Bump dangoslen/changelog-enforcer from 2 to 3

[dependabot[bot]]

Bumps dangoslen/changelog-enforcer from 2 to 3.

Release notes

Sourced from dangoslen/changelog-enforcer's releases.

Changelog Enforcer 3.0.0

:rocket: The 3.0.0 release of the Changelog Enforcer is here! This release relies soley on the GitHub API instead of local git commands from a cloned repository. This means, for example, that actions/checkout does not need to be run before running the enforcer.

Fixes

• Fixes issue #142

Dependencies

• Bumps @vercel/ncc from 0.28.6 to 0.31.1
• Bumps @actions/core from 1.4.0 to 1.6.0
• Bumps jest from 27.0.5 to 27.3.1
• Bumps actions/checkout from 2.3.4 to 2.4.0
• Bumps uglify-js from 3.13.9 to 3.14.3
• Bumps eslint from 7.28.0 to 8.2.0

Changelog Enforcer 2.3.1

Changed

• Only runs on pull_request and pull_request_target events. This is to address issue #140

Changelog Enforcer 2.3.0

Dependencies

• Bumps lodash from 4.17.19 to 4.17.21
• Bumps stefanzweifel/git-auto-commit-action from 4 to 4.11.0
• Bumps actions/checkout from 2 to 2.3.4
• Bumps actions/create-release from 1 to 1.1.4
• Bumps uglify-js from 3.13.3 to 3.13.9
• Bumps eslint from 7.25.0 to 7.28.0
• Bumps @vercel/ncc from 0.28.2 to 0.28.6
• Bumps @actions/github from 4.0.0 to 5.0.0
• Bumps dangoslen/dependabot-changelog-helper from 0.3.2 to 1
• Bumps @actions/exec from 1.0.4 to 1.1.0
• Bumps @actions/core from 1.2.7 to 1.4.0
• Bumps jest from 26.6.3 to 27.0.5
• Bumps ws from 7.4.0 to 7.5.3

Changelog Enforcer 2.2.0

Internal Changes

• The pull_request workflow now executes as a pull_request_target workflow to handle incoming pull requests from forked repos.
  • This is needed because Dependabot now works as a forked branch. The reasoning and ways to accomodate are listed in a GitHub Security article
  • The verified label is needed to allow the workflow to execute

Dependencies

• Bumps uglify-js from 3.13.2 to 3.13.3
• Bumps y18n from 4.0.1 to 5.0.8
• Bumps @vercel/ncc from 0.27.0 to 0.28.2
• Bumps @actions/core from 1.2.6 to 1.2.7
• Bumps eslint from 7.23.0 to 7.25.0

Changelog Enforcer 2.1.0

Deprecated

• The input versionPattern is now deprecated. Starting in v3.0.0 the Changelog Enforcer will only work with Keep a Changelog for verifying the latest expected version.

Dependencies

• Bumps eslint from 7.21.0 to 7.23.0
• Bumps uglify-js from 3.13.0 3.13.2

... (truncated)

Changelog

Sourced from dangoslen/changelog-enforcer's changelog.

CHANGELOG

Inspired from Keep a Changelog

[UNRELEASED]

Dependencies

• Bump node-fetch from 2.6.12 to 2.6.13 (#264)
• Bump actions/checkout from 3.5.3 to 4.0.0 (#266, #267)
• Bump @vercel/ncc from 0.36.1 to 0.38.0 (#268)

[v3.5.1]

Security

• Removes uglify-js and dist packages

Dependencies

• Bump jest from 29.5.0 to 29.6.2 (#260)
• Bump eslint from 8.42.0 to 8.46.0 (#261)

[v3.5.0]

Dependencies

• Bump @vercel/ncc from 0.34.0 to 0.36.1 (#247)
• Bump eslint from 8.31.0 to 8.42.0 (#249)
• Bump actions/checkout from 3.5.2 to 3.5.3 (#250)
• Bump node-fetch from 2.6.9 to 2.6.12 (#251, #253)

Fixed

• Handle skipLabels that contain a / (#254)

[v3.4.0]

Changed

• Switches the default branch from master to main

Dependencies

• Bump actions/checkout from 3.2.0 to 3.5.2 (#245)
• Bump jest from 29.3.1 to 29.5.0 (#242)
• Bump node-fetch from 2.6.7 to 2.6.9 (#241)

[v3.3.2]

Fixed

• Properly rebuilds the dist.index.js meant to be built in v3.3.1.

[v3.3.1] - YANKED

This release has been yanked and should not be used. Please use v3.3.2 instead. The tag for this release will be deleted on 2023-06-01 and will not be usable after that date. If you are using the v3 tag, you will get the latest version automatically.

Fixed

• Removes the deprecated set-output command by bumping @actions/core. This fixes [issue #222](dangoslen/changelog-enforcer#222)

Dependencies

... (truncated)

Commits

• e779e7f Cut release (#262)
• a6cd02d Bump eslint from 8.42.0 to 8.46.0 (#261)
• 7a0bfaa Bump jest from 29.5.0 to 29.6.2 (#260)
• 2ef7730 Remove uglifyjs and dist (#259)
• 059b4a9 Cut v3.5.0 (#255)
• 082399a Bump node-fetch from 2.6.11 to 2.6.12 (#253)
• e58e94b Support skipLabels that contain forward slash (#254)
• ced67f9 Bump actions/checkout from 3.5.2 to 3.5.3 (#250)
• dd70bd0 Bump node-fetch from 2.6.9 to 2.6.11 (#251)
• 68dca97 Bump eslint from 8.31.0 to 8.42.0 (#249)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)