chore(deps): update googleapis/release-please-action action to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
googleapis/release-please-action	action	major	v4.4.1 → v5

---

Release Notes

googleapis/release-please-action (googleapis/release-please-action)

v5

Compare Source

v5.0

Compare Source

v5.0.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Claude finished @renovate[bot]'s task in 1m 34s —— View job

---

Code Review

• Gather context
• Read workflow file and diff
• Check for breaking changes in v5
• Post review findings

---

Summary

This is a straightforward major-version bump of googleapis/release-please-action from v4.4.1 → v5.0. CI passes. The change is a single line in .github/workflows/release.yml.

Diff Analysis

-uses: googleapis/release-please-action@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 # v4.4.1
+uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0

Good practices observed:

• SHA pinning is used (@<commit-hash>), not a mutable tag like @v5. This is the correct approach for supply-chain security.
• The comment # v5.0 makes the pinned version human-readable.

Compatibility Assessment

The repo uses file-based configuration (no with: inputs on the action step), which is the recommended approach and carries the least migration risk:

• release-please-config.json — uses standard go release type with no v5-incompatible options
• .release-please-manifest.json — standard single-package manifest ("." : "1.0.0")

This config-file-driven setup should be forward-compatible with v5, which continues to support the same manifest/config schema.

v5 Notable Changes

The release-please-action v5 release notes are sparse (the PR body's compare links point to the same commit, showing an empty diff in their changelog). Based on v5.0.0, the primary change is a Node.js runtime upgrade from Node 16 → Node 20. There are no known breaking changes to the configuration schema used here.

Workflow Permissions

The existing permissions block is appropriate:

permissions:
  contents: write       # needed by release-please to create/update PRs and tags
  pull-requests: write  # needed by release-please to open release PRs
  id-token: write       # used by cli/gh-extension-precompile (attestations)
  attestations: write   # used by cli/gh-extension-precompile

No permission changes are needed for v5.

CI Status

Check	Result
CI	✓ passed
Auto-assign PR	✓ passed

Verdict

Safe to merge. This is a low-risk routine dependency update. The only real-world validation will happen on the next push to main that triggers the release workflow — the change is not testable in CI on a PR branch since the release workflow only runs on main.

[claude]

Claude finished @renovate[bot]'s task in 46s —— View job

---

Code Review

• Read changed file
• Check for breaking changes in v5
• Post review findings

---

Summary

Single-line bump of googleapis/release-please-action from v4.4.1 → v5 in .github/workflows/release.yml. Safe to merge.

Diff

-uses: googleapis/release-please-action@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 # v4.4.1
+uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5

Good practices observed:

• SHA pinning is used — @<commit-hash> rather than a mutable @v5 tag. Correct approach for supply-chain security.
• Human-readable # v5 comment is preserved alongside the hash.

Compatibility Assessment

The repo's release-please configuration is minimal and standard:

• release-please-config.json — go release type, single package at ., no v5-incompatible options
• .release-please-manifest.json — single-package manifest at "." : "1.0.0"

This config-file-driven setup is forward-compatible with v5, which retains the same manifest/config schema.

v5 Notable Changes

The primary change in v5.0.0 is a Node.js runtime upgrade from Node 16 → Node 20. There are no breaking changes to the configuration schema used by this repo. No with: inputs are used on the action step, which further reduces migration risk.

Existing Permissions

permissions:
  contents: write       # needed by release-please to create/update PRs and tags
  pull-requests: write  # needed by release-please to open release PRs
  id-token: write       # used by cli/gh-extension-precompile (attestations)
  attestations: write   # used by cli/gh-extension-precompile

No permission changes are needed for v5.

CI Status

CI is currently in progress. The previous run on this PR passed all checks. The release workflow itself only triggers on main, so actual validation of this change will occur on the next main push.

Verdict

Safe to merge. Low-risk routine dependency update. No issues found.