chore(deps): update dependency cli/cli to v2.66.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
cli/cli	minor	2.65.0 -> 2.66.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

cli/cli (cli/cli)

v2.66.0: GitHub CLI 2.66.0

Compare Source

gh pr view and gh pr status now respect common triangular workflow configurations

Previously, gh pr view and gh pr status would fail for pull request's (PR) open in triangular workflows. This was due to gh being unable to identify the PR's corresponding remote and branch refs on GitHub.

Now, gh pr view and gh pr status should successfully identify the PR's refs when the following common git configurations are used:

• branch.<branchName>.pushremote is set
• remote.pushDefault is set

Branch specific configuration, the former, supersedes repo specific configuration, the latter.

Additionally, if the @{push} revision syntax for git resolves for a branch, gh pr view and gh pr status should work regardless of additional config settings.

For more information, see

• https://github.com/cli/cli/issues/9363
• https://github.com/cli/cli/issues/9364
• https://github.com/cli/cli/issues/9365
• https://github.com/cli/cli/issues/9374

gh secret list, gh secret set, and gh secret delete now require repository selection when multiple git remotes are present

Previously, gh secret list, gh secret set, and gh secret delete would determine which remote to target for interacting with GitHub Actions secrets. Remotes marked as default using gh repo set-default or through other gh commands had higher priority when figuring out which repository to interact with. This could have unexpected outcomes when using gh secret commands with forked repositories as the upstream repository would generally be selected.

Now, gh secret commands require users to disambiguate which repository should be the target if multiple remotes are present and the -R, --repo flag is not provided.

For more information, see https://github.com/cli/cli/issues/4688

Extension update notices now notify once every 24 hours per extension and can be disabled

Previously, the GitHub CLI would notify users about newer versions every time an extension was executed. This did not match GitHub CLI notices, which only notified users once every 24 hours and could be disabled through an environment variable.

Now, extension update notices will behave similar to GitHub CLI notices. To disable extension update notices, set the GH_NO_EXTENSION_UPDATE_NOTIFIER environment variable.

For more information, see https://github.com/cli/cli/issues/9925

What's Changed

✨ Features

• Draft for discussing testing around extension update checking behavior by @​andyfeller in https://github.com/cli/cli/pull/9985
• Make extension update check non-blocking by @​andyfeller in https://github.com/cli/cli/pull/10239
• Ensure extension update notices only notify once within 24 hours, provide ability to disable all extension update notices by @​andyfeller in https://github.com/cli/cli/pull/9934
• feat: make the extension upgrade fancier by @​nobe4 in https://github.com/cli/cli/pull/10194
• fix: padded display by @​nobe4 in https://github.com/cli/cli/pull/10216
• Update gh attestation attestation bundle fetching logic by @​malancas in https://github.com/cli/cli/pull/10185
• Require repo disambiguation for secret commands by @​williammartin in https://github.com/cli/cli/pull/10209
• show error message for rerun workflow older than a month ago by @​iamrajhans in https://github.com/cli/cli/pull/10227
• Update gh attestation verify table output by @​malancas in https://github.com/cli/cli/pull/10104
• Enable MSI building for Windows arm64 by @​dennisameling in https://github.com/cli/cli/pull/10297
• feat: Add support for creating autolink references by @​hoffm in https://github.com/cli/cli/pull/10180
• Find PRs using @{push} by @​Frederick888 in https://github.com/cli/cli/pull/9208
• feat: Add support for viewing autolink references by @​hoffm in https://github.com/cli/cli/pull/10324
• Update gh attestation bundle fetching logic by @​malancas in https://github.com/cli/cli/pull/10339

🐛 Fixes

• gh gist delete: prompt for gist id by @​danochoa in https://github.com/cli/cli/pull/10154
• Better handling for waiting for codespaces to become ready by @​cmbrose in https://github.com/cli/cli/pull/10198
• Fix: gh gist view and gh gist edit prompts with no TTY by @​mateusmarquezini in https://github.com/cli/cli/pull/10048
• Remove naked return values from ReadBranchConfig and prSelectorForCurrentBranch by @​jtmcg in https://github.com/cli/cli/pull/10197
• Add job to deployment workflow to validate the tag name for a given release by @​jtmcg in https://github.com/cli/cli/pull/10121
• [gh run list] Stop progress indicator on failure from --workflow flag by @​iamazeem in https://github.com/cli/cli/pull/10323
• Update deployment.yml by @​andyfeller in https://github.com/cli/cli/pull/10340

📚 Docs & Chores

• Add affected version heading to bug report issue form by @​BagToad in https://github.com/cli/cli/pull/10269
• chore: fix some comments by @​petercover in https://github.com/cli/cli/pull/10296
• Update triage.md to reflect FR experiment outcome by @​jtmcg in https://github.com/cli/cli/pull/10196
• Clear up --with-token fine grained PAT usage by @​williammartin in https://github.com/cli/cli/pull/10186
• Correct help documentation around template use in gh issue create by @​andyfeller in https://github.com/cli/cli/pull/10208
• chore: fix some function names in comment by @​zhuhaicity in https://github.com/cli/cli/pull/10225
• Tiny typo fix by @​robmorgan in https://github.com/cli/cli/pull/10265
• add install instructions for Manjaro Linux by @​AMS21 in https://github.com/cli/cli/pull/10236
• Update test to be compatible with latest Glamour v0.8.0 by @​ottok in https://github.com/cli/cli/pull/10151
• Add more gh attestation verify integration tests by @​malancas in https://github.com/cli/cli/pull/10102

Dependencies

• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot in https://github.com/cli/cli/pull/10215
• Bump github.com/sigstore/protobuf-specs from 0.3.2 to 0.3.3 by @​dependabot in https://github.com/cli/cli/pull/10214
• Bump github.com/gabriel-vasile/mimetype from 1.4.7 to 1.4.8 by @​dependabot in https://github.com/cli/cli/pull/10184
• Bump google.golang.org/protobuf from 1.36.2 to 1.36.3 by @​dependabot in https://github.com/cli/cli/pull/10250
• Bump golangci-linter and address failures to prepare for Go 1.24 strictness by @​mikelolasagasti in https://github.com/cli/cli/pull/10279
• Bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3 by @​dependabot in https://github.com/cli/cli/pull/10257
• Bump actions/attest-build-provenance from 2.1.0 to 2.2.0 by @​dependabot in https://github.com/cli/cli/pull/10300
• Bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by @​dependabot in https://github.com/cli/cli/pull/10306
• Upgrade sigstore-go to v0.7.0: fixes #​10114 formatting issue by @​codysoyland in https://github.com/cli/cli/pull/10309
• Bump github.com/in-toto/attestation from 1.1.0 to 1.1.1 by @​dependabot in https://github.com/cli/cli/pull/10319

New Contributors

Big thank you to our many new and longtime contributors making this release happen!! ❤️ ✨

• @​zhuhaicity made their first contribution in https://github.com/cli/cli/pull/10225
• @​danochoa made their first contribution in https://github.com/cli/cli/pull/10154
• @​robmorgan made their first contribution in https://github.com/cli/cli/pull/10265
• @​iamrajhans made their first contribution in https://github.com/cli/cli/pull/10227
• @​AMS21 made their first contribution in https://github.com/cli/cli/pull/10236
• @​petercover made their first contribution in https://github.com/cli/cli/pull/10296
• @​ottok made their first contribution in https://github.com/cli/cli/pull/10151
• @​dennisameling made their first contribution in https://github.com/cli/cli/pull/10297
• @​iamazeem made their first contribution in https://github.com/cli/cli/pull/10323
• @​Frederick888 made their first contribution in https://github.com/cli/cli/pull/9208

Full Changelog: cli/cli@v2.65.0...v2.66.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/gh:2.66.0

📦 Image Reference ghcr.io/uniget-org/tools/gh:2.66.0

digest	sha256:533c8b0e2696a15faf237357eb30497782dffb02cbbcc084a0695a0db5ed46dd
vulnerabilities
platform	linux/amd64
size	13 MB
packages	146

github.com/theupdateframework/go-tuf 0.7.0 (golang) pkg:golang/github.com/theupdateframework/go-tuf@0.7.0 Affected range >=0 Fixed version Not Fixed Description Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/13064905752.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/13064905752.