Update dependency cli/cli to v2.63.0

[renovate]

This PR contains the following updates:

Package	Update	Change
cli/cli	minor	v2.53.0 -> v2.63.0

---

Release Notes

cli/cli (cli/cli)

v2.63.0: GitHub CLI 2.63.0

Compare Source

What's Changed

• Support bare repo creation by @​williammartin in https://github.com/cli/cli/pull/9905
• Refactor the getAttestations functions by @​malancas in https://github.com/cli/cli/pull/9892
• Added a section on manual verification of the relases. by @​kommendorkapten in https://github.com/cli/cli/pull/9936
• Adding option to return baseRefOid in pr view by @​daliusd in https://github.com/cli/cli/pull/9938
• Update verification results printing by @​malancas in https://github.com/cli/cli/pull/9937
• Fix some multiline command documentation to use heredoc strings by @​BagToad in https://github.com/cli/cli/pull/9948
• Print friendly error when release create fails due to missing workflow OAuth scope by @​BagToad in https://github.com/cli/cli/pull/9791

Full Changelog: cli/cli@v2.62.0...v2.63.0

Security

• A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com.

  For more information, see GHSA-jwcm-9g39-pmcw

New Contributors

• @​daliusd made their first contribution in https://github.com/cli/cli/pull/9938

v2.62.0: GitHub CLI 2.62.0

Compare Source

What's Changed

• Update monotonic verification logic and testing by @​malancas in https://github.com/cli/cli/pull/9856
• Check extension for latest version when executed by @​andyfeller in https://github.com/cli/cli/pull/9866
• Shorten extension release checking from 3s to 1s by @​andyfeller in https://github.com/cli/cli/pull/9914
• Mention GitHub CLI team on discussion issues by @​andyfeller in https://github.com/cli/cli/pull/9920

Full Changelog: cli/cli@v2.61.0...v2.62.0

Security

• A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands.

  For more information, see GHSA-p2h2-3vg9-4p87

GitHub CLI notifies users about latest extension upgrades

Similar to the notification of latest gh releases, the v2.62.0 version of GitHub CLI will notify users about latest extension upgrades when the extension is used:

$ gh ado2gh
...

A new release of ado2gh is available: 1.7.0 → 1.8.0
To upgrade, run: gh extension upgrade ado2gh --force
https://github.com/github/gh-ado2gh

Why does this matter?

This removes a common pain point of extension authors as they have had to reverse engineer and implement a similar mechanism within their extensions directly.

With this quality of life improvement, there are 2 big benefits:

1. Extension authors will hopefully see increased adoption of newer releases while having lower bar to maintaining their extensions.
2. GitHub CLI users will have greater awareness of new features, bug fixes, and security fixes to the extensions used.

What do you need to do?

Extension authors should review their extensions and consider removing any custom logic previously implemented to notify users of new releases.

v2.61.0: GitHub CLI 2.61.0

Compare Source

Ensure users understand consequences before making repository visibility changes

In v2.61.0, gh repo edit command has been enhanced to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes:

1. Interactive gh repo edit visibility change requires confirmation when changing from public, private, or internal
2. Non-interactive gh repo edit --visibility change requires new --accept-visibility-change-consequences flag to confirm
3. New content to inform users of consequences
   • Incorporate GitHub Docs content into help usage and interactive gh repo edit experience
   • Expanded help usage to call out most concerning consequences
   • Display repository star and watcher counts to understand impact before confirming

What's Changed

• Add acceptance test for project command by @​jtmcg in https://github.com/cli/cli/pull/9816
• Add comprehensive testscript for gh ruleset by @​andyfeller in https://github.com/cli/cli/pull/9815
• Add comprehensive testscript for gh ext commandset by @​andyfeller in https://github.com/cli/cli/pull/9810
• Require visibility confirmation in gh repo edit by @​andyfeller in https://github.com/cli/cli/pull/9845
• Clean up skipped online tests for gh attestation verify by @​malancas in https://github.com/cli/cli/pull/9838
• gh attestation verify should only verify provenance attestations by default by @​malancas in https://github.com/cli/cli/pull/9825
• Set dnf5 commands as default by @​its-miroma in https://github.com/cli/cli/pull/9844
• Fix verbiage for deleting workflow runs by @​akx in https://github.com/cli/cli/pull/9876
• Bump github.com/creack/pty from 1.1.23 to 1.1.24 by @​dependabot in https://github.com/cli/cli/pull/9862
• gh attestation verify policy enforcement refactor by @​malancas in https://github.com/cli/cli/pull/9848
• Simplify Sigstore verification result handling in gh attestation verify by @​malancas in https://github.com/cli/cli/pull/9877
• Print empty array for gh cache list when --json is provided by @​williammartin in https://github.com/cli/cli/pull/9883
• Bump actions/attest-build-provenance from 1.4.3 to 1.4.4 by @​dependabot in https://github.com/cli/cli/pull/9884
• Create the automatic key when specified with -i by @​cmbrose in https://github.com/cli/cli/pull/9881
• fix: gh pr create -w ignore template flag by @​nilvng in https://github.com/cli/cli/pull/9863

New Contributors

• @​akx made their first contribution in https://github.com/cli/cli/pull/9876
• @​nilvng made their first contribution in https://github.com/cli/cli/pull/9863

Full Changelog: cli/cli@v2.60.1...v2.61.0

v2.60.1: GitHub CLI 2.60.1

Compare Source

This is a small patch release to fix installing gh via go install which was broken with v2.60.0.

What's Changed

• Update testscript to use hard fork by @​williammartin in https://github.com/cli/cli/pull/9821

Full Changelog: cli/cli@v2.60.0...v2.60.1

v2.60.0: GitHub CLI 2.60.0

Compare Source

What's Changed

• Add ArchivedAt field by @​tsukasaI in https://github.com/cli/cli/pull/9790
• Include startedAt, completedAt in run steps data by @​andyfeller in https://github.com/cli/cli/pull/9774
• Adjust environment help for host and tokens by @​williammartin in https://github.com/cli/cli/pull/9809
• Add handling of empty titles for Issues and PRs by @​jtmcg in https://github.com/cli/cli/pull/9701
• LiveSigstoreVerifier.Verify should error if no attestations are present by @​phillmv in https://github.com/cli/cli/pull/9742
• gh at verify retries fetching attestations if it receives a 5xx by @​phillmv in https://github.com/cli/cli/pull/9797
• Prevent local extension installations with invalid names and conflicts with core commands and other extensions by @​BagToad in https://github.com/cli/cli/pull/9794
• Rewrite a sentence in CONTRIBUTING.md by @​muzimuzhi in https://github.com/cli/cli/pull/9772
• Use new GitHub preview terms in working-with-us.md by @​BagToad in https://github.com/cli/cli/pull/9800
• Use new GitHub previews terminology in attestation commands' help docs by @​BagToad in https://github.com/cli/cli/pull/9799
• Clarify in README that gh is supported on GitHub Enterprise Cloud by @​BagToad in https://github.com/cli/cli/pull/9805
• build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 by @​dependabot in https://github.com/cli/cli/pull/9752

Acceptance Test Changes

• Add acceptance tests for workflow, run, and cache commands by @​BagToad in https://github.com/cli/cli/pull/9766
• Add basic api acceptance tests by @​BagToad in https://github.com/cli/cli/pull/9770
• Add acceptance tests for release commands by @​BagToad in https://github.com/cli/cli/pull/9771
• Add acceptance tests for org and ssh-key commands by @​BagToad in https://github.com/cli/cli/pull/9812
• Add acceptance tests for gh auth commands by @​jtmcg in https://github.com/cli/cli/pull/9787
• Add acceptance tests for repo commands by @​jtmcg in https://github.com/cli/cli/pull/9783
• Add acceptance tests for search command by @​BagToad in https://github.com/cli/cli/pull/9786
• Add acceptance tests for variable commands by @​andyfeller in https://github.com/cli/cli/pull/978
• Add testscripts for gpg-key and label commands by @​williammartin in https://github.com/cli/cli/pull/9811
• Use forked testscript for token redaction by @​williammartin in https://github.com/cli/cli/pull/9804
• Add acceptance tests for secret commands by @​andyfeller in https://github.com/cli/cli/pull/9782
• Note token redaction in Acceptance test README by @​williammartin in https://github.com/cli/cli/pull/9813

New Contributors

• @​tsukasaI made their first contribution in https://github.com/cli/cli/pull/9790

Full Changelog: cli/cli@v2.59.0...v2.60.0

v2.59.0: GitHub CLI 2.59.0

Compare Source

What's Changed

• Allow community submitted design work by @​BagToad in https://github.com/cli/cli/pull/9683
• Improve SECURITY.md with expectations for privately reported vulnerabilities by @​BagToad in https://github.com/cli/cli/pull/9687
• Emit a log message when extension installation falls back to a darwin-amd64 binary on an Apple Silicon macOS device by @​timrogers in https://github.com/cli/cli/pull/9650
• Print the login URL even when opening a browser by @​ulfjack in https://github.com/cli/cli/pull/7091
• configurable maxwidth for markdown WithWrap() by @​smemsh in https://github.com/cli/cli/pull/9626
• Handle errors when parsing hostname in auth flow by @​BagToad in https://github.com/cli/cli/pull/9729
• Add repo license list/view and repo gitignore list/view by @​BagToad in https://github.com/cli/cli/pull/9721
• Introduce testscript acceptance tests generally, and for the PR command specifically by @​williammartin in https://github.com/cli/cli/pull/9745
• Support GH_ACCEPTANCE_SCRIPT env var to target a single script by @​williammartin in https://github.com/cli/cli/pull/9756
• Ensure Acceptance defer failures are debuggable by @​williammartin in https://github.com/cli/cli/pull/9754
• Add acceptance task to makefile by @​williammartin in https://github.com/cli/cli/pull/9748
• Add Acceptance tests for issue command by @​williammartin in https://github.com/cli/cli/pull/9757
• Update IsEnterprise and IsTenancy for orthogonality using go-gh by @​jtmcg in https://github.com/cli/cli/pull/9755
• Supporting filtering on gist list by @​heaths in https://github.com/cli/cli/pull/9728

New Contributors

• @​ulfjack made their first contribution in https://github.com/cli/cli/pull/7091
• @​smemsh made their first contribution in https://github.com/cli/cli/pull/9626

Full Changelog: cli/cli@v2.58.0...v2.59.0

v2.58.0: GitHub CLI 2.58.0

Compare Source

What's Changed

• Better messaging for attestation verify custom issuer mismatch error by @​bdehamer in https://github.com/cli/cli/pull/9616
• Enhance gh repo create docs, fix random cmd link by @​andyfeller in https://github.com/cli/cli/pull/9630
• Add HasActiveToken method to AuthConfig to refactor auth check for attestation trusted-root command by @​BagToad in https://github.com/cli/cli/pull/9635
• Improve the suggested command for creating an issue when an extension doesn't have a binary for your platform by @​timrogers in https://github.com/cli/cli/pull/9608
• Disable auth check for attestation trusted-root command by @​bdehamer in https://github.com/cli/cli/pull/9610
• build(deps): bump github.com/henvic/httpretty from 0.1.3 to 0.1.4 by @​dependabot in https://github.com/cli/cli/pull/9645
• Fix tenant-awareness for trusted-root command by @​bdehamer in https://github.com/cli/cli/pull/9638
• Replace "GitHub Enterprise Server" option with "other" in gh auth login prompting by @​jtmcg in https://github.com/cli/cli/pull/9642
• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.4 to 2.0.5 by @​dependabot in https://github.com/cli/cli/pull/9634
• Add dnf5 instructions to docs/install_linux.md by @​its-miroma in https://github.com/cli/cli/pull/9660
• build(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1 by @​dependabot in https://github.com/cli/cli/pull/9688

New Contributors

• @​its-miroma made their first contribution in https://github.com/cli/cli/pull/9660

Full Changelog: cli/cli@v2.57.0...v2.58.0

v2.57.0: GitHub CLI 2.57.0

Compare Source

What's Changed

• Move non-integration tests to different test file by @​codysoyland in https://github.com/cli/cli/pull/9577
• Added tenancy aware attestation commands by @​kommendorkapten in https://github.com/cli/cli/pull/9542
• Added --active flag to the gh auth status command by @​velumuruganr in https://github.com/cli/cli/pull/9520
• build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 by @​dependabot in https://github.com/cli/cli/pull/9601
• gh attestation verify test for custom OIDC issuers by @​bdehamer in https://github.com/cli/cli/pull/9595
• Suggest installing Rosetta when extension installation fails due to missing darwin-arm64 binary, but a darwin-amd64 binary is available by @​timrogers in https://github.com/cli/cli/pull/9599
• Update gh attestation verify bundle parsing and validation errors by @​malancas in https://github.com/cli/cli/pull/9564
• Suppress attestation verify output when no TTY present by @​bdehamer in https://github.com/cli/cli/pull/9612
• Use api subdomains for tenant hosts by @​williammartin in https://github.com/cli/cli/pull/9618

New Contributors

• @​kommendorkapten made their first contribution in https://github.com/cli/cli/pull/9542
• @​velumuruganr made their first contribution in https://github.com/cli/cli/pull/9520
• @​bdehamer made their first contribution in https://github.com/cli/cli/pull/9595
• @​timrogers made their first contribution in https://github.com/cli/cli/pull/9599

Full Changelog: cli/cli@v2.56.0...v2.57.0

v2.56.0: GitHub CLI 2.56.0

Compare Source

Important note about renewed GPG key

The Debian and RedHat releases have been signed with a new GPG key. If you are experiencing issues updating your .deb or .rpm packages, please read cli/cli#9569.

What's Changed

• Always print URL scheme to stdout by @​heaths in https://github.com/cli/cli/pull/9471
• Quote repo names consistently in gh repo sync stdout by @​muzimuzhi in https://github.com/cli/cli/pull/9491
• Fetch bundle from OCI registry for verify by @​ejahnGithub in https://github.com/cli/cli/pull/9421
• Remove Internal from gh repo create prompt when owner is not an org by @​jtmcg in https://github.com/cli/cli/pull/9465
• Drop surplus trailing space char in flag names in web by @​muzimuzhi in https://github.com/cli/cli/pull/9495
• fix the trimming of log filenames for gh run view by @​benebsiny in https://github.com/cli/cli/pull/9482
• "offline" verification using the bundle of attestations without any additional handling of the file by @​aryanbhosale in https://github.com/cli/cli/pull/9523
• build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 by @​dependabot in https://github.com/cli/cli/pull/9518
• Fix doc typo for repo sync by @​muzimuzhi in https://github.com/cli/cli/pull/9509
• Correct the help message for -F by @​Goooler in https://github.com/cli/cli/pull/9525
• chore: fix some function names by @​crystalstall in https://github.com/cli/cli/pull/9555
• verify 2nd artifact without swapping order by @​aryanbhosale in https://github.com/cli/cli/pull/9532
• gh attestation verify handles empty JSONL files by @​malancas in https://github.com/cli/cli/pull/9541
• Enhance Linux installation docs to redirect users to GPG renewal issue, better troubleshooting support by @​andyfeller in https://github.com/cli/cli/pull/9573
• Upgrade sigstore-go to v0.6.1 by @​codysoyland in https://github.com/cli/cli/pull/9566
• Check for nil values to prevent nil dereference panic by @​codysoyland in https://github.com/cli/cli/pull/9578
• build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3 by @​dependabot in https://github.com/cli/cli/pull/9575

New Contributors

• @​aryanbhosale made their first contribution in https://github.com/cli/cli/pull/9523
• @​Goooler made their first contribution in https://github.com/cli/cli/pull/9525
• @​crystalstall made their first contribution in https://github.com/cli/cli/pull/9555

Full Changelog: cli/cli@v2.55.0...v2.56.0

v2.55.0: GitHub CLI 2.55.0

Compare Source

What's Changed

• Update gh variable get to use repo host by @​andyfeller in https://github.com/cli/cli/pull/9411
• build(deps): bump actions/attest-build-provenance from 1.3.3 to 1.4.0 by @​dependabot in https://github.com/cli/cli/pull/9400
• Unify use of tab indent in non-test source files by @​muzimuzhi in https://github.com/cli/cli/pull/9407
• Add Acceptance Criteria requirement to triage.md for accepted issues by @​jtmcg in https://github.com/cli/cli/pull/9435
• Improve Unix compliance gh repo set-default by @​thecaffeinedev in https://github.com/cli/cli/pull/9431
• Document that gh run download downloads the latest artifact by default by @​sato11 in https://github.com/cli/cli/pull/9412
• build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @​dependabot in https://github.com/cli/cli/pull/9432
• Replace --project.* flags' name with title in docs by @​jtmcg in https://github.com/cli/cli/pull/9443
• Wrap flags with backticks, continued by @​muzimuzhi in https://github.com/cli/cli/pull/9444
• Improve gh release create --notes-from-tag behavior with multiline tag annotation by @​babakks in https://github.com/cli/cli/pull/9385
• Add pr create --editor by @​benebsiny in https://github.com/cli/cli/pull/9433
• build(deps): bump actions/attest-build-provenance from 1.4.0 to 1.4.1 by @​dependabot in https://github.com/cli/cli/pull/9451
• Require Sigstore Bundle v0.2+ when verifying with gh attestation by @​codysoyland in https://github.com/cli/cli/pull/9442
• build(deps): bump github.com/creack/pty from 1.1.21 to 1.1.23 by @​dependabot in https://github.com/cli/cli/pull/9459
• Update Go and other extension workflow templates to reflect recent enhancements to cli/gh-extension-precompile by @​BagToad in https://github.com/cli/cli/pull/9462
• Add note for external contributors to working-with-us.md by @​BagToad in https://github.com/cli/cli/pull/9468
• Update attestation TUF root by @​codysoyland in https://github.com/cli/cli/pull/9467
• Improve documentation for pr checks and exit codes by @​thecaffeinedev in https://github.com/cli/cli/pull/9452
• cmd/pr/checks: Describe bucket and state JSON fields by @​arunsathiya in https://github.com/cli/cli/pull/9439
• Add Flox as an installation option by @​bryanhonof in https://github.com/cli/cli/pull/9396
• fix behavior for gh issue develop -b does-not-exist-on-remote by @​benebsiny in https://github.com/cli/cli/pull/9477
• Update --project <number> flags in gh search to owner/number by @​jtmcg in https://github.com/cli/cli/pull/9453

New Contributors

• @​jtmcg made their first contribution in https://github.com/cli/cli/pull/9435
• @​thecaffeinedev made their first contribution in https://github.com/cli/cli/pull/9431
• @​sato11 made their first contribution in https://github.com/cli/cli/pull/9412
• @​codysoyland made their first contribution in https://github.com/cli/cli/pull/9442
• @​BagToad made their first contribution in https://github.com/cli/cli/pull/9462
• @​bryanhonof made their first contribution in https://github.com/cli/cli/pull/9396

Full Changelog: cli/cli@v2.54.0...v2.55.0

v2.54.0: GitHub CLI 2.54.0

Compare Source

What's Changed

• Remove redundant whitespace by @​jessehouwing in https://github.com/cli/cli/pull/9334
• Remove attestation test that requires being online by @​steiza in https://github.com/cli/cli/pull/9340
• Update documentation for gh api PATCH by @​cmbuckley in https://github.com/cli/cli/pull/9352
• Clarify usage of template flags for PR and issue creation by @​williammartin in https://github.com/cli/cli/pull/9354
• Expose json databaseId field for release commands by @​williammartin in https://github.com/cli/cli/pull/9356
• Expose fullDatabaseId for PR json export by @​williammartin in https://github.com/cli/cli/pull/9355
• Handle --bare clone targets by @​hyperrealist in https://github.com/cli/cli/pull/9271
• Slightly clarify when CLI exits with code 4 by @​williammartin in https://github.com/cli/cli/pull/9358
• Update sigstore-go in gh CLI to v0.5.1 by @​steiza in https://github.com/cli/cli/pull/9366
• Exit with 1 on authentication issues by @​Stausssi in https://github.com/cli/cli/pull/9240
• build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 by @​dependabot in https://github.com/cli/cli/pull/9372
• build(deps): bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @​dependabot in https://github.com/cli/cli/pull/9373
• Add --remove-milestone option to issue edit and pr edit by @​babakks in https://github.com/cli/cli/pull/9344
• handle attest case insensitivity by @​ejahnGithub in https://github.com/cli/cli/pull/9392

New Contributors

• @​cmbuckley made their first contribution in https://github.com/cli/cli/pull/9352
• @​hyperrealist made their first contribution in https://github.com/cli/cli/pull/9271
• @​Stausssi made their first contribution in https://github.com/cli/cli/pull/9240
• @​ejahnGithub made their first contribution in https://github.com/cli/cli/pull/9392

Full Changelog: cli/cli@v2.53.0...v2.54.0

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.