Skip to content

build(deps): bump oasdiff/oasdiff-action from 0.1.1 to 0.1.3#85

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/oasdiff/oasdiff-action-0.1.3
Open

build(deps): bump oasdiff/oasdiff-action from 0.1.1 to 0.1.3#85
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/oasdiff/oasdiff-action-0.1.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps oasdiff/oasdiff-action from 0.1.1 to 0.1.3.

Release notes

Sourced from oasdiff/oasdiff-action's releases.

v0.1.3

Highlights

Pro review mode in the changelog action

Given an oasdiff-token, the changelog action now posts an encrypted Pro review on your pull requests. The specs are encrypted client-side in CI and only ciphertext is uploaded, so oasdiff cannot read them; the decryption key lives only in the review link's URL fragment. The action posts a PR comment linking to a side-by-side review where your team approves or rejects each change, and the oasdiff commit status gates merge until every breaking change is approved.

- uses: oasdiff/oasdiff-action/changelog@v0.1.3
  with:
    base: main:openapi.yaml
    revision: openapi.yaml
    oasdiff-token: ${{ secrets.OASDIFF_TOKEN }}
    github-token: ${{ github.token }}

(needs permissions: pull-requests: write and statuses: write)

Upgraded to oasdiff v1.20.0

The action images now run oasdiff v1.20.0.

Fixes

  • Graceful message when a trial or subscription expires. When a plan lapses, the pr-comment and Pro changelog actions now surface a clear "your plan has expired, renew here" message and keep the workflow green, instead of failing with an opaque HTTP 402 error.

Full Changelog: oasdiff/oasdiff-action@v0.1.2...v0.1.3

v0.1.2

Highlights

The PR comment now posts by default

The breaking and changelog actions now default github-token to ${{ github.token }}, so the review/changelog comment posts to the PR automatically on any repo whose job GITHUB_TOKEN already has write access, with no workflow edit (#167). Previously most repos only ever saw the review link in the job summary, which almost nobody opens. If your org forces a read-only default token you still need to add permissions: pull-requests: write, and fork PRs are unchanged (read-only token). The comment copy is also clearer about the capability-by-URL model and how specs stay encrypted in CI, plus an explicit opt-out: set review: false to stop posting.

New @v0 moving major tag

A v0 tag is now published and re-pointed on every stable release, so you can pin to @v0 and pick up later patches and minors (like the comment improvements above) automatically, with no workflow change (#168).

- uses: oasdiff/oasdiff-action/breaking@v0

A new Versioning section in the README covers @v0 (recommended), exact pins like @v0.1.1 (reproducible CI), and @main (unreleased tip). README examples now use @v0.

Upgraded to oasdiff v1.19.1

Every action now runs on oasdiff v1.19.1.

Full Changelog: oasdiff/oasdiff-action@v0.1.1...v0.1.2

Commits
  • ccc2442 feat: Pro review mode in the changelog action (oasdiff-token) (#170)
  • 233e931 pr-comment: graceful message when the trial/subscription has lapsed (#172)
  • f7fa960 bump: oasdiff v1.20.0 (#171)
  • e245290 docs: recommend the @​v0 moving major tag and add a Versioning section (#168)
  • efad245 Default github-token to github.token so the review comment posts without setu...
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump oasdiff/oasdiff-action from 0.1.1 to 0.1.3
9bf14d4 
Bumps [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action) from 0.1.1 to 0.1.3.
- [Release notes](https://github.com/oasdiff/oasdiff-action/releases)
- [Commits](oasdiff/oasdiff-action@5fbe96e...ccc2442)

---
updated-dependencies:
- dependency-name: oasdiff/oasdiff-action
  dependency-version: 0.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 22, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 22, 2026 13:09
@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown

🏗️ CDK infra diff — PR vs main

No CloudFormation template changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants