fix(deps): update module github.com/jferrl/go-githubauth to v1.5.0 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/jferrl/go-githubauth	v1.1.1 → v1.5.0

---

Release Notes

jferrl/go-githubauth (github.com/jferrl/go-githubauth)

v1.5.0

Compare Source

🚨 Breaking Changes

This release removes the github.com/google/go-github/v74 dependency and implements a lightweight internal GitHub API client. While most users will experience no breaking changes, some API adjustments have been made:

API Changes

1. Enterprise Configuration Simplified

   • Before: WithEnterpriseURLs(baseURL, uploadURL string) - required both base and upload URLs
   • After: WithEnterpriseURL(baseURL string) - single base URL parameter
   • Migration: Remove the redundant upload URL parameter

2. Type Changes (if you were using these types directly)

   • github.InstallationTokenOptions → githubauth.InstallationTokenOptions
   • github.InstallationPermissions → githubauth.InstallationPermissions
   • github.InstallationToken → githubauth.InstallationToken
   • github.Repository → githubauth.Repository

Added

• Internal GitHub API Client: New github.go file with minimal GitHub API implementation
  • Direct HTTP API calls to GitHub's REST API
  • InstallationTokenOptions type for configuring installation token requests
  • InstallationPermissions type with comprehensive permission structure
  • InstallationToken response type from GitHub API
  • Repository type for minimal repository representation
• Public Helper Function: Added Ptr[T]() generic helper for creating pointers to any type (useful for InstallationTokenOptions)

Changed

• Removed Dependency: Eliminated github.com/google/go-github/v74 dependency
• Removed Dependency: Eliminated github.com/google/go-querystring indirect dependency
• Simplified Enterprise Support: Streamlined from WithEnterpriseURLs() to WithEnterpriseURL()
• Updated Documentation: Package docs now reflect that the library is built only on golang.org/x/oauth2
• Binary Size Reduction: Smaller binaries without unused go-github code

Fixed

• Documentation: Fixed GitHub API documentation link for installation token generation

Migration Guide

For Most Users

No action required - if you only use the public TokenSource functions, your code will continue to work without changes.

For Enterprise GitHub Users

// Before (v1.4.x)
installationTokenSource := githubauth.NewInstallationTokenSource(
    installationID, 
    appTokenSource,
    githubauth.WithEnterpriseURLs("https://github.example.com", "https://github.example.com"),
)

// After (v1.5.0)
installationTokenSource := githubauth.NewInstallationTokenSource(
    installationID, 
    appTokenSource,
    githubauth.WithEnterpriseURL("https://github.example.com"),
)

For Direct Type Users

// Before (v1.4.x)
import "github.com/google/go-github/v74/github"
opts := &github.InstallationTokenOptions{
    Repositories: []string{"repo1", "repo2"},
    Permissions: &github.InstallationPermissions{
        Contents: github.Ptr("read"),
    },
}

// After (v1.5.0)
import "github.com/jferrl/go-githubauth"
opts := &githubauth.InstallationTokenOptions{
    Repositories: []string{"repo1", "repo2"},
    Permissions: &githubauth.InstallationPermissions{
        Contents: githubauth.Ptr("read"), // Use the new Ptr() helper
    },
}

Benefits

• ✅ Reduced Dependencies: 2 fewer dependencies (from 3 to 2 total)
• ✅ Smaller Binary Size: No unused go-github code included
• ✅ Better Control: Full ownership of GitHub API integration
• ✅ Easier Debugging: Simpler code path for troubleshooting
• ✅ Same Performance: All token caching and performance optimizations maintained

Full Changelog: jferrl/go-githubauth@v1.4.2...v1.5.0

v1.4.2

Compare Source

🚨 Breaking Changes

This release removes the github.com/google/go-github/v74 dependency and implements a lightweight internal GitHub API client. While most users will experience no breaking changes, some API adjustments have been made:

API Changes

1. Enterprise Configuration Simplified

   • Before: WithEnterpriseURLs(baseURL, uploadURL string) - required both base and upload URLs
   • After: WithEnterpriseURL(baseURL string) - single base URL parameter
   • Migration: Remove the redundant upload URL parameter

2. Type Changes (if you were using these types directly)

   • github.InstallationTokenOptions → githubauth.InstallationTokenOptions
   • github.InstallationPermissions → githubauth.InstallationPermissions
   • github.InstallationToken → githubauth.InstallationToken
   • github.Repository → githubauth.Repository

Added

• Internal GitHub API Client: New github.go file with minimal GitHub API implementation
  • Direct HTTP API calls to GitHub's REST API
  • InstallationTokenOptions type for configuring installation token requests
  • InstallationPermissions type with comprehensive permission structure
  • InstallationToken response type from GitHub API
  • Repository type for minimal repository representation
• Public Helper Function: Added Ptr[T]() generic helper for creating pointers to any type (useful for InstallationTokenOptions)

Changed

• Removed Dependency: Eliminated github.com/google/go-github/v74 dependency
• Removed Dependency: Eliminated github.com/google/go-querystring indirect dependency
• Simplified Enterprise Support: Streamlined from WithEnterpriseURLs() to WithEnterpriseURL()
• Updated Documentation: Package docs now reflect that the library is built only on golang.org/x/oauth2
• Binary Size Reduction: Smaller binaries without unused go-github code

Fixed

• Documentation: Fixed GitHub API documentation link for installation token generation

Migration Guide

For Most Users

No action required - if you only use the public TokenSource functions, your code will continue to work without changes.

For Enterprise GitHub Users

// Before (v1.4.x)
installationTokenSource := githubauth.NewInstallationTokenSource(
    installationID, 
    appTokenSource,
    githubauth.WithEnterpriseURLs("https://github.example.com", "https://github.example.com"),
)

// After (v1.5.0)
installationTokenSource := githubauth.NewInstallationTokenSource(
    installationID, 
    appTokenSource,
    githubauth.WithEnterpriseURL("https://github.example.com"),
)

For Direct Type Users

// Before (v1.4.x)
import "github.com/google/go-github/v74/github"
opts := &github.InstallationTokenOptions{
    Repositories: []string{"repo1", "repo2"},
    Permissions: &github.InstallationPermissions{
        Contents: github.Ptr("read"),
    },
}

// After (v1.5.0)
import "github.com/jferrl/go-githubauth"
opts := &githubauth.InstallationTokenOptions{
    Repositories: []string{"repo1", "repo2"},
    Permissions: &githubauth.InstallationPermissions{
        Contents: githubauth.Ptr("read"), // Use the new Ptr() helper
    },
}

Benefits

• ✅ Reduced Dependencies: 2 fewer dependencies (from 3 to 2 total)
• ✅ Smaller Binary Size: No unused go-github code included
• ✅ Better Control: Full ownership of GitHub API integration
• ✅ Easier Debugging: Simpler code path for troubleshooting
• ✅ Same Performance: All token caching and performance optimizations maintained

Full Changelog: jferrl/go-githubauth@v1.4.2...v1.5.0

v1.4.1

Compare Source

Changed

• Enhanced Token Reuse: Implemented ReuseTokenSource in NewApplicationTokenSource for improved token caching efficiency
• Dependency Updates: Bumped golang.org/x/oauth2 from 0.30.0 to 0.31.0
• CI/CD Improvements: Updated GitHub Actions dependencies and workflow permissions
  • Bumped actions/setup-go from 5 to 6
  • Bumped actions/checkout from 4 to 5
• Library Upgrade: Upgraded github.com/google/go-github to v74

Fixed

• Security: Fixed code scanning alert regarding workflow permissions

Dependencies

• Bumped golang.org/x/oauth2 from 0.30.0 to 0.31.0 (#​25)
• Bumped actions/setup-go from 5 to 6 (#​26)
• Bumped actions/checkout from 4 to 5 (#​28)
• Upgraded github.com/google/go-github to v74 (#​29)

Contributors: @​jferrl, @​krancour (first contribution)

