Added '--source winget' option to install and upgrade commands.
On machines where the `Store` source is enabled but the license to use the store is not granted specifying the source is required.
This does not have any negative effect.
Clarify that a dependency having a CVE does not mean gh has a
vulnerability. We use govulncheck for reachability analysis and
ask reporters to demonstrate impact before we act on dependency CVE
reports.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Other list subcommands correctly reject --limit 0 but 'release list'
does not validate the limit, causing an infinite loop.
Add validation consistent with other subcommands and a test.
Closes#13078
The github.com/golang/snappy repository was archived and is no longer
maintained. klauspost/compress provides a drop-in replacement, which
is actively maintained, and the klauspost/compress module is already
an existing (indirect) dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
getViewer was building a new HTTP client from scratch, losing
AppVersion and InvokingAgent from the plain client already passed
into AuthFlow. Reuse the existing client by shallow-copying it and
wrapping its transport with AddAuthTokenHeader for the new token.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The gh api command builds its own HTTP client inline without
forwarding InvokingAgent, so the User-Agent header was missing
the Agent/<name> suffix when invoked by AI coding agents.
Thread InvokingAgent through Factory → ApiOptions → HTTPClientOptions,
mirroring the existing AppVersion pattern.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace the OptionsFunc-based MultiSelectWithSearch with a custom huh
Field implementation. huh's OptionsFunc runs in a goroutine, causing
data races with selection state and stale cache issues that made
selections disappear on toggle or search changes.
The custom field (multiSelectSearchField) combines a text input and
multi-select list in a single field with full control over the update
loop. Search runs asynchronously via tea.Cmd when the user presses
Enter, with a themed spinner during loading. Selections are stored in
a simple map — no goroutine races, no Eval cache, no syncAccessor.
Also adds defensive validation for mismatched Keys/Labels slices from
searchFunc.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add 'Type to search, Ctrl+U to clear' placeholder to the
MultiSelectWithSearch search input. Set WithWidth(80) in the test
harness to prevent textinput placeholder rendering panics when
there is no terminal.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace Value() pointer bindings with syncAccessor in
MultiSelectWithSearch. huh's OptionsFunc runs in a goroutine while
the main event loop writes field values, causing a data race on
shared variables. syncAccessor implements huh's Accessor interface
with a shared mutex, ensuring all reads and writes are synchronized.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fix accessible prompter tests that broke with the huh v2 upgrade:
- Replace 'Input a number' with 'Enter a number' (huh v2 changed text)
- Remove trailing CRLF from ExpectString calls that now fail due to
ANSI color codes wrapping the title text
- Allow ANSI escape codes in password masking regex assertions
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace manual model updates with an io.Pipe-based test harness that
drives forms through bubbletea's real event loop. Interaction helpers
(tab(), toggle(), typeKeys(), enter(), etc.) send raw terminal bytes
through io.Pipe to form.Run() in a goroutine.
Add tests for AuthToken, ConfirmDeletion, and InputHostname including
validation rejection paths. Add MultiSelectWithSearch coverage for
persistent options and empty search results.
30 tests, ~1s, all build*Form methods at 94-100% coverage.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
