Below you will find pages that utilize the taxonomy term “GitHub Actions”
July 4, 2026
Send Email with MailKite
Version updated for https://github.com/mailkite/send-email-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Send email with MailKite from any workflow. See README for inputs + the inbound→repository_dispatch recipe.
July 4, 2026
Quorum consensus security scan
Version updated for https://github.com/Martinez1991/quorum-sec-scan to version v0.8.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog bf624853a310007127d7223e7f1c1952186b028f: Merge pull request #60 from Martinez1991/feat/action-advice-inputs (@Martinez1991) 1723f878b86eaab1925a57820f79ce9160b8ee96: feat(action): expose the advisory layer (–advice / AI / –fix) as inputs (@Martinez1991)
July 4, 2026
Docker Swarm Deployment Action
Version updated for https://github.com/matchory/docker-swarm-deployment-action to version v1.2.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix: re-enable YAML merge keys dropped by js-yaml v5 by @Radiergummi in https://github.com/matchory/docker-swarm-deployment-action/pull/152 feat: active Compose → Swarm reconciliation by @Radiergummi in https://github.com/matchory/docker-swarm-deployment-action/pull/153 Full Changelog: https://github.com/matchory/docker-swarm-deployment-action/compare/v1.1...v1.2.0
July 4, 2026
ansede-static
Version updated for https://github.com/mattybellx/Ansede to version v5.5.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed [5.5.0] — 2026-07-03 Added Runtime framework-root detection (_detect_framework_root) — auto-detects framework/library repos from package metadata, enabling noise suppression on arbitrary cloned repos (not just known benchmark paths) Test-file noise policy (_is_test_file, _TEST_FILE_NOISE_RULES) — suppresses CWE-798/327/338 findings in test fixtures, examples, and demos Expanded framework-internal path markers — 60+ new patterns covering cloned campaign repos (py-flask/, js-express/, etc.) and installed packages Confidence downgrading for non-exempt framework-internal findings (0.5 cap) and test-file findings (0.6 cap) Changed rich moved to production dependencies — declared explicitly in pyproject.toml; guardrails updated to 10MB limit with rich allowlist CWE-617 severity: high → medium (error-handling, not direct exploit) CWE-532 severity: high → medium (information leak) README precision claims — replaced “0.4% FP rate” with honest “36-58% precision on web apps” Test count badge: 1,207 → 1,234 Fixed Framework noise suppression now works on cloned repos — previously only matched specific benchmark directory names; now catches py-flask/, js-express/, and 30+ common clone patterns FrameworkFingerprint made mutable — inspect_ast_node() and verify_endpoint_protection() can now set detected_framework at runtime verify_endpoint_protection checks default values — FastAPI = Depends(...) pattern (default value, not annotation) now detected Engineering Spec Compliance Phase 1.3: Dependency declaration (rich as prod dep) Phase 1.4: mypy --strict added to CI Phase 2.2: register_symbol, resolve_call, propagate_taint_cross_file in interprocedural.py Phase 2.3: FrameworkFingerprint.inspect_ast_node + verify_endpoint_protection Phase 2.4: Rule severity recalibration Phase 3.1: generate_remediation_snippet with 6 code-fix templates Phase 3.4: ProcessPoolExecutor parallel analysis Phase 3.5: safe_parse_target with 3-encoding fallback Phase 4.1: docs/rules/index.md rule catalog Phase 4.2: rules/custom_checks.yaml blueprint Phase 4.3: filter_findings_by_git_diff PR isolation
July 4, 2026
Synaptic PR Review
Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.2.7.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.2.7 Fix: summary comment now updates in-place on re-review instead of duplicating (post_inline.py) Fix: new delete_issue_comment() helper for cleaning up stale OpenCode-created comments ( eview_context.py)
July 4, 2026
ModelBound Skill Check
Version updated for https://github.com/ModelBound/skill-check-action to version v1.1.4.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed GitHub Action that lints, trust-scores, and estimates token savings for agent skill files on every pull request via ModelBound.co context management tools.
July 4, 2026
Run AER Tests
Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.7.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.7
Fix Resolving Class Names Shadowed By Local Variables
July 4, 2026
PatchFlow Security Scan
Version updated for https://github.com/Patchflow-security/patchflow-cli to version v0.1.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed PatchFlow CLI v0.1.3 Benchmark Results (v1.0) 18 intentionally vulnerable repos: 100% recall, 918K LOC, 19 CWE categories 5 historical CVE repos: 100% recall, 387K LOC 10 clean repos: 0.094 HC/KLOC, 720K LOC See Benchmark Report v1.0 for details.
July 4, 2026
Setup xdrun
Version updated for https://github.com/phillarmonic/setup-drun to version v2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Drun v2
July 4, 2026
Polygraph MCP gate
Version updated for https://github.com/polygraphso/litmus to version litmus-v0.26.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The lookup tools now attribute the calling agent — and the release pipeline publishes the MCP-registry listing automatically.
Client identity on lookups (#91): check_server, list_servers, and request_grade send the connected client’s handshake identity (name/version plus declared title, website, description, and capability keys such as sampling/roots) to polygraph.so’s aggregate per-agent usage counters. Software metadata only — nothing about the user is read or sent; all fields are optional server-side. Official MCP Registry auto-publish (#93): pushing a litmus-v* tag now also publishes server.json to registry.modelcontextprotocol.io via GitHub OIDC, with a fail-fast version-drift check. polygraph plugin 0.6.0: spawn pinned to this release (#92). No grading-semantics changes: litmus-v12 / litmus-skill-v2 unchanged.
July 4, 2026
Generate Roq Site
Version updated for https://github.com/quarkiverse/quarkus-roq to version 2.1.5.
This action is used across all versions by 75 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Enhance Liquid-to-Qute converter for full Jekyll migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/978 Fix capture blocks in Jekyll converter blocks by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/982 Expand on how to use bundled sass output by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/984 Fix aliases to work with and without trailing slash by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/995 No co-authored by any LLM in commits. by @jtama in https://github.com/quarkiverse/quarkus-roq/pull/1000 Fix svg diagram rendering by @jtama in https://github.com/quarkiverse/quarkus-roq/pull/997 added code block menu language dropdown by @edewit in https://github.com/quarkiverse/quarkus-roq/pull/994 improved navigation by @edewit in https://github.com/quarkiverse/quarkus-roq/pull/990 Add tips on sanisation for Jekyll migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/983 Add utilities for converting Jekyll frontmatter to Roq equivalents by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/998 Hook migration into top-level build and parent by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1004 Bump info.picocli:picocli from 4.7.5 to 4.7.7 by @dependabot[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1010 Trivial formatting - tidy missing line break in root pom by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1012 docs: custom search trigger section to Lunr Search documentation by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1016 ci: Update action versions for Java setup and GitHub Pages configuration by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1015 Add tests specifically checking slug overrides are honoured by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1008 Add minimum Quarkus version requirement to release notes by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1014 Bump org.mvnpm.at.fortawesome:fontawesome-free from 7.2.0 to 7.3.0 by @dependabot[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1017 fix: Enhance image handling for absolute paths in Page model by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1024 fix: handle null collections in getPosts method by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1023 Allow link defaults to be configured globally by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1020 Support deeply nested data directories as grouped CDI beans by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1011 Add list:whereExp filter for Jekyll where_exp migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1021 Evaluate (sort of) conditional directives in asciidoc before yupiik header parsing by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1003 docs: enhance SEO documentation with per-page meta tag configuration by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1025 Honour slug in frontmatter with sneaky path conditional by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1028 docs: add holly-cummins as a contributor for code by @allcontributors[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1032 docs: add myfear as a contributor for code by @allcontributors[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1031 Add :dir placeholder to support slug overrides and nested paths by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1013 Add dir segment placeholders by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1027 Add quarkus-roq-plugin-og-image extension by @myfear in https://github.com/quarkiverse/quarkus-roq/pull/1007 Update Jekyll frontmatter converter for pagination and permalink migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1039 Add linktree theme by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1043 Consistency em FlatMap in review jerome by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1038 Revert og-card plugin to unblock release by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1046 Fix theme:base codestart using default theme content by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1047 Jekyll migration: Add converter to transform _config.yml by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/991 Add medium-zoom for image zoom support by @mcruzdev in https://github.com/quarkiverse/quarkus-roq/pull/910 Introduce hybrid mode as a plugin by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1019 Add qute: false alias, CLI –version, alert styling, and collapsible sections by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1048 Bump current version to 2.1.5 by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1049 New Contributors @myfear made their first contribution in https://github.com/quarkiverse/quarkus-roq/pull/1007 Full Changelog: https://github.com/quarkiverse/quarkus-roq/compare/2.1.4...2.1.5
July 4, 2026
PR Explainer AI
Version updated for https://github.com/rafaeltorresng/pr-explainer-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Understanding is the new bottleneck Generates architectural background and change intuition from the PR diff Builds HTML flow diagrams and a code walkthrough Includes a 5-question interactive quiz for review comprehension Supports OpenRouter with configurable model selection Defaults to deepseek/deepseek-v4-flash How it works:
July 4, 2026
dotenv Seeder
Version updated for https://github.com/scrlkx/dotenv-seeder to version v2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/scrlkx/dotenv-seeder/compare/v1...v2
July 4, 2026
ShipGate-ai
Version updated for https://github.com/ShipGate-ai/ShipGate to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed a bug which restricted allowlisted repos to be not processed as well.
July 4, 2026
Bernstein — Multi-Agent Orchestration
Version updated for https://github.com/sipyourdrink-ltd/bernstein to version v2.14.0.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.14.0 Released 2026-07-04.
Multi-provider orchestration hardening. A large batch of correctness and run-safety fixes for real-codebase runs across mixed providers (Claude, OpenAI, OpenRouter, DeepSeek, MiniMax, Qwen, Gemini), contributed by @shanemmattner and finished to green.
Fixes Stalled-manager watchdog no longer misdiagnoses a healthy manager as an auth failure: a manager doing real root-cause investigation before it POSTs its first child task is no longer killed at a hardcoded deadline, the config override is honored, and the failure record names the real cause. (#2179) Failure classifier stops false-positive-killing healthy workers: bare-substring patterns (413, 429, 401, max_tokens, context window) no longer match structured tool-call log data; detection is anchored to real error shapes. (#2183) Janitor acceptance checks tolerate idiomatic worker paths: path_exists honors explicit globs and an opt-in fuzzy basename fallback, so a run where workers placed correct output at repo-idiomatic paths is not cascaded to a false sev1. (#2186) Injected .claude/skills/bernstein-*.md files are excluded from work-branch commits, so they stop causing a merge conflict on every worker merge. (#2187) Per-call token usage is priced and surfaced on the openai_agents provider path, so budget guards are no longer inert on non-Claude runs. Model pricing matches the most specific key first, so mini and flash variants price at their own rate instead of the parent model rate. strict_json_schema is disabled for non-OpenAI models that reject it, with diagnostic logging. Plus the rest of the 22-fix batch across adapters, tasks, cost, routing, quality, and observability. Features Tunable agent run-length limits: max_turns, an error-budget floor, and max_agent_runtime_s, configurable per run. Internal Pricing table extracted into a dependency-free cost.model_prices leaf so adapters can price a call without reaching scheduler internals; public create_pr API preserved; a diagnostic pre-call log that dumped request headers/body verbatim is now redacted.
July 4, 2026
Docker swarm stack deploy
Version updated for https://github.com/spawnlab-dev/stack-deploy-action to version v1.0.2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed hotfix: deps update and CVE fixes by @pradeepbbl in https://github.com/spawnlab-dev/stack-deploy-action/pull/27 Full Changelog: https://github.com/spawnlab-dev/stack-deploy-action/compare/v1...v1.0.2
July 4, 2026
MS Teams Notification (Adaptive Card)
Version updated for https://github.com/stackdone/ms-teams-notification to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed update (#1) (c033c3d) . (75037b1) fix (ab3960a) add . (2a8c9d9) Initial commit (15c66f4)
July 4, 2026
overllm
Version updated for https://github.com/theadamdanielsson/overllm to version v0.4.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Two deterministic model-hygiene rules.
deprecated-model: flags a model id that’s retired (the call 404s) or deprecated and scheduled for removal, and names the current model to switch to. Exact-match against a known list, so a live model or alias is never flagged. unsupported-params: flags temperature/top_p/top_k set on a model that rejects them — the OpenAI o-series and the newest Anthropic models, where the parameter is a no-op or a 400. Both stay silent when the model isn’t a plain string literal.
July 4, 2026
Expand AWS IAM Wildcards
Version updated for https://github.com/thekbb/expand-aws-iam-wildcards to version v1.2.7.
This action is used across all versions by 1 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/95 deps: bump the npm-dependencies group with 2 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/94 check in codeQL config and workflow by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/98 deps: bump the npm-dependencies group with 6 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/97 ci: bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/96 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/99 deps: bump the npm-dependencies group with 5 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/101 ci: bump codecov/codecov-action from 6.0.0 to 6.0.1 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/100 ci: bump github/codeql-action from 4.35.3 to 4.36.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/102 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/103 deps: bump the npm-dependencies group with 2 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/104 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/105 deps: bump the npm-dependencies group with 5 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/108 ci: bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/107 ci: bump github/codeql-action from 4.36.0 to 4.36.2 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/109 ci: bump codecov/codecov-action from 6.0.1 to 7.0.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/106 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/110 deps: bump the npm-dependencies group with 4 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/111 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/112 fix release workflow sequencing by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/113 ci: bump actions/checkout from 6.0.3 to 7.0.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/114 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/115 make release orchestration deterministic by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/116 Document release preflight checks by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/117 add 0th cut of release shell script by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/118 prep for v1.2.7 by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/119 reset versions to re-test release script by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/120 Prepare v1.2.7 release by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/121 Full Changelog: https://github.com/thekbb/expand-aws-iam-wildcards/compare/v1...v1.2.7
July 4, 2026
MIU PR Review
Version updated for https://github.com/vanducng/miu-cr to version v0.85.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.85.1 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.85.1 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.85.1 GitHub Action:
July 4, 2026
install spaces
Version updated for https://github.com/work-spaces/install-spaces to version v0.17.2.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.2 by @tyler-gilbert in https://github.com/work-spaces/install-spaces/pull/33 Full Changelog: https://github.com/work-spaces/install-spaces/compare/v0.17.1...v0.17.2
July 4, 2026
spaces checkout run
Version updated for https://github.com/work-spaces/spaces-checkout-run to version v0.17.2.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.2 by @tyler-gilbert in https://github.com/work-spaces/spaces-checkout-run/pull/27 Full Changelog: https://github.com/work-spaces/spaces-checkout-run/compare/v0.17.1...v0.17.2
July 4, 2026
Move Closed Issue to Top of Project Column
Version updated for https://github.com/wozaki/project-closed-issue-move-to-top-action to version v1.19.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed uses: wozaki/project-closed-issue-move-to-top-action@0636114292c9298d48a87622a2e25e5636ebe6d5 # v1.19.0 What’s Changed chore(deps): update int128/release-typescript-action action to v1.74.0 by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/147 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/148 Full Changelog: https://github.com/wozaki/project-closed-issue-move-to-top-action/compare/v1.18.0...v1.19.0
July 4, 2026
Setup Modern C++ Development Environment
Version updated for https://github.com/wx257osn2/cxx_environment to version v3.5.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed fix fatal error
July 4, 2026
Powderworks Housekeeping
Version updated for https://github.com/zmaril/housekeeping to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Marketplace-valid action metadata: display name “Powderworks Housekeeping”, description under 125 characters. The uses: zmaril/housekeeping@v1 interface is unchanged.
July 3, 2026
Setup Smurf
Version updated for https://github.com/clouddrove/smurf to version v1.1.5.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v1.1.5 (2026-07-03) Build deps: bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml deps: bump helm.sh/helm/v3 from 3.21.1 to 3.21.2 (#432) deps: bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml deps: bump actions/cache from 5 to 6 deps: bump msgpack deps: bump github.com/containerd/containerd deps: bump actions/checkout from 6 to 7 deps: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity deps: bump k8s.io/apimachinery from 0.36.1 to 0.36.2 deps: bump the pip group across 1 directory with 2 updates deps: bump helm.sh/helm/v3 from 3.21.0 to 3.21.1 (#426) Fix add pod logs before pod down fix deployment validation for completed Kubernetes Job pods (#430) selm: update smurf selm log structure for failure pod Pull Requests Merge pull request #438 from clouddrove/fix/selm-logs Merge pull request #437 from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-f6ef7e54f3a1f4e2a05a66ed1a8702c07ae94346 Merge pull request #436 from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-5a15692ae38a05cc3aa3b7ab6744add91e9b8591 Merge pull request #433 from clouddrove/dependabot/go_modules/go_modules-6e0011ac6e Merge pull request #434 from clouddrove/dependabot/pip/docs/sm/docs/pip-b15cf8365f Merge pull request #435 from clouddrove/dependabot/github_actions/actions/cache-6 Merge pull request #431 from clouddrove/dependabot/github_actions/actions/checkout-7 Merge pull request #428 from clouddrove/dependabot/go_modules/k8s.io/apimachinery-0.36.2 Merge pull request #429 from clouddrove/dependabot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.14.0 Merge pull request #427 from clouddrove/dependabot/pip/docs/sm/docs/pip-cdb1555457
July 3, 2026
Devr Codeguard
Version updated for https://github.com/devr-tools/codeguard to version v0.8.1.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.8.1 (2026-07-03) Bug Fixes release: disable PyPI attestations for reusable-workflow publish (28a147d)
July 3, 2026
FacturaScripts Playground PR Preview
Version updated for https://github.com/erseco/action-facturascripts-playground-pr-preview to version v1.1.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s new since v1.0.0 feat: append-to-description publish mode + workflow_run/pr-number support (#13) feat: warn (advisory, non-blocking) when the preview URL risks HTTP 414, and document the mitigation in the README (#19) ci: verify-dist gate, dependabot-dist auto-rebuild, immutable-action publishing Various dependency bumps All changes are backward compatible: new inputs default to the previous behavior, and the URL-length check only warns, it never fails the action. No breaking changes, so the v1 tag is being moved to this release rather than cutting a v2.
July 3, 2026
Garnet Runtime Visibility
Version updated for https://github.com/garnet-org/action to version v2.1.1.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 111 repositories.
Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @types/node from 26.0.1 to 26.1.0 by @dependabot[bot] in https://github.com/garnet-org/action/pull/81 fix: improve error messages by @nicolasparada in https://github.com/garnet-org/action/pull/84 feat: add agents.md to repo by @nicolasparada in https://github.com/garnet-org/action/pull/85 Full Changelog: https://github.com/garnet-org/action/compare/v2.1.0...v2.1.1
July 3, 2026
ghcr-manager
Version updated for https://github.com/ghcr-manager/ghcr-manager to version v1.1.5.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/ghcr-manager/ghcr-manager/compare/v1.1.4...v1.1.5
July 3, 2026
Easy Npm Publish
Version updated for https://github.com/glitch452/easy-npm-publish to version v1.0.43.
This action is used across all versions by 2 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Chores deps: update all non-major dependencies (595d091)
July 3, 2026
GitHub Action for GraalVM
Version updated for https://github.com/graalvm/setup-graalvm to version v1.6.0.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 4,081 repositories.
Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump the “all” group with 2 updates across multiple ecosystems by @dependabot[bot] in https://github.com/graalvm/setup-graalvm/pull/222 Add support for GraalVM innovation releases by @fniephaus in https://github.com/graalvm/setup-graalvm/pull/223 Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.5.6...v1.6.0
July 3, 2026
L10n.dev AI Localization Automation
Version updated for https://github.com/l10n-dev/ai-l10n to version v1.9.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: add GlossaryManager and LinguisticInstructionsManager and CLI for them by @AntonovAnton in https://github.com/l10n-dev/ai-l10n/pull/48 Full Changelog: https://github.com/l10n-dev/ai-l10n/compare/v1.8.0...v1.9.0
July 3, 2026
OSS Security Policy as Code
Version updated for https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit to version v10.0.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed OSS Security Policy as Code Starter Kit v10.0.0 The normalized-findings major (ADR-030). The kit now correlates the scanner evidence it already composes — six kit evidence JSONs plus four external SARIF drops — into one deduplicated, KEV/EPSS-ranked finding view, delivered as a new versioned artifact and a new command. Stateless by design: one clone-only run, no database, no state between runs, no network.
July 3, 2026
Run Maester
Version updated for https://github.com/maester365/maester-action to version v1.2.0.
This action is used across all versions by 7 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed ci: bump actions/checkout from 6 to 7 in the all-actions group by @dependabot[bot] in https://github.com/maester365/maester-action/pull/43 Interactive report available as GitHub artifact with a direct link by @svrooij in https://github.com/maester365/maester-action/pull/42 Full Changelog: https://github.com/maester365/maester-action/compare/v1.1.0...v1.2.0
July 3, 2026
Quorum consensus security scan
Version updated for https://github.com/Martinez1991/quorum-sec-scan to version v0.7.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog 8b28bef427d98b63b5f50a96aaf0fbc1e4575894: Merge pull request #45 from Martinez1991/feat/crosswalk-multicloud-azure-gcp (@Martinez1991) 8852a90f27d4d886188266d468c6962b3e31f789: feat(crosswalk): multi-cloud consensus — Azure + GCP + more AWS (real overlaps) (@Martinez1991)
July 3, 2026
Go Proxy Cache Updater
Version updated for https://github.com/nicholas-fedor/go-proxy-pull-action to version v1.1.12.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.1.12 (2026-07-03)
July 3, 2026
Run AER Tests
Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.6.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.6
Treat NUL Bytes As Ignorable Whitespace
Type Schema.SObjectType Describe-Result Properties As Their Real Types
Resolve Null-Argument Constructor Overloads By Most-Specific Non-Null Position
Allow Public Override Of A Global Abstract Method
July 3, 2026
SpringSentinel
Version updated for https://github.com/pagano-antonio/springsentinel-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Create README.md (3e1d589) Update test.yml (3a7ed11) Update entrypoint.sh (4e15ea0) Update entrypoint.sh (6418942) Update entrypoint.sh (51f3a42) Create test.yml (d46361f) Create entrypoint.sh (bcf8584) Create Dockerfile (72d2f0b) Create action.yml (89fad1e)
July 3, 2026
Rust Lint Action
Version updated for https://github.com/Profiidev/rust-lint-action to version v4.3.0.
This action is used across all versions by 25 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Lint action version v4.3.0 has been released!
What’s Changed chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/25 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/26 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/27 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/28 chore(deps): pin dependencies by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/29 chore(deps): update actions/checkout digest to df4cb1c by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/30 chore: shared renovate config by @Profiidev in https://github.com/Profiidev/rust-lint-action/pull/31 fix: add warnings on linter success by @Profiidev in https://github.com/Profiidev/rust-lint-action/pull/32 Release version v4.3.0 by @profidev-commit-bot[bot] in https://github.com/Profiidev/rust-lint-action/pull/33 Full Changelog: https://github.com/Profiidev/rust-lint-action/compare/v4.2.0...v4.3.0
July 3, 2026
goog - OG Image Generator
Version updated for https://github.com/riceball-tw/goog to version v1.0.0.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/riceball-tw/goog/commits/v1.0.0
July 3, 2026
DiffGate Review Triage
Version updated for https://github.com/srbsa/diffgate to version v0.7.10.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed release: 0.7.10 — fix mcpb/Smithery bundle crash, MCP tool metadata (6eb9373) fix: mcpb/Smithery bundle crashed with no node_modules; add MCP tool metadata (8ed0ea0) release: 0.7.9 — per-rule path scoping + docs-prose carve-out (Backstage eval fixes) (54110d9) release: 0.7.8 — dependency-manifest goes section-aware (version bumps no longer flagged) (2f992bc) release: 0.7.7 — fix GH Marketplace action.yml rejection + MCP registry description cap (87b8fdf) fix: action.yml name collision + description over Marketplace’s 125-char cap (05227d2) fix: shorten server.json description under the MCP registry’s 100-char cap (2a4ada1) release: 0.7.6 — distribution plumbing (MCP registry, Docker/GHCR, pre-commit, GH Action, Claude plugin) (56fc4a6) release: 0.7.5, republish with updated README after 0.7.4 publish (3c778dd) docs: promote history-audit as the quick-start aha moment (2611797)
July 3, 2026
Groundskeeper Issue Triage
Version updated for https://github.com/theadamdanielsson/groundskeeper to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First public release.
Groundskeeper is a first responder for new GitHub issues. When someone opens one, it reads your repo, then posts a single grounded comment: a duplicate check, the repro info that’s missing, a pointer to the relevant file and line, and suggested labels. If it doesn’t have anything solid to say, it stays silent.
July 3, 2026
MIU PR Review
Version updated for https://github.com/vanducng/miu-cr to version v0.84.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.84.1 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.84.1 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.84.1 GitHub Action:
July 3, 2026
Vibgrate Scan
Version updated for https://github.com/vibgrate/cli to version v2026.703.7.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Vibgrate CLI 2026.703.7 Released 2026-07-03
Routine maintenance update for the CLI.
What changed Changed Maintenance release with internal improvements and dependency updates. Benchmarks Two-arm benchmark of this release against 2026.703.5, interleaved on one runner against the pinned corpus (157 metrics compared).
July 3, 2026
Setup vp
Version updated for https://github.com/voidzero-dev/setup-vp to version v1.14.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed docs: document the version release process by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/101 ci: auto-rebuild action bundle on Renovate dependency bumps by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/103 feat: resolve Vite+ version from package.json / catalog by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/102 Full Changelog: https://github.com/voidzero-dev/setup-vp/compare/v1.13.0...v1.14.0
July 3, 2026
graph-sync
Version updated for https://github.com/wordlift/graph-sync to version v6.11.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/wordlift/graph-sync/compare/v6.11.2...v6.11.3
July 3, 2026
backlog-to-pr
Version updated for https://github.com/wrbl606/backlog.md-to-pr to version 0.0.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/wrbl606/backlog.md-to-pr/compare/0.0.2...0.0.3
July 3, 2026
Setup Modern C++ Development Environment
Version updated for https://github.com/wx257osn2/cxx_environment to version v20260703.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed bump up base image to resolute outdated: clang-format 17-20 enabled gnucoreutils bump up many components: gcc: 15.2 -> 16.1 Boost: 1.89.0 -> 1.91.0 CMake: 4.1.1 -> 4.3.3 difftastic: 0.64 -> 0.69 mold: 2.40.4 -> 2.41.0 wild: 0.8.0 -> 0.9.0 removed components: old clang-format s clang-head $ ./pull.bash v20260703
July 3, 2026
AGENTS.md Lint (Schliff)
Version updated for https://github.com/Zandereins/schliff to version v8.4.0.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Added operational_coverage dimension for AGENTS.md (#83). Measures whether an AGENTS.md actually equips a coding agent to operate the repo: real setup/build/test commands (command-family classification, doc-wide, headings never gate) plus code-style / gotchas / PR directive sections with concrete code tokens. Surfaced in the CLI dimension table, the GitHub Action’s PR comment, and accepted by the leaderboard submit API. Changed BREAKING (scores): the AGENTS.md headline profile is now structure 0.40 / operational_coverage 0.40 / efficiency 0.20 (was 0.5/0.5). efficiency was a validated gameable proxy — a junk-fence-stuffed doc scored 92.5/A while the same real commands written inline scored 70.0/C. All AGENTS.md scores re-baseline (30-file corpus: mean 61.06, no file reaches S). SKILL.md / CLAUDE.md / .cursorrules / system-prompt scoring is byte-identical to 8.3.0. Security Fixed a ReDoS in the operational_coverage heading regex (quadratic on whitespace-only heading lines) before it ever shipped — found by a 75-agent adversarial review pass, together with a directive-gate gaming hole, a fence-state desync, and 12 command-recall bugs. Full record: docs/specs/agents-md-operational-coverage.md §11. Full changelog: https://github.com/Zandereins/schliff/compare/v8.3.0...v8.4.0
July 3, 2026
GHCR Cleanup Manager
Version updated for https://github.com/ghcr-manager/ghcr-cleanup-manager to version v1.1.5.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/ghcr-manager/ghcr-cleanup-manager/compare/v1.1.4...v1.1.5
July 3, 2026
SQL/NoSQL Syntax Validator
Version updated for https://github.com/GianfrancoArocutipa/sql-nosql-validator-action to version v1.
This action is used across all versions by 1 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Primera versión del SQL/NoSQL Syntax Validator Action. Valida archivos .sql y .mongo sin servidor requerido.
July 3, 2026
Tenter Scan (Rust)
Version updated for https://github.com/goweft/tenter-rs to version v2.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/goweft/tenter-rs/compare/v2...v2.1.0
July 3, 2026
AI Plugin Scanner
Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.372.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/dae00cbd1175595edfdf44f1b84bc3f043d08a0b with plugin-scanner 2.0.972.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.371...v1.2.372
July 3, 2026
HOL Codex Plugin Scanner
Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.372.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.372
July 3, 2026
Supply Chain Guard
Version updated for https://github.com/homeofe/supply-chain-guard to version v5.6.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v5.6.0 (2026-07-03) Install-time guard + GitLab-native output + registry hardening (both remaining roadmap bets)
Ships the last two strategic bets from the 2026-07 roadmap. A second 4-lens adversarial verification gate reviewed the diff and BLOCKED the first candidate with 5 confirmed findings, all fixed here (a real Windows RCE among them). 40 new tests (1120 total).
July 3, 2026
cibuild-action
Version updated for https://github.com/invarnhq/cibuild to version v2.2.9.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Release v2.2.9
July 3, 2026
isreadyai — AI readiness audit
Version updated for https://github.com/isreadyai/audit-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release 🎉 Audit how AI crawlers (GPTBot, ClaudeBot, PerplexityBot) read your site - straight from your CI.
Highlights Deep-crawl audit of any URL, parsed exactly the way Al crawlers see it (no JS execution) 0-100 score + grade, with the full per-page report written to the GitHub job summary CI gate: the step fails when the score drops below your threshold Branch preview support: boot your environment with command, scan it locally before it ships Optional authenticated CI report + repo badge on isready.ai with a Pro/Team api-key (OIDC-verified) Zero setup: pre-bundled, dependency-free - no install step at runtime Usage - name: AI readiness audit uses: isreadyai/audit-action@v1 with: url: ${{ env.DEPLOY_URL }} threshold: 80 See the README for all inputs, outputs, permissions and security notes. Learn more at isready.ai.
July 3, 2026
Agent Guard Secret Guardrails
Version updated for https://github.com/JeongJaeSoon/agent-guard to version v1.7.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix(shell): make setup-shell rc line self-healing when the CLI leaves $PATH by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/96 release: v1.7.1 by @github-actions[bot] in https://github.com/JeongJaeSoon/agent-guard/pull/97 Full Changelog: https://github.com/JeongJaeSoon/agent-guard/compare/v1.7.0...v1.7.1
July 3, 2026
sops tools installer
Version updated for https://github.com/jkroepke/setup-sops to version v1.5.46.
This action is used across all versions by 4 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed 🛠️ Dependencies chore(deps): update dependencies by @renovate[bot] in https://github.com/jkroepke/setup-sops/pull/238 Full Changelog: https://github.com/jkroepke/setup-sops/compare/v1.5.45...v1.5.46
July 3, 2026
ShipSignal readiness gate
Version updated for https://github.com/jpaul67/ShipSignal to version v0.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Added README hero image + social-preview card GitHub Action: sticky PR comments (pr-comment input) — score, grade, top 3 fixes, kept updated in place; degrades safely on fork PRs Fixed Security hardening: argument-injection fix in gitinfo.clone, least-privilege GITHUB_TOKEN, all third-party Actions pinned to commit SHAs + Dependabot, secret scanning + branch protection enabled CI: full-history checkout fixes a PR-merge-commit misclassification in the self-scan dogfood tests Full details: CHANGELOG.md
July 3, 2026
probelock gate
Version updated for https://github.com/kelkalot/probelock to version v0.2.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Add ingest pipeline and trace-mined probes by @kelkalot in https://github.com/kelkalot/probelock/pull/1 New Contributors @kelkalot made their first contribution in https://github.com/kelkalot/probelock/pull/1 Full Changelog: https://github.com/kelkalot/probelock/compare/v0.1.0...v0.2.0
July 3, 2026
Repository Languages and CodeQL Support Map
Version updated for https://github.com/lfventura/list-repository-languages to version v3.3.0.
This action is used across all versions by 7 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: force_languages input by @lfventura in https://github.com/lfventura/list-repository-languages/pull/8 Full Changelog: https://github.com/lfventura/list-repository-languages/compare/v3.2.1...v3.3.0
July 3, 2026
MCIX Overlay Apply
Version updated for https://github.com/MettleCI/mcix-overlay-apply to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-overlay-apply/compare/v0.0.36...v0.0.37
July 3, 2026
MCIX System Version
Version updated for https://github.com/MettleCI/mcix-system-version to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-system-version/compare/v0.0.27...v0.0.37
July 3, 2026
MCIX Unit-Test Execute
Version updated for https://github.com/MettleCI/mcix-unit-test-execute to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-unit-test-execute/compare/v0.0.27...v0.0.37
July 3, 2026
hestia-cache
Version updated for https://github.com/Mic92/hestia to version v1.0.4.
This action is used across all versions by 8 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Usage - uses: Mic92/hestia@v1.0.4 with: version: v1.0.4 What’s Changed gha: retry finalize when the uploaded entry is not yet visible by @Mic92 in https://github.com/Mic92/hestia/pull/86 Full Changelog: https://github.com/Mic92/hestia/compare/v1.0.3...v1.0.4
July 3, 2026
Agent Done Or Not
Version updated for https://github.com/mohamedzhioua/agent-done-or-not to version v0.10.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.10.1 — Marketplace branding + cleanup A packaging/metadata patch on top of v0.10.0. No engine behavior change — receipts, mode: verify, and the gates are identical.
What changed Marketplace branding on the composite Action (branding.icon: check-circle, color: green) so it can be listed on the GitHub Marketplace with an icon. Removed a now-unreachable inner mode != assert guard in the assert step (already gated by the step if: and the reject-unsupported-mode step). @v0 references in the docs now resolve via a moving v0 major tag that tracks the latest v0.x release. For the security-critical mode: verify gate, keep pinning an exact tag (e.g. @v0.10.1) as the README recommends. Verify quick reference - uses: actions/checkout@v4 # set up your runtime + deps here (setup-node, npm ci, …) - uses: mohamedzhioua/agent-done-or-not@v0.10.1 with: mode: verify checks: | test: npm test build: npm run build Full history in CHANGELOG.md.
July 3, 2026
Agent Security Harness
Version updated for https://github.com/msaleme/red-team-blue-team-agent-fabric to version v4.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Promotes the funding-instrument checks that were a single dimension of the AP2 harness (AP2-015) into a first-class module — the tokenized card credential (Visa Trusted Agent Protocol / Mastercard Agentic Tokens) that sits inside an AP2 Payment Mandate as the instrument that actually moves money.
July 3, 2026
Polygraph MCP gate
Version updated for https://github.com/polygraphso/litmus to version litmus-v0.24.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Methodology litmus-v12 — two false-positive fixes so a server’s correct, defensive behavior is no longer graded as a fault.
C-04 (probe 3.2): a validation error that quotes the rejected input back (e.g. Pydantic input_value='…') is a safe rejection, not server-generated amplification — no longer a false D. (#85) C-02 (probe 2.1): a mutation verb under a negation (“Cannot create or revoke keys”) no longer reads as a permission-mislabel lie; clause-scoped, so a real “Deletes… Cannot be undone.” still trips. (#85) methodologyVersion moves litmus-v11 → litmus-v12 (a string, so older attestations coexist). Release bump in #86. Both fixes are covered by regression tests reproduced from real servers.
July 3, 2026
Remyx Outrider
Version updated for https://github.com/remyxai/outrider to version v1.7.9.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v1.7.8 was tagged on the wrong commit and did not actually contain the enrichment fix; v1 pointer was updated but the deployed code path in fast-paths still skipped _enrich_candidate_licenses. This release ships the real fix: _enrich_candidate_licenses(candidates, target) is now called on the pin-arxiv and search-method fast-paths (gated on REMYX_LICENSE_GATE, idempotent, best-effort). REMYX-190 evidence: https://github.com/remyxai/VQASynth/issues/105 opened with license_class=unknown despite WnQinm/Annotator having a clearly readable BSD-3-Clause LICENSE — the fast-path never called the enrichment step.
July 3, 2026
DiffGate Review Triage
Version updated for https://github.com/srbsa/diffgate to version v0.7.7.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/srbsa/diffgate/compare/v0.7.6...v0.7.7
July 3, 2026
rag-redteam
Version updated for https://github.com/Srivatsa03/rag-redteam to version v0.3.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Adds embedding_inversion, a 7th probe that flags pipelines exposing raw embedding vectors (invertible back to source text per vec2text). Structural detector, a vulnerable/hardened demo pair, unit tests, and a threat-model section. Install or upgrade: pip install -U rag-redteam
July 3, 2026
Node Semantic Release
Version updated for https://github.com/stairwaytowonderland/node-semantic-release to version v1.193.0.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed chore(release): 1.193.0
1.193.0 (2026-07-03) ✨ Features remove is-first-release-tag (f210a51)
July 3, 2026
MIU PR Review
Version updated for https://github.com/vanducng/miu-cr to version v0.82.4.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.82.4 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.82.4 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.82.4 GitHub Action:
July 3, 2026
Setup Modern C++ Development Environment
Version updated for https://github.com/wx257osn2/cxx_environment to version v3.5.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed workaround for non-UTC timezone host environment Singularity/Apptainer binds Etc/UTC to host timezone at default speed up CI bump up actions including apptainer 1.4.4 -> 1.5.2 update msvc-wine
July 2, 2026
VStyle Curate
Version updated for https://github.com/hack-ink/vibe-style to version v0.2.2.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Sync language check structure by @yvette-carlisle in https://github.com/hack-ink/vibe-style/pull/35 Roll dependencies by @yvette-carlisle in https://github.com/hack-ink/vibe-style/pull/81 Speed up vstyle tune telemetry by @yvette-carlisle in https://github.com/hack-ink/vibe-style/pull/82 Full Changelog: https://github.com/hack-ink/vibe-style/compare/v0.2.1...v0.2.2
July 2, 2026
AI Plugin Scanner
Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.368.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/6a3f3b3419536de769697931aecf26e2e0d10df8 with plugin-scanner 2.0.968.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.367...v1.2.368
July 2, 2026
HOL Codex Plugin Scanner
Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.368.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.368
July 2, 2026
Supply Chain Guard
Version updated for https://github.com/homeofe/supply-chain-guard to version v5.5.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v5.5.0 (2026-07-02) Community batch: all 8 seeded issues shipped, hardened by an adversarial release gate
Implements every open issue (#40-#47) in one release. Before tagging, a 4-lens adversarial verification gate reviewed the full diff and BLOCKED the first candidate with 6 confirmed findings - all fixed here (details below). 35 new tests (1057 total).
July 2, 2026
Agent Guard Secret Guardrails
Version updated for https://github.com/JeongJaeSoon/agent-guard to version v1.7.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat(shell): resolve agent-guard without a PATH install for the bang guard by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/94 release: v1.7.0 by @github-actions[bot] in https://github.com/JeongJaeSoon/agent-guard/pull/95 Full Changelog: https://github.com/JeongJaeSoon/agent-guard/compare/v1.6.0...v1.7.0
July 2, 2026
Official Junie GitHub Action
Version updated for https://github.com/JetBrains/junie-github-action to version v1.5.6.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 38 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed [Junie]: Update Junie CLI Version to 2144.7 in Files by @mashan555 in https://github.com/JetBrains/junie-github-action/pull/172 Full Changelog: https://github.com/JetBrains/junie-github-action/compare/v1...v1.5.6
July 2, 2026
NeuroLink AI
Version updated for https://github.com/juspay/neurolink to version v9.80.4.
This action is used across all versions by 10 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 9.80.4 (2026-07-02) Bug Fixes (core): vertex schema fallback, mcp log dedup, safe serialization, timeout handling (2889ed2)
July 2, 2026
BPFCompat eBPF Compatibility Gate
Version updated for https://github.com/Kernel-Guard/bpfcompat to version v0.3.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed fix(ci): prefetch quirk-library images before validation in the publish lane (#76) (c7ef4fb) chore(release): prepare v0.3.0 — changelog + version refs (#75) (b2ef03e) docs: consolidate experimental tracks into docs/experimental.md (#73) (8a910a5) feat(examples): ebpf-go validation recipe — loader example + cookbook (#72) (7eed351) feat(ci): publish the quirk-library matrix to GitHub Pages weekly (#71) (1d75677) feat(action): command-mode inputs + built-in matrix names for the GitHub Action (#70) (00e2017) docs: drop internal “Repository Hygiene” section from README (#69) (b127315) fix(docs): readable contrast in test-command screenshot (#68) (2491a69) feat(cli): add test-command verb + README screenshot of a real run (#67) (88971fe) docs: surface command mode as a core feature + soften Falco loader claim (#66) (c790219)
July 2, 2026
L10n.dev AI Localization Automation
Version updated for https://github.com/l10n-dev/ai-l10n to version v1.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: implement safety improvements by removing apiKey field and refactoring key management by @AntonovAnton in https://github.com/l10n-dev/ai-l10n/pull/47 Full Changelog: https://github.com/l10n-dev/ai-l10n/compare/v1.7.1...v1.8.0
July 2, 2026
crabd
Version updated for https://github.com/louisescher/crabd to version v0.1.1.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: review verdict labels, comment-only reviews, web search by @louisescher in https://github.com/louisescher/crabd/pull/4 feat: Delete crabd.yml, prepare for public release by @louisescher in https://github.com/louisescher/crabd/pull/6 chore: version packages by @github-actions[bot] in https://github.com/louisescher/crabd/pull/5 New Contributors @louisescher made their first contribution in https://github.com/louisescher/crabd/pull/4 Full Changelog: https://github.com/louisescher/crabd/compare/v0.1.0...v0.1.1
July 2, 2026
moult-action
Version updated for https://github.com/moult-rb/moult-rb to version v0.3.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First gem release since 0.1.0 (v0.2.0 was tagged but its publish failed; its changes are included here). Published to RubyGems as moult.
moult-action The bare uses: moult-rb/moult-rb@v1 workflow now works out of the box: the action installs moult from its own checkout (no Gemfile needed in your repo) and moult-cloud-url defaults to https://moultrb.com. Actionable first-run errors: a missing permissions: id-token: write now says exactly that instead of a Ruby backtrace; non-2xx responses from GitHub’s token endpoint are reported with status and body. Pull requests from forks are gated in CI but skip the upload with a notice — GitHub issues no OIDC identity to fork PRs. base-sha defaults to the PR base branch (or the merge queue’s base SHA), falling back to the repository default branch — repos whose base branch isn’t main no longer fail their first PR scan. merge_group events are supported as pr scans; pull_request_target is rejected in auto mode (it checks out the base branch, which would silently gate an empty diff as a pass). Gem Moult::CloudUpload.projection — the sanitised upload payload builder (allow-listed keys, absolute paths stripped). License changed from MIT to Apache-2.0. Full details in CHANGELOG.md.
July 2, 2026
DeepRabbit Code Review
Version updated for https://github.com/n0namedeveloper/DeepRabbit to version v1.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Github Marketplace release.
Full Changelog: https://github.com/n0namedeveloper/DeepRabbit/compare/v1.1.0...v1.1.1
July 2, 2026
Parkstatic Build and Deploy
Version updated for https://github.com/ParkStatic/action to version v1.2.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Bump pnpm/action-setup from v4 to v6 (0b8282d) CI: add Astro, SvelteKit, Remix, and Nuxt fixtures to the test matrix (377d196) Support Astro, SvelteKit, Remix, and Nuxt static builds (2bb9389) Add framework-compatibility test suite and offline build inputs (b31ebe4) Initial release (6857aff)
July 2, 2026
Blog to Newsletter
Version updated for https://github.com/peterpeterparker/blog-to-newsletter-action to version v0.0.4.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: deny closing footer with name and website by @peterpeterparker in https://github.com/peterpeterparker/blog-to-newsletter-action/pull/5 Full Changelog: https://github.com/peterpeterparker/blog-to-newsletter-action/compare/v0.0.3...v0.0.4
July 2, 2026
Polygraph MCP gate
Version updated for https://github.com/polygraphso/litmus to version litmus-v0.23.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed litmus-v11 — C-02 gains expected-upstream inference, fixing a first-party-egress false positive.
An honest API-wrapper server — a tool that transparently calls the API it advertises (openai_chat → api.openai.com) — made an undeclared egress attempt and was capped at D, even though the upstream is the very API its own surface names. Before an undeclared host is now counted as overreach, the harness infers whether it is a plausible upstream for the server’s own tool surface: a host named verbatim in the tool text (strong), or an egress host whose registrable label matches a non-generic brand token drawn from the surface and the package owner/name (medium, plain-TLD hosts only). A match reclassifies the attempt from overreach into an informational egress-inferred finding — disclosure, not exoneration.
July 2, 2026
Prowler Security Scan
Version updated for https://github.com/prowler-cloud/prowler to version 5.32.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed ✨ New features to highlight in this version Enjoy them all now for free at https://cloud.prowler.com
🔎 Findings Triage [!NOTE] This feature is available exclusively in Prowler Cloud and Prowler Enterprise with a subscription.
Triage findings straight from the Findings view. Each finding gets a triage status you can move through its lifecycle:
July 2, 2026
Assay - AI Agent Security
Version updated for https://github.com/Rul1an/assay-action to version v3.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v3 is the current major: verify, lint, and diff evidence bundles from AI agent runs in CI, with coding-agent sandbox governance and in-toto/DSSE bundle attestation.
What v3 carries
sandbox-command: run a coding agent under assay sandbox and verify the resulting evidence bundle in the same job. attest-key: in-toto/DSSE attestation over the bundle (assay evidence attest). The v2.1 AI Agent Security feature set: compliance packs, BYOS push, artifact attestation, coverage badges, PR summaries, SARIF for code scanning. v3.0.1 fixes
July 2, 2026
CDK Lambda Size Gate
Version updated for https://github.com/schuettc/cdk-lambda-size-gate to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog 16da0508205b06be18de0adb4a721ba5fc07182a: ci: e2e verification of the published action (v1.0.0 + v1, linux + windows) (@schuettc) 1d399dc296ec3f1977e607a204deb0fc133a8109: fix(action): shorten description under Marketplace 125-char limit (@schuettc)
July 2, 2026
Bernstein — Multi-Agent Orchestration
Version updated for https://github.com/sipyourdrink-ltd/bernstein to version v2.13.0.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.13.0 Released 2026-07-02.
Run-safety guardrails and per-role endpoint configuration.
Fixes (run safety) GitHub backlog auto-sync is now opt-in and off by default. Previously a run in a repository with open GitHub issues would pull every open issue into the backlog before task scoping, which could silently discard a seeded goal and spawn work against the entire issue list. Enable it explicitly with the github.sync_backlog seed config key (or the BERNSTEIN_SYNC_GITHUB_BACKLOG env override). (#2178) A seeded goal is no longer silently dropped when the backlog is non-empty: the run now prints a loud warning naming the precedence and how to force the goal, instead of quietly planning from the backlog. (#2178) Agent worktree merges refuse to land on the repository default branch. The merge and push path resolves the protected default (origin/HEAD, then init.defaultBranch, then the conventional names, treating both main and master as protected when the remote head is ambiguous) and refuses to merge or push agent work onto it, recording the refusal, so a run started from a default-branch checkout can no longer push unreviewed commits straight to the trunk. (#2178) Features (per-role model configuration) role_model_policy entries gain optional base_url and api_key_env next to model/provider, so different roles can target different OpenAI-compatible endpoints in one workflow (for example a fast manager endpoint and cheaper worker endpoints). api_key_env names an environment variable and is validated against the same fail-closed provider allowlist as the runner. YAML anchors give reuse across roles with no new file format. Absent fields keep today’s behavior. (#2159) ModeProfile gains top_p, top_k, and max_tokens beside its existing temperature, and the previously-deferred apply_mode_to_spawn wiring is completed so a mode profile’s sampling parameters actually reach the spawn and the runner manifest. (#2159) Opt-in builtin tools for the openai_agents runner, for runs without an MCP gateway, selected by tool_source: builtin (the gateway remains the default). read_file, write_file, and list_dir are workdir-confined (absolute and parent-escape paths are rejected). run_command is a restricted process-exec primitive: bare-name commands only, shell interpreters blocked, resolved against PATH, available only under a configured OS sandbox provider or an explicit opt-in; its filesystem confinement is the OS sandbox, not the builtin. Every builtin call is recorded to the run event log so a gateway-free run stays auditable. (#2159) Quality Resolved refurb FURB123 findings in the OWASP control-map builders.
July 2, 2026
Pipr Review
Version updated for https://github.com/somus/pipr to version v0.2.0.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.2.0 (2026-07-02) ⚠ BREAKING CHANGES pipr init –types-only and –no-types are removed and generated .pipr/types/pipr-sdk.d.ts is no longer written; types come from the installed @usepipr/sdk package. structure runtime action logging (#10) consolidate public API contracts (#9) Features consolidate public API contracts (#9) (01db150) support installable npm dependencies in .pipr config (#14) (97794bc) Code Refactoring structure runtime action logging (#10) (64addf1)
July 2, 2026
Repository Create
Version updated for https://github.com/stairwaytowonderland/repository-create to version v1.74.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed chore(release): 1.74.0
1.74.0 (2026-07-02) ✨ Features updates (328fff6)
July 2, 2026
Frisk — AI supply-chain scan
Version updated for https://github.com/Thandv/frisk to version v0.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First release. Static, zero-execution scanner for AI-agent content (MCP servers, skills, plugins): RCE, secret exfiltration, destructive ops, prompt-injection, tool-poisoning, hidden-unicode. Rug-pull detection (lock/verify), OWASP LLM Top 10 mapping, SARIF, GitHub Action, and an MCP server to vet-before-install. Install: pip install frisk-scan
July 2, 2026
UnityInFlow Spec Compliance
Version updated for https://github.com/UnityInFlow/spec-ci-plugin to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First stable Marketplace release of the UnityInFlow Spec Compliance action.
What’s included Typed status and report action outputs (matching the runtime core.setOutput calls) injection-scanner-version default bumped to v0.0.2 — the tag carrying the Linux musl binaries the action downloads at runtime Deterministic committed dist/ (no sourcemaps) guarded by a git diff --exit-code dist/ staleness gate in CI Public/fork CI runs secretless on GitHub-hosted runners; release automation stays on org self-hosted runners Moving v1 tag maintained automatically on release publish Usage - uses: UnityInFlow/spec-ci-plugin@v1
July 2, 2026
Polder Drift — Design System Drift Alerts
Version updated for https://github.com/usepolder/drift to version v1.1.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Polder Drift now works with any design system — including your in-house one. Point library_paths at a checkout of your DS repo (source-only monorepo workspaces work too), and generate the look-alike detection data straight from your DS’s own source:
July 2, 2026
configure-huawei-cloud-credentials
Version updated for https://github.com/vbem/configure-huawei-cloud-credentials to version v1.0.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/vbem/configure-huawei-cloud-credentials/compare/v0.0.2...v1.0.0
July 2, 2026
Install The Hive Skill
Version updated for https://github.com/yuzuruu29/the-hive-skill to version v0.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The Hive Skill v0.1.0 Initial public release of The Hive Skill, an open-source autonomous multi-agent orchestration skill for agentic coders.
The Hive Skill turns one AI coding agent into a structured six-role council:
Role Table Role Responsibility Queen Coordinates the council, makes final decisions, and ensures the goal is met. Scout Explores the codebase and gathers necessary context. Architect Designs the solution and plans the changes. Forger Writes the code and implements the Architect’s plan. Sentinel Validates the changes, runs tests, and ensures quality. Scribe Documents the process and writes the final report. What is included SKILL.md core skill definition Six council role files Autonomous execution loop Token efficiency mode Compressed role output mode Default invocation behavior Anti-slop rules Validation rules Final and blocked report formats OpenCode / OpenCode Go adapter Claude Code adapter Codex adapter Generic .agents adapter Install scripts for Bash and PowerShell GitHub Action wrapper Security policy Apache-2.0 license Supported agentic coding workflows The Hive Skill is designed for:
July 2, 2026
HOL Codex Plugin Scanner
Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.367.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.367
July 2, 2026
Skill Probe - AI Agent Skill Auditor
Version updated for https://github.com/HystonKayange/skill-probe to version v0.9.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed skill-probe in your pipeline, gating on statistics instead of vibes The CI question isn’t “are my skills perfect?” — it’s “did this PR make any skill worse?” Activation is stochastic, so raw-rate comparisons make CI flaky. v0.9.0 makes the gate honest.
July 2, 2026
MLX Model Doctor
Version updated for https://github.com/IonDen/mlx-model-doctor to version v0.6.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed v0.6.2: memory pass/fail semantics and hardening fixes by @IonDen in https://github.com/IonDen/mlx-model-doctor/pull/22 Full Changelog: https://github.com/IonDen/mlx-model-doctor/compare/v0.6.1...v0.6.2
July 2, 2026
zizmor - static analysis tool for Actions workflows
Version updated for https://github.com/its-me/action.zizmor to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release of the action.
July 2, 2026
NeuroLink AI
Version updated for https://github.com/juspay/neurolink to version v9.80.3.
This action is used across all versions by 10 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 9.80.3 (2026-07-02) Bug Fixes (vertex): reserve final_result step + graceful cap recovery in native Anthropic loop (ee44e60), closes #1123
July 2, 2026
OLIVE Action
Version updated for https://github.com/kakao/olive-action to version v1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 🚀 OLIVE Action v1 - 첫 번째 릴리즈 📋 릴리즈 개요 OLIVE Action의 첫 번째 공식 릴리즈입니다. 이 Action은 GitHub Actions에서 OLIVE CLI를 사용하여 오픈소스 라이선스 의무사항 준수를 자동화하는 도구입니다.
✨ 주요 기능 🔍 자동 의존성 분석 Pull Request 생성 시 소스코드 의존성을 자동으로 분석 다양한 프로그래밍 언어 지원 (Python, Node.js, Java, Rust, Ruby, Dart, Flutter 등) ORT (OSS Review Toolkit) 기반의 정확한 의존성 추출 💬 PR 코멘트 자동 작성 분석 결과를 Pull Request에 자동으로 코멘트 작성 라이선스 정보, 매핑된 컴포넌트, 매핑되지 않은 의존성 목록 제공 실패 시에도 적절한 에러 메시지 자동 작성 🔗 OLIVE Platform 연동 분석 결과를 OLIVE Platform으로 자동 전송 오픈소스 라이선스 및 취약점 관리 지원 프로젝트별 라이선스 의무사항 추적 📦 분석 결과 저장 GitHub Artifacts를 통한 상세 분석 결과 저장 dependency.csv, dependency.json, mapping.csv, mapping.json, unmapping.csv 파일 제공 설정 파일 (local-config.yaml) 보관 🛠️ 기술적 특징 컨테이너 기반 실행 Docker 컨테이너 환경에서 격리된 실행 다양한 개발 도구가 사전 설치된 통합 환경 안정적이고 재현 가능한 실행 환경 다중 언어 지원 Python: 3.11.10, pip, pipenv, poetry, conan Node.js: 20.14.0, npm, yarn, pnpm, bower Java: Gradle 8.13, OpenJDK 11 Rust: 1.72.0 Ruby: 3.3.5, bundler, cocoapods Dart/Flutter: 2.18.4/3.24.4 PHP: 8.3, composer Android: Android SDK, command-line tools 모듈화된 구조 6단계 실행 프로세스로 명확한 워크플로우 각 기능별 분리된 스크립트로 유지보수성 향상 사용자 정의 설정 파일 지원 🚀 사용법 기본 사용법 name: OLIVE Action on: pull_request: types: [opened, synchronize, reopened] branches: [main, develop] permissions: contents: read issues: write pull-requests: write jobs: olive-scan: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Run OLIVE Action uses: kakao/olive-action@v1 with: olive-token: ${{ secrets.OLIVE_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }} 고급 설정 - name: Run OLIVE Action with custom settings uses: kakao/olive-action@v1 with: olive-project-name: "my-custom-project" olive-token: ${{ secrets.OLIVE_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }} source-path: "./src" user-config-path: "./user-config.yml" artifact-retention-days: "7" comment-on-pr: "true" analyze-only: "false" debug: "false" 🔧 입력 파라미터 파라미터 설명 필수 기본값 olive-token OLIVE Platform API 토큰 ✅ - github-token PR 코멘트 작성용 GitHub 토큰 ✅ - olive-project-name OLIVE Platform 프로젝트 이름 ❌ 저장소 이름 source-path 분석할 소스코드 경로 ❌ ./ user-config-path 사용자 정의 config 파일 경로 ❌ "" artifact-retention-days 아티팩트 보관 기간 (일) ❌ 30 comment-on-pr PR에 코멘트 작성 여부 ❌ true analyze-only 분석만 수행하고 Platform 연동 생략 ❌ false debug 디버그 모드 활성화 ❌ false 📊 출력 결과 GitHub Artifacts dependency.csv, dependency.json: 의존성 분석 결과 mapping.csv, mapping.json: 컴포넌트 매핑 결과 unmapping.csv: 매핑되지 않은 의존성 목록 local-config.yaml: OLIVE CLI 설정 파일 PR 코멘트 OLIVE CLI 버전 및 프로젝트 정보 라이선스 분석 결과 요약 매핑된 컴포넌트 및 매핑되지 않은 의존성 목록 아티팩트 다운로드 링크 🚨 사전 준비사항 1. OLIVE Platform 토큰 발급 OLIVE Platform에서 API 토큰 발급 토큰 발급 가이드 참고 2. GitHub Secrets 설정 OLIVE_TOKEN: OLIVE Platform API 토큰 GITHUB_TOKEN: GitHub Actions 기본 토큰 (자동 제공) 🔍 실행 단계 소스 위치 검증 - 분석할 소스코드 경로 확인 OLIVE CLI 초기화 - 프로젝트 설정 및 토큰 검증 의존성 분석 - 소스코드 의존성 추출 및 분석 컴포넌트 분석 - 의존성을 OLIVE 컴포넌트에 매핑 라이선스 분석 - 라이선스 정보 추출 및 분석 OLIVE Platform 연동 - 분석 결과를 Platform으로 전송 🛡️ 보안 및 안정성 격리된 실행 환경: Docker 컨테이너를 통한 안전한 실행 토큰 검증: 실행 전 필수 토큰들의 유효성 검증 에러 처리: 실패 시 자동 정리 및 에러 리포팅 리소스 관리: 컨테이너 자동 정리로 메모리 누수 방지 📚 문서 및 지원 사용 가이드: README.md OLIVE Platform: https://olive.kakao.com/ OLIVE CLI: https://github.com/kakao/olive-cli 📄 라이선스 이 프로젝트는 Apache License 2.0 하에 배포됩니다.
July 2, 2026
Night Sky Contrib
Version updated for https://github.com/maxmode-now/night-sky-contrib to version v1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release.
night / dawn / city themes real moon phase, longest streak constellation, language mountains or skyline zero dependencies, works with the default GITHUB_TOKEN
July 2, 2026
Pollinations PR Reviewer
Version updated for https://github.com/mikl-shortcuts/Pollinations-PR-Reviewer to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Small Update: Integrate minimatch Improve comment parsing Add PR descriptions passing Add reasoning-effort and timeout parameters Improve logging Bug fixes
July 2, 2026
Synaptic PR Review
Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.2.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed ✨ New Features Repository Memory Rules — teach the bot your team’s coding conventions Comment @synaptic-ai remember: <rule> on any PR to add a rule Rules stored in .synaptic/rules.json and enforced during every review Collaborator verification before adding rules Dedicated extraction prompt for faster processing 🐛 Bug Fixes Fix pr_number used before defined in main_remember() Fix direct engine not outputting REMEMBER_RULE_JSON Move collaborator check before LLM extraction to avoid wasted API calls Add collaborator check to process_remember_from_comment() Filter find_latest_comment_with_remember() by bot author + review signature 📝 Documentation Add preview screenshots (PR Overview, Issue Summary, Inline Comments) to README Full Changelog: https://github.com/minhphu102003/ai-pr-review-action/compare/v0.1.3...v0.2.0
July 2, 2026
moult-action
Version updated for https://github.com/moult-rb/moult-rb to version v0.2.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Update README.md by @GoodPie in https://github.com/moult-rb/moult-rb/pull/2 Add GitHub Actions workflow for Moult integration by @GoodPie in https://github.com/moult-rb/moult-rb/pull/3 Support baseline scan uploads in the composite action by @GoodPie in https://github.com/moult-rb/moult-rb/pull/4 New Contributors @GoodPie made their first contribution in https://github.com/moult-rb/moult-rb/pull/2 Full Changelog: https://github.com/moult-rb/moult-rb/compare/v0.1.0...v0.2.0
July 2, 2026
Go Proxy Cache Updater
Version updated for https://github.com/nicholas-fedor/go-proxy-pull-action to version v1.1.11.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.1.11 (2026-07-02)
July 2, 2026
Open Delivery Spec
Version updated for https://github.com/open-delivery-spec/validate-action to version v0.2.1.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed 👻 Maintenance ci: add scheduled workflow to bump the pinned CLI version by @shenxianpeng in #45 chore: pin default cli-ref to a stable release for reproducibility by @shenxianpeng in #43 Full Changelog: https://github.com/open-delivery-spec/validate-action/compare/v0.2.0...v0.2.1
July 2, 2026
Polygraph MCP gate
Version updated for https://github.com/polygraphso/litmus to version litmus-v0.22.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Patch release shipping the security and correctness fixes from the 2026-07-02 engineering review.
False-pass paths (grading correctness):
A1 — iptables add-op is now atomic (set -e): a partial rule insertion exits non-zero so the caller falls back to --internal instead of running with broken NAT and silently missing IP-literal/DoH egress A2 — readOnlyHint:true can no longer bypass the exercise skip gate: unsafeToExerciseToolNames now checks the broad STATE_CHANGING_VERBS set regardless of the annotation, so a lying swap_*/buy_*/approve_*/mint_* tool is never actively bait-called A3 — content in a JSON-RPC error response is now scanned: callToolArgs carries errorText; probes 1.2, 1.3 run scanInjection on it, probe 3.1 runs internalsLeak A5 — MCP progress forwarding: void sendNotification(…) → .catch(() => {}) so a client disconnect during a run can’t kill the server process Sandbox observability:
July 2, 2026
Postman Onboarding Workspace Bootstrap
Version updated for https://github.com/postman-cs/postman-bootstrap-action to version v2.6.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-bootstrap-action/compare/v2...v2.6.0
July 2, 2026
Notify QA Wolf on Deploy
Version updated for https://github.com/qawolf/notify-qawolf-on-deploy-action to version v2.0.1.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.0.1 Fix the ephemeral-environment input being ignored. Ephemeral deployments are now notified as ephemeral instead of as a regular GitHub deployment, and deployment-url is required when ephemeral-environment is true. v2.0.0 The action now runs on Node 24. v1.2.1 Allow ephemeral-environment as a valid input param v1.2.0 Don’t guess a recent PR number based on SHA for non-PR events v1.1.5 Allow pull-request-number as a valid input param v1.1.4 Fix a problem where the sha passed in via merge_group events was wrong, causing commit checks to never complete v1.1.3 Update README.md to include deployment_type examples v1.1.2 Correct code sample in README where GITHUB_TOKEN is being passed as a secrets instead of an env v1.1.1 Improve logging to facilitate debugging v1.1.0 Expose an eventId on errors Output the environmentId on attemptNotifyDeploy v1.0.4 Extract information from Github Event and send it to attemptNotifyDeploy v1.0.3 Add qawolf-base-url optional input v1.0.2 Fix action name on documentation v1.0.1 Fix build problem and add branding v1.0.0 Initial version
July 2, 2026
Build & Push to Registry
Version updated for https://github.com/relybytes/actions-docker-build-push to version v1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Build & Push to Registry v1.0.0 First stable release of actions-docker-build-push, a GitHub Action for building Docker images and pushing them to container registries with a predictable naming convention.
Main features Build Docker images using Docker Buildx Push images to GitHub Container Registry by default Support any container registry, including Docker Hub, Harbor, OVHcloud Managed Private Registry, and custom registries Default authentication with GitHub actor and GITHUB_TOKEN Automatic image naming based on branch, tag, or pull request Environment suffixes such as prod, dev, staging, rc, hotfix, feat, and pr-{number} Auto-generated version tags using YYYY-MM-DD.shortsha Optional :latest tag on main/master builds Support for additional tags Support for multi-platform builds Support for build arguments Support for multi-stage Dockerfile targets Automatic OCI labels Optional local build validation with push: "false" Output image reference, repository, version, suffix, tags, digest, and build timestamp Default behavior With no registry credentials passed, the action defaults to GitHub Container Registry:
July 2, 2026
Remyx Outrider
Version updated for https://github.com/remyxai/outrider to version v1.7.6.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The v1.7.5 cocoindex install step ran ccc --version as a sanity check, but the typer app doesn’t expose a –version flag so it raised a red “No such option ‘–version’” error box in the Actions UI. The || true suppression meant the step still succeeded, but the visible error box was misleading.
July 2, 2026
Gated automerge
Version updated for https://github.com/run-action/automerge to version v1.2.3.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed docs: simplify description (#4) (46cd9d2) docs: rename action to gated automerge (d80ec1c) docs: add required checks read permissions (240cb58) feat: add option to disable require-checks (2362745) deps: bump nixpkgs in the dependencies group across 1 directory (#2) (77ebbe4) feat: add support for skip-labels (7cd48f4) Auto update internal actions (bb2e6d1) Add release workflow (6fc2ea8) Add linting and dependabot (499faef) Add action.yaml with examples (0f0d6da)
July 2, 2026
runs-on/action
Version updated for https://github.com/runs-on/action to version v2.2.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/runs-on/action/compare/v2.1.2...v2.2.0
July 2, 2026
Bernstein — Multi-Agent Orchestration
Version updated for https://github.com/sipyourdrink-ltd/bernstein to version v2.11.0.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.11.0 Released 2026-07-02.
Features The openai_agents runner accepts optional sampling and endpoint parameters: temperature, top_p, top_k, base_url, and api_key_env on the runner manifest, flowing into the SDK client and model settings. Absent fields keep the previous behavior byte-identical. When base_url is set the runner switches to the chat-completions API and excludes the custom client from tracing, so a third-party key is never sent to the default tracing endpoint. Every effective parameter is logged in the runner start event, so runs stay self-describing. Design validated in daily runs by @shanemmattner (#2159). (#2173) api_key_env is fail-closed: it must name a known LLM provider key from the built-in allowlist; anything else requires the operator to allow it via BERNSTEIN_ALLOWED_API_KEY_ENVS on the host, which a repository cannot set. Requesting sampling parameters on an adapter without the new SUPPORTS_SAMPLING_PARAMS capability fails loudly instead of silently dropping them. (#2173) SDK runners now write heartbeats, so they are visible to the stall watchdog between spawn and exit. (#2173) Fixes The Docker sandbox path from v2.10.0 is hardened: each spawned agent gets its own sandbox session (one exec timeout no longer tears down every agent’s container), committed work is bundled out of the container and fetched into the host repo under sandbox/<session_id> refs, sandbox lifecycle events land in the HMAC-chained audit log with emissions serialized so concurrent lifecycles cannot fork the chain, and provisioning probes task-server reachability and warns on daemons without host networking. (#2162, #2172) The bernstein worker loop can spawn agents again: it constructed the spawner with arguments that never existed and raised TypeError on the first claimed task. The server URL now also reaches spawned agents through the environment allowlist. (#2163, #2171) Dependencies Routine CI action digest updates (github/codeql-action, docker/setup-buildx-action).
July 2, 2026
Skyhook Docker Multi-Registry Build Push
Version updated for https://github.com/skyhook-io/docker-build-push-action to version v1.5.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.5.3 (2026-07-02) Bug Fixes run bundled Docker actions on the Node 24 runtime (#8) (526d49e)
July 2, 2026
Pipr Review
Version updated for https://github.com/somus/pipr to version v0.1.3.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.1.3 (2026-07-02) Bug Fixes gate releases on main ci (#7) (eb479e0)
July 2, 2026
DProvenanceKit regression gate
Version updated for https://github.com/Therealdk8890/dprovenancekit-action to version v1.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Patch over v1.1.0: the golden-context / candidate-context inputs now resolve through the runs subcommand (available in every 0.3.x SDK) instead of requiring gate CLI flags newer than the PyPI release. Caught by this repo’s smoke test before any user hit it. The v1 tag points here.
July 2, 2026
Agents Shipgate
Version updated for https://github.com/ThreeMoonsLab/agents-shipgate to version v0.14.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Agents Shipgate v0.14.0
July 2, 2026
Podcast Creator
Version updated for https://github.com/xDevMe/podcast-generator to version v1.0.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/xDevMe/podcast-generator/commits/v1.0
July 2, 2026
AI-Driven ADR Enforcer
Version updated for https://github.com/y-matsuo081991/ai-adr-enforcer to version v1.1.5.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/y-matsuo081991/ai-adr-enforcer/compare/v1.1.3...v1.1.5
July 2, 2026
Setup Prolog
Version updated for https://github.com/fabasoad/setup-prolog-action to version v1.1.2.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(ci): bump actions/checkout from v6 to v7 by @fabasoad in https://github.com/fabasoad/setup-prolog-action/pull/9 Full Changelog: https://github.com/fabasoad/setup-prolog-action/compare/v1.1.1...v1.1.2
July 2, 2026
Setup Uiua
Version updated for https://github.com/fabasoad/setup-uiua-action to version v0.1.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(ci): bump actions/checkout from v6 to v7 by @fabasoad in https://github.com/fabasoad/setup-uiua-action/pull/7 Full Changelog: https://github.com/fabasoad/setup-uiua-action/compare/v0.1.2...v0.1.3
July 2, 2026
Fallow - Codebase Intelligence
Version updated for https://github.com/fallow-rs/fallow to version v2.104.0.
This action is used across all versions by 235 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Highlights This release is heavy on CSS intelligence. fallow health --css now understands CSS-in-JS (styled-components, emotion, linaria, vanilla-extract, StyleX, Panda) as first-class, ships a second styling-health quality axis, and adds a design-token blast-radius index. Plus a staged human review walkthrough, an opt-in unused-prop exemption, and a batch of framework false-positive fixes.
July 2, 2026
accessibility-scanner
Version updated for https://github.com/github/accessibility-scanner to version v3.3.0.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 43 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed New Features Add group_by option to the accessibility scanner by @taarikashenafi in https://github.com/github/accessibility-scanner/pull/239 Add dry_run option to the accessibility scanner by @taarikashenafi in https://github.com/github/accessibility-scanner/pull/232 Distinguish wcag vs best practice by @kzhou314 in https://github.com/github/accessibility-scanner/pull/233 Match axe findings by rule and report all failing elements by @kzhou314 in https://github.com/github/accessibility-scanner/pull/240 Disable reopen wontfix by @kzhou314 in https://github.com/github/accessibility-scanner/pull/234 Update reflow-scan text to improve clarity and reference WCAG 2.2 by @taarikashenafi in https://github.com/github/accessibility-scanner/pull/231 Dependency/documentation updates chore(deps): Bump ruby/setup-ruby from 1.307.0 to 1.308.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/218 chore(deps-dev): Bump the npm-minor-and-patch group across 5 directories with 3 updates by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/219 chore(deps): Bump ruby/setup-ruby from 1.308.0 to 1.310.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/220 chore(deps): Bump puma from 8.0.1 to 8.0.2 in /sites/site-with-errors in the bundler-minor-and-patch group by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/221 chore(deps): Bump ruby/setup-ruby from 1.310.0 to 1.311.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/225 chore(deps): Bump ruby/setup-ruby from 1.311.0 to 1.313.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/227 chore(deps-dev): Bump vite from 8.0.12 to 8.0.16 by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/228 chore(deps-dev): Bump @types/node from 25.9.0 to 26.0.0 by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/236 chore(deps-dev): Bump undici from 6.24.1 to 6.27.0 by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/237 chore(deps): Bump the github-actions group across 4 directories with 2 updates by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/235 chore(deps): Bump concurrent-ruby from 1.3.5 to 1.3.7 in /sites/site-with-errors by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/238 New Contributors @taarikashenafi made their first contribution in https://github.com/github/accessibility-scanner/pull/231 @kzhou314 made their first contribution in https://github.com/github/accessibility-scanner/pull/234 Full Changelog: https://github.com/github/accessibility-scanner/compare/v3.2.0...v3.3.0
July 2, 2026
TrustCheck Package Scanner
Version updated for https://github.com/Halfblood-Prince/trustcheck to version v2.1.2.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published from immutable commit e6660a53c73391a10e8e721e3a245b25e3289b4b. The release workflow publishes PyPI, GitHub Action, Snap Store, and GHCR Docker distributions after shared tag verification, QA, matrix, and coverage builds.
Release artifacts:
dist/* dist/SHA256SUMS.txt dist/*.cdx.json standalone trustcheck-*-windows-x86_64.exe with checksum unsigned trustcheck-*-store.msix for Microsoft Store submission GHCR Docker images for linux/amd64, linux/arm64, and linux/arm/v7 Verify the direct Windows executable before use:
July 2, 2026
AI Plugin Scanner
Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.366.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/320919c7979db097e4d0485e97a0a7675bc59620 with plugin-scanner 2.0.966.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.365...v1.2.366
July 2, 2026
HOL Codex Plugin Scanner
Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.366.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.366
July 2, 2026
Codex Action
Version updated for https://github.com/icoretech/codex-action to version v0.9.16.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.9.16 (2026-07-02) Bug Fixes deps: update codex-docker image to v0.142.5 (#46) (fc08eb8)
July 2, 2026
cibuild-action
Version updated for https://github.com/invarnhq/cibuild to version v2.2.8.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Release v2.2.8
July 2, 2026
AIGate AI Git Workflow Guard CLI
Version updated for https://github.com/LeeHueeng/aigate-ai-git-workflow-guard-cli to version v0.1.5.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Highlights Added aigate start guided setup routes for quickstart, AI setup, pre-push hooks, release readiness, and full project guard setup. Added aigate test for Git readiness plus detected project test command execution. Added aigate aitest for AI remediation prompt generation and optional Codex, Claude, Gemini, or custom agent execution with --apply. Added repository Claude Code instructions through CLAUDE.md and .aigate/integrations/claude.md. Updated multilingual README, usage, operations, roadmap, AI integration, GitHub Action, examples, and generated HTML overview docs. Extended the reusable GitHub Action to support test and safe aitest prompt generation. Validation npm run ci Release workflow dry run Tagged release workflow publish node src/cli.mjs release-check --npm --language ko Package npm: aigate-cli@0.1.5
July 2, 2026
OSS Security Policy as Code
Version updated for https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit to version v9.0.3.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed OSS Security Policy as Code Starter Kit v9.0.3 This release is the v9.0.3 release of the OSS Security Policy as Code Starter Kit (refine this line before publishing).
Highlights No feature-level changes in this release. Improvements retitle SAST-OSV-068 — the kit ingests OSV verdicts, it is not reachability-aware honor SOURCE_DATE_EPOCH for every outcome-affecting clock read; freeze the suite clock formalize SELF_ATTESTED in the published reports/2.0 schema (9.0.3) build Gemara state maps from pairs to clear a Snyk Code false positive Notes release 9.0.3 (#110) ADR-030 amendment re-grounding the v10.0.0 surface; flip ADR-021 to accepted suppress reviewed Snyk Code false positive via .snyk; keep the gate strict make Snyk Code + Snyk Open Source advisory (continue-on-error) License: Apache-2.0.
July 2, 2026
SnarkGirl
Version updated for https://github.com/mattkelly1991/SnarkGirl to version v1.15.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed SnarkGirl v1.15.3 — The Wiki Ledger + a Living Pitch 📖⚽ The World Cup tournament got two big upgrades: it now lives in your repo’s Wiki, and the pitch actually plays.
The tournament moved to the repo Wiki Standings + match reports are now human-readable, browsable wiki pages organized as World Cup → Season → Match: a Home index of seasons, a Season-{slug} standings page each, and one Season-{slug}-Match-{N} report per PR. No more base64 tokens to shuttle around. Every page carries a keyed HMAC signature footer — change a win from 3 to 4 in the wiki editor and wiki.py verify flags it INVALID. Export a private SGWC_SECRET for a real barrier. Resuming a season is just “clone the wiki.” The user names the season (and its duration) at kickoff. New helper wiki.py (render/verify/verify-all/load-season). Retired the old token.py. The live pitch is alive Players roam their formation and pass the ball, holding shape at each kickoff until someone takes it. A goal is scripted end-to-end: the ball is worked to the scorer, who drives at the net and buries it. A red card sets up a penalty kick — a code red is converted, an agent red is saved by the keeper. Sent-off players walk to a bench at the edge (home top-left, away top-right). The champion & awards now present on the wiki season page (the live arena ends on the standings). Full changelog: https://github.com/mattkelly1991/SnarkGirl/blob/main/CHANGELOG.md
July 2, 2026
Claude Ralph Loop
Version updated for https://github.com/mdelapenya/claude-ralph-github-action to version v0.9.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changes docs: link sbx sandbox docs and document sandbox inputs @mdelapenya (#97) Contributors @mdelapenya
July 2, 2026
Synaptic PR Review
Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.1.1 Strip model preamble: remove leading text before ## PR Review heading in both OpenCode and direct engine paths OpenCode engine: post_inline.py now always updates summary comment when body changes (preamble or Key Issues stripped) Direct engine: sanitize_review() strips preamble before posting
July 2, 2026
Totem Shield
Version updated for https://github.com/mmnto-ai/totem to version @mmnto/pack-rust-architecture@1.88.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.
July 2, 2026
semvertag
Version updated for https://github.com/modern-python/semvertag to version 0.8.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed semvertag 0.8.2 — release pipeline on PyPI Trusted Publishing No library changes. The package is identical to 0.8.1; this release exercises the new publish path end-to-end.
CI Releases now authenticate to PyPI via Trusted Publishing (OIDC) instead of a long-lived PYPI_TOKEN secret. uv publish auto-detects the GitHub Actions id-token; the release job runs under a pypi environment that scopes the trusted publisher (#46). Downstream No action required. Nothing about the installed package changes.
July 2, 2026
Run AER Tests
Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.5.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.5
Support DataWeave reduce With A Default Accumulator
July 2, 2026
PatchFlow Security Scan
Version updated for https://github.com/Patchflow-security/patchflow-cli to version v0.1.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed PatchFlow CLI v0.1.2 Benchmark Results (v1.0) 18 intentionally vulnerable repos: 100% recall, 918K LOC, 19 CWE categories 5 historical CVE repos: 100% recall, 387K LOC 10 clean repos: 0.094 HC/KLOC, 720K LOC See Benchmark Report v1.0 for details.
July 2, 2026
Remyx Outrider
Version updated for https://github.com/remyxai/outrider to version v1.7.4.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed HF Hub checkpoint preflight for architecture-add Issues (REMYX-178) (8a70186) arxiv HTML retry: title-overlap threshold + project-page one-hop + README verification (c6c021f) README: add lerobot #9 (ECoT reasoning supervision) to Examples (85fa29b) Coding-agent prompt: guidance on auto-format scope (be8720d) README: drop the “Recommended” ENVIRONMENTS.md section (82b9549) Recommend ENVIRONMENTS.md + cocoindex as the default setup (9ca24e1) License detection: retry via arxiv HTML on unfavorable buckets (615af84) README: restore smellslikeml/peft #5 as the primary Outrider artifact (e8fb3a0) README: swap smellslikeml/peft #5 for the upstream draft huggingface/peft #3382 (28cfc14) README: add huggingface/peft #3382 (upstream draft) to Examples (bc70d94)
July 2, 2026
nix init
Version updated for https://github.com/spotdemo4/nix-init to version v1.55.0.
This action is used across all versions by 4 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed feat: Update spotdemo4/better-checkout action to v0.13.0 (#154) (3fc7f0af893590575d0d65b8a2e3fbbdff95fdec) bump: v1.54.1 -> v1.55.0 (d2afabdda2558d6cf558962bbc7dce09ff5e9950) chore(deps): update github actions to v1.54.1 (#153) (4e0f684fbdfd7f3a0f78fe5cfe6702ef984c3370)
July 2, 2026
Repository Create
Version updated for https://github.com/stairwaytowonderland/repository-create to version v1.72.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed chore(release): 1.72.0
1.72.0 (2026-07-02) ✨ Features updates (da42214) 📚 Documentation update .github/index.md (b643fff)
July 2, 2026
Update Uclusion
Version updated for https://github.com/Uclusion/update-job to version v1.1.3.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed J-all-329 Only mark job complete when it has no open tasks (bd99322) T-all-2240 Make testPush a no-op smoke test (fixed no-code message) (deabf19) T-all-2238 Reconcile job deploy state on push; configurable pending label (de092bb) fix: Only extract job ids. (340d9bb) fix: move to node 24.x (a19c034) fix: move to node 24.x (ab6d493) fix: link doc (c83286a) fix: space in view name (ff4ac90) fix: space in view name (d0c570f) fix: urlencode (f66608d)
July 2, 2026
Velda Run job
Version updated for https://github.com/velda-io/action to version v0.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release
July 2, 2026
install spaces
Version updated for https://github.com/work-spaces/install-spaces to version v0.17.1.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.1 by @tyler-gilbert in https://github.com/work-spaces/install-spaces/pull/32 Full Changelog: https://github.com/work-spaces/install-spaces/compare/v0.16.0...v0.17.1
July 2, 2026
Run PHP Scoper
Version updated for https://github.com/WPTechnix/run-php-scoper to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v1.0.0 Initial release of the PHP-Scoper Action, a composite GitHub Action for scoping PHP project dependencies using humbug/php-scoper.
What’s Included PHP version selection: Choose any PHP version using php-version (default: 8.2).
Flexible PHP-Scoper versions: Use a specific release tag, version constraint, or branch with scoper-version.
July 1, 2026
ansede-static
Version updated for https://github.com/mattybellx/Ansede to version v5.2.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed [5.0.0] — 2026-06-27 Added Rust Pattern Engine — Native regex matching via PyO3 (ansede_rust_core), 3.6x faster on large files with graceful Python fallback Java Tree-Sitter AST Analyzer (java_ast_analyzer.py) — Replaces regex heuristics with accurate AST parsing. 9 checkers: CWE-89, CWE-78, CWE-328, CWE-918, CWE-601, CWE-79, CWE-798, CWE-22, CWE-862 4 New Detectors: CWE-942 (CORS wildcard), CWE-94 (Jinja2 SSTI), CWE-362 (TOCTOU), CWE-862 (Spring Actuator) Precision Benchmark Harness (benchmarks/precision_benchmark.py) — Multi-language, multi-repo precision tracking with per-CWE heatmaps is_framework_internal() context filter — Suppresses findings in framework/library internals (Flask src/, Express lib/) 21-repo scale proof — Validated across 7 languages with 99%+ precision on clean code Changed — Precision (99.4% FP Reduction) Calibration: Removed bare method names (exec, query, execute, raw) from callee sets to prevent Mongoose/ORM false positives Calibration: JS-023 regex anchored with (?<!\.) to prevent Browserify .require() false positives Calibration: Extended ambiguous callee guard to resolve/join for path traversal Calibration: JS-018 __proto__:null now recognized as defensive pattern, not prototype pollution Calibration: Java write() XSS check requires HTTP response receiver, not JSON writer Calibration: 9 CVE benchmark severity thresholds corrected (MEDIUM→MEDIUM, not HIGH) Calibration: CWE-295, CWE-502, CWE-532 added to test-file noise filter Changed — Performance (96% Faster) AST walk cache: Pre-computed per-function node lists shared across all 49 Python rules _rule_24 fix: Module-level AST walk moved outside per-function loop (20x → 1x) Lazy symbolic guards: Skip when no findings or conditionals present Lazy datascience rules: Skip for files without DS imports Java regex→AST: Always uses tree-sitter when available, eliminating regex overhead Fixed Windows path handling: \tests\, \examples\, \docs\ backslash patterns in triage filters Empty CWE display: PY-003 assigned CWE-252, PY-044 assigned CWE-1120 Test-file CWE-98 suppression: Dynamic require in test files correctly filtered CVE Recall: 92.7%→100% (164/164 across 5 languages) What’s New Since v4.1.0 100% CVE recall (164/164) — every known vulnerability detected 99.4% FP reduction on 5 clean repos (535→3 findings) 86% FP reduction on 21 repos across 7 languages 96% faster Python scanning (2,600→5,100 LOC/s) 3.6x faster JavaScript pattern matching via Rust engine Java AST analyzer replaces regex, PetClinic: 38→0 findings
July 1, 2026
Claude Ralph Loop
Version updated for https://github.com/mdelapenya/claude-ralph-github-action to version v0.8.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changes feat: wrap claude execution in Docker sbx sandbox @mdelapenya (#95) Contributors @mdelapenya
July 1, 2026
FHIR Validator
Version updated for https://github.com/medvertical/records-fhir-validator to version validator-v0.4.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed npm tarball release for @records-fhir/validator@0.4.1. Synced from medvertical/records monorepo.
Install npm install @records-fhir/validator@0.4.1 What’s new in 0.4.1 Patch release for the standalone validator evidence lanes and MII reference workflow. Released with @records-fhir/validation-types 0.1.5.
Added Added validator claim summary generation for publishing the current HL7, MII reference, and FHIR Schema dual-path evidence in one machine-readable artifact. Added FHIR Schema dual-path action reporting so unconfirmed graph/reference buckets remain explicit follow-up work instead of hidden parity debt. Added package-backed terminology diagnostics and local terminology server helpers for deterministic MII/FHIR Schema quality lanes. Changed Hardened the MII reference triangulation workflow with reference-health probes, policy-rule extraction, skip taxonomy, and failed-profile prewarm details. Refreshed the public validator documentation around the 2026-07-01 evidence: 496/496 HL7 executable JSON comparisons, 231/231 measured MII reference parity, and 555-fixture FHIR Schema dual-path coverage. Tightened FHIR Schema graph slicing, reference-target extraction, and pattern diagnostics while keeping the graph path in parallel evidence mode. Fixed Fixed MII package relevance detection so package names containing substrings such as isik are not misclassified as Gematik ISiK packages. Fixed nested profile slice scoping and choice/FHIRPath edge cases uncovered by the MII and FHIR Schema dual-path lanes. Verification Verified with repository lint, stable tests, targeted validator Vitest suites, full affected conformance, MII reference gate, HL7 parity gate, and FHIR Schema dual-path report generation. Matched npm tarballs @records-fhir/validator@0.4.1 — also tagged validator-v0.4.1 @records-fhir/validation-types@0.1.5 The matching GitHub Action release (if any) is published separately under tag v0.4.1 and is not auto-synced; this release covers the npm package only.
July 1, 2026
Agent Security Harness
Version updated for https://github.com/msaleme/red-team-blue-team-agent-fabric to version v4.7.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The harness now tests all four layers of the agentic-payments stack. Since the last PyPI release (v4.5.0), two conformance layers landed — this release ships both.
Highlights (v4.5.0 → v4.7.0: 474 → 520 tests, 33 → 36 modules) Merchant-journey layer — NEW (UCP/ACP), #228 ucp_acp_harness.py — 12 tests, stdlib-only, fail-closed reference verifier.
July 1, 2026
PatchFlow Security Scan
Version updated for https://github.com/Patchflow-security/patchflow-cli to version v0.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
July 1, 2026
Create and Configure Repository
Version updated for https://github.com/pdrodavi-group/create-configured-repo to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/pdrodavi-group/create-configured-repo/commits/v1.0.0
July 1, 2026
SkillTotal AI Component Security Scan
Version updated for https://github.com/pezhik/skilltotal to version v0.24.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changed Prompt-injection/secret precision (ruleset 25): two more FPs on defensive/security content closed, recall-preserving. (1) A -----BEGIN PRIVATE KEY----- format marker held as a string constant (auth code building a PEM, e.g. @ai-sdk/google-vertex) no longer flags ST-SECRET-EMBEDDED — the pattern now requires actual base64 key material after the marker; a real multi-line key still fires. (2) A credential path cited inside a markdown inline-code span in a security guide (`write to ~/.ssh`, e.g. claude-blog) is routed to needs_review instead of ST-SENS-PATH — scoped to markdown, so a JS template literal in code and a bare path in prose still fire. Both removed spurious ST-COMBO-EXFIL escalations. New unit tests + negative corpus samples; FP floor and benign corpus stay at zero.
July 1, 2026
Sensez - Code Quality Feedback
Version updated for https://github.com/popov95s/sensez to version 0.1.6-alpha.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release of the Sensez GitHub Action for pull request analysis.
What It Does Posts annotations and optional review comments on duplicated code blocks found in PR diffs. Fail-on-new thresholds let you gate merges on detected duplication. Language Support Python only in this initial release. JavaScript, TypeScript, and Rust support exist in the full CLI but are not yet shipped in the PyPI build used by the action. What Is Sensez? A structural maintainability tool that complements linters and type-checkers. It builds a graph representation of your code to detect structural duplication, dead code and code smell.
July 1, 2026
Postman Onboarding Workspace Bootstrap
Version updated for https://github.com/postman-cs/postman-bootstrap-action to version v2.1.2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-bootstrap-action/compare/v2.1.1...v2.1.2
July 1, 2026
Postman Onboarding Repo Sync
Version updated for https://github.com/postman-cs/postman-repo-sync-action to version v2.0.1.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-repo-sync-action/compare/v2.0.0...v2.0.1
July 1, 2026
Postman Onboarding Smoke Flow
Version updated for https://github.com/postman-cs/postman-smoke-flow-action to version v2.0.1.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-smoke-flow-action/compare/v2.0.0...v2.0.1
July 1, 2026
Rearm Build And Submit Release metadata action
Version updated for https://github.com/relizaio/rearm-docker-action to version 1.13.4.
This action is used across all versions by 6 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Address zizmor findings Bump rearm-actions to v1.7.0
July 1, 2026
ReARM Version and Publish Helm Chart Action
Version updated for https://github.com/relizaio/rearm-helm-action to version 1.10.2.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Address zizmor findings Bump rearm-actions to v1.7.0
July 1, 2026
Remyx Outrider
Version updated for https://github.com/remyxai/outrider to version v1.7.0.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Behavior changes that replace categorical shape-label guards with measurement-based decisions, and give the selection stage access to workflow-attached tooling (ENVIRONMENTS.md).
Behavior changes Substitution guard removed. shape in ("replacement", "simplification") → auto-Issue short-circuit no longer fires before implementation. Replacement/simplification runs proceed; the path allowlist + check_integration() catch broken diffs on measured evidence. ENVIRONMENTS.md at selection. Loader runs early and threads the body into select_recommendation’s prompt, so the selection agent has workflow-attached tooling (AST-search skills, MCP servers) while verifying candidates. Empty ENVIRONMENTS.md = unchanged behavior. Self-review orphan surfaced, not vetoed. When is_orphan=true, the PR ships with a prominent warning in the body instead of being downgraded to Issue. Upstream measurement-based gates already catch scaffold-shaped diffs. Confabulation check. Extracts path-like tokens from selection_reasoning and verifies each against the workdir. Step-summary shows N of M verified; a 0 of N verified line surfaces confidently-wrong reasoning. Compatibility Backwards-compatible for runs without an ENVIRONMENTS.md file (loader no-ops). No config changes needed.
July 1, 2026
Jira Sprint CalVer
Version updated for https://github.com/RuBAN-GT/jira-sprint-calver-action to version v1.0.2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.0.2 (2026-07-01) Bug Fixes Minor update (7402e43)
July 1, 2026
Skyhook Cloud Login
Version updated for https://github.com/skyhook-io/cloud-login to version v1.11.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.11.1 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#2) (d64734d)
July 1, 2026
Skyhook Docker Multi-Registry Build Push
Version updated for https://github.com/skyhook-io/docker-build-push-action to version v2.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 2.0.0 (2026-07-01) feat!: upgrade Docker actions and drop buildx_install input (#7) (09a68f8) BREAKING CHANGES removed the buildx_install input. docker/setup-buildx-action v4 removed its install input, so the composite no longer exposes buildx_install; the docker build -> docker buildx build alias it enabled is gone. Use the BUILDX_BUILDER env var if that behavior is needed. Claude-Session: https://claude.ai/code/session_011T9ASy4VmRoYrnuTsLd9oU
July 1, 2026
Skyhook GitHub Auth Token
Version updated for https://github.com/skyhook-io/github-auth-token to version v1.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.1.1 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#1) (4d92bbc)
July 1, 2026
Skyhook Login to AWS
Version updated for https://github.com/skyhook-io/login-aws to version v1.7.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.7.2 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#1) (d7837a6)
July 1, 2026
Skyhook Login to Azure AKS
Version updated for https://github.com/skyhook-io/login-azure-aks to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.0.1 (2026-07-01) Bug Fixes update author from KoalaOps to Skyhook (92c7dc0) upgrade GitHub Actions dependencies (#1) (65c0a96)
July 1, 2026
Skyhook Login to GCP GKE
Version updated for https://github.com/skyhook-io/login-gcp-gke to version v1.2.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.2.2 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#2) (70f56db)
July 1, 2026
rsync action
Version updated for https://github.com/spotdemo4/rsync-action to version v0.0.2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed bump: v0.0.1 -> v0.0.2 (48fa2b3) ci(release): replace flake-release and npm publish with gh/forgejo cli (f595fd4) chore(deps): update dependency rolldown to ^1.1.4 (#1) (aa20caf) ci(workflows): add rsync tag and release automation (d0abd20) fix(action): parse rsync TLS port with fallback and range checks (e825732) refactor(action): use static rsync releases for tool setup (7739f63) fix(flake): use pkgs.rsync instead of pkgs.pkgsStatic in overlay (9e2dc66) ci: run checks on amd64 and arm64 runner matrix (7eb0273) ci(check): pass rsync auth inputs to workflow step (3398413) build(flake): update inputs and skip rsync itemize test (0ba1338)
July 1, 2026
Setup Tombi
Version updated for https://github.com/tombi-toml/setup-tombi to version v1.1.7.
This action is used across all versions by 130 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed This setup-tombi release matches tombi v1.1.7.
Full Changelog: https://github.com/tombi-toml/setup-tombi/compare/v1...v1.1.7
July 1, 2026
Cloudflare Email Sending
Version updated for https://github.com/tourcoder/cloudflare-email-sending to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/tourcoder/cloudflare-email-sending/commits/v1.0.0
July 1, 2026
spaces checkout run
Version updated for https://github.com/work-spaces/spaces-checkout-run to version v0.17.1.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.1 by @tyler-gilbert in https://github.com/work-spaces/spaces-checkout-run/pull/26 Full Changelog: https://github.com/work-spaces/spaces-checkout-run/compare/v0.16.0...v0.17.1
July 1, 2026
RepoScope Security scanning + AI-code provenance
Version updated for https://github.com/xdun1698/reposcope-action to version v1.0.4.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Scan your codebase for security vulnerabilities and AI-code provenance on every push and pull request — inline PR comments, a build-gating security score, and a shareable HTML report.
New in 1.0.4 Listing name updated to “RepoScope Security scanning + AI-code provenance”. What it does 30 security detectors across 14 languages — secrets, SQL injection, XSS, command injection, TLS misconfigurations, permissive CORS, and weak crypto. AI-code provenance — flags which scanned files are attributed to AI coding tools (Copilot, Cursor, Claude, Codeium, Windsurf, Aider, Devin) in git history, and writes a machine-readable provenance.json record. Local and deterministic — no network, no LLM. Inline PR review comments — one per finding: file, line, severity badge, CWE ID, and a fix hint. GitHub Check run — PASS/FAIL against your score threshold, with annotations. HTML report artifact + build gating (fail-on, threshold) + # reposcope-ignore: suppression. Quickstart - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: xdun1698/reposcope-action@v1 with: token: ${{ secrets.GITHUB_TOKEN }} Source: https://github.com/xdun1698/reposcope-action · Website: https://reposcope.app
July 1, 2026
Setup poly CLI
Version updated for https://github.com/Goldziher/polylint to version v0.1.7.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Release v0.1.7
July 1, 2026
ReleaseKit – Automated Versioning & Release
Version updated for https://github.com/goosewobbler/releasekit to version v0.38.1.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed: Fixed independent-group members to be labeled as “bundled” instead of “coupled” in the release summary. (#513, #509) Fixed standing-PR changelog sections to use #### headings instead of bold text, restoring proper spacing within blockquotes. (#511, #508) Fixed bare #N issue references in changelog entry descriptions to be neutralized and deduplicated with appended ref labels. (#510, #507) Full Changelog: https://github.com/goosewobbler/releasekit/compare/0.38.0...0.38.1
July 1, 2026
Vizb Action
Version updated for https://github.com/goptics/vizb to version v0.14.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix(action): preserve scatter settings on merge-deploy by @fahimfaisaal in https://github.com/goptics/vizb/pull/155 feat: add terminal logo banner to install scripts by @fahimfaisaal in https://github.com/goptics/vizb/pull/156 feat: green arrow logs, simplify messages by @fahimfaisaal in https://github.com/goptics/vizb/pull/158 fix(charts): tooltip legend layout and sigma math by @fahimfaisaal in https://github.com/goptics/vizb/pull/159 fix(stats): correct CI formula, zAxis drop, and edge guards by @fahimfaisaal in https://github.com/goptics/vizb/pull/160 docs(readme): add quick example with platform-specific install commands by @fahimfaisaal in https://github.com/goptics/vizb/pull/162 chore(docs): upgrade Astro 6 to Astro 7 with Rust compiler by @fahimfaisaal in https://github.com/goptics/vizb/pull/164 fix(charts): fit y-axis to data range for line and scatter charts by @fahimfaisaal in https://github.com/goptics/vizb/pull/163 fix(charts): size value 3D grid from category counts and cap camera distance by @fahimfaisaal in https://github.com/goptics/vizb/pull/161 chore(ui): upgrade vite 8 and vitest 4 by @fahimfaisaal in https://github.com/goptics/vizb/pull/165 feat(charts): add –symbol and –symbol-size flags for line and scatter by @fahimfaisaal in https://github.com/goptics/vizb/pull/166 feat(scatter): add –visualmap for 2D scatter gradient coloring by @fahimfaisaal in https://github.com/goptics/vizb/pull/169 feat: applicability-rule pipeline + config/ → internal/ move by @fahimfaisaal in https://github.com/goptics/vizb/pull/170 feat(dataset): add –id flag and ?id= URL dataset selection by @fahimfaisaal in https://github.com/goptics/vizb/pull/171 fix(scatter): apply visualMap on large datasets and add house-price example by @fahimfaisaal in https://github.com/goptics/vizb/pull/172 feat(select): solo –select axis mode, multi-stat, and mixed by @fahimfaisaal in https://github.com/goptics/vizb/pull/173 feat(ci): local ACT example, stable id links, and parser fixes by @fahimfaisaal in https://github.com/goptics/vizb/pull/174 fix(sort): apply sort to 1-axis charts by @fahimfaisaal in https://github.com/goptics/vizb/pull/175 docs(charts): add bar and line examples with screenshots by @fahimfaisaal in https://github.com/goptics/vizb/pull/168 Full Changelog: https://github.com/goptics/vizb/compare/v0.13.0...v0.14.0
July 1, 2026
AI Plugin Scanner
Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.357.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/869275bc9c3ab57804fbc0b168b6a98e91c39a3a with plugin-scanner 2.0.957.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.356...v1.2.357
July 1, 2026
HOL Codex Plugin Scanner
Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.357.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.357
July 1, 2026
PDPL Compliance Scan
Version updated for https://github.com/imohad/pdpl-scanner to version v1.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Builds on v1.0.0 with broader detection, fewer false positives, suppression, and a bilingual HTML report. 32 tests; CI green on Python 3.8/3.11/3.12.
New detection PDPL-CB-02 — personal data sent to a foreign third-party processor (analytics, email, CRM, AI, observability, payments: mixpanel, segment, sendgrid, twilio, openai, stripe, datadog, …). Entity-aware severity like CB-01. PDPL-SEC-02 — database/transport TLS disabled (sslmode=disable, ssl_mode="disable", ssl=false). Assisted controls now run in the engine as high-recall LEADs: DSR-02 (soft-delete erasure), SEN-01 (sensitive data without visible encryption), and repo-wide DSR-01 / RET-01 / LB-01. Leads never fail the gate on their own. Accuracy PDPL-SEC-03 placeholder/low-entropy triage: defaults like changeme / your_password downgrade to a medium LEAD; real-format secrets stay critical. Suppression Inline # pdpl-ignore[CONTROL,…], a .pdplignore file (gitignore-style globs), and glob support in --exclude. Reporting & DX Standalone bilingual HTML report (--html); SARIF partialFingerprints for stable code-scanning dedup; --show-pass + passed_controls in JSON. .pre-commit-hooks.yaml, PyPI publish workflow (OIDC), README badges, and community files. Upgrade: uses: imohad/pdpl-scanner@v1 now resolves to v1.1.0.
July 1, 2026
Agent Guard Secret Guardrails
Version updated for https://github.com/JeongJaeSoon/agent-guard to version v1.5.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat(detection): broaden output secret recall (JWT, bearer, more env keys) by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/85 feat(shell): mask ! shell-escape output via agent-guard exec + shell-init by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/86 release: v1.5.0 by @github-actions[bot] in https://github.com/JeongJaeSoon/agent-guard/pull/88 Full Changelog: https://github.com/JeongJaeSoon/agent-guard/compare/v1.4.0...v1.5.0
July 1, 2026
datamodel-code-generator
Version updated for https://github.com/koxudaxi/datamodel-code-generator to version 0.66.2.
This action is used across all versions by 3,234 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Update CHANGELOG for 0.66.1 by @dcg-generated-docs[bot] in https://github.com/koxudaxi/datamodel-code-generator/pull/3507 Update release benchmark data by @dcg-generated-docs[bot] in https://github.com/koxudaxi/datamodel-code-generator/pull/3508 Add Modular to Used by list by @koxudaxi in https://github.com/koxudaxi/datamodel-code-generator/pull/3509 Add Pydantic missing sentinel option by @koxudaxi in https://github.com/koxudaxi/datamodel-code-generator/pull/3510 Full Changelog: https://github.com/koxudaxi/datamodel-code-generator/compare/0.66.1...0.66.2
July 1, 2026
AI Commit Review
Version updated for https://github.com/leek/ai-commit-review to version v1.1.6.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Allow AI commit review to continue when at least one selected provider produces a valid review. Failed providers are still reported through provider-failures and logged as warnings; the action now fails only when no selected provider completes successfully.
July 1, 2026
Git Velocity Analyser
Version updated for https://github.com/lukaszraczylo/git-velocity to version v1.0.9.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog
July 1, 2026
lgtmaybe
Version updated for https://github.com/MattJColes/lgtmaybe to version lgtmaybe-v0.9.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.9.2 (2026-07-01) Bug Fixes provider: fail fast on expired cloud credentials (#162) (c56fa7d)
July 1, 2026
Synaptic PR Review
Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.0.19.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.0.19 Context Files Support Auto-detect architecture docs, CLAUDE.md, AGENTS.md, SOUL.md, MEMORY.md, README as review context User can specify custom context files via context_files input (comma-separated paths) Smart budget: context files only fetched when diff < 70K chars (15K budget for context) LLM receives context in <context> block alongside the diff for better-informed reviews Inline Comments for OpenCode Engine OpenCode engine now posts inline resolvable review comments via post-processing step post_inline.py extracts issues JSON from OpenCode review and posts as PR review comments Summary comment updated to remove duplicate key issues section Improvements Only warn for user-specified context paths, not auto-detect Diff size check for OpenCode engine before fetching context files
July 1, 2026
Totem Shield
Version updated for https://github.com/mmnto-ai/totem to version @mmnto/pack-rust-architecture@1.87.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.
July 1, 2026
Suppress Ratchet
Version updated for https://github.com/motchalini-llc/suppress-ratchet to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed feat: initial Suppress Ratchet action — gate linter suppressions (Python + TS) (7d9b6e0)
July 1, 2026
Themis PR Gate
Version updated for https://github.com/Pheoxy/themis to version v1.0.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Summary Themis v1.0.2 is a patch release for GitHub Marketplace publication metadata.
Changed GitHub Action Marketplace display name changed from Themis to Themis PR Gate so it satisfies GitHub Marketplace’s global action-name uniqueness requirement. Stable GitHub Action examples now reference Pheoxy/themis@v1.0.2. Documentation now explains why the Marketplace display name differs from the project name. Verification Completed before tagging:
July 1, 2026
Polygraph MCP gate
Version updated for https://github.com/polygraphso/litmus to version litmus-v0.22.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Minor release shipping two changes from a false-positive review of the harness:
#78 fix(c02) — the C-02 egress D rationale is now actionable: it names the undeclared host(s) and points authors at polygraph.egress, and the CLI itemizes them. Messaging only — every server’s letter grade is byte-identical. #79 feat(sandbox) — pypi/uvx MCP servers are now gradeable under the Docker sandbox. They stage wheels-only into a venv (no target code runs during staging; fails closed on sdist), resolve offline, and launch with the venv python. Both the connect and C-02 egress paths support pypi; gVisor runtime parity preserved. methodologyVersion is unchanged (litmus-v10) — a pypi server is graded by the same rubric as an npm one.
July 1, 2026
Remyx Outrider
Version updated for https://github.com/remyxai/outrider to version v1.6.34.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed When the agentic selection call fails (429, timeout, unparseable output), Outrider’s fallback picks the highest-relevance candidate. Ties on relevance were previously broken by list position — Python’s max() returns the first element at the max value.
July 1, 2026
MaintainerOps AI
Version updated for https://github.com/rtonf/maintainerops-ai to version v0.1.11.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.1.11 npm Provenance Metadata Repair MaintainerOps AI v0.1.11 is a publishing metadata repair release after v0.1.10 reached npm Trusted Publishing but failed provenance validation.
Fix Adds package.json repository.url with https://github.com/rtonf/maintainerops-ai. Keeps the npm Trusted Publishing workflow tokenless and provenance-backed. Preserves the v0.1.10 model-backed eval, label normalization, and release workflow changes. Verification Plan npm run verify GitHub PR checks and post-merge CodeQL Publish GitHub Release v0.1.11 Confirm the npm Trusted Publishing workflow publishes maintainerops-ai@0.1.11 Verify: npm view maintainerops-ai version dist-tags time --json npm exec --yes --package maintainerops-ai@latest -- maintainerops --help
July 1, 2026
RsMetaCheck
Version updated for https://github.com/SoftwareUnderstanding/rs-metacheck-action to version 0.3.4.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed entry point typo to use the latest RSMetaCheck version by @francoto
July 1, 2026
danger-ruby-action
Version updated for https://github.com/tdrk18/danger-action to version v1.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed New Inputs Added 6 new inputs to expose missing Danger CLI options:
fail-on-errors — Always fail the build when Danger reports errors (--fail-on-errors) fail-if-no-pr — Fail the build if no PR is found (--fail-if-no-pr) new-comment — Post a new comment instead of editing the previous one (--new-comment) remove-previous-comments — Remove all previous comments and post a new one (--remove-previous-comments) base — Branch/tag/commit to use as the base of the diff (--base) head — Branch/tag/commit to use as the head of the diff (--head) All new inputs are optional and default to their Danger defaults, so existing workflows are unaffected.
July 1, 2026
Crosspost Action
Version updated for https://github.com/tgagor/action-crosspost to version v1.6.5.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.6.5 (2026-07-01)
July 1, 2026
Polder Drift — Design System Drift Alerts
Version updated for https://github.com/usepolder/drift to version v1.0.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix: review findings — shallow-checkout false-new (#8) + hardening by @jongjesse in https://github.com/usepolder/drift/pull/2 test: re-home Carbon/MUI integration tests (vendored fixtures + DS devDeps) by @jongjesse in https://github.com/usepolder/drift/pull/3 chore: repo polish (CodeRabbit config, CONTRIBUTING, badges) by @jongjesse in https://github.com/usepolder/drift/pull/1 Fix glob translation: leading/embedded **/ matches zero or more dirs by @jongjesse in https://github.com/usepolder/drift/pull/4 Fix unit-inconsistent adoption metric: count drifted components, not findings by @jongjesse in https://github.com/usepolder/drift/pull/5 fix: surface comment-post failures instead of swallowing them by @jongjesse in https://github.com/usepolder/drift/pull/6 chore: prep v1 for GitHub Marketplace publish by @jongjesse in https://github.com/usepolder/drift/pull/8 fix: paginate GitHub issue-comment lookup to avoid duplicate comments by @jongjesse in https://github.com/usepolder/drift/pull/7 New Contributors @jongjesse made their first contribution in https://github.com/usepolder/drift/pull/2 Full Changelog: https://github.com/usepolder/drift/commits/v1.0.0
July 1, 2026
RepoScope Security & Compliance Scanner
Version updated for https://github.com/xdun1698/reposcope-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed RepoScope Security & Compliance Scanner v1.0.0 First public release — run RepoScope’s scanner in CI to catch security issues and generate audit-ready compliance evidence on every push and pull request.
What’s included 44 security detectors across 14 languages — hardcoded secrets, SQL injection, XSS, command injection, TLS misconfigs, weak crypto, permissive CORS Inline PR review comments — one per finding with file, line, severity, CWE ID, and fix hint GitHub Check run — PASS/FAIL with a configurable score threshold and annotations on high/critical findings Compliance report artifact — HTML report mapping findings to OWASP Top 10, SOC 2 Type II, PCI-DSS v4.0, EU AI Act Article 12, and ISO/IEC 42001 Configurable build gate — fail-on severity and score threshold Inline suppression via reposcope-ignore comments Setup instructions and all inputs/outputs are in the README.
July 1, 2026
gmc — Google Merchant Center CLI
Version updated for https://github.com/yasserstudio/gmc to version v1.0.16.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed gmc ordertracking — Order Tracking sub-API (ordertracking/v1) Adds gmc ordertracking — the Order Tracking sub-API (accounts.orderTrackingSignals). This was the last remaining GA (v1) Merchant API sub-API, so the stable v1 surface is now fully covered (12 GA sub-APIs).
July 1, 2026
EcoTrace Carbon Gate
Version updated for https://github.com/Zwony/ecotrace to version v1.4.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed EcoTrace v1.4.0 Released: 2026-07-01 Type: Feature Release — 6 new features, 4 bug fixes, zero breaking changes
New Features Pausable Tracking API (pause() / esume()) Pause and resume carbon tracking to isolate your code’s emissions from setup/teardown overhead.
July 1, 2026
HOL Codex Plugin Scanner
Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.355.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.355
July 1, 2026
Holon Solve
Version updated for https://github.com/holon-run/holon to version v0.25.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Runtime line Holon v0.25.0 is part of the Rust runtime line. The Rust runtime is now the main holon binary.
This release adds a Bing Web Search provider with managed WebSearch tool kept alongside native search, an external trigger token-only storage model with reset-callback API, and trigger revocation on agent stop. It also fixes max_turns counting, coerce_string JSON-string parsing for tool arguments, callback_base_url/advertise_url decoupling, and skill install for non-flat catalog layouts. The memory indexer is redesigned as a single daemon with outbox cleanup, and SQLite connection init gains PRAGMA tuning for better performance.
July 1, 2026
lgtmaybe
Version updated for https://github.com/MattJColes/lgtmaybe to version lgtmaybe-v0.9.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.9.1 (2026-07-01) Documentation streamline install + local-model guides (#160) (6425ad3)
July 1, 2026
Totem Shield
Version updated for https://github.com/mmnto-ai/totem to version @mmnto/pack-rust-architecture@1.86.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.
July 1, 2026
agent-bom Scan
Version updated for https://github.com/msaad00/agent-bom to version v0.91.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed docs(release): 0.90.1 hygiene — soften SCA framing, fix stale pins, README callouts by @msaad00 in https://github.com/msaad00/agent-bom/pull/3314 fix(sca): honor NVD CPE inclusive/exclusive version bounds exactly by @msaad00 in https://github.com/msaad00/agent-bom/pull/3315 fix(output): surface match_confidence_tier across SARIF, JSON, HTML by @msaad00 in https://github.com/msaad00/agent-bom/pull/3317 fix(release): harden post-0.90 audit findings by @msaad00 in https://github.com/msaad00/agent-bom/pull/3316 fix(output): carry match_confidence_tier on the JSON blast_radius rollup by @msaad00 in https://github.com/msaad00/agent-bom/pull/3319 fix(ui): fail fast offline and polish README how-it-works diagram by @msaad00 in https://github.com/msaad00/agent-bom/pull/3318 fix(sca): make NVD capped sync ingest its unsynced tail across runs by @msaad00 in https://github.com/msaad00/agent-bom/pull/3320 fix(version): correct post-release regex and prerelease ordering in version compare by @msaad00 in https://github.com/msaad00/agent-bom/pull/3330 fix(graph): keep cross-page attack paths in filtered /graph by @msaad00 in https://github.com/msaad00/agent-bom/pull/3321 fix(cli): fail-close –fail-on-severity on unknown/none findings by @msaad00 in https://github.com/msaad00/agent-bom/pull/3322 fix(mcp): emit canonical OWASP codes from tool-abuse rules by @msaad00 in https://github.com/msaad00/agent-bom/pull/3323 fix(sarif): de-duplicate cloud CIS failures in SARIF output by @msaad00 in https://github.com/msaad00/agent-bom/pull/3324 fix(inventory): keep distinct MCP servers distinct across identity, enrichment, and Cortex audit by @msaad00 in https://github.com/msaad00/agent-bom/pull/3325 chore(deps): combine UI dependency updates by @msaad00 in https://github.com/msaad00/agent-bom/pull/3337 fix(model-scan): close pickle-scan size gate and memo evasion by @msaad00 in https://github.com/msaad00/agent-bom/pull/3326 fix(version): honor tagged bounds for Go pseudo-versions by @msaad00 in https://github.com/msaad00/agent-bom/pull/3327 fix(image): warn on legacy rpmdb instead of silent zero coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/3328 fix(mcp): block SSRF in repo scan and offload clone off the event loop by @msaad00 in https://github.com/msaad00/agent-bom/pull/3329 feat(ui): design-system foundation — Collapsible, Card/Section, entity icons, vendor logos, state primitives by @msaad00 in https://github.com/msaad00/agent-bom/pull/3338 fix(sca): harden OSV/NVD/KEV/GHSA sync + SQLite concurrency (availability) by @msaad00 in https://github.com/msaad00/agent-bom/pull/3339 feat(ui): real connections experience — vendor logos + connector cards wired to backend by @msaad00 in https://github.com/msaad00/agent-bom/pull/3340 fix(api): bind audit tenant server-side, harden rate-limit identity + global ceiling by @msaad00 in https://github.com/msaad00/agent-bom/pull/3341 fix(output): dedup CycloneDX components + scope finding id by package by @msaad00 in https://github.com/msaad00/agent-bom/pull/3342 fix(ui): align connections screenshot spec with redesigned headings by @msaad00 in https://github.com/msaad00/agent-bom/pull/3344 feat: capability-depth — reachability→CVE, perf, identity owner-binding, FinOps rates, SBOM attestation/SPDX2 by @msaad00 in https://github.com/msaad00/agent-bom/pull/3346 feat(ui): declutter, capability-driven IA, interaction-state fixes, real trust stack by @msaad00 in https://github.com/msaad00/agent-bom/pull/3347 feat(gateway): OAuth 2.1 AS conformance + inline A2A mutual-auth enforcement + per-tool-call scope/DLP by @msaad00 in https://github.com/msaad00/agent-bom/pull/3348 chore(release): v0.91.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/3349 Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.90.0...v0.91.0
July 1, 2026
Codeowners Plus
Version updated for https://github.com/multimediallc/codeowners-plus to version v1.10.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed v1.9.1 by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/133 Add gomodUpdateImportPaths to renovate config by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/135 dev: Update module github.com/google/go-github/v85 to v86 by @mm-renovate-bot[bot] in https://github.com/multimediallc/codeowners-plus/pull/125 Fully support sha pinning + remove docker from runtime. by @Icantjuddle in https://github.com/multimediallc/codeowners-plus/pull/143 Fix goreleaser trigger by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/146 ci: trigger goreleaser on tag push, create draft release by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/148 fix: action path has infixed ./ for local action runs by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/149 Bump the gomod group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/multimediallc/codeowners-plus/pull/151 dev: Update actions/checkout action to v7 by @mm-renovate-bot[bot] in https://github.com/multimediallc/codeowners-plus/pull/153 dev: Update golangci/golangci-lint-action action to v9.2.1 by @mm-renovate-bot[bot] in https://github.com/multimediallc/codeowners-plus/pull/140 Example workflow fixes by @kolayne in https://github.com/multimediallc/codeowners-plus/pull/150 Add the config.disable_review_status_comments config option by @kolayne in https://github.com/multimediallc/codeowners-plus/pull/160 Bump the github-actions group with 2 updates by @dependabot[bot] in https://github.com/multimediallc/codeowners-plus/pull/156 Bump the gomod group with 2 updates by @dependabot[bot] in https://github.com/multimediallc/codeowners-plus/pull/157 fix: Make sort order deterministic by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/162 New Contributors @kolayne made their first contribution in https://github.com/multimediallc/codeowners-plus/pull/150 Full Changelog: https://github.com/multimediallc/codeowners-plus/compare/v1.9.1...v1.10.0
July 1, 2026
AI Cost Receipt
Version updated for https://github.com/noah-thing/receipt to version v0.5.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Builds on 0.4.0’s session health with automation, history, and a reviewer-facing note.
receipt guard — a Claude Code hook entrypoint. Stays silent until a session crosses your gate, then prints the single most important move where the agent sees it. With --notify it exits 2 so Claude Code feeds the nudge back to the model — strongest on the PreCompact hook, right before lossy auto-compaction. receipt health --json / --quiet --gate — machine-readable output and severity exit codes (0 / 10 watch / 20 degrading / 30 critical) for hooks and CI. receipt health --all — scores every past session and learns your personal pattern (“you tend to drift around turn ~12; X% of sessions compacted too late”). Context tax — shows how much of a session is just re-sending itself (the quadratic cost behind both rising spend and fading quality). PR-comment health note — a collapsed, reviewer-facing <details> block when the work ran under degrading conditions; silent otherwise; opt out with "health": false. It never claims the code is wrong — only points to where to look. Honest constraint: the token-only ledger cannot detect redundant file reads, identical-command loops, or semantic issues (hallucinations, drift) — those need data Receipt deliberately never stores. Features only ever flag “conditions correlated with drift,” documented in docs/SESSION-HEALTH.md.
July 1, 2026
Run AER Tests
Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.3.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.3
Add Downloaded aer To Integrated Terminal PATH
Publish Platform Events Created By Flows And Stamp Generated-Code Line Numbers
Fix Flow Line-Info Backfill And Skip Time-Based Scheduled Paths In Tests
July 1, 2026
Postman API Onboarding
Version updated for https://github.com/postman-cs/postman-api-onboarding-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: skip+warn built-in tests without api key + access-token-primary docs by @jaredboynton in https://github.com/postman-cs/postman-api-onboarding-action/pull/56 Full Changelog: https://github.com/postman-cs/postman-api-onboarding-action/compare/v1...v2
July 1, 2026
Postman Onboarding AWS Spec Discovery
Version updated for https://github.com/postman-cs/postman-aws-spec-discovery-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13 chore(deps): bump the npm-minor-patch group across 1 directory with 21 updates by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/10 chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/9 chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/12 feat: optional access-token telemetry account_type by @jaredboynton in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/23 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13 Full Changelog: https://github.com/postman-cs/postman-aws-spec-discovery-action/compare/v1...v2
July 1, 2026
Postman Onboarding Workspace Bootstrap
Version updated for https://github.com/postman-cs/postman-bootstrap-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-bootstrap-action/pull/48 chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-bootstrap-action/pull/44 chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-bootstrap-action/pull/46 chore: add workflow_dispatch trigger to CI workflow by @andrewpostymt in https://github.com/postman-cs/postman-bootstrap-action/pull/36 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-bootstrap-action/pull/59 feat: sync additional local collections by @andrewpostymt in https://github.com/postman-cs/postman-bootstrap-action/pull/61 feat: access-token gateway migration + EC v3 multiprotocol collections by @jaredboynton in https://github.com/postman-cs/postman-bootstrap-action/pull/64 Full Changelog: https://github.com/postman-cs/postman-bootstrap-action/compare/v1...v2
July 1, 2026
Postman Onboarding Insights Linking
Version updated for https://github.com/postman-cs/postman-insights-onboarding-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/26 chore(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/24 chore(deps): bump the actions group with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/23 chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/25 fix: implement support for xray key matching by @hiqbal-postman in https://github.com/postman-cs/postman-insights-onboarding-action/pull/10 feat: thread access-token re-mint through Bifrost catalog client by @jaredboynton in https://github.com/postman-cs/postman-insights-onboarding-action/pull/36 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-insights-onboarding-action/pull/26 @hiqbal-postman made their first contribution in https://github.com/postman-cs/postman-insights-onboarding-action/pull/10 Full Changelog: https://github.com/postman-cs/postman-insights-onboarding-action/compare/v1...v2
July 1, 2026
Postman Onboarding Repo Sync
Version updated for https://github.com/postman-cs/postman-repo-sync-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-repo-sync-action/pull/40 chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-repo-sync-action/pull/39 fix: pass CI_ENVIRONMENT key to postman collection run env-var flag by @jaredboynton in https://github.com/postman-cs/postman-repo-sync-action/pull/49 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-repo-sync-action/pull/54 feat: add Azure DevOps repo sync support by @andrewpostymt in https://github.com/postman-cs/postman-repo-sync-action/pull/58 feat: access-token gateway routing + @postman v3 converter cutover by @jaredboynton in https://github.com/postman-cs/postman-repo-sync-action/pull/61 New Contributors @andrewpostymt made their first contribution in https://github.com/postman-cs/postman-repo-sync-action/pull/58 Full Changelog: https://github.com/postman-cs/postman-repo-sync-action/compare/v1...v2
July 1, 2026
Postman Onboarding Service Token
Version updated for https://github.com/postman-cs/postman-resolve-service-token-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/postman-cs/postman-resolve-service-token-action/pull/10 chore(deps): bump the actions group with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-resolve-service-token-action/pull/9 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-resolve-service-token-action/pull/17 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-resolve-service-token-action/pull/10 Full Changelog: https://github.com/postman-cs/postman-resolve-service-token-action/compare/v1...v2
July 1, 2026
Postman Onboarding Smoke Flow
Version updated for https://github.com/postman-cs/postman-smoke-flow-action to version v2.0.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed build(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/postman-cs/postman-smoke-flow-action/pull/16 build(deps): bump the actions group with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-smoke-flow-action/pull/15 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-smoke-flow-action/pull/23 feat: access-token-only Smoke reshape via v3 gateway by @jaredboynton in https://github.com/postman-cs/postman-smoke-flow-action/pull/28 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-smoke-flow-action/pull/16 Full Changelog: https://github.com/postman-cs/postman-smoke-flow-action/compare/v1...v2.0.0
July 1, 2026
Remyx Outrider
Version updated for https://github.com/remyxai/outrider to version v1.6.31.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The self-review call now honors the claude-timeout workflow input — completing the per-stage timeout consolidation begun in v1.6.28 (preflight), v1.6.29 (audit), v1.6.30 (selection). After this release, claude-timeout is the single budget knob across every Claude-Code stage in the chain.
July 1, 2026
rumdl-action
Version updated for https://github.com/rvben/rumdl to version v0.2.27.
This action is used across all versions by 6 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed MD077: detect latent list markers past an unstable heading (05d273e) MD013: keep reference-style links atomic when reflowing (a991a71) Downloads File Platform Checksum rumdl-v0.2.27-x86_64-unknown-linux-gnu.tar.gz Linux x86_64 checksum rumdl-v0.2.27-x86_64-unknown-linux-musl.tar.gz Linux x86_64 (musl) checksum rumdl-v0.2.27-aarch64-unknown-linux-gnu.tar.gz Linux ARM64 checksum rumdl-v0.2.27-aarch64-unknown-linux-musl.tar.gz Linux ARM64 (musl) checksum rumdl-v0.2.27-x86_64-apple-darwin.tar.gz macOS x86_64 checksum rumdl-v0.2.27-aarch64-apple-darwin.tar.gz macOS ARM64 (Apple Silicon) checksum rumdl-v0.2.27-x86_64-pc-windows-msvc.zip Windows x86_64 checksum Installation Using uv (Recommended) uv tool install rumdl Using pip pip install rumdl Using pipx pipx install rumdl Direct Download Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.
July 1, 2026
Docker Compose Cache
Version updated for https://github.com/seijikohara/docker-compose-cache-action to version v1.8.15.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed ci: fail summary jobs when upstream jobs do not succeed by @seijikohara in https://github.com/seijikohara/docker-compose-cache-action/pull/301 chore(deps): update actions/checkout action to v7 by @renovate[bot] in https://github.com/seijikohara/docker-compose-cache-action/pull/297 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/seijikohara/docker-compose-cache-action/pull/302 Full Changelog: https://github.com/seijikohara/docker-compose-cache-action/compare/v1.8.14...v1.8.15
July 1, 2026
Satellite Deploy
Version updated for https://github.com/snakenet-org/satellite-deploy to version v1.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial first release of GitHub action for the Satellite Auto-Deployment feature
July 1, 2026
Difftron Delta Coverage Gate
Version updated for https://github.com/swantron/difftron to version v1.0.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First public release.
Fail a pull request when newly changed lines aren’t tested — language-agnostic delta/patch coverage for LCOV, Cobertura, and Go coverage, in a few lines of YAML.
Composite Action, builds from source — no external binary to trust
July 1, 2026
Release Uclusion
Version updated for https://github.com/Uclusion/release-job to version v1.1.0.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed T-all-2238 Mark a job deployed only when its latest commits are on the env (ce28b48) fix: move to node 24.x (497b508) fix: link doc (92f76e8) Merge remote-tracking branch ‘origin/main’ (bcadebe) fix: space in view name (3677e82) Update README.md (e9f6d6c) feat: label releases (80fdfc6) feat: label releases (24faaeb) feat: label releases (1274acb) feat: label releases - untested (bed25f2)
July 1, 2026
Update Uclusion
Version updated for https://github.com/Uclusion/update-job to version v1.1.2.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed T-all-2240 Make testPush a no-op smoke test (fixed no-code message) (deabf19) T-all-2238 Reconcile job deploy state on push; configurable pending label (de092bb) fix: Only extract job ids. (340d9bb) fix: move to node 24.x (a19c034) fix: move to node 24.x (ab6d493) fix: link doc (c83286a) fix: space in view name (ff4ac90) fix: space in view name (d0c570f) fix: urlencode (f66608d) fix: cleanup (93a64c0)
July 1, 2026
MIU PR Review
Version updated for https://github.com/vanducng/miu-cr to version v0.81.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.81.0 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.81.0 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.81.0 GitHub Action:
July 1, 2026
Setup vp
Version updated for https://github.com/voidzero-dev/setup-vp to version v1.13.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps): update dependency vite-plus to v0.1.24 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/78 chore(deps): update vite+ to v0.1.24 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/79 chore(deps): update github actions to v3.24 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/80 test: add Node 20 to node-version matrix (expected red until Vite+ supports it) by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/84 chore(deps): upgrade vite-plus to 0.2.1 by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/85 docs: update shared agent guidance by @jong-kyung in https://github.com/voidzero-dev/setup-vp/pull/89 chore: switch input schemas to zod mini by @jong-kyung in https://github.com/voidzero-dev/setup-vp/pull/98 chore(deps): update dependency @actions/cache to v6.1.0 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/86 chore(deps): update pnpm to v11.9.0 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/99 fix: install pkg.pr.new preview builds via VP_PR_VERSION by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/100 New Contributors @jong-kyung made their first contribution in https://github.com/voidzero-dev/setup-vp/pull/89 Full Changelog: https://github.com/voidzero-dev/setup-vp/compare/v1.12.0...v1.13.0
July 1, 2026
docs-version-deploy
Version updated for https://github.com/yukiakai212/docs-version-deploy to version v2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/yukiakai212/docs-version-deploy/compare/v1...v2