chore(deps): bump the dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the dependencies group with 2 updates in the / directory: Songmu/tagpr and goreleaser/goreleaser-action.

Updates Songmu/tagpr from 1.18.3 to 1.19.0

Release notes

Sourced from Songmu/tagpr's releases.

v1.19.0

What's Changed

• build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 by @​dependabot[bot] in Songmu/tagpr#349
• build(deps): bump Songmu/tagpr from 1.18.2 to 1.18.3 by @​dependabot[bot] in Songmu/tagpr#348
• feat: support Cargo.toml as a version file for Rust projects by @​gfx in Songmu/tagpr#350

New Contributors

• @​gfx made their first contribution in Songmu/tagpr#350

Full Changelog: Songmu/tagpr@v1.18.3...v1.19.0

Changelog

Sourced from Songmu/tagpr's changelog.

Changelog

v1.19.0 - 2026-05-09

• build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 by @​dependabot[bot] in Songmu/tagpr#349
• build(deps): bump Songmu/tagpr from 1.18.2 to 1.18.3 by @​dependabot[bot] in Songmu/tagpr#348
• feat: support Cargo.toml as a version file for Rust projects by @​gfx in Songmu/tagpr#350

v1.18.3 - 2026-04-17

• Fix previous tag detection after switching from semver to calver by @​katutoshi in Songmu/tagpr#342
• build(deps): bump Songmu/tagpr from 1.17.1 to 1.18.2 by @​dependabot[bot] in Songmu/tagpr#343
• build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @​dependabot[bot] in Songmu/tagpr#344

v1.18.2 - 2026-04-12

• fix: respect version labels in monorepo using --first-parent by @​Ito-Ryu in Songmu/tagpr#340

v1.18.1 - 2026-04-05

• Clear PR Base before Edit to avoid duplicate synchronize webhooks by @​178inaba in Songmu/tagpr#336

v1.18.0 - 2026-04-05

• build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in Songmu/tagpr#322
• build(deps): bump Songmu/tagpr from 1.17.0 to 1.17.1 by @​dependabot[bot] in Songmu/tagpr#323
• build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 by @​dependabot[bot] in Songmu/tagpr#325
• build(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @​dependabot[bot] in Songmu/tagpr#327
• Add retry to latestPullRequest for commit-to-PR index race condition by @​babarot in Songmu/tagpr#333
• fix: CalVer not working correctly with zero-padded formats (fixes #320) by @​oharo3109 in Songmu/tagpr#321
• Ignore labels from Dependabot PRs in version determination by @​Songmu in Songmu/tagpr#334
• build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in Songmu/tagpr#331
• build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 by @​dependabot[bot] in Songmu/tagpr#332

v1.17.1 - 2026-02-25

• add gh2changelog/LICENSE by @​Songmu in Songmu/tagpr#313
• Fix PR description including already shipped PRs when using fixedMajorVersion by @​Konboi in Songmu/tagpr#317
• build(deps): bump Songmu/tagpr from 1.15.0 to 1.17.0 by @​dependabot[bot] in Songmu/tagpr#316
• update google/go-github from v82 to v83 by @​Songmu in Songmu/tagpr#319

v1.17.0 - 2026-02-14

• Add fixedMajorVersion option for multiple major version support by @​Konboi in Songmu/tagpr#296

v1.16.0 - 2026-02-14

• docs: improve README for labels and env vars by @​tokuhirom in Songmu/tagpr#300
• Use scoped release yaml path in github releases by @​wreulicke in Songmu/tagpr#304
• fix: latestSemverTag returns empty for zero-padded calver tags by @​k1LoW in Songmu/tagpr#303
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in Songmu/tagpr#305
• build(deps): bump github.com/Songmu/gitconfig from 0.2.1 to 0.2.2 by @​dependabot[bot] in Songmu/tagpr#299
• Migrate gh2changelog to monorepo as local submodule by @​Copilot in Songmu/tagpr#307
• Fix: validate tagPrefix in isTagPR for monorepo isolation by @​Copilot in Songmu/tagpr#311

v1.15.0 - 2026-02-01

• feat: allow tagpr.calendarVersioning to accept format string directly by @​k1LoW in Songmu/tagpr#295

... (truncated)

Commits

• 555e72c Merge pull request #351 from Songmu/tagpr-from-v1.18.3
• 50c6546 [tagpr] update CHANGELOG.md
• 803dccb [tagpr] prepare for the next release
• 4f07f84 Merge pull request #350 from gfx/gfx/cargo_toml
• 743eafb Merge pull request #348 from Songmu/dependabot/github_actions/Songmu/tagpr-1....
• 28dd9f5 Merge pull request #349 from Songmu/dependabot/go_modules/github.com/Mastermi...
• a0886ac Support Cargo.toml as a version file for Rust projects
• bb0b2b8 build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0
• 9b542d7 build(deps): bump Songmu/tagpr from 1.18.2 to 1.18.3
• See full diff in compare view

Updates goreleaser/goreleaser-action from 7.2.1 to 7.2.2

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.2

What's Changed

• ci(deps): bump the actions group with 3 updates by @​dependabot[bot] in goreleaser/goreleaser-action#560
• fix: nightly resolution to select newest published release by @​Copilot in goreleaser/goreleaser-action#562

New Contributors

• @​Copilot made their first contribution in goreleaser/goreleaser-action#562

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.2

Commits

• 5daf1e9 fix: nightly resolution to select newest published release (#562)
• 5cc7ebb ci: update actions
• 702f5f9 ci(deps): bump the actions group with 3 updates (#560)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Code Metrics Report

	main (f2143fb)	#193 (d6135a4)	+/-
Coverage	38.8%	38.8%	0.0%
Code to Test Ratio	1:2.2	1:2.2	0.0
Test Execution Time	16s	18s	+2s

Details

  |                     | main (f2143fb) | #193 (d6135a4) | +/-  |
  |---------------------|----------------|----------------|------|
  | Coverage            |          38.8% |          38.8% | 0.0% |
  |   Files             |             13 |             13 |    0 |
  |   Lines             |           1186 |           1186 |    0 |
  |   Covered           |            461 |            461 |    0 |
  | Code to Test Ratio  |          1:2.2 |          1:2.2 |  0.0 |
  |   Code              |           2505 |           2505 |    0 |
  |   Test              |           5714 |           5714 |    0 |
- | Test Execution Time |            16s |            18s |  +2s |

---

Reported by octocov