Skip to content

chore(deps): bump softprops/action-gh-release from 2 to 3#159

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/softprops/action-gh-release-3
Open

chore(deps): bump softprops/action-gh-release from 2 to 3#159
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/softprops/action-gh-release-3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps softprops/action-gh-release from 2 to 3.

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

  • fix issue with multiple runs concatenating release bodies #145
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump softprops/action-gh-release from 2 to 3
c679ed9 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@v2...v3)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 8, 2026

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests updating dependencies label May 8, 2026
@dependabot dependabot Bot requested a review from KooshaPari as a code owner May 8, 2026 11:16
@dependabot dependabot Bot added the dependencies Pull requests updating dependencies label May 8, 2026
@codeant-ai
Copy link
Copy Markdown

codeant-ai Bot commented May 8, 2026

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 8, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

🔒 Snyk Security Scan Results

Snyk vulnerability scan completed. View results in GitHub Code Scanning dashboard.

1 similar comment
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

🔒 Snyk Security Scan Results

Snyk vulnerability scan completed. View results in GitHub Code Scanning dashboard.

kilo-code-bot[bot]
kilo-code-bot Bot reviewed May 8, 2026
View reviewed changes
Comment thread .github/workflows/rust-release.yml

- name: Create Release
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@v3
Copy link
Copy Markdown

@kilo-code-bot kilo-code-bot Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: Consider using a specific version tag or commit hash instead of a floating tag (v3) for better reproducibility

Floating tags can update automatically to new patch versions, which might introduce unexpected changes or breaking updates. Other actions in this workflow use specific references (commit hashes or version tags).

@kilo-code-bot
Copy link
Copy Markdown

kilo-code-bot Bot commented May 8, 2026
edited
Loading

Code Review Summary

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 0
SUGGESTION 1
Issue Details (click to expand)

SUGGESTION

File Line Issue
.github/workflows/rust-release.yml 85 Consider using a specific version tag or commit hash instead of a floating tag (v3) for better reproducibility

Floating tags can update automatically to new patch versions, which might introduce unexpected changes or breaking updates. Other actions in this workflow use specific references (commit hashes or version tags). |

Files Reviewed (1 files)
  • .github/workflows/rust-release.yml - 1 issues
EOF

Reviewed by nemotron-3-super-120b-a12b-20230311:free · 191,013 tokens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kilo-code-bot kilo-code-bot[bot] kilo-code-bot[bot] left review comments

@KooshaPari KooshaPari Awaiting requested review from KooshaPari KooshaPari is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests updating dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants