Skip to content

Bump codfish/semantic-release-action from 4.0.1 to 5.0.0 in /.github/workflows#15

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/dot-github/workflows/codfish/semantic-release-action-5.0.0
Open

Bump codfish/semantic-release-action from 4.0.1 to 5.0.0 in /.github/workflows#15
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/dot-github/workflows/codfish/semantic-release-action-5.0.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps codfish/semantic-release-action from 4.0.1 to 5.0.0.

Release notes

Sourced from codfish/semantic-release-action's releases.

v5.0.0

5.0.0 (2026-02-08)

Features

  • upgrade deps, node, bump semantic-release to v25 (#231) (6abd188)

BREAKING CHANGES

  • @​semantic-release/github no longer consumes the GitHub Search API in the plugin.

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes

  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

... (truncated)

Changelog

Sourced from codfish/semantic-release-action's changelog.

v5.0.0 Release Notes Draft

Breaking Changes

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this GitHub action version except for Node version requirements. Because this is a Docker-based github action, the version of Node.js in use is defined inside of the Docker image, not by the consuming runner or your code.

What Changed

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See GitHub plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes

  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

Migration Steps

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

Version History

  • v5 uses semantic-release v25 & Node.js v24.13.0
  • v4 uses semantic-release v24 & Node.js v22.18.0
  • v3 uses semantic-release v22 & Node.js v20.9
  • v2 uses semantic-release v20 & Node.js v18.7

Full Changelog

... (truncated)

Commits
  • 6abd188 feat: upgrade deps, node, bump semantic-release to v25 (#231)
  • 626240e ci: normalize branch name for docker pr images (#230)
  • ec8c36d ci: only update docker images if new release was published
  • 1d49992 Add renovate.json (#217)
  • 517b713 docs: update README with latest version
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump codfish/semantic-release-action in /.github/workflows
f0f4891 
Bumps [codfish/semantic-release-action](https://github.com/codfish/semantic-release-action) from 4.0.1 to 5.0.0.
- [Release notes](https://github.com/codfish/semantic-release-action/releases)
- [Changelog](https://github.com/codfish/semantic-release-action/blob/main/RELEASE_NOTES_V5.md)
- [Commits](codfish/semantic-release-action@v4.0.1...v5.0.0)

---
updated-dependencies:
- dependency-name: codfish/semantic-release-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants