build(deps): Bump tomtom-international/commisery-action from 3 to 4

[dependabot]

Bumps tomtom-international/commisery-action from 3 to 4.

Release notes

Sourced from tomtom-international/commisery-action's releases.

v4.0.0

What's changed

⚠️ Breaking Changes

• bump-metadata output returns stringified JSON with bump metadata

This adds the bump-metadata output to contain relevant information about the bump performed in stringified JSON format, for example:

{
  "bump": {
    "from": "0.7.2",
    "to": "1.0.0",
    "type": "rel"
  },
  "release": {
    "name": "1.0.0",
    "id": 1234567,
    "draft": false,
    "prerelease": false
  },
  "tag": {
    "ref": "refs/tags/1.0.0",
    "name": "1.0.0",
    "sha": "baaaadb0b"
  }
}

This includes several additions:

• GitHub Release metadata: the release property is set in case a GitHub Release is created and contains the relevant metadata related to this release.
• Git Tag metadata: the tag property is set in case we bumped the git tag (which could be true for a GitHub Release) and contains the SHA and ref for the new tag
• Release Type: the bump.type property describes the bump-type performed.

This change is BREAKING as it changes the next-version output for the Semantic Version bump strategy in case GH raises an error upon tag/release creation (now returns an empty output variable)

👷 Other changes

• Checkout master for release flow
• Update release flow to use bump-metadata
• Remove reference to author
• Address security concerns in development dependencies
• Upgrade dependency @​vercel/ncc to 0.38.3
• Upgrade @​octokit/plugin-rest-endpoint-methods to 10.4.0
• Upgrade yaml to 2.8.0
• Upgrade simple-git to 3.27.0
• Upgrade dedent to 1.6.0
• Upgrade commander to 14.0.0
• Upgrade @​octokit/plugin-throttling to 8.2.0
• Upgrade @​octokit/plugin-retry to 6.0.1
• Upgrade @​actions/github to 6.0.1

... (truncated)

Commits

• 2d51cf5 ci: checkout master for release flow
• 44f1868 ci: update release flow to use bump-metadata
• a6e9a33 feat!: bump-metadata output returns stringified JSON with bump metadata
• 2845944 chore: remove reference to author
• 9b9e8f0 chore(security): address security concerns in development dependencies
• b96e038 chore: upgrade dependency @​vercel/ncc to 0.38.3
• a9ae619 chore: upgrade @​octokit/plugin-rest-endpoint-methods to 10.4.0
• 3434d32 chore: upgrade yaml to 2.8.0
• 4e66507 chore: upgrade simple-git to 3.27.0
• ca1b011 chore: upgrade dedent to 1.6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.