Version updated for https://github.com/kewang/spek to version v1.3.1. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. What’s Changed Fix: a fresh clone now starts cleanly with npm install && npm run dev — @spek/core resolves to its gitignored dist/ build, which neither install nor dev used to produce, so the Express API failed with ERR_MODULE_NOT_FOUND and Vite failed to resolve @spek/core/headings. npm install now compiles @spek/core (new prepare script) and the root dev script rebuilds it before launching (#2)

Version updated for https://github.com/kjanat/runner to version v0.12.1. This action is used across all versions by 3 repositories. Action Type This is a Node action using Node version 24. Go to the GitHub Marketplace to find the latest changes. What’s Changed Added pyproject.toml [project.scripts] entry points (PEP 621 console scripts) are now extracted as runnable tasks for Python projects. They surface under the pyproject.toml source in runner list (with the entry-point target shown as the description) and dispatch via the detected Python package manager’s run subcommand — uv run <name>, poetry run <name>, or pipenv run <name>. Previously a uv/poetry project’s declared scripts were invisible to runner, which detected the package manager but listed no tasks. AUR distribution channel. Two packages on the Arch User Repository: runner-run-bin (prebuilt binaries for x86_64, aarch64, armv7h) and runner-run (source build for x86_64, aarch64). -bin provides/conflicts runner-run, so install whichever you prefer — https://aur.archlinux.org/packages/runner-run-bin and https://aur.archlinux.org/packages/runner-run. Shell completions shipped by both AUR packages and auto-loaded from the canonical system dirs: bash at /usr/share/bash-completion/completions/{runner,run}, zsh at /usr/share/zsh/site-functions/{_runner,_run}, fish at /usr/share/fish/vendor_completions.d/{runner,run}.fish. PowerShell on Linux has no autoload convention, so the pwsh script is installed at /usr/share/runner/runner.ps1 for users to dot-source from their $PROFILE. Completions are clap-dynamic — the shell shells out to the binary for candidates, so tab-completing in a project picks up the current task list from package.json / turbo.json / Justfile / etc., not a static snapshot. .github/workflows/aur-release.yml publishes both packages on every release: published event (with manual workflow_dispatch + dry-run for validation). Gated behind a dedicated aur GitHub Environment so the AUR_SSH_PRIVATE_KEY secret is only readable from that job. Per-pkg concurrency: group serializes manual + automatic triggers for the same package without blocking the other matrix leg. .github/scripts/publish/aur-prepare.sh rewrites pkgver/pkgrel in the checked-in PKGBUILDs and, for the -bin package, injects per-arch sha256sums_* read directly from the release’s published .sha256 companion assets (avoids the updpkgsums host-arch-only limitation). Strict semver regex on the version input refuses anything containing &, /, \, or newlines before any sed runs. Man pages for runner, run, and each subcommand. Rendered from the clap command tree by a man subcommand gated behind the man feature (off by default — never in the shipped binary, never committed) and shipped by every channel: crates.io (in the published crate), npm (facade man field), both AUR packages (/usr/share/man/man1/), and a runner-<tag>-man.tar.gz GitHub release asset that install.sh and runner-run-bin pull from. man runner / man run work everywhere. Security All third-party uses: in crates-release.yml, npm-release.yml, and release.yml pinned to commit SHAs (with a # vN trailing comment for readability), so an upstream tag rewrite or account-takeover cannot silently swap in a different action build. persist-credentials: false added to every actions/checkout step in release.yml, so GITHUB_TOKEN is not persisted into git config. Release verification no longer saves Rust caches from pull request runs, preventing untrusted PRs from persisting cache contents. Fixed runner list, runner run, and runner why now find pyproject.toml scripts and Python package-manager signals from nested directories (bounded by the containing VCS root), so running from src/ inside a uv/poetry/pipenv project still surfaces and dispatches [project.scripts] tasks. runner why now reports Python package-manager resolution for pyproject.toml tasks, including --pm and [pm].python overrides, matching the actual runner run dispatch path. runner list --source invalid-label help now includes pyproject.toml in the accepted source list. Restore the multiple_crate_versions Clippy allow so CI accepts the current unavoidable duplicate transitive crate versions while keeping the broader clippy::cargo deny group enabled. Hide the feature-only runner man generator from shipped runner.1 output, so installed man pages no longer document an unavailable subcommand. What’s Changed feat(aur): publish runner-run + runner-run-bin with shell completions by @kjanat in https://github.com/kjanat/runner/pull/35 docs: document AUR install channel in README, site, and changelog by @kjanat in https://github.com/kjanat/runner/pull/36 Man pages: render from the CLI, ship on every channel by @kjanat in https://github.com/kjanat/runner/pull/37 Surface pyproject.toml [project.scripts] as runnable tasks by @kjanat in https://github.com/kjanat/runner/pull/39 Full Changelog: https://github.com/kjanat/runner/compare/v0.12.0...v0.12.1

Version updated for https://github.com/kodiii/ctxloom-pr-bot to version v1.7.10. This action is used across all versions by 1 repositories. Action Type This is a Docker action. Go to the GitHub Marketplace to find the latest changes. What’s Changed Auto-generated release for ctxloom-pr-bot v1.7.10. Source: https://github.com/kodiii/ctxloom/releases/tag/v1.7.10

Version updated for https://github.com/lineaje-actions/lineaje-actions to version v1.6.0. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. What’s Changed Newer py and java versions supported

Version updated for https://github.com/Orace/ccsbuild to version v0.5. This action is used across all versions by ? repositories. Action Type This is a Docker action. Go to the GitHub Marketplace to find the latest changes. What’s Changed Upgrade CCS version to v20.5.1

Version updated for https://github.com/pascal-lab/setup-ossutil to version v1.0.0. This action is used across all versions by 1 repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. What’s Changed Add setup ossutil action (99670c5) Initial commit (8ddbd1b)

Version updated for https://github.com/ranarn/release-pilot to version v1.0.7. This action is used across all versions by 2 repositories. Action Type This is a Node action using Node version 24. Go to the GitHub Marketplace to find the latest changes. What’s Changed What’s Changed build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/14 build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/15 build(deps): bump actions/stale from 10.2.0 to 10.3.0 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/16 build(deps-dev): bump @vitest/coverage-v8 from 4.1.6 to 4.1.7 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/17 build(deps): bump semver from 7.8.0 to 7.8.1 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/18 build(deps-dev): bump vitest from 4.1.6 to 4.1.7 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/19 build(deps-dev): bump @types/node from 25.7.0 to 25.9.1 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/20 ci: move dist/ auto-commit to PR branch instead of main by @ranarn in https://github.com/ranarn/release-pilot/pull/21 build(deps-dev): bump vitest from 4.1.7 to 4.1.8 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/22 build(deps-dev): bump @biomejs/biome from 2.4.15 to 2.4.16 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/24 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/25 build(deps): bump github/codeql-action from 4.36.0 to 4.36.1 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/26 Full Changelog: https://github.com/ranarn/release-pilot/compare/v1.0.6...v1.0.7

Version updated for https://github.com/RivetaLabs/shipgrade to version v0.1.1. This action is used across all versions by 0 repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. What’s Changed This release prepares shipgrade for the GitHub Marketplace and adds the first real-world proof gallery. No new probe, OWASP category, or rule pack; the v1 scope is unchanged. shipgrade is an automated heuristic audit, not a certification, a security guarantee, or a legal or compliance sign-off.

Version updated for https://github.com/SabinGhost19/security-scan-attestorAction to version v1.0.1. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. What’s Changed 1.0.1 (2026-06-03) Bug Fixes action: shorten description to <125 chars for Marketplace (e1ac936)

Version updated for https://github.com/SalmonPlays/oss-signal to version v0.6.4. This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 20. Go to the GitHub Marketplace to find the latest changes. What’s Changed oss-signal v0.6.4 oss-signal v0.6.4 publishes the OSS Maintainer Signal brand refresh. Changes Adds a README banner, icon, and GitHub social preview assets. Adds docs/brand.md with recommended GitHub repository description, topics, and UI asset guidance. Updates the npm package description and keywords to better reflect maintainer-readiness, GitHub Action, SARIF, and inventory workflows. Updates the GitHub Action metadata description and branding icon. Verification npm run check npm publish --dry-run