Skip to content

chore(deps): bump cycjimmy/semantic-release-action from 4 to 6#170

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/cycjimmy/semantic-release-action-6
Open

chore(deps): bump cycjimmy/semantic-release-action from 4 to 6#170
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/cycjimmy/semantic-release-action-6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 6, 2026
edited by cursor bot
Loading

Bumps cycjimmy/semantic-release-action from 4 to 6.

Release notes

Sourced from cycjimmy/semantic-release-action's releases.

v6.0.0

6.0.0 (2025-11-17)

Features

  • deps: update semantic-release to version 25 (9246c0b)

BREAKING CHANGES

  • deps: Update semantic-release to version 25

v5.0.2

5.0.2 (2025-10-10)

Bug Fixes

  • further fix of result handling in windUpJob.task.js (451bf1f), closes #264

v5.0.1

5.0.1 (2025-10-09)

Bug Fixes

  • improves result handling in windUpJob.task.js (4267eee)

v5.0.0

5.0.0 (2025-08-30)

Features

  • update node version on runner to 24 (7869323)

BREAKING CHANGES

  • this action now runs using node 24

... (truncated)

Changelog

Sourced from cycjimmy/semantic-release-action's changelog.

4.2.2 (2025-07-04)

Bug Fixes

  • cleanupNpmrc.task.js: Use @​actions/io to remove .npmrc (b7db0cb)

4.2.1 (2025-06-07)

Bug Fixes

  • update marked terminal to v7.3.0 (b52fa1b)

4.2.0 (2025-03-14)

Features

  • add ability to unset GITHUB_ACTION env var (266ea7e)

4.1.1 (2024-09-25)

Bug Fixes

  • default use semantic-release@24 (c22487b)

4.1.0 (2024-03-19)

Bug Fixes

  • fix syntax error for importing (4297675)

Features

  • add repository_url input (8dffec4)

4.0.0 (2023-08-31)

Features

  • update node version on runner to 20 (0c20554)

BREAKING CHANGES

... (truncated)

Commits
  • b12c8f6 chore(release): 6.0.0 [skip ci]
  • f80bc73 Merge pull request #273 from cycjimmy/feat-update-semantic-release-to-version-25
  • 0891297 docs(readme): update semantic-release-action to v6
  • 9246c0b feat(deps): update semantic-release to version 25
  • e878abf Merge pull request #272 from cycjimmy/dependabot/npm_and_yarn/js-yaml-4.1.1
  • acd6d5d build(deps): bump js-yaml from 4.1.0 to 4.1.1
  • 100d1fb Merge pull request #270 from cycjimmy/dependabot/npm_and_yarn/actions/io-2.0.0
  • ea00aee build(deps): bump @​actions/io from 1.1.3 to 2.0.0
  • e03fa18 Merge pull request #266 from cycjimmy/dependabot/github_actions/actions/setup...
  • 36bdefb build(deps): bump actions/setup-node from 5 to 6
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Medium Risk
CI-only change, but it upgrades a release/publishing action across major versions (and underlying semantic-release), which could affect tagging/changelog/publish behavior.

Overview
Updates the GitHub Actions release workflow to use cycjimmy/semantic-release-action@v6 instead of @v4 for the Semantic Release step.

Written by Cursor Bugbot for commit c0606c3. This will update automatically on new commits. Configure here.

@dependabot
chore(deps): bump cycjimmy/semantic-release-action from 4 to 6
c0606c3 
Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 4 to 6.
- [Release notes](https://github.com/cycjimmy/semantic-release-action/releases)
- [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md)
- [Commits](cycjimmy/semantic-release-action@v4...v6)

---
updated-dependencies:
- dependency-name: cycjimmy/semantic-release-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Feb 6, 2026
cursor[bot]
cursor bot reviewed Feb 6, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

.github/workflows/rspec_and_release.yml
- name: Semantic Release
id: semantic
uses: cycjimmy/semantic-release-action@v4
uses: cycjimmy/semantic-release-action@v6
Copy link

@cursor cursor bot Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pinned semantic_version: 17 incompatible with action v6

High Severity

The action is bumped to v6, which internally expects semantic-release v25 and runs on Node 24, but semantic_version: 17 still pins a very old semantic-release version. Action v6's result-handling code (windUpJob.task.js, updated in v5.0.1/v5.0.2 and again in v6) likely expects v25's output structure. Running semantic-release v17 (CommonJS-based, different result format) under action v6 could cause the release step to fail or produce incorrect outputs. The extra_plugins (@semantic-release/changelog@5, @semantic-release/git@9, semantic-release-rubygem@1) are also pinned to versions designed for v17 and may not be compatible with v25 if the pin is simply removed.

Additional Locations (1)

Fix in Cursor Fix in Web

@scribdbot scribdbot added the 30+ days open PR has been open for 30+ days label Mar 10, 2026
@scribdbot
Copy link
Collaborator

scribdbot commented Mar 10, 2026

⚠️ PR Age Notice: This pull request was opened over 30 days ago and has been labeled for visibility. If there's no activity for 7 days after this label is applied, it will be automatically closed.

To keep it open, please leave a comment or push an update. You can also label it as 'pinned' to prevent auto-closure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

30+ days open PR has been open for 30+ days dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@scribdbot