Skip to content

Bump softprops/action-gh-release from 2 to 3#368

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/softprops/action-gh-release-3
Open

Bump softprops/action-gh-release from 2 to 3#368
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/softprops/action-gh-release-3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Bumps softprops/action-gh-release from 2 to 3.

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

  • fix issue with multiple runs concatenating release bodies #145
Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump softprops/action-gh-release from 2 to 3
a2d11a2 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@v2...v3)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 20, 2026
@JimWallace JimWallace mentioned this pull request May 20, 2026
Merged
3 tasks
JimWallace added a commit that referenced this pull request May 20, 2026
@JimWallace @claude
v0.4.196: migrate all Node.js 20 GitHub Actions to Node.js 24 (#638)
79c59f5 
GitHub forces Node 20 JS actions onto Node 24 on 2026-06-02 and removes
the Node 20 runtime on 2026-09-16. Bump every action still declaring
runs.using: node20:

- actions/upload-artifact v4 -> v7 (docker-build, zap-baseline)
- actions/download-artifact v4 -> v8 (docker-build)
- actions/setup-python v5 -> v6 (jupyterlite)
- softprops/action-gh-release v2 -> v3 (release)
- codecov/codecov-action v5 -> v6 (test-coverage; v5 internally pinned
  the Node 20 actions/github-script@v7, v6 uses github-script v8)

Already on Node 24 (checkout@v6, cache@v5, setup-node@v5, codeql@v4,
docker/*) left unchanged. Supersedes Dependabot PRs #368, #316, #314.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
JimWallace added a commit that referenced this pull request May 20, 2026
@JimWallace @claude
v0.4.197: Docker CI maintenance — PR path filter, concurrency cancel,…
be0cfdd 
… action bumps (#641)

* v0.4.196: migrate all Node.js 20 GitHub Actions to Node.js 24

GitHub forces Node 20 JS actions onto Node 24 on 2026-06-02 and removes
the Node 20 runtime on 2026-09-16. Bump every action still declaring
runs.using: node20:

- actions/upload-artifact v4 -> v7 (docker-build, zap-baseline)
- actions/download-artifact v4 -> v8 (docker-build)
- actions/setup-python v5 -> v6 (jupyterlite)
- softprops/action-gh-release v2 -> v3 (release)
- codecov/codecov-action v5 -> v6 (test-coverage; v5 internally pinned
  the Node 20 actions/github-script@v7, v6 uses github-script v8)

Already on Node 24 (checkout@v6, cache@v5, setup-node@v5, codeql@v4,
docker/*) left unchanged. Supersedes Dependabot PRs #368, #316, #314.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* v0.4.197: only run Docker image build on image-relevant PRs

Build and Push Docker Image is the longest job in the suite and already
builds + Trivy-scans without pushing on PRs. Path-filter its pull_request
trigger to inputs that can change the image build or scan result
(Dockerfile, Package.swift/.resolved, docker-compose.yml, deploy/**, and
the workflow file). Source-only PRs skip it; the debug build in
swift-tests.yml still proves the code compiles. Push-to-main and tag
builds stay unconditional, so every merge and release still gets a full
build + scan + push and base-image CVE drift is still caught.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* v0.4.197: concurrency cancel for Docker PR runs + action bumps

Fold the remaining CI cleanups into the 0.4.197 maintenance pass:

- docker-build.yml: add a concurrency group so re-pushing a PR cancels
  its prior in-flight Docker run; main/tag builds are never cancelled.
- actions/setup-node v5 -> v6 (swift-tests.yml; supersedes Dependabot #315).
- aquasecurity/trivy-action v0.35.0 -> v0.36.0 (supersedes Dependabot #423).

Both action bumps are drop-in: setup-node v6 stays on Node 24, trivy
v0.36.0 only bumps the bundled Trivy binary.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants