Bump mindsers/changelog-reader-action from 2 to 2.2.3 in /.github/workflows in the github-actions group

[dependabot]

Bumps the github-actions group in /.github/workflows with 1 update: mindsers/changelog-reader-action.

Updates mindsers/changelog-reader-action from 2 to 2.2.3

Release notes

Sourced from mindsers/changelog-reader-action's releases.

v2.2.3

Fixed

• Upgrade dependencies to solve deprecation issues.
• Use node v20
• Remove useless empty line between links in the body of a version

v2.2.2

Fixed

• Upgrade dependencies to solve deprecation issues.

v2.2.1

Fixed

• Change node engine for a non-deprecated version.

v2.2.0

Changed

• Allow more section types into prerelease versions. #67

Fixed

• Change the links' syntax to make them correctly recognized by GitHub.

v2.1.1

Fixed

• The action was returning empty data since the last version. Now correctly returns selected entries data.

New linting capabilities

Added

• Introduced changelog validation to help keep the release version in line with Semantic Versioning
• New input param of validation_level and validation_depth to allow for configuration of changelog validation.
• Support Angular CHANGELOG format. (Doesn't force title emphasis)

Changed

• The project now implement the All Contributors. This is not a change in the code but a change in how the projet recognize the external contributions.

Fixed

• Retrieve links (external to the entry) and add them back in the related entry.

Changelog

Sourced from mindsers/changelog-reader-action's changelog.

[2.4.0] - 2026-05-20

Added

• New changes_file output: a path to a temporary file containing the matched entry's text, for tools that consume release notes as a file (goreleaser, gh release create --notes-file, etc.). Resolves #68.
• New version_scheme input (semver default, or pep440) enabling extraction and validation of Python PEP 440 version identifiers like 0.1.0a1. Resolves #38.

Security

• Harden the reference-link parsing regex against catastrophic backtracking (CodeQL js/redos). The previous pattern had a . character in two overlapping character classes; a hostile CHANGELOG line could in principle trigger exponential matching time. The fix tightens the label character class without changing the regex's accepted inputs.

[2.3.0] - 2026-05-19

Changed

• Use Node 24 as the action runtime.
• Refactor the internal entry, validation, and pipeline modules for type safety and easier maintenance. No change in observable behavior for action consumers.
• Modernize the bundled runtime dependencies: @actions/core 1.x → 2.x and the YAML parser 1.x → 2.x. The action's input/output contract is unchanged.

Fixed

• Declare semver as a runtime dependency instead of a dev dependency.
• Stop dumping the full CHANGELOG content to debug logs when parsing entries and links.
• Detect the Unreleased heading case-insensitively when picking the most recent released entry.
• Warn (instead of silently degrading) when validation_level or validation_depth inputs are invalid; fall back to safe defaults.
• Warn (instead of silently using an empty config) when an explicit config_file does not exist.
• Validate the shape of YAML/JSON config files; warn on per-field type mismatches and reject non-object roots.
• Recognize bare ## Unreleased headings in addition to the bracketed ## [Unreleased] form.

[2.2.3] - 2024-03-10

Fixed

• Upgrade dependencies to solve deprecation issues.
• Use node v20
• Remove useless empty line between links in the body of a version

[2.2.2] - 2022-11-23

Fixed

• Upgrade dependencies to solve deprecation issues.

[2.2.1] - 2022-11-10

Fixed

• Change node engine for a non-deprecated version.

[2.2.0] - 2022-09-01

... (truncated)

Commits

• 32aa5b4 Version bump to 2.2.3
• d80ff88 Rebuild the project
• 3749b1e Fix package command for node v20
• ebbb2a5 Fix tests on addLinks method
• 64ff230 Upgrade deps
• 1d532b4 Merge pull request #81 from mrks115/patch-1
• cc042cc dependencies: bump node to v20
• d8f4048 Merge branch 'develop'
• b97ce03 version bumnp
• fcfc4fe Complete rebuild and reinstall of dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions