chore(deps): update dependency cli/cli to v2.63.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
cli/cli	minor	2.62.0 -> 2.63.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

cli/cli (cli/cli)

v2.63.0: GitHub CLI 2.63.0

Compare Source

What's Changed

• Support bare repo creation by @​williammartin in https://github.com/cli/cli/pull/9905
• Refactor the getAttestations functions by @​malancas in https://github.com/cli/cli/pull/9892
• Added a section on manual verification of the relases. by @​kommendorkapten in https://github.com/cli/cli/pull/9936
• Adding option to return baseRefOid in pr view by @​daliusd in https://github.com/cli/cli/pull/9938
• Update verification results printing by @​malancas in https://github.com/cli/cli/pull/9937
• Fix some multiline command documentation to use heredoc strings by @​BagToad in https://github.com/cli/cli/pull/9948
• Print friendly error when release create fails due to missing workflow OAuth scope by @​BagToad in https://github.com/cli/cli/pull/9791

Full Changelog: cli/cli@v2.62.0...v2.63.0

Security

• A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com.

  For more information, see GHSA-jwcm-9g39-pmcw

New Contributors

• @​daliusd made their first contribution in https://github.com/cli/cli/pull/9938

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/gh:2.63.0

📦 Image Reference ghcr.io/uniget-org/tools/gh:2.63.0

digest	sha256:939fa53315457b51825cc6a1c5e9e623f9f896479199bcb1e0bd73f1b0f1b549
vulnerabilities
platform	linux/amd64
size	13 MB
packages	147

stdlib 1.22.6 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range <1.22.7 Fixed version 1.22.7 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range <1.22.7 Fixed version 1.22.7 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

github.com/theupdateframework/go-tuf 0.7.0 (golang) pkg:golang/github.com/theupdateframework/[email protected] Affected range >=0 Fixed version Not Fixed Description Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12061252272.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12061252272.