relied upon implicitly.
  • Security: no findings beyond the above (no CVE); this is the credential-adjacent action (mints an App token), so the breaking-change risk is worth a deliberate human check rather than an automatic merge.
  • Performance: no findings.
  • Coverage: N/A — CI-only dependency bump, no Swift/UIKit code touched.

Note

Build verification skipped (Xcode not available in cloud review environment). Code analysis only.

Verdict

Commenting — holding for human review due to major version bump with documented breaking changes. This mirrors the equivalent PR in ios-app (#1553), which is also held for the same reason.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

dj4oC commented Jul 8, 2026

Copy link
Copy Markdown
  • Security: no findings
  • Stability: 1 finding — see review
  • Performance: no findings
  • Test coverage: N/A (CI-only dependency bump, no app code)
  • TODOs found: none
  • Dependency touched: yes — confirmed in .github/dependabot.yml (github-actions ecosystem)
  • CI status: all green (ran against the bumped version already)
  • Stale review: no

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

@DeepDiver1975 DeepDiver1975 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump; CI green. Approving.

@DeepDiver1975 DeepDiver1975 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump; CI green. Approving.

@DeepDiver1975

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.11.6 to 3.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](actions/create-github-app-token@21cfef2...bcd2ba4)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/create-github-app-token-3.1.1 branch from 5cf6978 to 0211e4f Compare July 14, 2026 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants