Skip to content

Chore(deps): Bump plbstl/first-contribution from 3 to 4#13916

Merged
koppor merged 1 commit into
mainfrom
dependabot/github_actions/plbstl/first-contribution-4
Sep 15, 2025
Merged

Chore(deps): Bump plbstl/first-contribution from 3 to 4#13916
koppor merged 1 commit into
mainfrom
dependabot/github_actions/plbstl/first-contribution-4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Sep 15, 2025

Copy link
Copy Markdown
Contributor

Bumps plbstl/first-contribution from 3 to 4.

Release notes

Sourced from plbstl/first-contribution's releases.

v4.0.0

This is a major update focused on making the action's behavior more predictable, adding several new capabilities, and modernizing the entire codebase for better performance and security.

⚠️ BREAKING CHANGES

  • Runtime Upgraded to Node 24: The action now runs on Node 24, requiring self-hosted runners to be on version v2.327.1 or later. This improves performance and security.

  • Smarter closed Event Handling: The action now comments on a closed issue/PR if it was the user's historically first one, even if they have opened others since. The previous logic only triggered if the user's total contribution count was exactly 1 at that moment. This change ensures the first contribution's lifecycle is always acknowledged correctly.

  • New fail-on-error Input: A new input fail-on-error (default: false) allows you to control the action's exit behavior. This changes the previous "always fail" behavior, where any error would fail the workflow step. The new default is to log the error without failing the CI job.

✨ New Features

  • Commit History Awareness: The action now intelligently checks a user's commit history to avoid incorrectly greeting existing repository committers or maintainers as new contributors.
  • Emoji Reactions: You can now automatically add one or more emoji reactions (e.g., heart, rocket) to the body of a first-timer's issue or PR using the new reaction input.

🔧 Internal & DX Improvements

This release includes a major overhaul of the action's internals to improve developer experience, performance, and long-term maintainability.

  • Build System: The project has been migrated from CommonJS to modern ESM with Rollup as the bundler.
  • Testing Framework: The entire test suite has been migrated from Jest to Vitest, resulting in faster and more efficient tests.
  • Dependency Management: All dependencies have been updated and pinned to their latest stable versions for enhanced security and deterministic builds.

🧪 Testing & Code Quality

  • Exhaustive Tests: Test coverage has been significantly increased with new unit tests for complex edge cases and new features.
  • Improved Linting: Additional linters have been added to local and CI pipelines to enforce higher code quality standards.
  • Refactored Test Suite: The tests have been refactored to reduce code duplication and improve clarity.

🛡️ Security & CI

  • FOSSA Scanning: The repository now uses FOSSA for automated license and security scanning.
  • Hardened Workflows: All GitHub Actions used in the CI/CD pipelines have been updated to their latest versions and pinned to specific SHAs.

... (truncated)

Commits
  • 4b2b042 release: v4.1.0
  • 95f098a generate new test reports
  • 34721d6 update npm deps to latest
  • cd1ece5 docs: improve Detailed example
  • cfd1499 add Action options for issue-reactions and pr-reactions
  • eb6f6eb uppercase Action in action.yml
  • eab9aa1 add more information to tests report
  • 716afa7 reduce screenshot preview width (850 -> 650)
  • 0e560dc update project version (v4-beta-1 -> v4.0.0)
  • e1cc066 fix README
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Chore(deps): Bump plbstl/first-contribution from 3 to 4
dc2f167 
Bumps [plbstl/first-contribution](https://github.com/plbstl/first-contribution) from 3 to 4.
- [Release notes](https://github.com/plbstl/first-contribution/releases)
- [Commits](plbstl/first-contribution@v3...v4)

---
updated-dependencies:
- dependency-name: plbstl/first-contribution
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@trag-bot

trag-bot Bot commented Sep 15, 2025

Copy link
Copy Markdown

@trag-bot didn't find any issues in the code! ✅✨

@koppor koppor enabled auto-merge September 15, 2025 14:37
@koppor koppor added this pull request to the merge queue Sep 15, 2025
Merged via the queue into main with commit 11e13ec Sep 15, 2025
47 of 53 checks passed
@koppor koppor deleted the dependabot/github_actions/plbstl/first-contribution-4 branch September 15, 2025 15:02
Siedlerchr added a commit that referenced this pull request Sep 17, 2025
@Siedlerchr
Merge remote-tracking branch 'upstream/main'
1807fc8 
* upstream/main:
  Refine .gitginore (#13931)
  Hotfix: Markdown lint issue
  Update custom code style decision document
  Chore(deps): Bump org.openrewrite.rewrite from 7.15.0 to 7.16.0 (#13923)
  New translations jabref_en.properties (French) (#13928)
  Chore(deps): Bump com.fasterxml.jackson.dataformat:jackson-dataformat-yaml (#13927)
  Chore(deps): Bump com.autonomousapps:dependency-analysis-gradle-plugin (#13924)
  Chore(deps): Bump com.autonomousapps:dependency-analysis-gradle-plugin (#13921)
  Chore(deps): Bump org.yaml:snakeyaml from 2.4 to 2.5 in /versions (#13922)
  Chore(deps): Bump tj-actions/changed-files from 45 to 47 (#13917)
  Chore(deps): Bump plbstl/first-contribution from 3 to 4 (#13916)
  Share .idea/codeStyles/Project.xml (#13913)
  Chore(deps): Bump actions/github-script from 7 to 8 (#13915)
  Chore(deps): Bump jbangdev/jbang-action from 0.129.0 to 0.130.0 (#13914)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jabref-machine jabref-machine jabref-machine approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jabref-machine @koppor