Skip to content

Bump softprops/action-gh-release from 3.0.1 to 3.0.2 in the version-updates group#448

Merged
marcransome merged 1 commit into
mainfrom
dependabot/github_actions/version-updates-00a0d7aaea
Jul 13, 2026
Merged

Bump softprops/action-gh-release from 3.0.1 to 3.0.2 in the version-updates group#448
marcransome merged 1 commit into
mainfrom
dependabot/github_actions/version-updates-00a0d7aaea

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the version-updates group with 1 update: softprops/action-gh-release.

Updates softprops/action-gh-release from 3.0.1 to 3.0.2

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.2

3.0.2 is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since 3.0.1.

This release fixes #795, #438, and #803. The upload transport hardening covers the historical failure reported in #790, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to #786 and does not claim a reproducible release-creation fix.

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.2

3.0.2 is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since 3.0.1.

This release fixes #795, #438, and #803. The upload transport hardening covers the historical failure reported in #790, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to #786 and does not claim a reproducible release-creation fix.

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

3.0.1

  • maintenance release with updated dependencies

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

... (truncated)

Commits
  • 3d0d988 release 3.0.2 (#818)
  • 7e13ed4 fix: clarify release creation 404 errors (#817)
  • e6c70a5 fix: replace existing release assets on Gitea (#816)
  • f345337 fix: publish existing draft releases as prereleases (#801)
  • d8a89a2 fix: upload small checksum assets reliably (#815)
  • 45ece40 chore(deps): remove unused TypeScript tooling (#814)
  • f6b913c feat: improve release error reporting and test coverage (#813)
  • 15f193d chore(deps): upgrade TypeScript to 7 (#812)
  • cc8268d chore(deps): bump actions/checkout in the github-actions group (#810)
  • fd0ed1e chore(deps): bump the npm group with 3 updates (#811)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the version-updates group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `softprops/action-gh-release` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@718ea10...3d0d988)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from marcransome as a code owner July 13, 2026 17:03
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 13, 2026
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/softprops/action-gh-release 3d0d9888cb7fd7b750713d6e236d1fcb99157228 🟢 5.5
Details
CheckScoreReason
Maintained🟢 1027 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 0Found 0/10 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/release.yml

@marcransome marcransome merged commit 0921d33 into main Jul 13, 2026
10 checks passed
@marcransome marcransome deleted the dependabot/github_actions/version-updates-00a0d7aaea branch July 13, 2026 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant