deps(actions): bump softprops/action-gh-release from 2.6.1 to 3.0.0

dependabot[bot] · web-flow · commit cbe1d4ba5314 · 2026-04-15T11:25:48.000Z
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@153bb8e...b430933) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -646,7 +646,7 @@ jobs:
         # - verify-release job will: download with retry, verify checksums,
         #   generate final SHA256SUMS, then publish the release
         # NOTE: nftban-core and nftban-ui are uploaded by SLSA workflow with provenance
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
         with:
           files: |
             dist/packages/*.rpm
diff --git a/.github/workflows/slsa-go-releaser.yml b/.github/workflows/slsa-go-releaser.yml
@@ -154,7 +154,7 @@ jobs:
       # provides cryptographic verification for these binaries.
 
       - name: Upload to GitHub Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
         with:
           tag_name: ${{ needs.get-tag.outputs.tag }}
           # Use single pattern to avoid duplicates (nftban-* matches .intoto.jsonl too)
