Skip to content

Comments

chore(deps): bump codfish/semantic-release-action from 3 to 5#6

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/codfish/semantic-release-action-5
Open

chore(deps): bump codfish/semantic-release-action from 3 to 5#6
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/codfish/semantic-release-action-5

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps codfish/semantic-release-action from 3 to 5.

Release notes

Sourced from codfish/semantic-release-action's releases.

v5.0.0

5.0.0 (2026-02-08)

Features

  • upgrade deps, node, bump semantic-release to v25 (#231) (6abd188)

BREAKING CHANGES

  • @​semantic-release/github no longer consumes the GitHub Search API in the plugin.

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes
  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

... (truncated)

Changelog

Sourced from codfish/semantic-release-action's changelog.

v5.0.0 Release Notes Draft

Breaking Changes

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

What Changed

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes
  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

Migration Steps

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

Version History

  • v5 uses semantic-release v25 & node v24.13.0
  • v4 uses semantic-release v24 & node v22.18.0

... (truncated)

Commits
  • 6abd188 feat: upgrade deps, node, bump semantic-release to v25 (#231)
  • 626240e ci: normalize branch name for docker pr images (#230)
  • ec8c36d ci: only update docker images if new release was published
  • 1d49992 Add renovate.json (#217)
  • 517b713 docs: update README with latest version
  • 6c65402 Merge pull request #216 from codfish/pnpm
  • 91fdaf1 fix: install additional packages to /action to avoid package manager issues
  • dc9e488 Merge pull request #215 from codfish/cod/docs-public-npm
  • 7912744 docs: add scoped packages note to readme
  • 66d0b11 chore: cleanup ai context
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [codfish/semantic-release-action](https://github.com/codfish/semantic-release-action) from 3 to 5.
- [Release notes](https://github.com/codfish/semantic-release-action/releases)
- [Changelog](https://github.com/codfish/semantic-release-action/blob/main/RELEASE_NOTES_V5.md)
- [Commits](codfish/semantic-release-action@v3...v5)

---
updated-dependencies:
- dependency-name: codfish/semantic-release-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Feb 9, 2026

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants