v4.1.0

What's Changed

• add Action options for issue-reactions and pr-reactions by @plbstl in #59

Full Changelog: v4.0.0...v4.1.0

v4.0.0

This is a major update focused on making the action's behavior more predictable, adding several new capabilities, and
modernizing the entire codebase for better performance and security.

⚠️ BREAKING CHANGES

• Runtime Upgraded to Node 24: The action now runs on Node 24, requiring self-hosted runners to be on version
  v2.327.1 or later. This improves performance and security.

• Smarter closed Event Handling: The action now comments on a closed issue/PR if it was the user's historically
  first one, even if they have opened others since. The previous logic only triggered if the user's total contribution
  count was exactly 1 at that moment. This change ensures the first contribution's lifecycle is always acknowledged
  correctly.

• New fail-on-error Input: A new input fail-on-error (default: false) allows you to control the action's exit
  behavior. This changes the previous "always fail" behavior, where any error would fail the workflow step. The new
  default is to log the error without failing the CI job.

✨ New Features

• Commit History Awareness: The action now intelligently checks a user's commit history to avoid incorrectly
  greeting existing repository committers or maintainers as new contributors.
• Emoji Reactions: You can now automatically add one or more emoji reactions (e.g., heart, rocket) to the body of
  a first-timer's issue or PR using the new reaction input.

🔧 Internal & DX Improvements

This release includes a major overhaul of the action's internals to improve developer experience, performance, and
long-term maintainability.

• Build System: The project has been migrated from CommonJS to modern ESM with Rollup as the bundler.
• Testing Framework: The entire test suite has been migrated from Jest to Vitest, resulting in faster and more
  efficient tests.
• Dependency Management: All dependencies have been updated and pinned to their latest stable versions for enhanced
  security and deterministic builds.

🧪 Testing & Code Quality

• Exhaustive Tests: Test coverage has been significantly increased with new unit tests for complex edge cases and
  new features.
• Improved Linting: Additional linters have been added to local and CI pipelines to enforce higher code quality
  standards.
• Refactored Test Suite: The tests have been refactored to reduce code duplication and improve clarity.

🛡️ Security & CI

• FOSSA Scanning: The repository now uses FOSSA for automated license and security scanning.
• Hardened Workflows: All GitHub Actions used in the CI/CD pipelines have been updated to their latest versions and
  pinned to specific SHAs.

📚 Documentation

• Rewrote the README for clarity, focusing on a quick and easy first-time user experience.
• Added more examples and a detailed "Security" section covering the safe usage of pull_request_target.

Full Changelog: v3.1.0...v4.0.0

v3.0.0

What's Changed

⚠️ BREAKING

• take into account whether the author only has opened issues and PRs by @plbstl in #10

Other Changes

• update plbstl/first-contribution version in readme by @plbstl in #7
• improve tests by @plbstl in #11
• add usage notes in readme by @plbstl in #12
• allow the issue or pull request author to be referenced in the msg inputs by @plbstl in #14

Full Changelog: v2...v3.0.0

v2.0.0

What's Changed

⚠️ BREAKING

• Change the implementation for checking whether a user is a first contributor by @plbstl in #6

Other Changes

• Bump the npm-development group with 3 updates by @dependabot in #1
• update acceptable messageInputs by @plbstl in #2
• rename getActionInputsSpyMock to getActionInputsSpy by @plbstl in #3
• update readme docs by @plbstl in #4

New Contributors

• @dependabot made their first contribution in #1
• @plbstl made their first contribution in #2

Full Changelog: v1...v2.0.0

v1

First Release

Automatically respond to a user's first contribution to your repository.

Full Changelog: v1.0.0...v1