* fix: Update action.yml to use v2 image

Unfortunately the tag in action.yml is hardcoded currently. Will automate soon.

* fix: update README to use new major version tag

Signed-off-by: jmeridth <jmeridth@gmail.com>

---------

Signed-off-by: jmeridth <jmeridth@gmail.com>

## What

Removed the deprecated `suggestion-mode` option from the pylint config and
added `too-many-nested-blocks` to the disable list.

## Why

The `suggestion-mode` option was removed in newer versions of pylint,
causing an `E0015: Unrecognized option` error that fails the super-linter
CI job. The `too-many-nested-blocks` violation in `merge_contributors` is
pre-existing and consistent with the other `too-many-*` rules already
disabled.

## Notes

- The nested blocks issue in `contributor_stats.py:112` would benefit from a refactor (dict-based merge instead of nested loops) in a follow-up PR
- These errors were hidden until super-linter upgraded its bundled pylint version
- Saw these errors [here](https://github.com/github-community-projects/contributors/actions/runs/22372943481/job/64756293990?pr=394#step:5:488)
- `suggestion-mode` was [removed in 4.0 of pylin](https://pylint.readthedocs.io/en/latest/whatsnew/4/4.0/index.html)

Signed-off-by: jmeridth <jmeridth@gmail.com>

…ntributors

When date filtering is active, fetch commits in the date range directly
and extract unique authors, instead of iterating all-time contributors
and making a separate API call per contributor to check for commits.

The previous approach made O(N) API calls where N is the number of
all-time contributors, which exhausted rate limits on large repos/orgs.
When rate limiting occurred mid-iteration, the broad exception handler
silently dropped all contributors for the affected repository.

The new approach makes O(M/30) API calls where M is the number of
commits in the date range, which is orders of magnitude fewer for
monthly reports.

Additionally, contribution_count now reflects the actual count for the
specified period rather than the misleading all-time count.

Fixes #392

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Address PR review feedback:
- Add return value assertions to test_get_contributors and
  test_get_contributors_skip_bot for stricter contract verification
- Rename test_get_contributors_skip_users_with_no_commits to
  test_get_contributors_with_single_commit to match actual behavior

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…rs-missing-rate-limit

fix: use commits-first approach to avoid rate limiting and missing contributors

#411)

### What

Wrapped `gh_app_id` with `str()` in the `login_as_app_installation` call
in auth.py, and added a targeted test for integer app_id inputs. Existing
tests were also tightened to assert on exact call arguments.

### Why

When `gh_app_id` is passed as an integer, PyJWT raises a TypeError on the
`iss` claim during JWT encoding because it expects a string. This surfaces
at runtime when the environment variable is parsed as an int rather than str.

### Notes

- Only `gh_app_id` is converted; `gh_app_installation_id` is left as-is
  since `login_as_app_installation` accepts it in its original form —
  reviewers should verify this is intentional
- The existing tests previously used `assert_called_once()` without argument
  checks, so bugs like this were invisible; the tightened assertions now
  catch argument type mismatches

Signed-off-by: jmeridth <jmeridth@gmail.com>

fix: convert app_id to string before login_as_app_installation call