• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s new

Private & gated Hugging Face model scanning — authenticate with an environment token.

• Token auth: set HF_TOKEN (or HUGGING_FACE_HUB_TOKEN) and AIsbom can scan private and gated hf:// models. The token is sent only to huggingface.co, is dropped on the redirect to the LFS CDN, and is never written to logs or telemetry.
• Clearer fetch errors: auth, network, and not-found failures now print a concise, status-aware message (no traceback) and exit non-zero, instead of silently reporting zero artifacts.
• CI guidance: README now shows the secrets.HF_TOKEN usage pattern and the egress requirement (HTTPS to huggingface.co and its LFS CDN).

What’s not changing

Scanner behavior, exit codes, and output formats (CycloneDX / SPDX / Markdown) are identical to v1.0.7. Public-model scans still work with no token. Telemetry remains opt-out via AISBOM_NO_TELEMETRY=1; the only token-related field collected is a token_present boolean — never the value.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

npm-scan v1.2.1

Release Summary

• Campaign Detection: 100% (3/3 real attacks)
• False Positive Rate: 0.0% (0/990 packages)
• Tests: All 671 passing
• Code Quality: 0 linting errors

Validation Metrics

• D6 (Version Anomaly): 92% avg confidence
• D7 (Obfuscation): 80% avg confidence
• D1 (Typosquat): 87.9% avg confidence

See VALIDATION.md for full metrics.

Published with npm provenance attestation (SLSA Level 2).

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Release 1.0.0 (333855f)
• Release 0.1.1 (90f2636)
• Make crates.io publish idempotent and drop deprecated –token flag (eec0bb3)
• bump checkout to v5 (1c9cfd4)
• Build x86_64-apple-darwin on macos-latest (macos-13 runners retired) (c225e0c)
• Trim published package and auto-publish to crates.io on tag (c7e1437)
• Initial version (#1) (d33dcc6)
• Initial commit (66b7ac5)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• ci: enforce minimumReleaseAge to guard against supply-chain attacks by @KacperMalachowski in https://github.com/malachowski-labs/oci-image-detector/pull/21
• refactor: simplify action to a single step, drop output-file input by @KacperMalachowski in https://github.com/malachowski-labs/oci-image-detector/pull/23
• ci: add end-to-end integration tests for the composite action by @KacperMalachowski in https://github.com/malachowski-labs/oci-image-detector/pull/22

Full Changelog: https://github.com/malachowski-labs/oci-image-detector/compare/v0.6.3...v1.0.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/Midnighter/verify-dependabot-pr/compare/0...0.2.0

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Machine-readable output for automation and the GitHub Security tab.

Added

• 📦 --format json — structured report (summary, grade, findings) for scripts and dashboards
• 🛡️ --format sarif — SARIF 2.1.0 for GitHub code scanning (Security tab + inline PR annotations)
• --output <file> — write results to a file
• --no-fail — exit 0 even when issues are found (handy when uploading SARIF)

Upload SARIF in CI

- run: npx kafkacode scan ./src --format sarif --output kafkacode.sarif --no-fail
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: kafkacode.sarif

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/OpenShock/release-tool/compare/v0.0.1-alpha...v0.0.1-alpha.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

lftp FTPS Deploy

Incremental FTPS deploy via lftp for servers that require TLS session reuse on the data channel (ProFTPD shared hostings), where other FTP deploy actions fail with ECONNRESET.

Features

• ✅ Certificate and hostname verification stay enabled by default
• 🔗 Bundled Let’s Encrypt CA chain — fixes servers sending leaf-only certificates
• 🏷 cert-host /etc/hosts alias — hostname verification works even when the server cert is a one-level wildcard that can’t cover the FTP hostname (RFC 6125)
• ⚡ Truly incremental: mirror --only-newer + git restore-mtime (files keep last-commit dates)
• 🛡 Never deletes remote files (no --delete), credentials via .netrc + ::add-mask::
• 🔧 Opt-in debug and (loudly warned) insecure-tls escape hatch

See README for usage.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Release v1.2.1 - Core engine bump to v0.9.2 by @PythonWoods-Dev in https://github.com/PythonWoods/zenzic-action/pull/12

Full Changelog: https://github.com/PythonWoods/zenzic-action/compare/v1...v1.2.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/reoclo/run/compare/v2.0.0...v2.0.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

Fixed

• Version bumped from 0.4.0 to 0.5.1 to resolve PyPI upload conflict (400 Bad Request)
• Release workflow changelog validation made non-blocking

Dependencies

• Multiple Dependabot dependency bumps merged

Full Changelog: https://github.com/rudra496/ai-code-trust-validator/compare/v0.4.0...v0.5.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Added

• A top-level schema_version field on check, compare, and ws JSON output (previously only on the Yellowstone gRPC JSON), so every --json payload is versioned for forward-compatible consumption.

Documentation / metadata

• Document the data-readiness (--data) output and add real terminal screenshots for check --data and compare --data.
• Add homepage and documentation to the crate metadata; correct the resilience module doc (HTTP 5xx is not retried — only timeouts, connection errors, and 429).

• This action is used across all versions by 14 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Changelog

• 32ae8e8482af8aac88a7bf6f60ad667df8258916 add some cosmetic changes to settings view
• 2effcbc3ebae89ebc7b9365aea007c93f12c00b4 bump wrangler action version
• bfaf4e97154538dbf88b9911f2bd2665a2006136 cosmetic changes and bug fix in web
• 9d3a2e40654ec38f5355a0243d67d9176d84393e revamp UI with set-credential feature

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

chore(release): 1.33.0

1.33.0 (2026-06-06)

✨ Features

• updating action (7c87cb9)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

The verification primitive — library · MCP gate · CI Action.

Refuse a result-claim until it clears empirical + statistical-rigor hygiene (sample floors, out-of-sample, leakage, significance, multiple-comparisons, base-rate).

• verity check --claim '{...}' / verity check-batch claims.jsonl
• GitHub Action: uses: StellarRequiem/verity-core@v0.1.0 — exit 0 PASS · 1 WARN · 2 REFUSE.

A PASS means trustworthy, not profitable.

• This action is used across all versions by 2 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s changed

• Fixed Rocq package detection so top-level theorem prover packages are matched correctly (#56).
• Updated dependencies, including minimatch and TypeScript (#44, #43, #59).
• Updated the embedded package version to v1.7.5.

The major version tag v1 has been updated to point at this release.

• This action is used across all versions by 34 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Auto-update version in info.json based on GitHub release tag by @TheBrutalX in https://github.com/TheBrutalX/Factorio-mod-uploader-action/pull/73
• Fix tsconfig settings and update Node.js to v24 by @TheBrutalX in https://github.com/TheBrutalX/Factorio-mod-uploader-action/pull/74
• Refactor import paths and improve regex handling by @TheBrutalX in https://github.com/TheBrutalX/Factorio-mod-uploader-action/pull/75

Full Changelog: https://github.com/TheBrutalX/Factorio-mod-uploader-action/compare/v2.0.4...v2.0.5

• This action is used across all versions by 11 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Pin soundcheck → v1.12.5 (triage timeout removed, cost docs corrected). @v1 now points here.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/vmactions/ghostbsd-vm/commits/v1.0.0

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

uses: wozaki/project-closed-issue-move-to-top-action@ff44769f3047450f20f2e803b1e896f14b9506b6 # v1.15.0

What’s Changed

• chore(deps): update int128/wait-for-workflows-action action to v1.75.0 by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/126
• chore(deps): update pnpm to v10.34.1 by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/127
• chore(deps): update int128/release-typescript-action action to v1.70.0 by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/129
• chore(deps): update int128/update-generated-files-action action to v2.97.0 by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/130
• chore(deps): lock file maintenance by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/128

Full Changelog: https://github.com/wozaki/project-closed-issue-move-to-top-action/compare/v1.14.0...v1.15.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/YoussefMohamedIbrahim/github_stats/commits/v1.0.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• chore: update 2026.06.1562143 (802680a)
• chore: update 2026.05.1492204 (5e1cba7)
• chore: update 2026.05.1422123 (58f2442)
• chore: update 2026.05.1212107 (ba46496)
• chore: update 2026.04.1142104 (2183e88)
• chore: update 2026.04.1072102 (17b61ca)
• chore: update 2026.03.0652048 (1330ddd)
• chore: update 2026.02.0582044 (d13d8f6)
• chore: update 2026.02.0512048 (9cabdd4)
• chore: update 2026.02.0372050 (4343ff5)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• feat: select binary via explicit version input (tool-installer pattern) (2df2c28)
• fix: linux-only build and correct SBOM artifact type (7acce59)
• ci: bump actions to latest majors + fix SBOM artifact type (8a38891)
• new bundle format (b42866f)
• initial project (3b43cd2)

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Merge pull request #3 from migradiff/multi-language_readme_docs (3e05327)
• Merge branch ‘master’ into multi-language_readme_docs (3df434d)
• feat: add Licensing section with personal story and Business License ask (762b26b)
• feat: add multi-language README (7 languages) (b49c094)
• chore: bump version to 1.5.1 (51a647f)
• Merge pull request #2 from migradiff/Session-019 (975969c)
• fix: resolve flake8 and black lint issues in drift feature (d3e68f4)
• feat: add –explain-drift for AI-powered schema drift analysis (366a804)
• fix: add permissions for GitHub release creation (25437d0)
• chore: bump version to 1.5.1 (501d743)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

🚀 Major architectural shifts: Migration to Composite Actions for blazing fast CI runs, Metered x402 billing system, and the deployment of the self-marketing Viral Growth engine.

• This action is used across all versions by 24 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• feat: upgrade to node 24 runtime

Full Changelog: https://github.com/nhedger/setup-mago/compare/v1...v2.0.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Nox v1 (2026-06-05T19:48:20Z)

Language-agnostic security scanner with first-class AI application security.

Installation

macOS/Linux (Homebrew)

brew tap felixgeelhaar/tap
brew install nox

Direct Download

Download the appropriate archive for your platform from the assets below.

What’s Changed

Changelog

Features

• 6dfd58c42a1caad73d5cd91c3d476779d0c55349 feat(action): MCP scan-before-publish workflow + registry integration contract
• 4c6220e8ef781f5f7ce1bf1c2886e4c84b487645 feat(ai): add MCP authorization & token-safety rules (MCP-016..021)
• 14a392e406e9561a9109a709d72047300593c6b0 feat(ai): add MCP tool-poisoning detection (MCP-009..014)
• 0b0e2938f63004130ac831d1bbc3a2b7d708bbde feat(compliance): map MCP rules to OWASP MCP Top 10, emit in SARIF
• 37717554e1855c85c0f69182c02af0a566965db0 feat(discovery): multi-client MCP config discovery (17+ clients)
• 668aa17edd70985b20bd1ba7df3e6019012e6e17 feat(mcppin): add MCP rug-pull detection (MCP-015)
• af4c5e797fcaf3f53088e952854abc22de22eba5 feat(scan): configurable generated-path noise filter + MCP-022 advisory
• e1999ff75e4b4098d1cb8b4e865716cce81292d9 feat(scan): zero-telemetry offline guarantee (–offline) + enforced no-egress test
• 6c0b305f2096b8facf1e34ed820a7ba41714604d feat: add MCP shadow-server & cross-server shadowing detection (MCP-022..024)

Bug Fixes

• e5b465cc33007f5762915e5ee9801af7983b7d7e fix(ai): AI-009 no longer flags safe ast.literal_eval; scan-of-week haystack
• f592d42dd6ed355858ce43a8e5ee1f9c4afc9305 fix(ai): AI-030 test-file ignore + AI-006 word-boundary precision
• 706ee8c557ad622198ad86b23bb5d91b00662bf9 fix(ai): AI-042 test-file ignore + MCP-018 NetworkPolicy context
• 98f423d578e2f2641e7aff0023f070f13b9e9934 fix(ai): directory-level noise exclusion + AI-018/AI-049 semantic precision
• 82682f073306cff5c367a20f27a85259dce542f0 fix(ai): fix two pattern bugs + test/doc precision for AI content rules
• 51b8dd1c63ee96956f7412fc6165c42242d0a30a fix(ai): skip machine-generated/minified content in content rules
• 570da5b0f8a9e7bec09bc679cacd417f559a21d4 fix(ci): unpin cosign to v4 (#91)
• ba3ccc1d9e2f4b9c7ec4f2ce846f3e5fd7415389 fix(core): three correctness bugs in policy gate, suppression, and config
• 98e545c9138488083f499eedb2e1ef06951a3d65 fix(deps): VULN-002 normalize PEP 503 names (no self-typosquat); scan-of-week smolagents
• 3b26864d8ca41dd12517767a1c0ebea74b186907 fix(discovery): GOOS-correct client-config paths (Windows CI)
• ef4cc85e760138aa7b66d4602653050a42351a61 fix(rules): precision-harden MCP prose rules against false positives
• 4bec947ec9330006ff36631b235b913d5febee23 fix(rules): refine MCP-011/MCP-019 from dogfood triage (FP reduction round 2)

Refactoring

• dc174f2b7c03de531b081162d0d12c7ddb38c4a0 refactor(core): formalize Analyzer interface + thread context.Context (DDD stage 2-3)
• 384a352066e7ea2e68b56014583a940e5226038a refactor(core): split scan orchestration into named pipeline stages
• 307e24122ad1123bafd0acb32933689a688a6e87 refactor(findings): validated value objects (DDD hardening, stage 1)

Others

• a3cadd4e1c2ed28e217787cd74957a3288ff1d57 chore(release): v0.11.0 — MCP threat coverage, offline guarantee, DDD hardening
• 538f1fcf013403b95745777a7f971f37111525b9 chore(roady): add MCP rule precision-hardening task (task-73)
• 1c7dfa0a51c0961afa0b3e9a660de56de9672710 chore(roady): close task-64 (tool-poisoning corpus) and task-71 (dogfood)
• e3758285f312f4974eefb3955c9f6b8b2ee9dbb4 chore(roady): close task-72 (catalog/registry integration + outreach draft)
• 6a3abb06298220c2e1d9aabb5800cb6b5446c894 chore(roady): plan MCP beachhead — 8 features, 10 sequenced tasks
• ae4489007ccea495c43bebe1c84eeed180eef23d chore(roady): record task-74 (AI-rule precision + generated-content detection)
• dd8e3c8a706557161372e8706ae4366e5384a9b3 docs(changelog): note directory-noise exclusion + AI-018/049 precision
• 6af209cf6c073972e36355e4b8f85d17712e7aa9 fix(ai-019): exclude DB/cache .pipeline() method calls + langgraph queue update (#93)

Full Changelog: https://github.com/nox-hq/nox/compare/v0.10.2...v1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• fix: update action to use Node.js 24 for compatibility (b45e6e2)
• fix: downgrade @types/node to version 24.12.4 for compatibility (80fb094)
• 更新 package.json，修改名称和版本，调整开发依赖和生产依赖版本 (e708ffc)
• Remove node_modules (2021bb5)
• Update action.yml (6736110)
• Delete .github/workflows directory (e5a7c13)
• Update action.yml (2e10652)
• Create action.yml (1a346e3)
• Release 1.0.4 (a0d69ba)
• Fix issue when parsed version has undefined numbers (2105997)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• release: promote staging → main v0.2.4 by @github-actions[bot] in https://github.com/ObsidianWall/obsidianwall-verdict/pull/38
• release: promote staging → main v0.3.0 by @github-actions[bot] in https://github.com/ObsidianWall/obsidianwall-verdict/pull/39
• Testing by @ObsidianWall-admin in https://github.com/ObsidianWall/obsidianwall-verdict/pull/41

Full Changelog: https://github.com/ObsidianWall/obsidianwall-verdict/compare/v0.2.4...v0.3.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/Octagon-simon/lacuna/compare/v0.1.5...v0.1.6

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Version v1.0.9

• Accept __mdt Suffix In Custom Metadata Record Filenames

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Marketplace-ready ProdVerdict GitHub Action. See https://prodverdict.com

• This action is used across all versions by 5 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hibernation version v0.3.2 has been released!

What’s Changed

• refactor: better error status for form by @Profiidev in https://github.com/Profiidev/hibernation/pull/85
• chore: update flake lock by @profidev-commit-bot[bot] in https://github.com/Profiidev/hibernation/pull/86
• chore: updated inputs by @Profiidev in https://github.com/Profiidev/hibernation/pull/87
• style: updated css by @Profiidev in https://github.com/Profiidev/hibernation/pull/88
• feat: added pkce by @Profiidev in https://github.com/Profiidev/hibernation/pull/89
• fix: oidc error handling by @Profiidev in https://github.com/Profiidev/hibernation/pull/90
• Release version v0.3.2 by @profidev-commit-bot[bot] in https://github.com/Profiidev/hibernation/pull/91

Full Changelog: https://github.com/Profiidev/hibernation/compare/v0.3.1...v0.3.2

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Libraries v0.163.0

• Release type: patch
• Previous libraries tag: libraries-v0.162.0
• Manual override: yes

Fixes

• fix(release): allow first-time runtime npm packages (c0196223)
• fix(xlsx): drop SheetJS CDN dependency pin (97f6e659)
• fix(xlsx): isolate SheetJS runtime imports (e4bcf979)
• fix(xlsx): remove SheetJS from dense parse heuristic (fa6825c6)

Internal runtime changes

• chore(release): runtime packages v0.163.0 (a2661b36)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Surface Marketplace publish URL from the release script by @jirikuncar in https://github.com/pydantic/logfire-auth-action/pull/6
• Use underscore output names, keep dash aliases for backward compat by @jirikuncar in https://github.com/pydantic/logfire-auth-action/pull/7

Full Changelog: https://github.com/pydantic/logfire-auth-action/compare/v1.0.2...v1.1.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Changelog

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

• This action is used across all versions by 4 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Added

• code-block-tools: add deno fmt as a built-in formatter (755b086)
• junit: report passing files, not just failures (dc8a964)
• code-block-tools: generate built-in tools docs table from the registry (fe9d52c)

Fixed

• code-block-tools: drop rubocop (not usable as a generic code-block linter) (fa7fa83)
• code-block-tools: correct and drop built-ins after verifying real binaries (9106da9)
• code-block-tools: correct shellcheck invocation, drop unworkable eslint (415fab0)
• MD026: make trailing-punctuation removal idempotent (3dfeb83)
• config: bound project config discovery at the home directory (0cdf3b7)
• tables: use real line terminator for byte offsets in table detection (751b158)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

oss-signal v0.8.4 fixes OpenSSF Scorecard workflow publication after the Node.js 24 opt-in release.

Changed

• Scoped FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 to the Scorecard artifact upload step instead of setting it globally in the Scorecard workflow.
• Kept the Node.js 24 opt-in for generated trial workflows, dogfood workflows, and copyable examples where it avoids GitHub Actions Node.js 20 deprecation warnings.

Verify

npm ci
npm run check
npm publish --dry-run

The release is compatibility-focused and keeps the v0.8 workflow output contract unchanged.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• feat(llm): add Gemini as a default-eligible LLM provider by @britt in https://github.com/sandgardenhq/find-the-gaps/pull/107
• feat: generate Doc Holiday prompts for stale and missing docs gaps by @britt in https://github.com/sandgardenhq/find-the-gaps/pull/108

Full Changelog: https://github.com/sandgardenhq/find-the-gaps/compare/v0.16.0...v0.17.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Add sol-doctor grpc compare: rank multiple Yellowstone gRPC endpoints for a workload profile. It reuses the single-endpoint grpc check probe (safe by default, slot-only, redaction-safe) for every endpoint concurrently, then scores and ranks them by verdict, connect latency, time-to-first-slot-update, slot freshness, and stream stability, and recommends a best/worst endpoint with an honest connect-versus-stream tradeoff note.
  • Profiles (--profile): general (balanced), latency (bots/MEV — weighs connect and first-event), and indexer (weighs slot freshness and stream stability).
  • Per-endpoint tokens: pass --grpc more than once and pair --x-token-env by position — provide none (all anonymous), one (shared across endpoints), or one per endpoint. As with grpc check, the token is read only from an environment variable, never from the command line, and is never printed, serialized, or logged.
  • Output is available as concise / --verbose human text, --json (with a schema_version), and a --report <PATH> Markdown report.
  • gRPC does not expose a genesis hash, so grpc compare cannot detect a mixed-network comparison; endpoints are assumed to be on the same Solana network (documented), and slot freshness is ranked relative to the freshest endpoint observed.

• This action is used across all versions by 7 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

2.19.3 - 2026-06-05

Changed

• add badges because why not
• fallow driven cleanups
• fallow driven cleanups
• fallow driven cleanups
• update readme

Fixed

• add missing trailing space to /pi trigger
• improve action version management
• update readme-update script for mono repo compatibility

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

chore(release): 1.25.0

1.25.0 (2026-06-05)

✨ Features

• updating action (0dd28f5)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/steve02081504/fount-CI/commits/v0.0.0

• This action is used across all versions by 11 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Pin soundcheck → v1.12.4 (remove non-functional autoReview userConfig). @v1 now points here.

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.6.0 (2026-06-05)

Features

• render: fall back to Noto Sans KR for CJK glyphs (#18) (1b86662)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Feat/auto remediation by @y-matsuo081991 in https://github.com/y-matsuo081991/ai-adr-enforcer/pull/4

Full Changelog: https://github.com/y-matsuo081991/ai-adr-enforcer/compare/v1.0.5...v1.0.6

• This action is used across all versions by 92 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• feat: switch to Alpine base image and update package installation process by @github-actions[bot] in https://github.com/devops-infra/action-tflint/pull/135
• Bump terraform-linters/tflint from v0.62.1 to v0.63.1 in the docker-base-images group by @dependabot[bot] in https://github.com/devops-infra/action-tflint/pull/136
• chore: update dependabot schedule to run on Mondays at 05:00 UTC by @github-actions[bot] in https://github.com/devops-infra/action-tflint/pull/137
• feat: switch to go-task/setup-task and update shell to /bin/ash in Dockerfiles by @github-actions[bot] in https://github.com/devops-infra/action-tflint/pull/138
• chore(release): prepare v1.0.5 by @github-actions[bot] in https://github.com/devops-infra/action-tflint/pull/139

Full Changelog: https://github.com/devops-infra/action-tflint/compare/v1.0.4...v1.0.5

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Wire signal429() coordinated backoff on npm 429s. Jittered retries 3→5. Env-tunable: MUADDIB_REGISTRY_CONCURRENCY, MUADDIB_REGISTRY_RATE, MUADDIB_REGISTRY_RETRIES, MUADDIB_REGISTRY_TIMEOUT_MS.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/ghcr-manager/ghcr-manager/compare/v1.0.2...v1.0.3

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Release v0.7.5 by @yahav-ohana in https://github.com/jfrog/boost/pull/32

Full Changelog: https://github.com/jfrog/boost/compare/v0.7.5...v0.7.12

• This action is used across all versions by 5 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Automated release for v0.2.1 from commit 504f680040d560c7f9314ed291a3a41c21c0facd.

• This action is used across all versions by 4 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

🛠️ Dependencies

• fix(deps): update dependencies to v7.8.2 by @renovate[bot] in https://github.com/jkroepke/setup-sops/pull/218

Full Changelog: https://github.com/jkroepke/setup-sops/compare/v1.5.34...v1.5.35

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

🛠️ Dependencies

• fix(deps): update dependencies to v7.8.2 by @renovate[bot] in https://github.com/jkroepke/setup-stackit-cli/pull/250

Full Changelog: https://github.com/jkroepke/setup-stackit-cli/compare/v1.2.67...v1.2.68

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Fixes

• fix: add Marketplace-required branding + metadata to action.yml (#6) (6a446de)

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s new

Scanned branch in dashboard uploads — When the GitHub Action posts an SBOM to a connected dashboard, it now includes the branch or tag that was actually scanned (X-Aisbom-Ref, sourced from GITHUB_REF_NAME). The dashboard can attribute each scan to the correct ref instead of falling back to a placeholder.

• Honest fallback: the header is sent only when the ref is known. For local runs or older Action versions where it’s unset, the header is omitted entirely — the receiver shows an honest “—” rather than a guessed branch.
• Opt-in only: this affects the platform upload path that already requires an explicit token. Default CLI-only scanning is unchanged.

What’s not changing

All scanner rules, exit codes, command signatures, and SBOM output schemas are byte-for-byte identical to v1.0.5. The new header is purely additive and only appears on the already opt-in dashboard upload.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

npm-scan v1.1.1

Release Summary

• Campaign Detection: 100% (3/3 real attacks)
• False Positive Rate: 0.0% (0/990 packages)
• Tests: All 671 passing
• Code Quality: 0 linting errors

Validation Metrics

• D6 (Version Anomaly): 92% avg confidence
• D7 (Obfuscation): 80% avg confidence
• D1 (Typosquat): 87.9% avg confidence

See VALIDATION.md for full metrics.

Published with npm provenance attestation (SLSA Level 2).

