Sourced from mikefarah/yq's changelog.
4.53.2:
- Fixing release process
4.53.1:
- Releases and tags now signed and immutable!
- Add system(command; args) operator (disabled by default) (#2640)
- TOML encoder: prefer readable table sections over inline tables (#2649)
- Fix TOML encoder to quote keys containing special characters (#2648)
- Add string slicing support (#2639)
- Fix findInArray misuse on MappingNodes in equality and contains (#2645) Thanks
@jandubois!- Fix panic on negative slice indices that underflow after adjustment (#2646) Thanks
@jandubois!- Fix stack overflow from circular alias in traverse (#2647) Thanks
@jandubois!- Fix panic and OOM in repeatString for large repeat counts (#2644) Thanks
@jandubois!- Bumped dependencies
4.52.5:
- Fix: reset TOML decoder state between files (#2634) thanks
@terminalchai- Fix: preserve original filename when using --front-matter (#2613) thanks
@cobyfrombrooklyn-bot- Fix typo in filename (#2611) thanks
@alexandear- Bumped dependencies
4.52.4:
- Dropping windows/arm - no longer supported in cross-compile
4.52.3:
- Fixing comments in TOML arrays (#2592)
- Bumped dependencies
4.52.2:
- Fixed bad instructions file breaking go-install (#2587) Thanks
@theyoprst- Fixed TOML table scope after comments (#2588) Thanks
@tomers- Multiply uses a readonly context (#2558)
- Fixed merge globbing wildcards in keys (#2564)
- Fixing TOML subarray parsing issue (#2581)
4.52.1:
TOML encoder support - you can now roundtrip! #1364
Parent now supports negative indices, and added a 'root' command for referencing the top level document
Fixed scalar encoding for HCL
Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (#2583) Thanks
@jfenalAdd symlink check to file rename util (#2576) Thanks
@Elias-elastisysPowershell fixed default command used for __completeNoDesc alias (#2568) Thanks
@teejadedUnwrap scalars in shell output mode. (#2548) Thanks
@flintwintersAdded K8S KYAML output format support (#2560) Thanks
@robbat2Bumped dependencies
Special shout out to
@ccoVeillefor reviewing my PRs!
... (truncated)
cb97935
fix: TOML encoder uses inline tables for YAML FlowStyle mappings,
inconsisten...cfe2eee
Preserve empty TOML arrays in tables (#2686)1a433d1
Bump actions/upload-artifact from 4.6.1 to 7.0.1 (#2663)1c0d8b9
Bump actions/checkout from 4.2.2 to 6.0.2 (#2668)0110a3c
Bump golang.org/x/net from 0.52.0 to 0.53.0 (#2669)54482d4
Bump golang from 2a2b4b5 to 5f3787b (#2664)33f3351
Bump ossf/scorecard-action from 2.4.1 to 2.4.3 (#2665)6cb656c
Bump alpine from 2510918 to 5b10f43 (#2667)ecc43d7
fix: reset TOML decoder between files when evaluating all at once (#2685)1deec5e
Fix repeatString overflow test on 32-bit platforms (#2680)Sourced from actions/create-github-app-token's releases.
v3.1.1
3.1.1 (2026-04-11)
Bug Fixes
v3.1.0
3.1.0 (2026-04-11)
Bug Fixes
Features
1b10c78
build(release): 3.1.1 [skip ci]07e2b76
fix: improve error message when app identifier is empty (#362)ea01216
ci: remove publish-immutable-action workflow (#361)7bd0371
build(release): 3.1.0 [skip ci]e6bd4e6
feat: add client-id input and deprecate app-id
(#353)076e948
feat: update permission inputs (#358)3bbe07d
fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)28a99e3
build(deps-dev): bump c8 from 10.1.3 to 11.0.04df5060
build(deps-dev): bump open-cli from 8.0.0 to 9.0.04843c53
build(deps-dev): bump the development-dependencies group with 3
updatesSourced from peter-evans/create-pull-request's releases.
Create Pull Request v8.1.1
What's Changed
- build(deps-dev): bump the npm group with 2 updates by
@dependabot[bot] in peter-evans/create-pull-request#4305- build(deps): bump minimatch by
@dependabot[bot] in peter-evans/create-pull-request#4311- build(deps): bump the github-actions group with 2 updates by
@dependabot[bot] in peter-evans/create-pull-request#4316- build(deps): bump
@tootallnate/onceand jest-environment-jsdom by@dependabot[bot] in peter-evans/create-pull-request#4323- build(deps-dev): bump undici from 6.23.0 to 6.24.0 by
@dependabot[bot] in peter-evans/create-pull-request#4328- build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by
@dependabot[bot] in peter-evans/create-pull-request#4334- build(deps): bump picomatch by
@dependabot[bot] in peter-evans/create-pull-request#4339- build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by
@dependabot[bot] in peter-evans/create-pull-request#4344- build(deps-dev): bump the npm group with 3 updates by
@dependabot[bot] in peter-evans/create-pull-request#4349- fix: retry post-creation API calls on 422 eventual consistency errors by
@peter-evansin peter-evans/create-pull-request#4356Full Changelog: https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1
5f6978f
fix: retry post-creation API calls on 422 eventual consistency errors
(#4356)d32e88d
build(deps-dev): bump the npm group with 3 updates (#4349)8170bcc
build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#4344)0041819
build(deps): bump picomatch (#4339)b993918
build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#4334)36d7c84
build(deps-dev): bump undici from 6.23.0 to 6.24.0 (#4328)a45d1fb
build(deps): bump @tootallnate/once and
jest-environment-jsdom (#4323)3499eb6
build(deps): bump the github-actions group with 2 updates (#4316)3f3b473
build(deps): bump minimatch (#4311)6699836
build(deps-dev): bump the npm group with 2 updates (#4305)Sourced from actions/upload-artifact's releases.
v7.0.1
What's Changed
- Update the readme with direct upload details by
@danwkennedyin actions/upload-artifact#795- Readme: bump all the example versions to v7 by
@danwkennedyin actions/upload-artifact#796- Include changes in typespec/ts-http-runtime 0.3.5 by
@yacaovsncin actions/upload-artifact#797Full Changelog: https://github.com/actions/upload-artifact/compare/v7...v7.0.1
Sourced from pypa/gh-action-pypi-publish's releases.
v1.14.0
✨ What's Changed
The main change in this release is that
verboseandprint-hashinputs are now on by default. This was contributed by@whitequark💰 in #397.📝 Docs
@woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and@him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.🛠️ Internal Updates
@woodruffw💰 bumpedsigstoreandpypi-attestationsin the lock file (#391) and@webknjaz💰 added infra for using type annotations in the project (#381).💪 New Contributors
@him2him2made their first contribution in #395@whitequarkmade their first contribution in #397🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0
🧔♂️ Release Manager:
@webknjaz🇺🇦🙏 Special Thanks to
@facutuesca💰 and@woodruffw💰 for helping maintain this project when I can't!💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.
cef2210
Merge pull request #397
from whitequark/patch-1b4595e2
Enable verbose and print-hash by default.e2bab26
Merge pull request #395
from him2him2/docs/fix-typos-and-grammar7495c38
docs: fix typos and grammar in README and SECURITY03f86fe
Merge pull request #388
from woodruffw-forks/ww/rm-experimental4c78f1c
Merge branch 'unstable/v1' into ww/rm-experimentalb5a6e8b
deps: bump sigstore and pypi-attestationsa48a03e
remove another experimental mention8087a88
action: remove a lingering mention of PEP 740 being experimental3317ede
🧪 Integrate actionlint via pre-commit frameworkSourced from aws-actions/configure-aws-credentials's releases.
v6.1.0
6.1.0 (2026-04-06)
Features
Sourced from aws-actions/configure-aws-credentials's changelog.
Changelog
All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
6.1.0 (2026-04-06)
Features
- add skip cleanup option (#1716) (11b1c58), closes #1545
- Support usage of AWS Profiles (#1696) (a7f0c82)
6.0.0 (2026-02-04)
⚠ BREAKING CHANGES
Features
Bug Fixes
5.1.1 (2025-11-24)
Miscellaneous Chores
- release 5.1.1 (56d6a58)
5.1.0 (2025-10-06)
Features
- Add global timeout support (#1487) (1584b8b)
- add no-proxy support (#1482) (dde9b22)
- Improve debug logging in retry logic (#1485) (97ef425)
Bug Fixes
5.0.0 (2025-09-03)
... (truncated)
ec61189
chore(main): release 6.1.0 (#1717)81676eb
chore(deps): bump vite from 7.1.11 to 7.3.2 (#1721)dc64d28
chore(deps-dev): bump lodash from 4.17.23 to 4.18.1 (#1720)bc0a50a
chore: Update dist9ea6412
chore(deps): bump proxy-agent from 6.5.0 to 7.0.0 (#1686)0a87594
chore: Update dista7f0c82
feat: Support usage of AWS Profiles (#1696)e6bb6e5
chore: add text to CONTRIBUTING.md (#1719)11b1c58
feat: add skip cleanup option (#1716)51635db
chore: Update distSourced from actions/github-script's releases.
v9.0.0
New features:
getOctokitfactory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients withgetOctokitfor details and examples.- Orchestration ID in user-agent — The
ACTIONS_ORCHESTRATION_IDenvironment variable is automatically appended to the user-agent string for request tracing.Breaking changes:
require('@actions/github')no longer works in scripts. The upgrade to@actions/githubv9 (ESM-only) meansrequire('@actions/github')will fail at runtime. If you previously used patterns likeconst { getOctokit } = require('@actions/github')to create secondary clients, use the new injectedgetOctokitfunction instead — it's available directly in the script context with no imports needed.getOctokitis now an injected function parameter. Scripts that declareconst getOctokit = ...orlet getOctokit = ...will get aSyntaxErrorbecause JavaScript does not allowconst/letredeclaration of function parameters. Use the injectedgetOctokitdirectly, or usevar getOctokit = ...if you need to redeclare it.- If your script accesses other
@actions/githubinternals beyond the standardgithub/octokitclient, you may need to update those references for v9 compatibility.What's Changed
- Add ACTIONS_ORCHESTRATION_ID to user-agent string by
@Copilotin actions/github-script#695- ci: use deployment: false for integration test environments by
@salmanmkcin actions/github-script#712- feat!: add getOctokit to script context, upgrade
@actions/githubv9,@octokit/corev7, and related packages by@salmanmkcin actions/github-script#700New Contributors
@Copilotmade their first contribution in actions/github-script#695Full Changelog: https://github.com/actions/github-script/compare/v8.0.0...v9.0.0
3a2844b
Merge pull request #700
from actions/salmanmkc/expose-getoctokit + prepare re...ca10bbd
fix: use @octokit/core/types import for v7
compatibility86e48e2
merge: incorporate main branch changesc108472
chore: rebuild dist for v9 upgrade and getOctokit factoryafff112
Merge pull request #712
from actions/salmanmkc/deployment-false + fix user-ag...ff8117e
ci: fix user-agent test to handle orchestration ID81c6b78
ci: use deployment: false to suppress deployment noise from integration
tests3953caf
docs: update README examples from @v8 to @v9, add getOctokit docs
and v9 brea...c17d55b
ci: add getOctokit integration test joba047196
test: add getOctokit integration tests via callAsyncFunctionSourced from lxml's changelog.
6.1.0 (2026-04-17)
This release fixes a possible external entity injection (XXE) vulnerability in
iterparse()and theETCompatXMLParser.Features added
GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in
lxml.html.defs. This allowslxml_html_cleanto pass them through. Patch by oomsveta.The default chunk size for reading from file-likes in
iterparse()is now configurable with a newchunk_sizeargument.Bugs fixed
- LP#2146291: The
resolve_entitiesoption was still set toTrueforiterparseandETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to'internal'only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.6.0.4 (2026-04-12)
Bugs fixed
- LP#2148019: Spurious MemoryError during namespace cleanup.
6.0.3 (2026-04-09)
Bugs fixed
Several out of memory error cases now raise
MemoryErrorthat were not handled before.Slicing with large step values (outside of
+/- sys.maxsize) could trigger undefined C behaviour.LP#2125399: Some failing tests were fixed or disabled in PyPy.
LP#2138421: Memory leak in error cases when setting the
public_idorsystem_urlof a document.
... (truncated)
43722f4
Update changelog.8747040
Name version of option change in docstring.6c36e6c
Fix pypistats URL in download statistics script.c7d76d6
Change security policy to point to Github security advisories.378ccf8
Update project income report.315270b
Docs: Reduce TOC depth of package pages and move module contents
first.6dbba7f
Docs: Show current year in copyright line.e4385bf
Update project income report.5bed1e1
Validate file hashes in release download script.c13ee10
Prepare release of 6.1.0.Sourced from notebook's releases.
v7.5.6
7.5.6
Security patches
- CVE-2026-42557 https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg
- CVE-2026-40171 https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9
Maintenance and upkeep improvements
Documentation improvements
- docs: Fix broken links in troubleshooting and migration docs #7824 (
@RamiNoodle733)Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@jtpio(activity) |@RamiNoodle733(activity)v7.5.5
7.5.5
Maintenance and upkeep improvements
- Update to JupyterLab v4.5.6 #7861 (
@jtpio)- [7.5.x] Drop Python 3.9 on CI #7860 (
@jtpio)- Fix check links #7857 (
@jtpio)Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
... (truncated)
Sourced from notebook's changelog.
7.5.6
Maintenance and upkeep improvements
Documentation improvements
- docs: Fix broken links in troubleshooting and migration docs #7824 (
@RamiNoodle733)Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@jtpio(activity) |@RamiNoodle733(activity)7.5.5
Maintenance and upkeep improvements
- Update to JupyterLab v4.5.6 #7861 (
@jtpio)- [7.5.x] Drop Python 3.9 on CI #7860 (
@jtpio)- Fix check links #7857 (
@jtpio)Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
7.5.4
Maintenance and upkeep improvements
... (truncated)
1ab2d2b
Publish 7.5.650e5222
Merge commit from fork2e642f0
Update to JupyterLab v4.5.7 (#7902)4b93f98
Backport PR #7824:
docs: Fix broken links in troubleshooting and migration do...9a2c88f
Publish 7.5.54f8438b
Update to JupyterLab v4.5.6 (#7861)f78fcfa
Backport PR #7857:
Fix check links (#7858)9e4cf2a
[7.5.x] Drop Python 3.9 on CI (#7860)ecc3aaf
Publish 7.5.4e5d8418
Update to JupyterLab v4.5.5 (#7842)