Bump dangoslen/changelog-enforcer from 2 to 3 (#480)

Bumps
[dangoslen/changelog-enforcer](https://github.com/dangoslen/changelog-enforcer)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dangoslen/changelog-enforcer/releases">dangoslen/changelog-enforcer's
releases</a>.</em></p>
<blockquote>
<h2>Changelog Enforcer 3.0.0</h2>
<p>:rocket: The 3.0.0 release of the Changelog Enforcer is here! This
release relies soley on the GitHub API instead of local git commands
from a cloned repository. This means, for example, that
<code>actions/checkout</code> does <strong>not</strong> need to be run
before running the enforcer.</p>
<h3>Fixes</h3>
<ul>
<li>Fixes issue <a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/142">#142</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Bumps <code>@vercel/ncc</code> from 0.28.6 to 0.31.1</li>
<li>Bumps <code>@actions/core</code> from 1.4.0 to 1.6.0</li>
<li>Bumps <code>jest</code> from 27.0.5 to 27.3.1</li>
<li>Bumps <code>actions/checkout</code> from 2.3.4 to 2.4.0</li>
<li>Bumps <code>uglify-js</code> from 3.13.9 to 3.14.3</li>
<li>Bumps <code>eslint</code> from 7.28.0 to 8.2.0</li>
</ul>
<h2>Changelog Enforcer 2.3.1</h2>
<h3>Changed</h3>
<ul>
<li>Only runs on <code>pull_request</code> and
<code>pull_request_target</code> events. This is to address issue <a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/140">#140</a></li>
</ul>
<h2>Changelog Enforcer 2.3.0</h2>
<h3>Dependencies</h3>
<ul>
<li>Bumps <code>lodash</code> from 4.17.19 to 4.17.21</li>
<li>Bumps <code>stefanzweifel/git-auto-commit-action</code> from 4 to
4.11.0</li>
<li>Bumps <code>actions/checkout</code> from 2 to 2.3.4</li>
<li>Bumps <code>actions/create-release</code> from 1 to 1.1.4</li>
<li>Bumps <code>uglify-js</code> from 3.13.3 to 3.13.9</li>
<li>Bumps <code>eslint</code> from 7.25.0 to 7.28.0</li>
<li>Bumps <code>@vercel/ncc</code> from 0.28.2 to 0.28.6</li>
<li>Bumps <code>@actions/github</code> from 4.0.0 to 5.0.0</li>
<li>Bumps <code>dangoslen/dependabot-changelog-helper</code> from 0.3.2
to 1</li>
<li>Bumps <code>@actions/exec</code> from 1.0.4 to 1.1.0</li>
<li>Bumps <code>@actions/core</code> from 1.2.7 to 1.4.0</li>
<li>Bumps <code>jest</code> from 26.6.3 to 27.0.5</li>
<li>Bumps <code>ws</code> from 7.4.0 to 7.5.3</li>
</ul>
<h2>Changelog Enforcer 2.2.0</h2>
<h3>Internal Changes</h3>
<ul>
<li>The <code>pull_request</code> workflow now executes as a
<code>pull_request_target</code> workflow to handle incoming pull
requests from forked repos.
<ul>
<li>This is needed because Dependabot now works as a <a
href="https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/">forked
branch</a>. The reasoning and ways to accomodate are listed in a <a
href="https://securitylab.github.com/research/github-actions-preventing-pwn-requests/">GitHub
Security article</a></li>
<li>The <code>verified</code> label is needed to allow the workflow to
execute</li>
</ul>
</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Bumps <code>uglify-js</code> from 3.13.2 to 3.13.3</li>
<li>Bumps <code>y18n</code> from 4.0.1 to 5.0.8</li>
<li>Bumps <code>@vercel/ncc</code> from 0.27.0 to 0.28.2</li>
<li>Bumps <code>@actions/core</code> from 1.2.6 to 1.2.7</li>
<li>Bumps <code>eslint</code> from 7.23.0 to 7.25.0</li>
</ul>
<h2>Changelog Enforcer 2.1.0</h2>
<h3>Deprecated</h3>
<ul>
<li>The input <code>versionPattern</code> is now deprecated. Starting in
<code>v3.0.0</code> the Changelog Enforcer will only work with <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> for
verifying the latest expected version.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Bumps <code>eslint</code> from 7.21.0 to 7.23.0</li>
<li>Bumps <code>uglify-js</code> from 3.13.0 3.13.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/dangoslen/changelog-enforcer/blob/main/CHANGELOG.md">dangoslen/changelog-enforcer's
changelog</a>.</em></p>
<blockquote>
<h1>CHANGELOG</h1>
<p>Inspired from <a href="https://keepachangelog.com/en/1.0.0/">Keep a
Changelog</a></p>
<h2>[UNRELEASED]</h2>
<h3>Dependencies</h3>
<ul>
<li>Bump <code>eslint</code> from 8.57.0 to 9.7.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/288">#288</a>)</li>
</ul>
<h2>[v3.6.1]</h2>
<h3>Changed</h3>
<ul>
<li>Fix Github Actions Annotations (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/281">#281</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Handle <code>skipLabels</code> that contains emojis by properly
looking for <code>:</code> characters in the label extractor regex
(fixes <a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/284">#284</a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Bump <code>eslint</code> from 8.56.0 to 8.57.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/282">#282</a>)</li>
<li>Bump <code>actions/checkout</code> from 4.1.1 to 4.1.2 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/283">#283</a>)</li>
</ul>
<h2>[v3.6.0]</h2>
<h3>Changed</h3>
<ul>
<li>Now runs on Node 20
<ul>
<li>Updates <code>.nvmrc</code> to set the version</li>
<li>Updates node version in <code>action.yml</code></li>
</ul>
</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Bump <code>node-fetch</code> from 2.6.12 to 2.7.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/264">#264</a>,
<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/270">#270</a>)</li>
<li>Bump <code>actions/checkout</code> from 3.5.3 to 4.1.1 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/266">#266</a>,
<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/267">#267</a>,
