Sourced from actions/upload-artifact's releases.
v7.0.1
What's Changed
- Update the readme with direct upload details by
@danwkennedyin actions/upload-artifact#795- Readme: bump all the example versions to v7 by
@danwkennedyin actions/upload-artifact#796- Include changes in typespec/ts-http-runtime 0.3.5 by
@yacaovsncin actions/upload-artifact#797Full Changelog: https://github.com/actions/upload-artifact/compare/v7...v7.0.1
Sourced from actions/download-artifact's releases.
v8.0.1
What's Changed
- Support for CJK characters in the artifact name by
@danwkennedyin actions/download-artifact#471- Add a regression test for artifact name + content-type mismatches by
@danwkennedyin actions/download-artifact#472Full Changelog: https://github.com/actions/download-artifact/compare/v8...v8.0.1
v8.0.0
v8 - What's new
[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.
[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).
Direct downloads
To support direct uploads in
actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks theContent-Typeheader ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the newskip-decompressparameter totrue.Enforced checks (breaking)
A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the
digest-mismatchparameter. To be secure by default, we are now defaulting the behavior toerrorwhich will fail the workflow run.ESM
To support new versions of the @actions/* packages, we've upgraded the package to ESM.
What's Changed
- Don't attempt to un-zip non-zipped downloads by
@danwkennedyin actions/download-artifact#460- Add a setting to specify what to do on hash mismatch and default it to
errorby@danwkennedyin actions/download-artifact#461Full Changelog: https://github.com/actions/download-artifact/compare/v7...v8.0.0
3e5f45b
Add regression tests for CJK characters (#471)e6d03f6
Add a regression test for artifact name + content-type mismatches (#472)70fc10c
Merge pull request #461
from actions/danwkennedy/digest-mismatch-behaviorf258da9
Add change docsccc058e
Fix linting issuesbd7976b
Add a setting to specify what to do on hash mismatch and default it to
errorac21fcf
Merge pull request #460
from actions/danwkennedy/download-no-unzip15999bf
Add note about package bumps974686e
Bump the version to v8 and add release notesfbe48b1
Update test names to make it clearer what they doSourced from softprops/action-gh-release's releases.
v3.0.0
3.0.0is a major release that moves the action runtime from Node 20 to Node 24. Usev3on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay onv2.6.2.What's Changed
Other Changes 🔄
- Move the action runtime and bundle target to Node 24
- Update
@types/nodeto the Node 24 line and allow future Dependabot updates- Keep the floating major tag on
v3;v2remains pinned to the latest2.xrelease
Sourced from softprops/action-gh-release's changelog.
3.0.0
3.0.0is a major release that moves the action runtime from Node 20 to Node 24. Usev3on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay onv2.6.2.What's Changed
Other Changes 🔄
- Move the action runtime and bundle target to Node 24
- Update
@types/nodeto the Node 24 line and allow future Dependabot updates- Keep the floating major tag on
v3;v2remains pinned to the latest2.xrelease2.6.2
What's Changed
Other Changes 🔄
- chore(deps): bump picomatch from 4.0.3 to 4.0.4 by
@dependabot[bot] in softprops/action-gh-release#775- chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by
@dependabot[bot] in softprops/action-gh-release#777- chore(deps): bump vite from 8.0.0 to 8.0.5 by
@dependabot[bot] in softprops/action-gh-release#7812.6.1
2.6.1is a patch release focused on restoring linked discussion thread creation whendiscussion_category_nameis set. It fixes[#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.
What's Changed
Bug fixes 🐛
- fix: preserve discussion category on publish by
@chenrui333in softprops/action-gh-release#7652.6.0
2.6.0is a minor release centered onprevious_tagsupport forgenerate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, aworking_directorydocs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.
What's Changed
... (truncated)
b430933
release: cut v3.0.0 for Node 24 upgrade (#670)c2e35e0
chore(deps): bump the npm group across 1 directory with 7 updates (#783)Sourced from actions/create-github-app-token's releases.
v3.2.0
3.2.0 (2026-05-12)
Features
- add support for enterprise-level GitHub Apps (#263) (952a2a7)
- support full repository names in
repositoriesinput (#372) (85eb8dd)Bug Fixes
- deps: bump
@actions/corefrom 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)- validate private-key input (#376) (f24bbd8)
v3.1.1
3.1.1 (2026-04-11)
Bug Fixes
v3.1.0
3.1.0 (2026-04-11)
Bug Fixes
Features
v3.0.0
3.0.0 (2026-03-14)
- feat!: node 24 support (#275) (2e564a0)
- fix!: require
NODE_USE_ENV_PROXYfor proxy support (#342) (4451bcb)Bug Fixes
... (truncated)
Sourced from actions/create-github-app-token's changelog.
Changelog
3.2.0 (2026-05-12)
Features
- add support for enterprise-level GitHub Apps (#263) (952a2a7)
- support full repository names in
repositoriesinput (#372) (85eb8dd)Bug Fixes
bcd2ba4
chore(main): release 3.2.0 (#370)f24bbd8
fix: validate private-key input (#376)363531b
docs: capitalize Git as a proper noun in README (#374)fd28011
docs: update procedure to configure Git (#287)85eb8dd
feat: support full repository names in repositories input
(#372)c9aabb8
build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the
development-dependencie...e02e816
build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)8d835bf
build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the
development-depend...952a2a7
feat: add support for enterprise-level GitHub Apps (#263)43e5c34
fix(deps): bump @actions/core from 3.0.0 to 3.0.1 in the
production-dependenc...Sourced from dependabot/fetch-metadata's releases.
v3.1.0
What's Changed
- Add permissions to all workflows by
@truggeriin dependabot/fetch-metadata#687- build(deps-dev): bump globals from 16.0.0 to 17.4.0 by
@dependabot[bot] in dependabot/fetch-metadata#690- build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by
@dependabot[bot] in dependabot/fetch-metadata#693- build(deps-dev): bump
@hono/node-serverfrom 1.19.10 to 1.19.13 by@dependabot[bot] in dependabot/fetch-metadata#694- build(deps-dev): bump hono from 4.12.7 to 4.12.12 by
@dependabot[bot] in dependabot/fetch-metadata#695- Dynamically update the tracking tag in action by
@truggeriin dependabot/fetch-metadata#696- fix: handle duplicate dependency names in parseMetadataLinks by
@devantlerin dependabot/fetch-metadata#700- fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by
@devantlerin dependabot/fetch-metadata#698- Updates to README for permissions clarification by
@truggeriin dependabot/fetch-metadata#697- fix: resolve update-type null for Python, Composer, and Terraform PRs by
@vitorsdcsin dependabot/fetch-metadata#704- build(deps-dev): bump globals from 17.4.0 to 17.5.0 by
@dependabot[bot] in dependabot/fetch-metadata#703- build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by
@dependabot[bot] in dependabot/fetch-metadata#701- build(deps): bump
@actions/githubfrom 9.0.0 to 9.1.0 in the dependencies group across 1 directory by@dependabot[bot] in dependabot/fetch-metadata#702- build(deps-dev): bump hono from 4.12.12 to 4.12.14 by
@dependabot[bot] in dependabot/fetch-metadata#705- v3.1.0 by
@fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692New Contributors
@devantlermade their first contribution in dependabot/fetch-metadata#700@vitorsdcsmade their first contribution in dependabot/fetch-metadata#704Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0
v3.0.0
The breaking change is requiring Node.js version v24 as the Actions runtime.
What's Changed
- feat: Parse versions from metadata links by
@ppkarwaszin dependabot/fetch-metadata#632- Upgrade actions core and actions github packages by
@truggeriin dependabot/fetch-metadata#649- docs: Add notes for using
alert-lookupwith App Token by@sue445in dependabot/fetch-metadata#656- feat!: update Node.js version to v24 by
@sturmanin dependabot/fetch-metadata#671- Switch build tooling from ncc to esbuild by
@truggeriin dependabot/fetch-metadata#676- Add --legal-comments=none to esbuild build commands by
@jeffwidmanin dependabot/fetch-metadata#679- Bump tsconfig target from es2022 to es2024 by
@jeffwidmanin dependabot/fetch-metadata#680- Remove vestigial outDir from tsconfig.json by
@jeffwidmanin dependabot/fetch-metadata#681- Switch tsconfig module resolution to bundler by
@jeffwidmanin dependabot/fetch-metadata#682- Remove skipLibCheck from tsconfig.json by
@jeffwidmanin dependabot/fetch-metadata#683- Add typecheck step to CI by
@jeffwidmanin dependabot/fetch-metadata#685- Enable noImplicitAny in tsconfig.json by
@jeffwidmanin dependabot/fetch-metadata#684- Upgrade
@actions/coreto ^3.0.0 by@truggeriin dependabot/fetch-metadata#677- Upgrade
@actions/githubto ^9.0.0 and@octokit/request-errorto ^7.1.0 by@truggeriin dependabot/fetch-metadata#678- Bump qs from 6.14.0 to 6.14.1 by
@dependabot[bot] in dependabot/fetch-metadata#651- Bump hono from 4.11.1 to 4.11.4 by
@dependabot[bot] in dependabot/fetch-metadata#652- Bump hono from 4.11.4 to 4.11.7 by
@dependabot[bot] in dependabot/fetch-metadata#653- Bump hono from 4.11.7 to 4.12.0 by
@dependabot[bot] in dependabot/fetch-metadata#657- Bump qs from 6.14.1 to 6.14.2 by
@dependabot[bot] in dependabot/fetch-metadata#655- Bump
@modelcontextprotocol/sdkfrom 1.25.1 to 1.26.0 by@dependabot[bot] in dependabot/fetch-metadata#654- Bump
@hono/node-serverfrom 1.19.9 to 1.19.10 by@dependabot[bot] in dependabot/fetch-metadata#665- Bump hono from 4.12.2 to 4.12.5 by
@dependabot[bot] in dependabot/fetch-metadata#664
... (truncated)
25dd0e3
v3.1.0 (#692)e073f50
Merge pull request #705
from dependabot/dependabot/npm_and_yarn/hono-4.12.140670e16
build(deps-dev): bump hono from 4.12.12 to 4.12.147a7fe10
Merge pull request #702
from dependabot/dependabot/npm_and_yarn/dependencies-...5168191
Updating dist build23882e1
build(deps): bump @actions/github in the dependencies
group1072469
Merge pull request #701
from dependabot/dependabot/github_actions/actions/cre...43f8a00
build(deps): bump actions/create-github-app-token from 3.0.0 to
3.1.1b4d904a
Merge pull request #703
from dependabot/dependabot/npm_and_yarn/globals-17.5.0c8046bb
build(deps-dev): bump globals from 17.4.0 to 17.5.0