Bump github.com/cli/cli/v2 from 2.65.0 to 2.67.0

[dependabot]

Bumps github.com/cli/cli/v2 from 2.65.0 to 2.67.0.

Release notes

Sourced from github.com/cli/cli/v2's releases.

GitHub CLI 2.67.0

Security

A bug in gh attestation verify may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type <value> or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact has an attestation with a predicate type different from the one provided in the command. As a result, users relying solely on these exit codes may mistakenly believe the attestation has been verified, despite the absence of an attestation with the specified predicate type and the tool printing a verification failure.

Users are advised to update gh to version v2.67.0 as soon as possible.

For more information, see GHSA-fgw4-v983-mgp8

gh pr checkout now supports interactively selecting a pull request

Similar to commands like gh workflow run which prompts for a workflow to run, now gh pr checkout will prompt for a pull request to checkout. The list is currently limited to the most recent 10 pull requests in the repository.

393797385-499b5dfb-3103-42b8-876a-3a2d4d7173c8.mov

Big thank you to @​nilvng for implementing this 🙌

Contributing guidelines updated

We've updated our CONTRIBUTING.md guidelines to give more clarity around old help wanted issues.

TLDR:

• Please directly mention @cli/code-reviewers when an issue you want to work on does not have clear Acceptance Criteria
• Please only open pull requests for issues with both the help wanted label and clear Acceptance Criteria
• Please avoid expanding pull request scope to include changes that are not described in the connected issue's Acceptance Criteria

Note: Acceptance Criteria is posted as an issue comment by a core maintainer.

See cli/cli#10381 and cli/cli#10395 for more information.

❓ Have feedback on anything? We'd love to hear from you in a discussion post ❤️

What's Changed

✨ Features

• feat: let user select pr to checkout by @​nilvng in cli/cli#9868
• feat: Add support for deleting autolink references by @​hoffm in cli/cli#10362
• [gh extensions install] Improve help text and error message by @​iamazeem in cli/cli#10333
• Error when gh repo rename is used with a new repo name that contains an owner by @​timrogers in cli/cli#10364
• Attestation bundle fetch improvements by @​malancas in cli/cli#10233
• [gh project item-list] Add iterationId field in ProjectV2ItemFieldIterationValue by @​iamazeem in cli/cli#10329

🐛 Fixes

• [gh api] Fix mutual exclusion messages of --slurp flag by @​iamazeem in cli/cli#10332
• Exit with error if no matching predicate type exists by @​kommendorkapten in cli/cli#10421
• Do not try to parse bodies for HEAD requests by @​jsoref in cli/cli#10388
• [gh project item-edit] Fix number type by @​iamazeem in cli/cli#10374
• [gh workflow run] Improve error handling for --ref flag by @​iamazeem in cli/cli#10328

... (truncated)

Commits

• 6899fe2 Merge pull request #10421 from cli/exit1-wrong-predicate-type
• bf3a40a Exit with error if no matching predicate type exists
• 5557958 Merge pull request #10362 from hoffm/delete-autolinks
• ab7fdaa Merge pull request #10395 from cli/kw/code-review-suggestions-for-contributin...
• 0268d95 Fix logic error in contributing docs
• 8e2be73 Improve http error test cases
• 9eaaf44 Handle non-TTY behavior
• 8d0ec0a Merge branch 'trunk' into delete-autolinks
• 0a05012 Merge pull request #10379 from cli/dependabot/go_modules/google.golang.org/pr...
• c1bc836 Merge pull request #10388 from jsoref/issue-9927
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign maschmid for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cardil]

/hold only after upgrade to 1.23

[cardil]

We can't bump it until we switch to go 1.23 for the product

[dependabot]

Superseded by #26.