pkg/surveyext/editor.go | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 change default editor from nano to /usr/bin/editor
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

api/http_client_test.go | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 skip failed testhttpclientsanitizejsoncontrolcharactersc0 on go1.22

Go1.22 changes json encoding behavior.
https://github.com/golang/go/issues/64346

pkg/cmd/gist/view/view_test.go | 4 2 + 2 - 0 !
pkg/cmd/pr/create/create_test.go | 4 2 + 2 - 0 !
pkg/cmd/pr/review/review_test.go | 2 1 + 1 - 0 !
pkg/cmd/release/view/view_test.go | 8 4 + 4 - 0 !
pkg/cmd/repo/view/view_test.go | 10 5 + 5 - 0 !
5 files changed, 14 insertions(+), 14 deletions(-)

 update test to be compatible with glamour v0.8.0
Bug-Debian: https://bugs.debian.org/1091585

internal/codespaces/rpc/invoker.go | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 adding username validation to the invoker ssh server
 This is a fix for the gh codespace ssh and similar commands which
 retrieve the remote username from the running dev container on GitHub.
 If connecting to a malicious container image, it could trigger a
 remote code execution on the local system running gh by providing a
 username that includes additional command-line arguments to ssh. This
 patch adds validation to ensure that only a reasonable username is
 accepted from the container.

pkg/cmd/run/download/download.go | 15 14 + 1 - 0 !
pkg/cmd/run/download/download_test.go | 633 505 + 128 - 0 !
pkg/cmd/run/download/zip.go | 24 18 + 6 - 0 !
pkg/cmd/run/download/zip_test.go | 80 80 + 0 - 0 !
4 files changed, 617 insertions(+), 135 deletions(-)

 validate artifact name is a valid filename
 The command gh run download was not validating that an artifact name
 might be a a reserved path name of . or .. which could lead to writing
 files outside the expected working directory. This patch applies a
 patch from upstream that validates the path before downloading
 artifacts.

git/client.go | 84 77 + 7 - 0 !
git/client_test.go | 331 260 + 71 - 0 !
internal/run/stub.go | 2 1 + 1 - 0 !
pkg/cmd/issue/develop/develop_test.go | 2 1 + 1 - 0 !
pkg/cmd/pr/checkout/checkout.go | 20 15 + 5 - 0 !
pkg/cmd/pr/checkout/checkout_test.go | 40 40 + 0 - 0 !
pkg/cmd/repo/sync/git.go | 2 1 + 1 - 0 !
7 files changed, 395 insertions(+), 86 deletions(-)

 support secure credential pattern with submodules
 When cloning a repository recursively that utilized submodules,
 authentication tokens intended for the parent repository could be
 leaked to the server hosting the child submodule. This patch adds
 checks to ensure that only the matching server URL gets the appropriate
 tokens.

pkg/cmd/run/download/download_test.go | 605 326 + 279 - 0 !
1 file changed, 326 insertions(+), 279 deletions(-)

 fix flaky gh run download test
 Use consistent slice ordering in run download tests. The previous
 implementation was relying on the iteration order of a map when
 responding with a list of test artifacts from the fakePlatform, which
 resulted in flakiness. This PR makes use of a slice instead.