5.0.0 (2026-02-08)

Features

upgrade deps, node, bump semantic-release to v25 (#231) (6abd188)

BREAKING CHANGES

@semantic-release/github no longer consumes the GitHub Search API in the plugin.

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin.
Any breaking changes from v25 apply to this github action version except for
Node version requirements. Because this is a docker-based github action, the
version of node in use is defined inside of the docker image, not by the
consuming runner or your code.

@semantic-release/github v12: The GitHub plugin no longer uses the GitHub
Search API (/search/issues endpoint). It now uses GraphQL queries exclusively
for issue retrieval. This architectural change may affect issue management in
edge cases. See github plugin v12 release notes.
semantic-release v25: Upgraded from v24.2.7 to v25.0.3
- @semantic-release/npm upgraded to v13
- @semantic-release/commit-analyzer and @semantic-release/release-notes-generator moved from beta to stable
- Dependency updates (yargs v18, hosted-git-info v9)
- See semantic-release v25 release notes
npm OIDC Trusted Publishing Support: The upgrade to @semantic-release/npm v13 enables
support for npm's new OIDC-based trusted publishing. This allows publishing to npm without
long-lived access tokens by using GitHub's OIDC token provider. This is more secure and
eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub
Actions. See npm documentation
for configuration details.
Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)
@actions/core: Upgraded to v3.0.0 (internal implementation only)

Test in a separate branch first - the GitHub plugin's architectural change
could affect issue management behavior
Review semantic-release v25 changes
Review @semantic-release/github v12 changes
Update your workflows to use @v5
(Optional) Migrate to npm OIDC Trusted Publishing:
- Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
- Add id-token: write permission to your workflow job
- Remove the NPM_TOKEN secret (you won't need it anymore!)
- See npm's trusted publishing guide

v5 uses semantic-release v25 & node v24.13.0
v4 uses semantic-release v24 & node v22.18.0
v3 uses semantic-release v22 & node v20.9
v2 uses semantic-release v20 & node v18.7

Compare: v4.0.1...v5.0.0

upgrade to semantic-release v25, @actions/core v3, Node v24.13.0, and update dev tooling

semantic-release: v24.2.7 → v25.0.3
@semantic-release/github: v11 → v12
@semantic-release/npm: v12 → v13
@actions/core: v1.11.1 → v3.0.0
Node.js: v22.18.0 → v24.13.0
Dev tooling: Migrated from cod-scripts to eslint + vitest

Assets 2

23 Sep 22:23

github-actions

v4.0.1

6c65402

v4.0.1

4.0.1 (2025-09-23)

Bug Fixes

install additional packages to /action to avoid package manager issues (91fdaf1)

Assets 2

18 Aug 20:15

github-actions

v4.0.0

22ce451

v4.0.0

4.0.0 (2025-08-18)

Features

upgrade semantic release & other dependencies to latest (df70072), closes #211

BREAKING CHANGES

Migrated to semantic-release v24. Any breaking changes from v23 and v24 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.
From semantic v23: if using release.config.js as the name of your config file, it needs to be moved to a .config/ directory or renamed to .releaserc.js to keep it in the root of the repository. see https://github.com/cosmiconfig/cosmiconfig/releases/tag/v9.0.0 for more detail

Assets 2