Full Changelog: jferrl/go-githubauth@v1.4.0...v1.4.1

v1.4.0

Compare Source

Changed

• Enhanced Token Reuse: Implemented ReuseTokenSource in NewApplicationTokenSource for improved token caching efficiency
• Dependency Updates: Bumped golang.org/x/oauth2 from 0.30.0 to 0.31.0
• CI/CD Improvements: Updated GitHub Actions dependencies and workflow permissions
  • Bumped actions/setup-go from 5 to 6
  • Bumped actions/checkout from 4 to 5
• Library Upgrade: Upgraded github.com/google/go-github to v74

Fixed

• Security: Fixed code scanning alert regarding workflow permissions

Dependencies

• Bumped golang.org/x/oauth2 from 0.30.0 to 0.31.0 (#​25)
• Bumped actions/setup-go from 5 to 6 (#​26)
• Bumped actions/checkout from 4 to 5 (#​28)
• Upgraded github.com/google/go-github to v74 (#​29)

Contributors: @​jferrl, @​krancour (first contribution)

Full Changelog: jferrl/go-githubauth@v1.4.0...v1.4.1

v1.3.0

Compare Source

Added

• Personal Access Token Support: New NewPersonalAccessTokenSource function for classic and fine-grained personal access tokens
• Advanced Token Caching: Implemented dual-layer token caching system using oauth2.ReuseTokenSource
  • JWT tokens cached until expiration (up to 10 minutes)
  • Installation tokens cached until expiration (up to 1 hour)
• High-Performance HTTP Client: Custom cleanHTTPClient implementation with connection pooling
  • Based on HashiCorp's go-cleanhttp patterns for production reliability
  • HTTP/2 support with persistent connections
  • No shared global state to prevent race conditions

Changed

• Significant Performance Improvements: Up to 99% reduction in unnecessary token generation and GitHub API calls
• Enhanced Documentation: Added comprehensive examples for personal access token usage
• Optimized Memory Usage: Reduced object allocation through intelligent token reuse

Performance

• GitHub App JWTs: Cached and reused until expiration instead of regenerating on every API call
• Installation Tokens: Cached until expiration, dramatically reducing GitHub API rate limit consumption
• Connection Pooling: HTTP connections reused across requests for faster GitHub API interactions
• Production Ready: Optimized for high-throughput applications and CI/CD systems

Full Changelog: jferrl/go-githubauth@v1.3.0...v1.4.0

v1.2.1

Compare Source

Added

• Go Generics Support: Introduced generic constraint Identifier interface supporting both int64 App IDs and string Client IDs in a single NewApplicationTokenSource function
• Type-Safe Authentication: Automatic type inference eliminates the need for separate functions while maintaining type safety
• Enhanced Documentation: Official GitHub API references and JWT technical details while maintaining godoc compliance

Changed

• Unified NewApplicationTokenSource function now uses Go generics to support both int64 App IDs and string Client IDs
• Go version requirement bumped to 1.21+ (required for generics support)
• Updated Go version to 1.25 in CI workflows and documentation
• Improved CI workflow configurations with updated GitHub Actions

Fixed

• Eliminated code duplication between App ID and Client ID authentication flows
• Fixed go version usage from go.mod in GitHub Actions build (#​12)

Dependencies

• Added Dependabot configuration to keep dependencies up to date (#​13)
• Bumped styfle/cancel-workflow-action from 0.10.0 to 0.12.1 (#​15)
• Bumped actions/checkout from 4 to 5 (#​18)
• Bumped codecov/codecov-action from 4 to 5 (#​19)

Contributors: @​jferrl, @​grinish21

Full Changelog: jferrl/go-githubauth@v1.2.1...v1.3.0

v1.2.0

Compare Source

Fixed

• Security: Fixed JWT vulnerability GO-2025-3553 by upgrading jwt dependency to v5.3.0 (#​9)

Contributors: @​grinish21

Full Changelog: jferrl/go-githubauth@v1.2.0...v1.2.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24 -> 1.25
github.com/golang-jwt/jwt/v5	v5.2.2 -> v5.3.0
golang.org/x/oauth2	v0.30.0 -> v0.32.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24.0 -> 1.25