Skip to content

build: bump the all-actions group with 4 updates#551

Merged
github-actions[bot] merged 1 commit intodependabotchangesfrom
dependabot/github_actions/dependabotchanges/all-actions-cc3d468b0f
Mar 2, 2026
Merged

build: bump the all-actions group with 4 updates#551
github-actions[bot] merged 1 commit intodependabotchangesfrom
dependabot/github_actions/dependabotchanges/all-actions-cc3d468b0f

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the all-actions group with 4 updates: codfish/semantic-release-action, tj-actions/changed-files, lycheeverse/lychee-action and actions/upload-artifact.

Updates codfish/semantic-release-action from 4 to 5

Release notes

Sourced from codfish/semantic-release-action's releases.

v5.0.0

5.0.0 (2026-02-08)

Features

  • upgrade deps, node, bump semantic-release to v25 (#231) (6abd188)

BREAKING CHANGES

  • @​semantic-release/github no longer consumes the GitHub Search API in the plugin.

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes

  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

... (truncated)

Changelog

Sourced from codfish/semantic-release-action's changelog.

v5.0.0 Release Notes Draft

Breaking Changes

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

What Changed

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes

  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

Migration Steps

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

Version History

  • v5 uses semantic-release v25 & node v24.13.0
  • v4 uses semantic-release v24 & node v22.18.0

... (truncated)

Commits
  • 6abd188 feat: upgrade deps, node, bump semantic-release to v25 (#231)
  • 626240e ci: normalize branch name for docker pr images (#230)
  • ec8c36d ci: only update docker images if new release was published
  • 1d49992 Add renovate.json (#217)
  • 517b713 docs: update README with latest version
  • See full diff in compare view

Updates tj-actions/changed-files from 47.0.1 to 47.0.4

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.4

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

v47.0.3

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.2...v47.0.3

v47.0.2

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.1...v47.0.2

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.4 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.6 (#2801) (7dee1b0) - (Tonye Jack)

47.0.3 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.0 (#2800) (28b28f6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump github/codeql-action from 4.31.10 to 4.32.2 (#2790) (875e6e5) - (dependabot[bot])

47.0.2 - (2026-02-09)

🚀 Features

  • Add support for excluding symlinks and fix bug with commit not found (#2770) (8c4da28) - (Tonye Jack)

🐛 Bug Fixes

🔄 Update

  • Updated README.md (#2771)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (7d5bbf4) - (github-actions[bot])

  • Updated README.md (#2768)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (b3bb1f8) - (github-actions[bot])

  • Update README.md (c6a5847) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump actions/setup-node from 6.1.0 to 6.2.0 (#2766) (8cba46e) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.0.0 to 25.2.2 (#2793) (925972f) - (dependabot[bot])
  • deps: Bump @​stdlib/utils-convert-path from 0.2.2 to 0.2.3 (#2795) (a98754b) - (dependabot[bot])
  • deps: Bump actions/checkout from 6.0.1 to 6.0.2 (#2777) (9c13e73) - (dependabot[bot])
  • deps-dev: Bump @​types/lodash from 4.17.21 to 4.17.23 (#2759) (16d791c) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-jest from 29.11.0 to 29.12.1 (#2756) (8e056de) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.31.7 to 4.31.10 (#2761) (078e2bc) - (dependabot[bot])
  • Update matrix-example.yml (#2752) (2f2f6cf) - (Tonye Jack)
  • Update dist (#2769) (8262acc) - (Tonye Jack)
  • deps: Bump @​actions/core from 2.0.0 to 2.0.2 (#2757) (daf9d2d) - (dependabot[bot])

... (truncated)

Commits
  • 7dee1b0 update: release-tagger action to version 6.0.6 (#2801)
  • 28b28f6 update: release-tagger action to version 6.0.0 (#2800)
  • 875e6e5 chore(deps): bump github/codeql-action from 4.31.10 to 4.32.2 (#2790)
  • 8cba46e chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 (#2766)
  • 925972f chore(deps-dev): bump @​types/node from 25.0.0 to 25.2.2 (#2793)
  • a98754b chore(deps): bump @​stdlib/utils-convert-path from 0.2.2 to 0.2.3 (#2795)
  • 9c13e73 chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2777)
  • caee9d9 fix: Update test.yml (#2781)
  • 16d791c chore(deps-dev): bump @​types/lodash from 4.17.21 to 4.17.23 (#2759)
  • 8e056de chore(deps-dev): bump eslint-plugin-jest from 29.11.0 to 29.12.1 (#2756)
  • Additional commits viewable in compare view

Updates lycheeverse/lychee-action from 2.7.0 to 2.8.0

Release notes

Sourced from lycheeverse/lychee-action's releases.

v2.8.0

What's Changed

New Contributors

Full Changelog: lycheeverse/lychee-action@v2.7.0...v2.8.0

Commits
  • 8646ba3 Add message with Summary report URL (#326)
  • c6e7911 [create-pull-request] automated change
  • 631725a Bump peter-evans/create-pull-request from 7 to 8 (#318)
  • 942f324 Bump actions/cache from 4 to 5 (#319)
  • 79de881 Bump actions/checkout from 5 to 6 (#316)
  • 1ef33e2 Update test to use --root-dir instead of the deprecated --base (#315)
  • 50a631e Update args for lychee-action to use root-dir (#314)
  • See full diff in compare view

Updates actions/upload-artifact from 6 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build: bump the all-actions group with 4 updates
06a06eb 
Bumps the all-actions group with 4 updates: [codfish/semantic-release-action](https://github.com/codfish/semantic-release-action), [tj-actions/changed-files](https://github.com/tj-actions/changed-files), [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `codfish/semantic-release-action` from 4 to 5
- [Release notes](https://github.com/codfish/semantic-release-action/releases)
- [Changelog](https://github.com/codfish/semantic-release-action/blob/main/RELEASE_NOTES_V5.md)
- [Commits](codfish/semantic-release-action@v4...v5)

Updates `tj-actions/changed-files` from 47.0.1 to 47.0.4
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@e002140...7dee1b0)

Updates `lycheeverse/lychee-action` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](lycheeverse/lychee-action@v2.7.0...v2.8.0)

Updates `actions/upload-artifact` from 6 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v6...v7)

---
updated-dependencies:
- dependency-name: codfish/semantic-release-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: tj-actions/changed-files
  dependency-version: 47.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-actions
- dependency-name: lycheeverse/lychee-action
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 1, 2026
@github-actions github-actions bot merged commit 0a98907 into dependabotchanges Mar 2, 2026
2 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/dependabotchanges/all-actions-cc3d468b0f branch March 2, 2026 00:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@Dongbumlee Dongbumlee Awaiting requested review from Dongbumlee Dongbumlee is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants