A Stable Maintenance Release

On May 20, 2025, we released version 1.1.0 of jwt-bearer-token-vendor. This maintenance release focuses on keeping dependencies current and ensuring continued stability for all users.

What’s New

Version 1.1.0 doesn’t introduce new features or change the action’s interface. Instead, it includes important dependency updates that improve the reliability and security of the underlying HTTP client:

  • Updated undici HTTP client from v5.28.5 to v5.29.0, bringing improved connection pool error handling and better compatibility with Node.js 20
  • CI infrastructure updates to maintain our development and security scanning workflows

These updates happen behind the scenes, meaning your existing workflows will continue to work without any modifications.

Why It Matters

Regular maintenance releases like v1.1.0 demonstrate our commitment to keeping jwt-bearer-token-vendor secure and up-to-date. By promptly updating dependencies, we ensure:

  • Security: Keeping the HTTP client library current with the latest security patches
  • Reliability: Improvements to connection handling mean more robust token exchanges with external OAuth 2.0 servers
  • Compatibility: Staying aligned with Node.js runtime updates

Upgrading

Upgrading to v1.1.0 is simple and requires no configuration changes:

# Recommended: Use the major version tag for automatic updates
uses: UnitVectorY-Labs/jwt-bearer-token-vendor@v1

# Or pin to this exact version
uses: UnitVectorY-Labs/jwt-bearer-token-vendor@v1.1.0

All inputs and outputs work identically to v1.0.x. If you’re already using the @v1 tag, your workflows will automatically use v1.1.0 on their next run.

This release announcement was AI-generated using the unsloth/Qwen3.5-122B-A10B-GGUF:Q4_K_M model. Original release date: May 20, 2025. Repository: UnitVectorY-Labs/jwt-bearer-token-vendor. Author: release-storyteller