<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/271">#271</a>,
<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/275">#275</a>)</li>
<li>Bump <code>@vercel/ncc</code> from 0.36.1 to 0.38.1 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/268">#268</a>,
<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/276">#276</a>)</li>
<li>Bump <code>jest</code> from 29.6.2 to 29.7.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/269">#269</a>)</li>
<li>Bump <code>stefanzweifel/git-auto-commit-action</code> from 4.16.0
to 5.0.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/272">#272</a>)</li>
<li>Bump <code>@actions/github</code> from 5.1.1 to 6.0.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/273">#273</a>)</li>
<li>Bump <code>@actions/core</code> from 1.10.0 to 1.10.1 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/274">#274</a>)</li>
<li>Bump <code>eslint</code> from 8.46.0 to 8.56.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/279">#279</a>)</li>
</ul>
<h2>[v3.5.1]</h2>
<h3>Security</h3>
<ul>
<li>Removes <code>uglify-js</code> and <code>dist</code> packages</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Bump <code>jest</code> from 29.5.0 to 29.6.2 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/260">#260</a>)</li>
<li>Bump <code>eslint</code> from 8.42.0 to 8.46.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/pull/261">#261</a>)</li>
</ul>
<h2>[v3.5.0]</h2>
<h3>Dependencies</h3>
<ul>
<li>Bump <code>@vercel/ncc</code> from 0.34.0 to 0.36.1 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/247">#247</a>)</li>
<li>Bump <code>eslint</code> from 8.31.0 to 8.42.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/249">#249</a>)</li>
<li>Bump <code>actions/checkout</code> from 3.5.2 to 3.5.3 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/250">#250</a>)</li>
<li>Bump <code>node-fetch</code> from 2.6.9 to 2.6.12 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/251">#251</a>,
<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/253">#253</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/204e7d3ef26579f4cd0fd759c57032656fdf23c7"><code>204e7d3</code></a>
Cut v3.6.1 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/286">#286</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/3b505fae27c00aeb2827def66df1fb1914e5e610"><code>3b505fa</code></a>
Bump eslint from 8.56.0 to 8.57.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/282">#282</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/f87a2dbff2974c59419b4d3ecd7904f5b9aa15ee"><code>f87a2db</code></a>
Parse labels with emojis (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/285">#285</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/155ab0986bb014a46341bebdb9c5dca54e947cfd"><code>155ab09</code></a>
Bump actions/checkout from 4.1.1 to 4.1.2 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/283">#283</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/548b384207336e7131911120d6f21bddda80ce1c"><code>548b384</code></a>
Fix GitHub actions annotations (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/281">#281</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/78309b2d10cab044cfe912459049f2f02c2a4d2d"><code>78309b2</code></a>
Cut 3.6.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/280">#280</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/086661692de8750f8b73486706a07e89f1febd7d"><code>0866616</code></a>
Update to node20 and update eslint (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/279">#279</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/f9d1322427db357d0dc1eae759ab47ff46dafd64"><code>f9d1322</code></a>
Bump <code>@​actions/github</code> from 5.1.1 to 6.0.0 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/273">#273</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/be430d1e3d5762a7d4efb994eee2eea0cdb1a965"><code>be430d1</code></a>
Bump <code>@​vercel/ncc</code> from 0.38.0 to 0.38.1 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/276">#276</a>)</li>
<li><a
href="https://github.com/dangoslen/changelog-enforcer/commit/8c6168bae87d3b52fec532701eefe9853d7eabb7"><code>8c6168b</code></a>
Bump <code>@​actions/core</code> from 1.10.0 to 1.10.1 (<a
href="https://redirect.github.com/dangoslen/changelog-enforcer/issues/274">#274</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dangoslen/changelog-enforcer/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dangoslen/changelog-enforcer&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Akihiro Nitta <[email protected]>

.github/workflows/changelog.yml

@@ -14,6 +14,6 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Enforce changelog entry
-        uses: dangoslen/changelog-enforcer@v2
+        uses: dangoslen/changelog-enforcer@v3
         with:
           skipLabels: 'skip-changelog'

.github/workflows/dependabot-auto-merge.yml

@@ -1,9 +1,9 @@
 name: Dependabot auto-merge
 
 on:  # yamllint disable-line rule:truthy
-  pull_request_target:
-    types:
-      - opened
+  pull_request:
+    branches:
+      - master
 
 permissions:
   contents: write
@@ -14,14 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
-      - name: Enable auto-merge for Dependabot PRs
+      - name: Enable auto-merge
         run: gh pr merge --auto --squash "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
-  auto-approve:
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
-    steps:
-      - uses: hmarr/auto-approve-action@v4
+      - name: Auto-approve
+        uses: hmarr/auto-approve-action@v4