Commit e7e89c5
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump codfish/semantic-release-action from 4.0.1 to 5.0.0 in the prod group (#10)
Bumps the prod group with 1 update:
[codfish/semantic-release-action](https://github.com/codfish/semantic-release-action).
Updates `codfish/semantic-release-action` from 4.0.1 to 5.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codfish/semantic-release-action/releases">codfish/semantic-release-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h1><a
href="https://github.com/codfish/semantic-release-action/compare/v4.0.1...v5.0.0">5.0.0</a>
(2026-02-08)</h1>
<h3>Features</h3>
<ul>
<li>upgrade deps, node, bump semantic-release to v25 (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/231">#231</a>)
(<a
href="https://github.com/codfish/semantic-release-action/commit/6abd188d2458e2fd6c99073454f6cc49196362e8">6abd188</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li><code>@semantic-release/github</code> no longer consumes the GitHub
Search API in the plugin.</li>
</ul>
<p>Upgraded to semantic-release v25 with breaking changes in the GitHub
plugin.
Any breaking changes from v25 apply to this github action version except
for
Node version requirements. Because this is a docker-based github action,
the
version of node in use is defined inside of the docker image, not by the
consuming runner or your code.</p>
<ul>
<li>
<p><strong><code>@semantic-release/github</code> v12</strong>: The
GitHub plugin no longer uses the GitHub
Search API (<code>/search/issues</code> endpoint). It now uses GraphQL
queries exclusively
for issue retrieval. This architectural change may affect issue
management in
edge cases. See <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0">github
plugin v12 release notes</a>.</p>
</li>
<li>
<p><strong>semantic-release v25</strong>: Upgraded from v24.2.7 to
v25.0.3</p>
<ul>
<li><code>@semantic-release/npm</code> upgraded to v13</li>
<li><code>@semantic-release/commit-analyzer</code> and
<code>@semantic-release/release-notes-generator</code> moved from beta
to stable</li>
<li>Dependency updates (yargs v18, hosted-git-info v9)</li>
<li>See <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 release notes</a></li>
</ul>
</li>
<li>
<p><strong>npm OIDC Trusted Publishing Support</strong>: The upgrade to
<code>@semantic-release/npm</code> v13 enables
support for npm's new OIDC-based trusted publishing. This allows
publishing to npm without
long-lived access tokens by using GitHub's OIDC token provider. This is
more secure and
eliminates the need to store <code>NPM_TOKEN</code> as a repository
secret when publishing from GitHub
Actions. See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm
documentation</a>
for configuration details.</p>
</li>
<li>
<p><strong>Node.js</strong>: Upgraded to v24.13.0 (bundled in Docker,
not a breaking change for users)</p>
</li>
<li>
<p><strong><code>@actions/core</code></strong>: Upgraded to v3.0.0
(internal implementation only)</p>
</li>
</ul>
<ol>
<li>Test in a separate branch first - the GitHub plugin's architectural
change
could affect issue management behavior</li>
<li>Review <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 changes</a></li>
<li>Review <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0"><code>@semantic-release/github</code>
v12 changes</a></li>
<li>Update your workflows to use <code>@v5</code></li>
<li><strong>(Optional)</strong> Migrate to npm OIDC Trusted Publishing:
<ul>
<li>Configure your package on <a
href="https://www.npmjs.com/">npmjs.com</a> to enable trusted publishing
from GitHub Actions</li>
<li>Add <code>id-token: write</code> permission to your workflow
job</li>
<li>Remove the <code>NPM_TOKEN</code> secret (you won't need it
anymore!)</li>
<li>See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm's
trusted publishing guide</a></li>
</ul>
</li>
</ol>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codfish/semantic-release-action/blob/main/RELEASE_NOTES_V5.md">codfish/semantic-release-action's
changelog</a>.</em></p>
<blockquote>
<h1>v5.0.0 Release Notes Draft</h1>
<h2>Breaking Changes</h2>
<p>Upgraded to semantic-release v25 with breaking changes in the GitHub
plugin.
