build(deps): Bump the development-dependencies group across 3 directories with 4 updates by dependabot[bot] · Pull Request #68 · go-openapi/gh-actions

dependabot · 2026-03-16T03:47:59Z

Bumps the development-dependencies group with 4 updates in the / directory: go-openapi/gh-actions, github/contributors, actions/create-github-app-token and softprops/action-gh-release.
Bumps the development-dependencies group with 1 update in the /ci-jobs/bot-credentials directory: actions/create-github-app-token.
Bumps the development-dependencies group with 1 update in the /ci-jobs/next-tag directory: go-openapi/gh-actions.

Updates go-openapi/gh-actions from 1.4.9 to 1.4.10

Release notes

Sourced from go-openapi/gh-actions's releases.

v1.4.10

1.4.10 - 2026-03-13

Full Changelog: v1.4.9...v1.4.10

1 commits in this release.

Updates

build(deps): Bump the development-dependencies group across 2 directories with 2 updates by @dependabot[bot] in #64 ...

gh-actions license terms

Commits

4456213 build(deps): Bump the development-dependencies group across 2 directories wit...
2b1ed66 ci: added alternate sources for dependabot updates
6cd4d95 build(deps): Bump go-openapi/gh-actions
See full diff in compare view

Updates github/contributors from 2.0.3 to 2.0.4

Release notes

Sourced from github/contributors's releases.

v2.0.4

Changelog

chore: Update ospo-reusable-workflows to new GitHub org @jmeridth (#422)

🐛 Bug Fixes

fix: add --project flag to uv entrypoint for GitHub Actions compatibility @jmeridth (#429)

fix: pin uv version and add caching to CI workflows @jmeridth (#424)

fix: store new_contributor parameter in init @zkoppert (#407)

🧰 Maintenance

ci: add mark-ready-when-ready workflow @zkoppert (#428)

chore(deps): bump github/codeql-action from 4.32.4 to 4.32.6 in the dependencies group @dependabot[bot] (#427)

chore(deps): switch dependabot package ecosystem from pip to uv @jmeridth (#426)

chore(deps-dev): bump black from 26.1.0 to 26.3.1 in the uv group across 1 directory @dependabot[bot] (#425)

build: harden CI with frozen installs and octo-sts token federation @jmeridth (#418)

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 @dependabot[bot] (#421)

chore(deps): bump astral-sh/setup-uv from 5.4.1 to 7.3.1 @dependabot[bot] (#420)

chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 in the dependencies group @dependabot[bot] (#419)

See details of all code changes since previous release

Commits

08ba119 fix: add --project flag to uv entrypoint for GitHub Actions compatibility (#429)
782e22b ci: add mark-ready-when-ready workflow (#428)
c3c60eb chore(deps): bump github/codeql-action in the dependencies group (#427)
c0db0d4 chore(deps): switch dependabot package ecosystem from pip to uv (#426)
e69cd55 fix: pin uv version and add caching to CI workflows (#424)
340afa2 chore(deps-dev): bump black in the uv group across 1 directory (#425)
e2065bc Merge pull request #407 from github-community-projects/fix-new-contributor-init
f8d2b7c fix: add default for new_contributor and regression test
2f41f3b Merge branch 'main' into fix-new-contributor-init
a92b6e0 chore: update ospo-reusable-workflows to new GitHub org (#422)
Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.2.1 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

feat!: node 24 support (#275) (2e564a0)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

deps: bump @actions/core from 1.11.1 to 3.0.0 (#337) (b044133)

deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)

deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)

deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

deps: bump @octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)

deps: bump @octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)

deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)

deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits

f8d387b build(release): 3.0.0 [skip ci]
d2129bd style: remove extra blank line in release workflow
77b94ef build: refresh generated artifacts
3ab4c66 chore: move undici to devDependencies
739cf66 docs: update README action versions
db40289 build(deps): bump actions versions in test.yml
496a7ac test: migrate from AVA to Node.js native test runner (#346)
3870dc3 Rename end-to-end proxy job in test workflow
4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
dce0ab0 fix: remove custom proxy handling (#143)
Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.5.0 to 2.6.1

Release notes

Sourced from softprops/action-gh-release's releases.

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

fix: preserve discussion category on publish by @chenrui333 in softprops/action-gh-release#765

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

feat: support previous_tag for generate_release_notes by @pocesar in softprops/action-gh-release#372

Bug fixes 🐛

fix: recover concurrent asset metadata 404s by @chenrui333 in softprops/action-gh-release#760

Other Changes 🔄

docs: clarify reused draft release behavior by @chenrui333 in softprops/action-gh-release#759

docs: clarify working_directory input by @chenrui333 in softprops/action-gh-release#761

ci: verify dist bundle freshness by @chenrui333 in softprops/action-gh-release#762

fix: clarify immutable prerelease uploads by @chenrui333 in softprops/action-gh-release#763

v2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

fix: preserve discussion category on publish by @chenrui333 in softprops/action-gh-release#765

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

feat: support previous_tag for generate_release_notes by @pocesar in softprops/action-gh-release#372

Bug fixes 🐛

fix: recover concurrent asset metadata 404s by @chenrui333 in softprops/action-gh-release#760

Other Changes 🔄

docs: clarify reused draft release behavior by @chenrui333 in softprops/action-gh-release#759

docs: clarify working_directory input by @chenrui333 in softprops/action-gh-release#761

ci: verify dist bundle freshness by @chenrui333 in softprops/action-gh-release#762

fix: clarify immutable prerelease uploads by @chenrui333 in softprops/action-gh-release#763

2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

... (truncated)

Commits

153bb8e release 2.6.1
569deb8 fix: preserve discussion category when publishing releases (#765)
26e8ad2 release 2.6.0
b959f31 fix: clarify immutable prerelease uploads (#763)
8a8510e ci: verify dist bundle freshness (#762)
438c15d docs: clarify working_directory input (#761)
6ca3b5d fix: recover concurrent asset metadata 404s (#760)
11f9176 chore: add RELEASE.md
1f3f350 feat: add AGENTS.md
37819cb docs: clarify reused draft release behavior (#759)
Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.2.1 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

feat!: node 24 support (#275) (2e564a0)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

deps: bump @actions/core from 1.11.1 to 3.0.0 (#337) (b044133)

deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)

deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)

deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

deps: bump @octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)

deps: bump @octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)

deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)

deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits

f8d387b build(release): 3.0.0 [skip ci]
d2129bd style: remove extra blank line in release workflow
77b94ef build: refresh generated artifacts
3ab4c66 chore: move undici to devDependencies
739cf66 docs: update README action versions
db40289 build(deps): bump actions versions in test.yml
496a7ac test: migrate from AVA to Node.js native test runner (#346)
3870dc3 Rename end-to-end proxy job in test workflow
4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
dce0ab0 fix: remove custom proxy handling (#143)
Additional commits viewable in compare view

Updates go-openapi/gh-actions from 1.4.9 to 1.4.10

Release notes

Sourced from go-openapi/gh-actions's releases.

v1.4.10

1.4.10 - 2026-03-13

Full Changelog: v1.4.9...v1.4.10

1 commits in this release.

Updates

build(deps): Bump the development-dependencies group across 2 directories with 2 updates by @dependabot[bot] in #64 ...

gh-actions license terms

Commits

4456213 build(deps): Bump the development-dependencies group across 2 directories wit...
2b1ed66 ci: added alternate sources for dependabot updates
6cd4d95 build(deps): Bump go-openapi/gh-actions
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ries with 4 updates Bumps the development-dependencies group with 4 updates in the / directory: [go-openapi/gh-actions](https://github.com/go-openapi/gh-actions), [github/contributors](https://github.com/github/contributors), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Bumps the development-dependencies group with 1 update in the /ci-jobs/bot-credentials directory: [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Bumps the development-dependencies group with 1 update in the /ci-jobs/next-tag directory: [go-openapi/gh-actions](https://github.com/go-openapi/gh-actions). Updates `go-openapi/gh-actions` from 1.4.9 to 1.4.10 - [Release notes](https://github.com/go-openapi/gh-actions/releases) - [Changelog](https://github.com/go-openapi/gh-actions/blob/master/release_tracker.go) - [Commits](11145fb...4456213) Updates `github/contributors` from 2.0.3 to 2.0.4 - [Release notes](https://github.com/github/contributors/releases) - [Commits](github-community-projects/contributors@d699725...08ba119) Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@29824e6...f8d387b) Updates `softprops/action-gh-release` from 2.5.0 to 2.6.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@a06a81a...153bb8e) Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@29824e6...f8d387b) Updates `go-openapi/gh-actions` from 1.4.9 to 1.4.10 - [Release notes](https://github.com/go-openapi/gh-actions/releases) - [Changelog](https://github.com/go-openapi/gh-actions/blob/master/release_tracker.go) - [Commits](11145fb...4456213) --- updated-dependencies: - dependency-name: go-openapi/gh-actions dependency-version: 1.4.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: github/contributors dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: development-dependencies - dependency-name: softprops/action-gh-release dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: development-dependencies - dependency-name: go-openapi/gh-actions dependency-version: 1.4.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 16, 2026

github-actions bot approved these changes Mar 16, 2026

View reviewed changes

github-actions bot enabled auto-merge (rebase) March 16, 2026 03:48

github-actions bot merged commit 183d2f7 into master Mar 16, 2026
15 checks passed

github-actions bot deleted the dependabot/github_actions/development-dependencies-7f54473544 branch March 16, 2026 03:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump the development-dependencies group across 3 directories with 4 updates#68

build(deps): Bump the development-dependencies group across 3 directories with 4 updates#68
github-actions[bot] merged 1 commit intomasterfrom
dependabot/github_actions/development-dependencies-7f54473544

dependabot bot commented on behalf of github Mar 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 16, 2026

v1.4.10

1.4.10 - 2026-03-13

Updates

v2.0.4

Changelog

🐛 Bug Fixes

🧰 Maintenance

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

BREAKING CHANGES

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

v2.6.1

What's Changed

Bug fixes 🐛

v2.6.0

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

v2.5.3

What's Changed

2.6.1

What's Changed

Bug fixes 🐛

2.6.0

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

2.5.3

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

BREAKING CHANGES

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

v1.4.10

1.4.10 - 2026-03-13

Updates

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants