chore(deps): update codfish/semantic-release-action action to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
codfish/semantic-release-action	action	major	v4.0.1 → v5.0.0

---

Release Notes

codfish/semantic-release-action (codfish/semantic-release-action)

v5.0.0

Compare Source

Features

• upgrade deps, node, bump semantic-release to v25 (#​231) (6abd188)

BREAKING CHANGES

• @​semantic-release/github no longer consumes the GitHub Search API in the plugin.

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin.
Any breaking changes from v25 apply to this github action version except for
Node version requirements. Because this is a docker-based github action, the
version of node in use is defined inside of the docker image, not by the
consuming runner or your code.

• @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub
  Search API (/search/issues endpoint). It now uses GraphQL queries exclusively
  for issue retrieval. This architectural change may affect issue management in
  edge cases. See github plugin v12 release notes.

• semantic-release v25: Upgraded from v24.2.7 to v25.0.3

  • @​semantic-release/npm upgraded to v13
  • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
  • Dependency updates (yargs v18, hosted-git-info v9)
  • See semantic-release v25 release notes

• npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables
  support for npm's new OIDC-based trusted publishing. This allows publishing to npm without
  long-lived access tokens by using GitHub's OIDC token provider. This is more secure and
  eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub
  Actions. See npm documentation
  for configuration details.

• Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

• @​actions/core: Upgraded to v3.0.0 (internal implementation only)

1. Test in a separate branch first - the GitHub plugin's architectural change
   could affect issue management behavior
2. Review semantic-release v25 changes
3. Review @​semantic-release/github v12 changes
4. Update your workflows to use @v5
5. (Optional) Migrate to npm OIDC Trusted Publishing:
   • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
   • Add id-token: write permission to your workflow job
   • Remove the NPM_TOKEN secret (you won't need it anymore!)
   • See npm's trusted publishing guide

• v5 uses semantic-release v25 & node v24.13.0
• v4 uses semantic-release v24 & node v22.18.0
• v3 uses semantic-release v22 & node v20.9
• v2 uses semantic-release v20 & node v18.7

Compare: codfish/semantic-release-action@v4.0.1...v5.0.0

• upgrade to semantic-release v25, @​actions/core v3, Node v24.13.0, and update dev tooling

• semantic-release: v24.2.7 → v25.0.3
• @​semantic-release/github: v11 → v12
• @​semantic-release/npm: v12 → v13
• @​actions/core: v1.11.1 → v3.0.0
• Node.js: v22.18.0 → v24.13.0
• Dev tooling: Migrated from cod-scripts to eslint + vitest

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 05:59 AM, only on Sunday and Saturday ( * 0-5 * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.