gh pr create by @cmbrose in https://github.com/cli/cli/pull/10177Full Changelog: https://github.com/cli/cli/compare/v2.64.0...v2.65.0
gh attestation verify when the bundle-from-oci flag is specified by @malancas in https://github.com/cli/cli/pull/10020gh repo rename help text clarifies new repo name should not include owner by @BagToad in https://github.com/cli/cli/pull/10044gh run and gh codespace by @uday-rana in https://github.com/cli/cli/pull/10043gh pr merge --delete-branch exits with error when merge requested via merge queue by @BagToad in https://github.com/cli/cli/pull/10074gh at inspect improvements by @phillmv in https://github.com/cli/cli/pull/9954pr view for intra-org forks by @williammartin in https://github.com/cli/cli/pull/10078gh attestation download by @malancas in https://github.com/cli/cli/pull/10051gh attestation verify policy options configuration in the newEnforcementCriteria() function by @malancas in https://github.com/cli/cli/pull/10012Full Changelog: https://github.com/cli/cli/compare/v2.63.2...v2.64.0
Full Changelog: https://github.com/cli/cli/compare/v2.63.1...v2.63.2
git/client_test.go comments for linter by @BagToad in https://github.com/cli/cli/pull/9969gh repo fork, log the change by @timrogers in https://github.com/cli/cli/pull/9983A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download.
For more information, see https://github.com/cli/cli/security/advisories/GHSA-2m9h-r57g-45pj
Full Changelog: https://github.com/cli/cli/compare/v2.63.0...v2.63.1
getAttestations functions by @malancas in https://github.com/cli/cli/pull/9892baseRefOid in pr view by @daliusd in https://github.com/cli/cli/pull/9938heredoc strings by @BagToad in https://github.com/cli/cli/pull/9948release create fails due to missing workflow OAuth scope by @BagToad in https://github.com/cli/cli/pull/9791Full Changelog: https://github.com/cli/cli/compare/v2.62.0...v2.63.0
A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com.
For more information, see https://github.com/cli/cli/security/advisories/GHSA-jwcm-9g39-pmcw
Full Changelog: https://github.com/cli/cli/compare/v2.61.0...v2.62.0
A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands.
For more information, see https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87
Similar to the notification of latest gh releases, the v2.62.0 version of GitHub CLI will notify users about latest extension upgrades when the extension is used:
$ gh ado2gh
...
A new release of ado2gh is available: 1.7.0 → 1.8.0
To upgrade, run: gh extension upgrade ado2gh --force
https://github.com/github/gh-ado2ghThis removes a common pain point of extension authors as they have had to reverse engineer and implement a similar mechanism within their extensions directly.
With this quality of life improvement, there are 2 big benefits:
Extension authors should review their extensions and consider removing any custom logic previously implemented to notify users of new releases.
In v2.61.0, gh repo edit command has been enhanced to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes:
gh repo edit visibility change requires confirmation when changing from public, private, or internalgh repo edit --visibility change requires new --accept-visibility-change-consequences flag to confirmgh repo edit experienceproject command by @jtmcg in https://github.com/cli/cli/pull/9816gh ruleset by @andyfeller in https://github.com/cli/cli/pull/9815gh repo edit by @andyfeller in https://github.com/cli/cli/pull/9845gh attestation verify by @malancas in https://github.com/cli/cli/pull/9838gh attestation verify should only verify provenance attestations by default by @malancas in https://github.com/cli/cli/pull/9825dnf5 commands as default by @its-miroma in https://github.com/cli/cli/pull/9844gh attestation verify policy enforcement refactor by @malancas in https://github.com/cli/cli/pull/9848gh attestation verify by @malancas in https://github.com/cli/cli/pull/9877gh cache list when --json is provided by @williammartin in https://github.com/cli/cli/pull/9883gh pr create -w ignore template flag by @nilvng in https://github.com/cli/cli/pull/9863Full Changelog: https://github.com/cli/cli/compare/v2.60.1...v2.61.0
This is a small patch release to fix installing gh via go install which was broken with v2.60.0.
Full Changelog: https://github.com/cli/cli/compare/v2.60.0...v2.60.1
LiveSigstoreVerifier.Verify should error if no attestations are present by @phillmv in https://github.com/cli/cli/pull/9742gh at verify retries fetching attestations if it receives a 5xx by @phillmv in https://github.com/cli/cli/pull/9797working-with-us.md by @BagToad in https://github.com/cli/cli/pull/9800gh is supported on GitHub Enterprise Cloud by @BagToad in https://github.com/cli/cli/pull/9805workflow, run, and cache commands by @BagToad in https://github.com/cli/cli/pull/9766api acceptance tests by @BagToad in https://github.com/cli/cli/pull/9770release commands by @BagToad in https://github.com/cli/cli/pull/9771org and ssh-key commands by @BagToad in https://github.com/cli/cli/pull/9812gh auth commands by @jtmcg in https://github.com/cli/cli/pull/9787repo commands by @jtmcg in https://github.com/cli/cli/pull/9783search command by @BagToad in https://github.com/cli/cli/pull/9786variable commands by @andyfeller in https://github.com/cli/cli/pull/978secret commands by @andyfeller in https://github.com/cli/cli/pull/9782Full Changelog: https://github.com/cli/cli/compare/v2.59.0...v2.60.0
SECURITY.md with expectations for privately reported vulnerabilities by @BagToad in https://github.com/cli/cli/pull/9687darwin-amd64 binary on an Apple Silicon macOS device by @timrogers in https://github.com/cli/cli/pull/9650repo license list/view and repo gitignore list/view by @BagToad in https://github.com/cli/cli/pull/9721GH_ACCEPTANCE_SCRIPT env var to target a single script by @williammartin in https://github.com/cli/cli/pull/9756issue command by @williammartin in https://github.com/cli/cli/pull/9757gist list by @heaths in https://github.com/cli/cli/pull/9728Full Changelog: https://github.com/cli/cli/compare/v2.58.0...v2.59.0
attestation verify custom issuer mismatch error by @bdehamer in https://github.com/cli/cli/pull/9616attestation trusted-root command by @BagToad in https://github.com/cli/cli/pull/9635attestation trusted-root command by @bdehamer in https://github.com/cli/cli/pull/9610trusted-root command by @bdehamer in https://github.com/cli/cli/pull/9638dnf5 instructions to docs/install_linux.md by @its-miroma in https://github.com/cli/cli/pull/9660Full Changelog: https://github.com/cli/cli/compare/v2.57.0...v2.58.0
--active flag to the gh auth status command by @velumuruganr in https://github.com/cli/cli/pull/9520gh attestation verify test for custom OIDC issuers by @bdehamer in https://github.com/cli/cli/pull/9595darwin-arm64 binary, but a darwin-amd64 binary is available by @timrogers in https://github.com/cli/cli/pull/9599gh attestation verify bundle parsing and validation errors by @malancas in https://github.com/cli/cli/pull/9564attestation verify output when no TTY present by @bdehamer in https://github.com/cli/cli/pull/9612Full Changelog: https://github.com/cli/cli/compare/v2.56.0...v2.57.0
The Debian and RedHat releases have been signed with a new GPG key. If you are experiencing issues updating your .deb or .rpm packages, please read cli/cli#9569.
gh repo sync stdout by @muzimuzhi in https://github.com/cli/cli/pull/9491Internal from gh repo create prompt when owner is not an org by @jtmcg in https://github.com/cli/cli/pull/9465gh run view by @benebsiny in https://github.com/cli/cli/pull/9482repo sync by @muzimuzhi in https://github.com/cli/cli/pull/9509gh attestation verify handles empty JSONL files by @malancas in https://github.com/cli/cli/pull/9541Full Changelog: https://github.com/cli/cli/compare/v2.55.0...v2.56.0
gh variable get to use repo host by @andyfeller in https://github.com/cli/cli/pull/9411gh repo set-default by @thecaffeinedev in https://github.com/cli/cli/pull/9431gh run download downloads the latest artifact by default by @sato11 in https://github.com/cli/cli/pull/9412--project.* flags' name with title in docs by @jtmcg in https://github.com/cli/cli/pull/9443gh release create --notes-from-tag behavior with multiline tag annotation by @babakks in https://github.com/cli/cli/pull/9385pr create --editor by @benebsiny in https://github.com/cli/cli/pull/9433gh attestation by @codysoyland in https://github.com/cli/cli/pull/9442cli/gh-extension-precompile by @BagToad in https://github.com/cli/cli/pull/9462working-with-us.md by @BagToad in https://github.com/cli/cli/pull/9468gh issue develop -b does-not-exist-on-remote by @benebsiny in https://github.com/cli/cli/pull/9477--project <number> flags in gh search to owner/number by @jtmcg in https://github.com/cli/cli/pull/9453Full Changelog: https://github.com/cli/cli/compare/v2.54.0...v2.55.0
--bare clone targets by @hyperrealist in https://github.com/cli/cli/pull/9271--remove-milestone option to issue edit and pr edit by @babakks in https://github.com/cli/cli/pull/9344Full Changelog: https://github.com/cli/cli/compare/v2.53.0...v2.54.0
--json option to variable get command by @babakks in https://github.com/cli/cli/pull/9128gh repo create to clarify owner by @jessehouwing in https://github.com/cli/cli/pull/9309gh pr view --json stateReason by @williammartin in https://github.com/cli/cli/pull/9307issue create --editor by @notomo in https://github.com/cli/cli/pull/7193pr update-branch command by @babakks in https://github.com/cli/cli/pull/8953Full Changelog: https://github.com/cli/cli/compare/v2.52.0...v2.53.0
-a flag to gh run list by @joshuajtward in https://github.com/cli/cli/pull/9162gh at verify public beta note by @phillmv in https://github.com/cli/cli/pull/9243Full Changelog: https://github.com/cli/cli/compare/v2.51.0...v2.52.0
signer-repo and signer-workflow flags to gh attestation verify by @malancas in https://github.com/cli/cli/pull/9137--json-result flag with --format=json in the attestation cmd by @phillmv in https://github.com/cli/cli/pull/9172Full Changelog: https://github.com/cli/cli/compare/v2.50.0...v2.51.0
gh pr checks by @nobe4 in https://github.com/cli/cli/pull/9079gh pr view by @nobe4 in https://github.com/cli/cli/pull/9080Attempts field to Attempt; expose in gh run view and gh run ls by @cawfeecake in https://github.com/cli/cli/pull/8905gh variable get FOO command by @arnested in https://github.com/cli/cli/pull/9106gh attestation verify shared workflow use case by @malancas in https://github.com/cli/cli/pull/9107Full Changelog: https://github.com/cli/cli/compare/v2.49.2...v2.50.0
run list doc with available --json fields by @babakks in https://github.com/cli/cli/pull/8934gh release create docs by @kuzdogan in https://github.com/cli/cli/pull/8987Full Changelog: https://github.com/cli/cli/compare/v2.49.1...v2.49.2