Bump softprops/action-gh-release from 2 to 3

[dependabot]

Bumps softprops/action-gh-release from 2 to 3.

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

• fix: preserve discussion category on publish by @​chenrui333 in softprops/action-gh-release#765

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

• fix issue with multiple runs concatenating release bodies #145

Commits

• b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
• c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
• See full diff in compare view

[changeset-bot]

⚠️ No Changeset found

Latest commit: 6b74d97

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[matt-evervault]

Review summary — safe to merge ✅

Usage in this repo

softprops/action-gh-release is used in exactly two places, both with the same minimal pattern:

• .github/workflows/npm-publish.yml:117
• .github/workflows/publish-static-bundle.yml:291

- uses: softprops/action-gh-release@v2
  with:
    body: ${{ steps.release-content.outputs.content }}
    tag_name: ${{ inputs.tag_name }}

Only body (changelog snippet) and tag_name are passed. No files, draft, prerelease, discussion_category_name, make_latest, target_commitish, repository, token, or generate_release_notes are used. The default github.token is used; both jobs grant contents: write. Both run on ubuntu-latest and are wrapped in continue-on-error: true.

v2 → v3 diff

Diffing action.yml between the v2 and v3 tags, the only change is:

-  using: "node20"
+  using: "node24"

The v3.0.0 release notes confirm this is a runtime-only bump (Node 20 → Node 24). Inputs and outputs are unchanged. v2.6.2 is documented as the last Node 20-compatible line for environments that don't support Node 24.

Runner compatibility

ubuntu-latest has supported the node24 Actions runtime since actions/runner v2.327.0 (released July 2024), so both invocations will execute correctly. The rest of this repo is already on modern actions (actions/checkout@v6, actions/setup-node@v6, actions/download-artifact@v8), all of which are node24-ready.

Security / supply chain

• Tag-pinning (@v3) is consistent with the rest of the repo's pinning style.
• v3 introduces no new permissions, network calls, or behavioral changes.
• No other workflow files reference this action.

Build verification

This PR only touches GitHub Actions workflow YAML — no source code, no pnpm build impact. The action only runs during release workflows, not regular CI.

Changes pushed

None. The two @v2 → @v3 updates are sufficient as-is; no compensating code changes are needed.

Conclusion: Safe to merge.

---

Generated by Claude Code