Skip to content

chore(deps): bump iainmcgin/cla-github-action from 3.1.0 to 3.2.0#269

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/iainmcgin/cla-github-action-3.2.0
Open

chore(deps): bump iainmcgin/cla-github-action from 3.1.0 to 3.2.0#269
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/iainmcgin/cla-github-action-3.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps iainmcgin/cla-github-action from 3.1.0 to 3.2.0.

Changelog

Sourced from iainmcgin/cla-github-action's changelog.

Changelog

All notable changes to this fork since it diverged from the upstream cla-assistant/github-action project (archived). The branch point is commit 58daaf8 "Update README to reflect repository status".

Versioning starts at v3.0.0, the first major version after the upstream project's final release (v2.7.1), to make clear this is a divergent line. Changes are grouped by the logical unit of work; each entry links to the commit that introduced it.

Unreleased

Nothing yet.

v3.2.0 — 2026-06-17

Changed

  • CLA sign-comment matching tolerates a small amount of surrounding text. (1f440bd) A comment now counts as a signature when the configured phrase appears on its own line (or its own block of lines, for a multi-line custom-pr-sign-comment), case-insensitive, with trailing ./! ignored, and any other text in the comment is no longer than the phrase itself (minimum allowance 32 characters). Previously the match failed if the comment contained anything on another line — for example a contributor adding recheck below the declaration. The same rule now applies whether or not custom-pr-sign-comment is set; previously that path required a byte-for-byte match. Note this is also slightly stricter on the matching line itself: text before or after the phrase on the same line (other than trailing punctuation) no longer matches, and a line inside a > Markdown blockquote is never treated as the author's own declaration.

v3.1.0 — 2026-06-09

Fixed

  • Pull requests closed without merging are no longer locked. (30dab6b) The lock-pullrequest-aftermerge feature locked the conversation on any closed event, including a contributor closing their own unmerged PR. If the PR was later reopened, the stale lock prevented the bot from commenting and the CLA check could never complete. The lock now only applies when the PR was actually merged.
  • Reopened PRs with a stale lock are unlocked automatically. (30dab6b) A merged PR can never be reopened, so a lock found on a reopened PR is either left over from the lock-on-any-close bug above or was set manually by a maintainer; the action cannot tell the two apart and removes it so the CLA check can comment again. Applies only when lock-pullrequest-aftermerge is enabled. The recommended workflow in the README now includes

... (truncated)

Commits
  • 0d27e5a Cut v3.2.0: promote CHANGELOG Unreleased section to release
  • 1f440bd Relax sign-comment matching to tolerate brief surrounding text
  • 6dd686d README: update example SHA pin to v3.1.0 (b265428)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [iainmcgin/cla-github-action](https://github.com/iainmcgin/cla-github-action) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/iainmcgin/cla-github-action/releases)
- [Changelog](https://github.com/iainmcgin/cla-github-action/blob/master/CHANGELOG.md)
- [Commits](iainmcgin/cla-github-action@b265428...0d27e5a)

---
updated-dependencies:
- dependency-name: iainmcgin/cla-github-action
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update an action file github_actions Pull requests that update GitHub Actions code minor Pull requests with new features labels Jun 30, 2026
@dependabot dependabot Bot requested review from a team and maximizeIT as code owners June 30, 2026 06:03
@dependabot dependabot Bot added dependencies Pull requests that update an action file github_actions Pull requests that update GitHub Actions code labels Jun 30, 2026
@dependabot dependabot Bot requested review from Ninerian and PujaSingh7655 June 30, 2026 06:03
@dependabot dependabot Bot added the minor Pull requests with new features label Jun 30, 2026
@dependabot dependabot Bot requested a review from tmsbgit June 30, 2026 06:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update an action file github_actions Pull requests that update GitHub Actions code minor Pull requests with new features

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants