Skip to content

chore(deps): bump softprops/action-gh-release from 1 to 3#134

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/softprops/action-gh-release-3
Closed

chore(deps): bump softprops/action-gh-release from 1 to 3#134
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/softprops/action-gh-release-3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Bumps softprops/action-gh-release from 1 to 3.

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

  • fix issue with multiple runs concatenating release bodies #145

0.1.12

  • fix bug leading to empty strings substituted for inputs users don't provide breaking api calls #144
Commits
  • b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
  • c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
  • 3bb1273 release 2.6.2
  • c34030f chore: bump node to 24.14.1
  • 8975bd0 chore(deps): bump vite from 8.0.0 to 8.0.5 (#781)
  • f71937f chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (#777)
  • 3f0d239 chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#775)
  • 153bb8e release 2.6.1
  • 569deb8 fix: preserve discussion category when publishing releases (#765)
  • 26e8ad2 release 2.6.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump softprops/action-gh-release from 1 to 3
755e31f 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 3.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@v1...v3)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added automated dependencies Pull requests that update a dependency file type:ci/cd CI/CD related labels Apr 13, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
refactron Ready Ready Preview, Comment Apr 13, 2026 9:35am

@dependabot dependabot Bot added automated dependencies Pull requests that update a dependency file type:ci/cd CI/CD related labels Apr 13, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 13, 2026

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 755e31f.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/release.yml

PackageVersionLicenseIssue Type
softprops/action-gh-release3.*.*NullUnknown License
Denied Licenses: GPL-3.0, AGPL-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
actions/softprops/action-gh-release 3.*.* 🟢 4.5
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 2/30 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/release.yml

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 13, 2026

👋 Thanks for opening this pull request! A maintainer will review it soon. Please make sure all CI checks pass.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions Bot added the stale Stale issue or PR label May 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 21, 2026

This pull request has been automatically closed due to inactivity. If you would like to continue working on this, please reopen it.

@github-actions github-actions Bot closed this May 21, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 21, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/softprops/action-gh-release-3 branch May 21, 2026 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dependabot dependabot[bot]

Labels

automated dependencies Pull requests that update a dependency file stale Stale issue or PR type:ci/cd CI/CD related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants