Skip to content

fix: upgrade GitHub Actions dependencies#1

Merged
hisco merged 2 commits into
mainfrom
chore/upgrade-actions
Jul 1, 2026
Merged

fix: upgrade GitHub Actions dependencies#1
hisco merged 2 commits into
mainfrom
chore/upgrade-actions

Conversation

@hisco

@hisco hisco commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Upgrades GitHub Actions dependencies across workflows and the composite action.

  • Bump actions/checkout from v4 to v7 in the release workflow.
  • Replace codfish/semantic-release-action@v4 with cycjimmy/semantic-release-action pinned to v6.0.0 (using extra_plugins). Replaced because codfish was disabled by GitHub after a supply-chain compromise so its tags no longer resolve; cycjimmy is the maintained standard replacement.
  • Bump actions/create-github-app-token from v1 to v3 in action.yml. Tag bump only; no input values changed.

https://claude.ai/code/session_011T9ASy4VmRoYrnuTsLd9oU


Note

Medium Risk
Release workflow and token-generation action changes affect automated releases and cross-repo auth; semantic-release action swap is supply-chain motivated but still alters release behavior.

Overview
Upgrades CI and composite-action dependencies and adds weekly Dependabot grouping for all github-actions updates at the repo root.

In .github/workflows/release.yml, actions/checkout moves from v4 to v7. The release step switches from codfish/semantic-release-action@v4 (with additional-packages) to cycjimmy/semantic-release-action pinned to the v6.0.0 commit, configuring semantic-release-github-actions-tags via extra_plugins instead.

In action.yml, GitHub App token generation bumps actions/create-github-app-token from v1 to v3 with the same inputs.

Reviewed by Cursor Bugbot for commit 87c03b8. Bugbot is set up for automated code reviews on this repo. Configure here.

Bump actions/create-github-app-token v1->v3 in action.yml. In the release workflow, bump actions/checkout v4->v7 and replace disabled codfish with SHA-pinned cycjimmy/semantic-release-action@v6.0.0.

Claude-Session: https://claude.ai/code/session_011T9ASy4VmRoYrnuTsLd9oU
@hisco hisco changed the title chore: upgrade GitHub Actions dependencies fix: upgrade GitHub Actions dependencies Jul 1, 2026
@hisco hisco force-pushed the chore/upgrade-actions branch from faa3606 to 6f901ad Compare July 1, 2026 14:43
@hisco hisco merged commit 4d92bbc into main Jul 1, 2026
2 checks passed
@hisco hisco deleted the chore/upgrade-actions branch July 1, 2026 15:17
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🎉 This PR is included in version 1.1.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant