July 2, 2026
Velda Run job
Version updated for https://github.com/velda-io/action to version v0.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release
July 2, 2026
install spaces
Version updated for https://github.com/work-spaces/install-spaces to version v0.17.1.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.1 by @tyler-gilbert in https://github.com/work-spaces/install-spaces/pull/32 Full Changelog: https://github.com/work-spaces/install-spaces/compare/v0.16.0...v0.17.1
July 2, 2026
Run PHP Scoper
Version updated for https://github.com/WPTechnix/run-php-scoper to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v1.0.0 Initial release of the PHP-Scoper Action, a composite GitHub Action for scoping PHP project dependencies using humbug/php-scoper.
What’s Included PHP version selection: Choose any PHP version using php-version (default: 8.2).
Flexible PHP-Scoper versions: Use a specific release tag, version constraint, or branch with scoper-version.
July 1, 2026
ansede-static
Version updated for https://github.com/mattybellx/Ansede to version v5.2.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed [5.0.0] — 2026-06-27 Added Rust Pattern Engine — Native regex matching via PyO3 (ansede_rust_core), 3.6x faster on large files with graceful Python fallback Java Tree-Sitter AST Analyzer (java_ast_analyzer.py) — Replaces regex heuristics with accurate AST parsing. 9 checkers: CWE-89, CWE-78, CWE-328, CWE-918, CWE-601, CWE-79, CWE-798, CWE-22, CWE-862 4 New Detectors: CWE-942 (CORS wildcard), CWE-94 (Jinja2 SSTI), CWE-362 (TOCTOU), CWE-862 (Spring Actuator) Precision Benchmark Harness (benchmarks/precision_benchmark.py) — Multi-language, multi-repo precision tracking with per-CWE heatmaps is_framework_internal() context filter — Suppresses findings in framework/library internals (Flask src/, Express lib/) 21-repo scale proof — Validated across 7 languages with 99%+ precision on clean code Changed — Precision (99.4% FP Reduction) Calibration: Removed bare method names (exec, query, execute, raw) from callee sets to prevent Mongoose/ORM false positives Calibration: JS-023 regex anchored with (?<!\.) to prevent Browserify .require() false positives Calibration: Extended ambiguous callee guard to resolve/join for path traversal Calibration: JS-018 __proto__:null now recognized as defensive pattern, not prototype pollution Calibration: Java write() XSS check requires HTTP response receiver, not JSON writer Calibration: 9 CVE benchmark severity thresholds corrected (MEDIUM→MEDIUM, not HIGH) Calibration: CWE-295, CWE-502, CWE-532 added to test-file noise filter Changed — Performance (96% Faster) AST walk cache: Pre-computed per-function node lists shared across all 49 Python rules _rule_24 fix: Module-level AST walk moved outside per-function loop (20x → 1x) Lazy symbolic guards: Skip when no findings or conditionals present Lazy datascience rules: Skip for files without DS imports Java regex→AST: Always uses tree-sitter when available, eliminating regex overhead Fixed Windows path handling: \tests\, \examples\, \docs\ backslash patterns in triage filters Empty CWE display: PY-003 assigned CWE-252, PY-044 assigned CWE-1120 Test-file CWE-98 suppression: Dynamic require in test files correctly filtered CVE Recall: 92.7%→100% (164/164 across 5 languages) What’s New Since v4.1.0 100% CVE recall (164/164) — every known vulnerability detected 99.4% FP reduction on 5 clean repos (535→3 findings) 86% FP reduction on 21 repos across 7 languages 96% faster Python scanning (2,600→5,100 LOC/s) 3.6x faster JavaScript pattern matching via Rust engine Java AST analyzer replaces regex, PetClinic: 38→0 findings
July 1, 2026
Claude Ralph Loop
Version updated for https://github.com/mdelapenya/claude-ralph-github-action to version v0.8.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changes feat: wrap claude execution in Docker sbx sandbox @mdelapenya (#95) Contributors @mdelapenya
July 1, 2026
FHIR Validator
Version updated for https://github.com/medvertical/records-fhir-validator to version validator-v0.4.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed npm tarball release for @records-fhir/validator@0.4.1. Synced from medvertical/records monorepo.
Install npm install @records-fhir/validator@0.4.1 What’s new in 0.4.1 Patch release for the standalone validator evidence lanes and MII reference workflow. Released with @records-fhir/validation-types 0.1.5.
Added Added validator claim summary generation for publishing the current HL7, MII reference, and FHIR Schema dual-path evidence in one machine-readable artifact. Added FHIR Schema dual-path action reporting so unconfirmed graph/reference buckets remain explicit follow-up work instead of hidden parity debt. Added package-backed terminology diagnostics and local terminology server helpers for deterministic MII/FHIR Schema quality lanes. Changed Hardened the MII reference triangulation workflow with reference-health probes, policy-rule extraction, skip taxonomy, and failed-profile prewarm details. Refreshed the public validator documentation around the 2026-07-01 evidence: 496/496 HL7 executable JSON comparisons, 231/231 measured MII reference parity, and 555-fixture FHIR Schema dual-path coverage. Tightened FHIR Schema graph slicing, reference-target extraction, and pattern diagnostics while keeping the graph path in parallel evidence mode. Fixed Fixed MII package relevance detection so package names containing substrings such as isik are not misclassified as Gematik ISiK packages. Fixed nested profile slice scoping and choice/FHIRPath edge cases uncovered by the MII and FHIR Schema dual-path lanes. Verification Verified with repository lint, stable tests, targeted validator Vitest suites, full affected conformance, MII reference gate, HL7 parity gate, and FHIR Schema dual-path report generation. Matched npm tarballs @records-fhir/validator@0.4.1 — also tagged validator-v0.4.1 @records-fhir/validation-types@0.1.5 The matching GitHub Action release (if any) is published separately under tag v0.4.1 and is not auto-synced; this release covers the npm package only.
July 1, 2026
Agent Security Harness
Version updated for https://github.com/msaleme/red-team-blue-team-agent-fabric to version v4.7.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The harness now tests all four layers of the agentic-payments stack. Since the last PyPI release (v4.5.0), two conformance layers landed — this release ships both.
Highlights (v4.5.0 → v4.7.0: 474 → 520 tests, 33 → 36 modules) Merchant-journey layer — NEW (UCP/ACP), #228 ucp_acp_harness.py — 12 tests, stdlib-only, fail-closed reference verifier.
July 1, 2026
PatchFlow Security Scan
Version updated for https://github.com/Patchflow-security/patchflow-cli to version v0.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
July 1, 2026
Create and Configure Repository
Version updated for https://github.com/pdrodavi-group/create-configured-repo to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/pdrodavi-group/create-configured-repo/commits/v1.0.0
July 1, 2026
SkillTotal AI Component Security Scan
Version updated for https://github.com/pezhik/skilltotal to version v0.24.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changed Prompt-injection/secret precision (ruleset 25): two more FPs on defensive/security content closed, recall-preserving. (1) A -----BEGIN PRIVATE KEY----- format marker held as a string constant (auth code building a PEM, e.g. @ai-sdk/google-vertex) no longer flags ST-SECRET-EMBEDDED — the pattern now requires actual base64 key material after the marker; a real multi-line key still fires. (2) A credential path cited inside a markdown inline-code span in a security guide (`write to ~/.ssh`, e.g. claude-blog) is routed to needs_review instead of ST-SENS-PATH — scoped to markdown, so a JS template literal in code and a bare path in prose still fire. Both removed spurious ST-COMBO-EXFIL escalations. New unit tests + negative corpus samples; FP floor and benign corpus stay at zero.