Bump codfish/semantic-release-action from 4.0.1 to 5.0.0 in /.github/workflows (#15)

Bumps
[codfish/semantic-release-action](https://github.com/codfish/semantic-release-action)
from 4.0.1 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codfish/semantic-release-action/releases">codfish/semantic-release-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h1><a
href="https://github.com/codfish/semantic-release-action/compare/v4.0.1...v5.0.0">5.0.0</a>
(2026-02-08)</h1>
<h3>Features</h3>
<ul>
<li>upgrade deps, node, bump semantic-release to v25 (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/231">#231</a>)
(<a
href="https://github.com/codfish/semantic-release-action/commit/6abd188d2458e2fd6c99073454f6cc49196362e8">6abd188</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li><code>@​semantic-release/github</code> no longer consumes the GitHub
Search API in the plugin.</li>
</ul>
<p>Upgraded to semantic-release v25 with breaking changes in the GitHub
plugin.
Any breaking changes from v25 apply to this github action version except
for
Node version requirements. Because this is a docker-based github action,
the
version of node in use is defined inside of the docker image, not by the
consuming runner or your code.</p>
<ul>
<li>
<p><strong><code>@​semantic-release/github</code> v12</strong>: The
GitHub plugin no longer uses the GitHub
Search API (<code>/search/issues</code> endpoint). It now uses GraphQL
queries exclusively
for issue retrieval. This architectural change may affect issue
management in
edge cases. See <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0">github
plugin v12 release notes</a>.</p>
</li>
<li>
<p><strong>semantic-release v25</strong>: Upgraded from v24.2.7 to
v25.0.3</p>
<ul>
<li><code>@​semantic-release/npm</code> upgraded to v13</li>
<li><code>@​semantic-release/commit-analyzer</code> and
<code>@​semantic-release/release-notes-generator</code> moved from beta
to stable</li>
<li>Dependency updates (yargs v18, hosted-git-info v9)</li>
<li>See <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 release notes</a></li>
</ul>
</li>
<li>
<p><strong>npm OIDC Trusted Publishing Support</strong>: The upgrade to
<code>@​semantic-release/npm</code> v13 enables
support for npm's new OIDC-based trusted publishing. This allows
publishing to npm without
long-lived access tokens by using GitHub's OIDC token provider. This is
more secure and
eliminates the need to store <code>NPM_TOKEN</code> as a repository
secret when publishing from GitHub
Actions. See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm
documentation</a>
for configuration details.</p>
</li>
<li>
<p><strong>Node.js</strong>: Upgraded to v24.13.0 (bundled in Docker,
not a breaking change for users)</p>
</li>
<li>
<p><strong><code>@​actions/core</code></strong>: Upgraded to v3.0.0
(internal implementation only)</p>
</li>
</ul>
<ol>
<li>Test in a separate branch first - the GitHub plugin's architectural
change
could affect issue management behavior</li>
<li>Review <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 changes</a></li>
<li>Review <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0"><code>@​semantic-release/github</code>
v12 changes</a></li>
<li>Update your workflows to use <code>@v5</code></li>
<li><strong>(Optional)</strong> Migrate to npm OIDC Trusted Publishing:
<ul>
<li>Configure your package on <a
href="https://www.npmjs.com/">npmjs.com</a> to enable trusted publishing
from GitHub Actions</li>
<li>Add <code>id-token: write</code> permission to your workflow
job</li>
<li>Remove the <code>NPM_TOKEN</code> secret (you won't need it
anymore!)</li>
<li>See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm's
trusted publishing guide</a></li>
</ul>
</li>
</ol>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codfish/semantic-release-action/blob/main/RELEASE_NOTES_V5.md">codfish/semantic-release-action's
changelog</a>.</em></p>
<blockquote>
<h1>v5.0.0 Release Notes Draft</h1>
<h2>Breaking Changes</h2>
<p>Upgraded to semantic-release v25 with breaking changes in the GitHub
plugin. Any breaking changes from v25 apply to this
GitHub action version except for Node version requirements. Because this
is a Docker-based github action, the version of
Node.js in use is defined inside of the Docker image, not by the
consuming runner or your code.</p>
<h3>What Changed</h3>
<ul>
<li>
<p><strong><code>@​semantic-release/github</code> v12</strong>: The
GitHub plugin no longer uses the GitHub Search API
(<code>/search/issues</code> endpoint).
It now uses GraphQL queries exclusively for issue retrieval. This
architectural change may affect issue management in
edge cases. See <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0">GitHub
plugin v12 release notes</a>.</p>
</li>
<li>
<p><strong>semantic-release v25</strong>: Upgraded from v24.2.7 to
v25.0.3</p>
<ul>
<li><code>@​semantic-release/npm</code> upgraded to v13</li>
<li><code>@​semantic-release/commit-analyzer</code> and
<code>@​semantic-release/release-notes-generator</code> moved from beta
to stable</li>
<li>Dependency updates (yargs v18, hosted-git-info v9)</li>
<li>See <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 release notes</a></li>
</ul>
</li>
<li>
<p><strong>npm OIDC Trusted Publishing Support</strong>: The upgrade to
<code>@​semantic-release/npm</code> v13 enables support for npm's new
OIDC-based trusted publishing. This allows publishing to npm without
long-lived access tokens by using GitHub's OIDC
token provider. This is more secure and eliminates the need to store
<code>NPM_TOKEN</code> as a repository secret when
publishing from GitHub Actions. See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm
documentation</a> for
configuration details.</p>
</li>
<li>
<p><strong>Node.js</strong>: Upgraded to v24.13.0 (bundled in Docker,
not a breaking change for users)</p>
</li>
<li>
<p><strong><code>@​actions/core</code></strong>: Upgraded to v3.0.0
(internal implementation only)</p>
</li>
</ul>
<h3>Migration Steps</h3>
<ol>
<li>Test in a separate branch first - the GitHub plugin's architectural
change could affect issue management behavior</li>
<li>Review <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 changes</a></li>
<li>Review <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0"><code>@​semantic-release/github</code>
v12 changes</a></li>
<li>Update your workflows to use <code>@v5</code></li>
<li><strong>(Optional)</strong> Migrate to npm OIDC Trusted Publishing:
<ul>
<li>Configure your package on <a
href="https://www.npmjs.com/">npmjs.com</a> to enable trusted publishing
from GitHub Actions</li>
<li>Add <code>id-token: write</code> permission to your workflow
job</li>
<li>Remove the <code>NPM_TOKEN</code> secret (you won't need it
anymore!)</li>
<li>See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm's
trusted publishing guide</a></li>
</ul>
</li>
</ol>
<h2>Version History</h2>
<ul>
<li><code>v5</code> uses semantic-release v25 &amp; Node.js
v24.13.0</li>
<li><code>v4</code> uses semantic-release v24 &amp; Node.js
v22.18.0</li>
<li><code>v3</code> uses semantic-release v22 &amp; Node.js v20.9</li>
<li><code>v2</code> uses semantic-release v20 &amp; Node.js v18.7</li>
</ul>
<h2>Full Changelog</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/6abd188d2458e2fd6c99073454f6cc49196362e8"><code>6abd188</code></a>
feat: upgrade deps, node, bump semantic-release to v25 (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/231">#231</a>)</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/626240e4677a342945cad0182b723ecafb7adbf7"><code>626240e</code></a>
ci: normalize branch name for docker pr images (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/230">#230</a>)</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/ec8c36d63565dd5b924b22d9ddb966caa8209302"><code>ec8c36d</code></a>
ci: only update docker images if new release was published</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/1d4999283af3d111a4df8b896a121e1e6d6c557e"><code>1d49992</code></a>
Add renovate.json (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/217">#217</a>)</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/517b71379f5c38927b67f5bf7e80ad34070f070f"><code>517b713</code></a>
docs: update README with latest version</li>
<li>See full diff in <a
href="https://github.com/codfish/semantic-release-action/compare/v4.0.1...v5.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codfish/semantic-release-action&package-manager=github_actions&previous-version=4.0.1&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: frag223 <m.riquelme223@gmail.com>

Author: dependabot[bot]

.github/workflows/pull-request.yaml

@@ -8,20 +8,6 @@ on:
 
 jobs:
 
-  scans:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - name: Run Trivy vulnerability scanner in fs mode
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'fs'
-          scan-ref: '.'
-          trivy-config: trivy.yaml
-
   golang:
     runs-on: ubuntu-latest
     steps:

.github/workflows/release.yaml

@@ -14,6 +14,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v6
       - name: Release
-        uses: codfish/semantic-release-action@v4.0.1
+        uses: codfish/semantic-release-action@v5.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}