Any breaking changes from v25 apply to this github action version except
for
Node version requirements. Because this is a docker-based github action,
the
version of node in use is defined inside of the docker image, not by the
consuming runner or your code.</p>
<h3>What Changed</h3>
<ul>
<li>
<p><strong><code>@semantic-release/github</code> v12</strong>: The
GitHub plugin no longer uses the GitHub
Search API (<code>/search/issues</code> endpoint). It now uses GraphQL
queries exclusively
for issue retrieval. This architectural change may affect issue
management in
edge cases. See <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0">github
plugin v12 release notes</a>.</p>
</li>
<li>
<p><strong>semantic-release v25</strong>: Upgraded from v24.2.7 to
v25.0.3</p>
<ul>
<li><code>@semantic-release/npm</code> upgraded to v13</li>
<li><code>@semantic-release/commit-analyzer</code> and
<code>@semantic-release/release-notes-generator</code> moved from beta
to stable</li>
<li>Dependency updates (yargs v18, hosted-git-info v9)</li>
<li>See <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 release notes</a></li>
</ul>
</li>
<li>
<p><strong>npm OIDC Trusted Publishing Support</strong>: The upgrade to
<code>@semantic-release/npm</code> v13 enables
support for npm's new OIDC-based trusted publishing. This allows
publishing to npm without
long-lived access tokens by using GitHub's OIDC token provider. This is
more secure and
eliminates the need to store <code>NPM_TOKEN</code> as a repository
secret when publishing from GitHub
Actions. See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm
documentation</a>
for configuration details.</p>
</li>
<li>
<p><strong>Node.js</strong>: Upgraded to v24.13.0 (bundled in Docker,
not a breaking change for users)</p>
</li>
<li>
<p><strong><code>@actions/core</code></strong>: Upgraded to v3.0.0
(internal implementation only)</p>
</li>
</ul>
<h3>Migration Steps</h3>
<ol>
<li>Test in a separate branch first - the GitHub plugin's architectural
change
could affect issue management behavior</li>
<li>Review <a
href="https://github.com/semantic-release/semantic-release/releases/tag/v25.0.0">semantic-release
v25 changes</a></li>
<li>Review <a
href="https://github.com/semantic-release/github/releases/tag/v12.0.0"><code>@semantic-release/github</code>
v12 changes</a></li>
<li>Update your workflows to use <code>@v5</code></li>
<li><strong>(Optional)</strong> Migrate to npm OIDC Trusted Publishing:
<ul>
<li>Configure your package on <a
href="https://www.npmjs.com/">npmjs.com</a> to enable trusted publishing
from GitHub Actions</li>
<li>Add <code>id-token: write</code> permission to your workflow
job</li>
<li>Remove the <code>NPM_TOKEN</code> secret (you won't need it
anymore!)</li>
<li>See <a
href="https://docs.npmjs.com/generating-provenance-statements">npm's
trusted publishing guide</a></li>
</ul>
</li>
</ol>
<h2>Version History</h2>
<ul>
<li><code>v5</code> uses semantic-release v25 & node v24.13.0</li>
<li><code>v4</code> uses semantic-release v24 & node v22.18.0</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/6abd188d2458e2fd6c99073454f6cc49196362e8"><code>6abd188</code></a>
feat: upgrade deps, node, bump semantic-release to v25 (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/231">#231</a>)</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/626240e4677a342945cad0182b723ecafb7adbf7"><code>626240e</code></a>
ci: normalize branch name for docker pr images (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/230">#230</a>)</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/ec8c36d63565dd5b924b22d9ddb966caa8209302"><code>ec8c36d</code></a>
ci: only update docker images if new release was published</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/1d4999283af3d111a4df8b896a121e1e6d6c557e"><code>1d49992</code></a>
Add renovate.json (<a
href="https://redirect.github.com/codfish/semantic-release-action/issues/217">#217</a>)</li>
<li><a
href="https://github.com/codfish/semantic-release-action/commit/517b71379f5c38927b67f5bf7e80ad34070f070f"><code>517b713</code></a>
docs: update README with latest version</li>
<li>See full diff in <a
href="https://github.com/codfish/semantic-release-action/compare/v4.0.1...v5.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 8cd642f commit e7e89c5
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| |||
0 commit comments