Skip to content

Bump dangoslen/changelog-enforcer from 2 to 3#7

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/dangoslen/changelog-enforcer-3
Open

Bump dangoslen/changelog-enforcer from 2 to 3#7
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/dangoslen/changelog-enforcer-3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown

Bumps dangoslen/changelog-enforcer from 2 to 3.

Release notes

Sourced from dangoslen/changelog-enforcer's releases.

Changelog Enforcer 3.0.0

🚀 The 3.0.0 release of the Changelog Enforcer is here! This release relies soley on the GitHub API instead of local git commands from a cloned repository. This means, for example, that actions/checkout does not need to be run before running the enforcer.

Fixes

Dependencies

  • Bumps @vercel/ncc from 0.28.6 to 0.31.1
  • Bumps @actions/core from 1.4.0 to 1.6.0
  • Bumps jest from 27.0.5 to 27.3.1
  • Bumps actions/checkout from 2.3.4 to 2.4.0
  • Bumps uglify-js from 3.13.9 to 3.14.3
  • Bumps eslint from 7.28.0 to 8.2.0

Changelog Enforcer 2.3.1

Changed

  • Only runs on pull_request and pull_request_target events. This is to address issue #140

Changelog Enforcer 2.3.0

Dependencies

  • Bumps lodash from 4.17.19 to 4.17.21
  • Bumps stefanzweifel/git-auto-commit-action from 4 to 4.11.0
  • Bumps actions/checkout from 2 to 2.3.4
  • Bumps actions/create-release from 1 to 1.1.4
  • Bumps uglify-js from 3.13.3 to 3.13.9
  • Bumps eslint from 7.25.0 to 7.28.0
  • Bumps @vercel/ncc from 0.28.2 to 0.28.6
  • Bumps @actions/github from 4.0.0 to 5.0.0
  • Bumps dangoslen/dependabot-changelog-helper from 0.3.2 to 1
  • Bumps @actions/exec from 1.0.4 to 1.1.0
  • Bumps @actions/core from 1.2.7 to 1.4.0
  • Bumps jest from 26.6.3 to 27.0.5
  • Bumps ws from 7.4.0 to 7.5.3

Changelog Enforcer 2.2.0

Internal Changes

  • The pull_request workflow now executes as a pull_request_target workflow to handle incoming pull requests from forked repos.
    • This is needed because Dependabot now works as a forked branch. The reasoning and ways to accomodate are listed in a GitHub Security article
    • The verified label is needed to allow the workflow to execute

Dependencies

  • Bumps uglify-js from 3.13.2 to 3.13.3
  • Bumps y18n from 4.0.1 to 5.0.8
  • Bumps @vercel/ncc from 0.27.0 to 0.28.2
  • Bumps @actions/core from 1.2.6 to 1.2.7
  • Bumps eslint from 7.23.0 to 7.25.0

Changelog Enforcer 2.1.0

Deprecated

  • The input versionPattern is now deprecated. Starting in v3.0.0 the Changelog Enforcer will only work with Keep a Changelog for verifying the latest expected version.

Dependencies

  • Bumps eslint from 7.21.0 to 7.23.0
  • Bumps uglify-js from 3.13.0 3.13.2

... (truncated)

Changelog

Sourced from dangoslen/changelog-enforcer's changelog.

CHANGELOG

Inspired from Keep a Changelog

[UNRELEASED]

[v3.7.0]

Changed

  • Now runs on Node 24
    • Updates .nvmrc to set the version
    • Updates node version in action.yml

Dependencies

  • Bump stefanzweifel/git-auto-commit-action from 5.0.0 to 5.0.1 (#287)
  • Bump eslint from 8.57.0 to 9.7.0 (#288)
  • Bump thollander/actions-comment-pull-request from 2 to 3 (#303)
  • Bump actions/checkout from 4.1.2 to 6.0.2 (#302)

[v3.6.1]

Changed

  • Fix Github Actions Annotations (#281)

Fixed

  • Handle skipLabels that contains emojis by properly looking for : characters in the label extractor regex (fixes #284)

Dependencies

  • Bump eslint from 8.56.0 to 8.57.0 (#282)
  • Bump actions/checkout from 4.1.1 to 4.1.2 (#283)

[v3.6.0]

Changed

  • Now runs on Node 20
    • Updates .nvmrc to set the version
    • Updates node version in action.yml

Dependencies

  • Bump node-fetch from 2.6.12 to 2.7.0 (#264, #270)
  • Bump actions/checkout from 3.5.3 to 4.1.1 (#266, #267, #271, #275)
  • Bump @vercel/ncc from 0.36.1 to 0.38.1 (#268, #276)
  • Bump jest from 29.6.2 to 29.7.0 (#269)
  • Bump stefanzweifel/git-auto-commit-action from 4.16.0 to 5.0.0 (#272)
  • Bump @actions/github from 5.1.1 to 6.0.0 (#273)
  • Bump @actions/core from 1.10.0 to 1.10.1 (#274)
  • Bump eslint from 8.46.0 to 8.56.0 (#279)

[v3.5.1]

Security

  • Removes uglify-js and dist packages

Dependencies

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [dangoslen/changelog-enforcer](https://github.com/dangoslen/changelog-enforcer) from 2 to 3.
- [Release notes](https://github.com/dangoslen/changelog-enforcer/releases)
- [Changelog](https://github.com/dangoslen/changelog-enforcer/blob/main/CHANGELOG.md)
- [Commits](dangoslen/changelog-enforcer@v2...v3)

---
updated-dependencies:
- dependency-name: dangoslen/changelog-enforcer
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants