diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 1eda4efa..cecd9d5e 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@v10.2.0
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: >
diff --git a/Gemfile.lock b/Gemfile.lock
index 525e2c94..2c39c2ab 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -9,7 +9,7 @@ GIT
 PATH
   remote: .
   specs:
-    github-markup (5.0.1)
+    github-markup (6.0.0)
 
 GEM
   remote: https://rubygems.org/
diff --git a/HISTORY.md b/HISTORY.md
index 745a9c1b..33c1ea2e 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,3 +1,37 @@
+## 6.0.0 - 2026-05-04
+
+### Breaking
+
+* Drop support for Ruby < 3.3 (Ruby 3.1 EOL March 2025, Ruby 3.2 EOL March 2026)
+
+### Security
+
+* Use HTTPS for cpanminus download in CI to prevent MITM attacks [#2050](https://github.com/github/markup/pull/2050)
+* Bump nokogiri to >= 1.19.1 to fix GHSA-wx95-c6cv-8532
+* Harden CI pip install with `--require-hashes --no-deps` [#2048](https://github.com/github/markup/pull/2048)
+* Use HTTPS for RubyGems source URL in Gemfile [#1854](https://github.com/github/markup/pull/1854)
+* Add explicit `contents: read` permissions to CI workflow [#1855](https://github.com/github/markup/pull/1855)
+* Bump rexml from 3.3.0 to 3.3.9 (multiple security fixes)
+
+### Bug Fixes
+
+* Fix RST section ID rendering to iterate all anchors instead of only the first [040f91d](https://github.com/github/markup/commit/040f91d)
+
+### Documentation
+
+* Fix spelling errors in codebase [#1479](https://github.com/github/markup/pull/1479)
+* Fix broken Textile language link in README [#1703](https://github.com/github/markup/pull/1703)
+
+### Infrastructure
+
+* Remove legacy Dockerfile and .dockerignore (Ubuntu Trusty, non-functional) [#2048](https://github.com/github/markup/pull/2048)
+* Update CI test matrix: drop Ruby 3.2, add Ruby 4.0 (now testing 3.3, 3.4, 4.0)
+* Bump nokogiri to 1.19.2, activesupport to 7.2.3.1
+* Bump github-linguist from 7.30.0 to 9.1.0, then to 9.3.0
+* Pin all GitHub Actions to commit SHAs for supply chain hardening
+* Add Dependabot configuration for automated dependency updates
+* Various Dependabot bumps for CI actions (ruby/setup-ruby, actions/checkout, actions/cache, actions/setup-python, actions/stale)
+
 ## 5.0.1 - 2024-06-17
 * Bump activesupport from 4.0 to 7.1.3.4
 
diff --git a/lib/github-markup.rb b/lib/github-markup.rb
index 7c36ad17..bd470da1 100644
--- a/lib/github-markup.rb
+++ b/lib/github-markup.rb
@@ -1,6 +1,6 @@
 module GitHub
   module Markup
-    VERSION = '5.0.1'
+    VERSION = '6.0.0'
     Version = VERSION
   end
 end