Skip to content

chore(deps): bump actions/create-github-app-token from 1.11.6 to 3.2.0#12591

Merged
erikjv merged 2 commits into
masterfrom
dependabot/github_actions/actions/create-github-app-token-3.2.0
Jul 9, 2026
Merged

chore(deps): bump actions/create-github-app-token from 1.11.6 to 3.2.0#12591
erikjv merged 2 commits into
masterfrom
dependabot/github_actions/actions/create-github-app-token-3.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/create-github-app-token from 1.11.6 to 3.2.0.

Release notes

Sourced from actions/create-github-app-token's releases.

v3.2.0

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

  • improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

  • deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

... (truncated)

Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Commits
  • bcd2ba4 chore(main): release 3.2.0 (#370)
  • f24bbd8 fix: validate private-key input (#376)
  • 363531b docs: capitalize Git as a proper noun in README (#374)
  • fd28011 docs: update procedure to configure Git (#287)
  • 85eb8dd feat: support full repository names in repositories input (#372)
  • c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
  • e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
  • 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
  • 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
  • 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.11.6 to 3.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](actions/create-github-app-token@21cfef2...bcd2ba4)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 5, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 5, 2026 22:03
@dependabot dependabot Bot added the github_actions Pull requests that update GitHub Actions code label Jul 5, 2026
@update-docs

update-docs Bot commented Jul 5, 2026

Copy link
Copy Markdown

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@dj4oC dj4oC left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumps actions/create-github-app-token from v1.11.6 to v3.2.0 (SHA-pinned) in translate.yml, used to mint a GitHub App token for the transifex translation sync (consumes TRANSLATION_APP_ID/TRANSLATION_APP_PRIVATE_KEY secrets).

Findings

Nothing blocking. Official GitHub-owned action, SHA-pinned per OSPO policy. Major version bump on a secrets-adjacent action — worth a routine sanity check that the pinned SHA matches the labeled v3.2.0 tag, but no functional regression expected for this token-generation usage.

Cross-platform check

N/A — CI workflow only.

Verdict

Approved

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

dj4oC commented Jul 8, 2026

Copy link
Copy Markdown
  • CI status: failing: gui-tests
  • Root cause investigated: job log shows ❌ ocis failed to start followed by [SQUISH] Failed to install squish. — an oCIS test-container/Squish-install infra failure, not caused by this dependency bump. Identical failure reproduces on chore(deps): bump actions/cache from 5.0.4 to 6.1.0 #12590 and chore(deps): bump actions/checkout from 6.0.2 to 7.0.0 #12592 (unrelated diffs, same job), pointing to a shared CI runner/service-container issue rather than something introduced here.
  • Recommended action: maintainer should check the gui-tests job's oCIS service container (image pull/startup) and the Squish install step — not fixable from this diff.
  • Content review: unchanged from prior approval — nothing blocking.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

dj4oC commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

dj4oC commented Jul 8, 2026

Copy link
Copy Markdown
  • Security: no findings (unchanged from prior review)
  • Stability: no findings (unchanged from prior review)
  • Performance: no findings (unchanged from prior review)
  • Test coverage: n/a — CI workflow bump only
  • TODOs found: none
  • Dependency touched: no (GitHub Actions pin bump, not an app dependency manifest)
  • CI status: failing: gui-tests — root cause confirmed via job log: Squish install aborts with "Cannot perform unattended installation; license key not specified" (LICENSEKEY env is empty). This is a CI infrastructure issue (missing/expired Squish license secret), reproducing identically on chore(deps): bump actions/checkout from 6.0.2 to 7.0.0 #12592 which touches unrelated workflow files — not caused by this PR's diff. Flagging for maintainer action on the repo secret; no code change needed here.
  • Stale review: no

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

@erikjv erikjv enabled auto-merge (squash) July 9, 2026 12:04
@erikjv erikjv merged commit 41db8f7 into master Jul 9, 2026
8 checks passed
@erikjv erikjv deleted the dependabot/github_actions/actions/create-github-app-token-3.2.0 branch July 9, 2026 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants