Skip to content

Bump JS-DevTools/npm-publish from 3 to 4 in the ci group#47

Merged
NomakCooper merged 1 commit into
mainfrom
dependabot/github_actions/ci-1d274e3cb3
Apr 20, 2026
Merged

Bump JS-DevTools/npm-publish from 3 to 4 in the ci group#47
NomakCooper merged 1 commit into
mainfrom
dependabot/github_actions/ci-1d274e3cb3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 19, 2026

Bumps the ci group with 1 update: JS-DevTools/npm-publish.

Updates JS-DevTools/npm-publish from 3 to 4

Release notes

Sourced from JS-DevTools/npm-publish's releases.

v4.0.0

The v4 release updates the action runtime to Node 24, but there have been no usage changes to the action.

Immutable releases have been enabled for this repository. As a security practice, we recommend pinning to an exact release:

- uses: JS-DevTools/npm-publish@v4.0.0
  with:
    token: ${{ secrets.NPM_TOKEN }}

⚠ BREAKING CHANGES

  • The action now runs on Node 24 with npm 11
  • The library and CLI now require Node >= 20, Node 16 and 18 are no longer supported
  • The library is now ESM only

Features

Bug Fixes

  • deps: bump the production group across 1 directory with 5 updates (#238) (314ae61)
  • deps: update tar and semver dependencies (#194) (cd26c94)
  • update dry-run and publish conflict logic for npm>=10 (#232) (62716ea)
  • windows: allow spawning npm cli on windows (#199) (f45e793), closes #198

Code Refactoring

v3.1.1

Bug fixes

  • include registry URL pathname in npm config (#186)

v3.1.0

Features

  • dry-run: always print publish results in dry run (#185), closes #184

Performance Improvements

  • action: decrease bundle size (#166)

v3.0.1

Bug fixes

  • errors: improve message when version validation fails (#161), closes #160
Changelog

Sourced from JS-DevTools/npm-publish's changelog.

Change Log (Archived)

See releases for current change log.

All notable changes will be documented in this file. NPM Publish adheres to Semantic Versioning.

v1.4.0 (2020-10-02)

  • Added support NPM's --tag argument, which allows packages to be published to a named tag that can then be installed using npm install <package-name>@<tag>

  • Added support for NPM's --access argument, which controls whether scoped packages are publicly accessible, or restricted to members of your NPM organization

Full Changelog

v1.3.0 (2020-10-01)

  • NPM-Publish can now successfully publish a brand-new package to NPM. Previously it failed because it couldn't determine the previous package version. ([PR #12](JS-DevTools/npm-publish#12) from @​ZitRos)

Full Changelog

Commits
  • 0fd2f43 chore(release): 4.1.5
  • 3c4834c fix(deps): bump the production group with 2 updates (#261)
  • 22291ed build(deps-dev): bump the development group with 6 updates (#262)
  • 4ce4bd0 chore(release): 4.1.4
  • 57836fb fix(deps): bump tar from 7.5.2 to 7.5.3 (#260)
  • d2fef91 chore(release): 4.1.3
  • 3eb8411 fix: add sourcemap back to tracking (#259)
  • 8f08ec0 chore(release): 4.1.2
  • 43babc0 fix(deps): bump the production group with 3 updates (#252)
  • 764af68 docs(readme): switch main example to trusted publishing (#257)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump JS-DevTools/npm-publish from 3 to 4 in the ci group
5a69745 
Bumps the ci group with 1 update: [JS-DevTools/npm-publish](https://github.com/js-devtools/npm-publish).


Updates `JS-DevTools/npm-publish` from 3 to 4
- [Release notes](https://github.com/js-devtools/npm-publish/releases)
- [Changelog](https://github.com/JS-DevTools/npm-publish/blob/main/CHANGELOG.md)
- [Commits](JS-DevTools/npm-publish@v3...v4)

---
updated-dependencies:
- dependency-name: JS-DevTools/npm-publish
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 19, 2026
@github-actions github-actions Bot added the ci GitHub Workflow label Apr 19, 2026
@NomakCooper NomakCooper added the backport-10 backport to stable-10 label Apr 20, 2026
NomakCooper
NomakCooper approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@NomakCooper NomakCooper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@NomakCooper NomakCooper merged commit c6bc280 into main Apr 20, 2026
17 checks passed
@patchback
Copy link
Copy Markdown

patchback Bot commented Apr 20, 2026
edited
Loading

Backport to stable-10: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-10/c6bc2801a418c9133f64e7607ca38a673cb9eba4/pr-47

Backported as #50

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

@NomakCooper NomakCooper deleted the dependabot/github_actions/ci-1d274e3cb3 branch April 20, 2026 20:10
@patchback patchback Bot mentioned this pull request Apr 20, 2026
Merged
NomakCooper pushed a commit that referenced this pull request Apr 20, 2026
@patchback @dependabot
Bump JS-DevTools/npm-publish from 3 to 4 in the ci group (#47) (#50)
8d73f2a 
Bumps the ci group with 1 update: [JS-DevTools/npm-publish](https://github.com/js-devtools/npm-publish).

Updates `JS-DevTools/npm-publish` from 3 to 4
- [Release notes](https://github.com/js-devtools/npm-publish/releases)
- [Changelog](https://github.com/JS-DevTools/npm-publish/blob/main/CHANGELOG.md)
- [Commits](JS-DevTools/npm-publish@v3...v4)

---
updated-dependencies:
- dependency-name: JS-DevTools/npm-publish
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
...



(cherry picked from commit c6bc280)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NomakCooper NomakCooper NomakCooper approved these changes

Assignees

No one assigned

Labels

backport-10 backport to stable-10 ci GitHub Workflow dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NomakCooper