deps(actions)(deps): bump TriPSs/conventional-changelog-action from 5.4.0 to 6.2.0

[dependabot]

Bumps TriPSs/conventional-changelog-action from 5.4.0 to 6.2.0.

Release notes

Sourced from TriPSs/conventional-changelog-action's releases.

v6.2.0

Features

• add no-verify option to pass to git commit (ad190ee)
• remove extra space from commit command (4d9c8c2)

v6.1.0

Features

• add version file support for java .properties file format (5e05ac7)

v6.0.0

Features

• set corresponding prerelease type derived from releaseType (792a7f7)

BREAKING CHANGES

• prerelease option generates pre[major|minor|patch] release

Changelog

Sourced from TriPSs/conventional-changelog-action's changelog.

6.2.0 (2025-10-22)

Features

• add no-verify option to pass to git commit (ad190ee)
• remove extra space from commit command (4d9c8c2)

6.1.0 (2025-09-04)

Features

• add version file support for java .properties file format (5e05ac7)

6.0.0 (2024-11-28)

Features

• set corresponding prerelease type derived from releaseType (792a7f7)

BREAKING CHANGES

• prerelease option generates pre[major|minor|patch] release

5.4.0 (2024-10-24)

Features

• Added eslint preset (3c6b18c), closes #265

5.3.0 (2024-05-21)

Features

• Support multiple git-path config option (c8865b2)

Commits

• 84dadaf chore(release): v6.2.0 [skip ci]
• 03dcb68 Allow user to bypass the pre-commit and commit-msg hooks (#285)
• 4802a3a Merge pull request #2 from TravisYeah/releases/v6-feat-no-verify
• 4d9c8c2 feat: remove extra space from commit command
• ad190ee feat: add no-verify option to pass to git commit
• 5f00b89 chore(release): v6.1.0 [skip ci]
• c361892 feat: add version file support for java .properties file format (#283)
• cad3f09 ci: Apply suggestion from @​TriPSs
• 7607183 ci: Apply suggestion from @​TriPSs
• b5c1a15 ci: Apply suggestion from @​TriPSs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github/​tripss/​conventional-changelog-action@​3c4970b6573374889b897403d2f1278c395ea0df ⏵ 84dadaf2c367cb52af02737cd9c7e888807219e7	-55

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Input argument leak: github tripss/conventional-changelog-action exposes an input argument into sink Location: Package overview From: .github/workflows/reuse-linea-besu-package-build-test-push.yml → github/tripss/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7 ℹ Read more on: This package | This alert | What are GitHub Actions taint flows? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Validate and sanitize all input arguments before using them in dangerous operations. Use parameterized commands or APIs instead of string concatenation for shell commands. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore github/tripss/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Input argument exported : github tripss/conventional-changelog-action exports an input argument as an environment variable Location: Package overview From: .github/workflows/reuse-linea-besu-package-build-test-push.yml → github/tripss/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7 ℹ Read more on: This package | This alert | What are GitHub Actions taint flows? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review the action code to ensure input arguments are properly validated and sanitized before being exported as environment variables. Consider whether this data flow is necessary. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore github/tripss/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Input argument as output: github tripss/conventional-changelog-action passes input argument as an output Location: Package overview From: .github/workflows/reuse-linea-besu-package-build-test-push.yml → github/tripss/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7 ℹ Read more on: This package | This alert | What are GitHub Actions taint flows? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review the action code to ensure input arguments are properly validated and sanitized before being exposed as outputs. Consider whether this data flow is necessary. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore github/tripss/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report