From 2db8f4e04768a9a4cbab1a89aa68248a0a90402c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Apr 2026 11:28:28 +0000
Subject: [PATCH 1/2] build(deps-dev): bump @octokit/openapi from 21.0.0 to
 22.0.0

Bumps [@octokit/openapi](https://github.com/octokit/openapi) from 21.0.0 to 22.0.0.
- [Release notes](https://github.com/octokit/openapi/releases)
- [Commits](https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0)

---
updated-dependencies:
- dependency-name: "@octokit/openapi"
  dependency-version: 22.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 38f0858..eb532a1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,7 +15,7 @@
         "p-retry": "^7.1.1"
       },
       "devDependencies": {
-        "@octokit/openapi": "^21.0.0",
+        "@octokit/openapi": "^22.0.0",
         "c8": "^10.1.3",
         "esbuild": "^0.27.3",
         "open-cli": "^8.0.0",
@@ -716,9 +716,9 @@
       }
     },
     "node_modules/@octokit/openapi": {
-      "version": "21.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi/-/openapi-21.0.0.tgz",
-      "integrity": "sha512-NybZQUNsa6yErKW1EEniJs0c/KFEFkXOrWlHk9IVFkY2OC5SQJMsjJnfCfVFyIuBjt8qBHGTopri7y/cKafxPQ==",
+      "version": "22.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi/-/openapi-22.0.0.tgz",
+      "integrity": "sha512-Rpif7FjTjFEBSU+amIRHUAIAHwgg+tVJdTiQuU2GEWDniZxmWjxZCgJ4V9GEp2GXnq/Bl+TrjEvwAl9PB29NAQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index 9b53662..c706e04 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,7 @@
     "p-retry": "^7.1.1"
   },
   "devDependencies": {
-    "@octokit/openapi": "^21.0.0",
+    "@octokit/openapi": "^22.0.0",
     "c8": "^10.1.3",
     "esbuild": "^0.27.3",
     "open-cli": "^8.0.0",

From 675fbe31f92f1d2d6c9d13e4874d23813a81f3bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Apr 2026 11:28:49 +0000
Subject: [PATCH 2/2] feat: update permission inputs

---
 action.yml                             |  8 +++++++
 scripts/generated/app-permissions.json | 32 ++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/action.yml b/action.yml
index ba4e915..41cd4b0 100644
--- a/action.yml
+++ b/action.yml
@@ -31,6 +31,10 @@ inputs:
     description: "The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be set to 'read' or 'write'."
   permission-administration:
     description: "The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be set to 'read' or 'write'."
+  permission-artifact-metadata:
+    description: "The level of permission to grant the access token to create and retrieve build artifact metadata records. Can be set to 'read' or 'write'."
+  permission-attestations:
+    description: "The level of permission to create and retrieve the access token for repository attestations. Can be set to 'read' or 'write'."
   permission-checks:
     description: "The level of permission to grant the access token for checks on code. Can be set to 'read' or 'write'."
   permission-codespaces:
@@ -43,6 +47,8 @@ inputs:
     description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
   permission-deployments:
     description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
+  permission-discussions:
+    description: "The level of permission to grant the access token for discussions and related comments and labels. Can be set to 'read' or 'write'."
   permission-email-addresses:
     description: "The level of permission to grant the access token to manage the email addresses belonging to a user. Can be set to 'read' or 'write'."
   permission-enterprise-custom-properties-for-organizations:
@@ -61,6 +67,8 @@ inputs:
     description: "The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Can be set to 'read' or 'write'."
   permission-members:
     description: "The level of permission to grant the access token for organization teams and members. Can be set to 'read' or 'write'."
+  permission-merge-queues:
+    description: "The level of permission to grant the access token to manage the merge queues for a repository. Can be set to 'read' or 'write'."
   permission-metadata:
     description: "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Can be set to 'read' or 'write'."
   permission-organization-administration:
diff --git a/scripts/generated/app-permissions.json b/scripts/generated/app-permissions.json
index aae22e8..d66d70c 100644
--- a/scripts/generated/app-permissions.json
+++ b/scripts/generated/app-permissions.json
@@ -19,6 +19,22 @@
         "write"
       ]
     },
+    "artifact_metadata": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to create and retrieve build artifact metadata records.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
+    "attestations": {
+      "type": "string",
+      "description": "The level of permission to create and retrieve the access token for repository attestations.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "checks": {
       "type": "string",
       "description": "The level of permission to grant the access token for checks on code.",
@@ -59,6 +75,14 @@
         "write"
       ]
     },
+    "discussions": {
+      "type": "string",
+      "description": "The level of permission to grant the access token for discussions and related comments and labels.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "environments": {
       "type": "string",
       "description": "The level of permission to grant the access token for managing repository environments.",
@@ -75,6 +99,14 @@
         "write"
       ]
     },
+    "merge_queues": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to manage the merge queues for a repository.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "metadata": {
       "type": "string",
       "description": "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata.",