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Fix dynamic library linking issues with gfortran on darwin when using fpm.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

🚀 What’s New in V2.0.0

⚡ Major Features

• Inline PR Bot — AI comments directly on vulnerable code lines in your Pull Requests
• Foundry Fuzz Testing — Auto-detects foundry.toml and runs edge-case testing
• Solana/Rust Support — Native scanning for Anchor and Cargo-based projects
• Hybrid Billing — Pay with 50 USDC (Web3) or Enterprise API Key (B2B/Stripe)
• Next.js SaaS Dashboard — Beautiful dark-mode Web3 control panel

🐛 Critical Bug Fixes

• Fixed paywall verification (PRO features now properly unlock)
• Fixed PR comment crashes (AttributeError on finding attributes)
• Fixed gas optimizer findings accumulation across files
• Fixed Solana scanner path handling
• Fixed all escaped newline bugs in comment formatting

🎨 Visual & SEO Improvements

• New unique AI Diamond logo and purple Marketplace branding
• Professional README with banner, architecture diagram, comparison table
• 20 GitHub Topics for maximum organic discovery
• FAQ section optimized for Google Answer Engine (AEO)

🏗️ Infrastructure

• Docker image optimized (removed unused web3 package, added .dockerignore)
• CI upgraded to Python 3.11 with comprehensive test suite (12 tests)
• Added init.py files for proper Python packaging

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 16.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Update action.yml (6736110)
• Delete .github/workflows directory (e5a7c13)
• Update action.yml (2e10652)
• Create action.yml (1a346e3)
• Release 1.0.4 (a0d69ba)
• Fix issue when parsed version has undefined numbers (2105997)
• debug compare (cb82078)
• Add debug for versions tag (3f006d7)
• Version 1.0.3 (5a3f6c8)
• Fix latest version searching logic regression (2d236a8)

• This action is used across all versions by 14 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• fix: retry crc start on kubeconfig update failure (#52)

CRC occasionally reports Cannot update kubeconfig: connection reset by peer during startup but claims the cluster started successfully. This left oc unable to connect, causing wait-for-node-ready to time out after 10 minutes.

This was the sole cause of nightly flakiness over the past month, hitting OCP 4.18 in ~40% of runs. CRC start now retries up to 3 times on this error, with a crc stop in between. Restarts are fast since the bundle is already extracted.

Full Changelog: https://github.com/palmsoftware/quick-ocp/compare/v0.0.32...v0.0.33

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Drift Lab drift-lab-v0.11.1

Built for macOS (Apple Silicon + Intel) and Linux (x86_64). Bump: patch.

Install

• macOS arm64 — Drift Lab_*_aarch64.dmg
• macOS Intel — Drift Lab_*_x64.dmg
• Debian/Ubuntu — sudo dpkg -i drift-lab_*_amd64.deb
• Other Linux — chmod +x drift-lab_*.AppImage && ./drift-lab_*.AppImage

Verifying

Every asset is hashed in SHA256SUMS. Run shasum -a 256 -c SHA256SUMS after downloading.

Changes since drift-lab-v0.11.0

• chore: remove web-app cloud portal and its infra (15ee8e2)
• feat(extension+profiler): structured PR code-diff, richer report sections, and WASM-safe scanner (b1fcb44)
• chore(profiler): bump drift-static-profiler 0.8.0 → 0.8.1; correlate wasm/extension release to the bump (9def8df)

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

v1.3.6 — Selection timeout hotfix

Hotfix for selection-pass timeouts observed after the v1.3.4 / v1.3.5 prompt extensions.

The agentic verification loop with the extended schema needs roughly 5–6 minutes of wall budget for 20–25 verification turns (code searches + per-candidate contract checks). The prior 180s default was too tight on real production pools and induced fall-back to the top-ranked candidate — bypassing the agentic verification entirely. Observed on a remyxai/VQASynth run earlier today where selection should have surfaced a substitution Issue but instead emitted a standard issue_opened_preflight.

What changed

• select_recommendation’s default wall timeout: 180s → 360s
• New env var REMYX_SELECTION_TIMEOUT_S lets customers tune the wall budget without re-tagging (default 360)

No other behavior changes. No breaking changes to action.yml inputs or outputs.

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

oss-signal v0.7.0

oss-signal v0.7.0 adds maintainer plan output for turning audit findings into PR-sized outreach plans.

Changes

• Adds --format plan to the CLI and GitHub Action.
• Adds PR sequencing with suggested files, impact labels, and acceptance criteria.
• Adds docs/plan-output.md and docs/examples/github-plan.md.
• Updates maintainer playbook, reviewer evidence, adoption evidence, and README links for the new workflow.

Verification

npm run check
npm publish --dry-run

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Yellowstone gRPC readiness diagnostics

Adds sol-doctor grpc check — a safe, local-first readiness check for a Yellowstone gRPC endpoint: is it reachable, authenticated, responsive, streaming fresh slots, and suitable for a backend?

• Transport (connect + TLS/HTTP-2), Authentication (optional x-token, env-only, never logged), Unary probes (Ping/GetVersion/GetSlot/GetBlockHeight/GetLatestBlockhash/IsBlockhashValid), and a narrow slot-only Subscribe stream (time-to-first-update, latest slot).
• Optional --rpc slot cross-check; concise/--verbose human, --json (with schema_version), and --report Markdown output; gRPC error-kind taxonomy + remediation hints.
• Safe by default: no transactions, no state changes, slots-only, every connection/request/stream bounded.

sol-doctor grpc check --grpc https://example-yellowstone-endpoint --x-token-env YELLOWSTONE_X_TOKEN

Adds tonic 0.14 + yellowstone-grpc-proto 12.4 (only solana-pubkey, not the full SDK). MSRV is now 1.88. The release-target matrix is unchanged. Existing check/compare/ws are unaffected.

Install: cargo install solana-infra-doctor · cargo binstall solana-infra-doctor · uses: satyakwok/solana-infra-doctor@v1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 by @dependabot[bot] in https://github.com/Tango992/azure-appservice-settings/pull/85
• build(deps): bump qs from 6.15.0 to 6.15.2 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/Tango992/azure-appservice-settings/pull/84
• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in https://github.com/Tango992/azure-appservice-settings/pull/86
• build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 by @dependabot[bot] in https://github.com/Tango992/azure-appservice-settings/pull/87
• Dependency update by @Tango992 in https://github.com/Tango992/azure-appservice-settings/pull/88

Full Changelog: https://github.com/Tango992/azure-appservice-settings/compare/v1...v1.0.9

• This action is used across all versions by 34 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Fixing some pipeline problem by @TheBrutalX in https://github.com/TheBrutalX/Factorio-mod-uploader-action/pull/48
• Problem setting tag for mod by @xyzzycgn in https://github.com/TheBrutalX/Factorio-mod-uploader-action/pull/62

New Contributors

• @xyzzycgn made their first contribution in https://github.com/TheBrutalX/Factorio-mod-uploader-action/pull/62

Full Changelog: https://github.com/TheBrutalX/Factorio-mod-uploader-action/compare/2.0.2...v2.0.4

• This action is used across all versions by 47 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

update for stability and reliability

Full Changelog: https://github.com/vmactions/haiku-vm/compare/v1.1.0...v1.1.1

• This action is used across all versions by 29 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

update for stability and reliability

Full Changelog: https://github.com/vmactions/midnightbsd-vm/compare/v1...v1.0.3

• This action is used across all versions by 55 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

update for stability and reliability

Full Changelog: https://github.com/vmactions/openindiana-vm/compare/v1.1.2...v1.1.3

• This action is used across all versions by 21 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

update for stability and reliability

Full Changelog: https://github.com/vmactions/tribblix-vm/compare/v1.0.0...v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Hardened to v1.0-prod: dependabot + action SHA-pinning + sleep-60 doctrine

• This action is used across all versions by 3 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

v2.3.0

Highlights

• Added a new translation provider abstraction, making it easier to support multiple deep-translator engines in a consistent way.
• Introduced support for provider, source_language, provider_options, and validate_provider configuration options.
• Added provider validation so you can test connectivity and credentials before processing markdown files.
• Expanded the action metadata and documentation to reflect the new configuration model.
• Improved argument parsing and error handling for invalid inputs and unsupported markdown files.
• Refactored localization, processing, logging, and filesystem handling for better structure and maintainability.

Improvements

• More robust localization workflow with cleaner separation of concerns.
• Better support for provider-specific credentials and environment variables.
• Updated Docker and GitHub Actions configuration.
• Expanded type stubs for deep_translator integrations.
• Added comprehensive tests for the localizator, processor, providers, and main entrypoint.

Testing

• New automated test coverage was added across core translation and localization components.
• The release includes fixtures for GitHub-flavored markdown translation scenarios.

Notes

• Existing workflows may need to be updated to use the new configuration options.
• The default provider remains GoogleTranslator.
• For providers that require credentials, make sure the corresponding environment variables are set.

PR’s

• feat(MD_AST): Implement Markdown AST parsing by @mrf0rtuna4 in https://github.com/mrf0rtuna4/Git-Markdown-AutoTranslator/pull/4

Full Changelog: https://github.com/mrf0rtuna4/Git-Markdown-AutoTranslator/compare/v2.2.1...v2.3.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Version v1.0.8

• Add Standard Order.OpportunityId Lookup Field

• Define DoNotCall Field On The Lead Object

• Add Entitlement Management Fields To The Case Object

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.2.2 — 2026-06-04

Fixed

• windows: Run process_title guard before @actions/* module eval by @michael-herwig (5660453)

Release

• V1.2.2 by @michael-herwig (8cd2f38)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Shorten action description to under 125 chars for Marketplace by @jirikuncar in https://github.com/pydantic/logfire-auth-action/pull/5

Full Changelog: https://github.com/pydantic/logfire-auth-action/compare/v1.0.1...v1.0.2

• This action is used across all versions by 5 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

3.4.0 (2026-06-04)

• This action is used across all versions by 12 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

6.0.2 (2026-06-04)

Miscellaneous Chores

• deps: update github-actions (#48) (883b8f0)
• deps: update github/codeql-action action to v4.35.3 (#43) (0275b52)
• deps: update npm dependencies (#44) (cdf6afc)
• deps: update npm dependencies to ^0.52.0 (#50) (8b9b942)
• deps: update npm dependencies to v6 (#51) (a5b308e)

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

v1.3.5 — Selection: out-of-pool external picks via broadening-search

The selection pass can now return a candidate it finds outside the recommendation pool (via remyxai search query) when in-pool verification fails AND the broader catalog surfaces a paper that satisfies one of the three integration shapes. Closes a gap where the selection pass would correctly identify a substitution opportunity but had no schema-permitted way to return it.

What’s new

Extended output schema — chosen_index accepts a new value:

• 0..N-1 — in-pool pick (unchanged)
• -1 — reject all (unchanged)
• -2 — out-of-pool pick surfaced via broadening-search

When chosen_index = -2, three new fields are required:

• external_arxiv_id — arxiv_id of the out-of-pool paper
• external_title — title from the search result
• external_query_used — the remyxai search query argument that surfaced it

integration_shape, contract_match, migration_cost requirements are unchanged.

Verification bar for external picks is stricter

The agent must:

• Confirm in-pool verification failed first (default to picking from the pool when one fits)
• Run remyxai search query and find a paper that explicitly matches the contract the maintainer thread or search context asks for — not merely thematically related
• Provide the same contract-match and migration-cost analysis as for in-pool replacement / simplification
• Fall back to chosen_index: -1 if the search returns nothing that satisfies the bar

Routing

External picks route to issue_opened_substitution (same status as in-pool replacement / simplification) — out-of-pool picks always need dependency changes the PR guardrails block. The Issue body distinguishes external picks ("surfaced via remyxai search query") from in-pool substitutions and includes the contract analysis + migration cost.

Backward compatibility

• No breaking changes to action.yml inputs or outputs
• Existing customer workflows continue to run without modification
• The issue_opened_substitution status now covers both in-pool substitutions (shipped in v1.3.4) and out-of-pool external picks (new in v1.3.5) — same outcome from the customer’s perspective
• In-pool addition / replacement / simplification picks behave identically to v1.3.4

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Distribution & CI tooling release — no crate runtime, CLI, output, or JSON-shape changes.

• Prebuilt binaries + cargo binstall: each release ships per-target sol-doctor-<target> archives (tgz, zip on Windows); cargo binstall solana-infra-doctor fetches them instead of compiling.
• GitHub Action (action.yml): a composite action that installs sol-doctor and runs it, gating a workflow job on Solana RPC readiness via the verdict exit code (0 GOOD / 1 WARNING / 2 BAD / 3 UNKNOWN). Inputs passed via the environment to prevent shell injection; self-test workflow included.
• Action hardening: --fail-on-warning and --samples are gated on command: check; CI tag docs clarified (moving @v1 vs pinned release tags).

Install: cargo install solana-infra-doctor · cargo binstall solana-infra-doctor · uses: satyakwok/solana-infra-doctor@v1

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Self-hosted 3D model gallery powered by FreeCAD, Three.js and GitHub Pages.

Live Demo | Quick Start

What is this?

A GitHub Action that turns FreeCAD .FCStd files into an interactive 3D gallery on GitHub Pages. Push your CAD files, get a website – no server needed.

- uses: schmiddim/freecad-action@v3
What's new in v3
- MIT LICENSE added (was missing)
- README rewritten from scratch: badges, "Why?" section, quickstart-first structure, troubleshooting guide
- CONTRIBUTING.md and CHANGELOG.md added
- Aggregator docs improved -- opt-in to list your gallery on the FreeCAD Aggregator (https://freecad-aggregator.fly.dev/)
- All schema URLs updated to v3.0.0
- Project hygiene: dev docs moved to .github/, example files cleaned up
- First GitHub Marketplace release
Features
- Automatic STL export from FreeCAD files via Docker
- Interactive 3D viewer with Three.js
- Metadata, tags, images, license info per model
- Dark/light mode
- Maker profile with About page
- RSS and Atom feeds
- Machine-readable discovery document
- Optional aggregator ping for cross-gallery discoverability
- Fully buildable and testable locally via Makefile + Docker
Upgrading from v2
Update your workflow:
-- uses: schmiddim/freecad-action@v2
+- uses: schmiddim/freecad-action@v3
No breaking changes. All v2 configurations continue to work.

## What's Changed
* fix: bump actions/checkout from 4 to 6 by @dependabot[bot] in https://github.com/schmiddim/freecad-action/pull/7


**Full Changelog**: https://github.com/schmiddim/freecad-action/compare/v3.0.0...v3.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

First version with the “run-local” Action.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Auto-switch the active project to the one matching the current repository (by remote URL, then name) when they diverge, instead of only printing a warning — supersedes the v1.8.2 mismatch warning, which now appears only when no project matches the repo
• Add a clear command (and REPL clear/cls) to clear the terminal screen

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/texra-ai/lean-env-action/commits/1.0.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• docs: plain prose, remove em dashes; prompt drops capability narration by @LionSR in https://github.com/texra-ai/texra-action/pull/3

Full Changelog: https://github.com/texra-ai/texra-action/compare/v1.1.0...v1.1.2

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/y-matsuo081991/ai-adr-enforcer/compare/v1.0.4...v1.0.5

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

0.3.50 (2026-06-04)

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 5,928 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

New Features ✨

• (sentry-cli) Upgrade to 2.58.6 by @szokeasaurusrex in #323

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/ghcr-manager/ghcr-manager/compare/0.9.9...0.9.10

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

New:

• Added sync-aware preview and standing PR rendering for improved release workflow visibility.
• Implemented layered PR resolution for standing-pr publish workflow.
• Added immediate-release evaluator gating under the standing-pr system.

Developer:

• Dependencies: Updated GitHub Action for Claude Code integration to the latest version.
• Dependencies: Updated 4 development dependencies to their latest versions.
• Tooling: Configured Biome to reference the local configuration schema for improved validation.
• Dependencies: Updated Turborepo build system to the latest patch version.
• Dependencies: Updated 9 production dependencies to their latest versions.

Full Changelog: https://github.com/goosewobbler/releasekit/compare/0.23.0...0.24.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Changes

Diff: v1.1.2...v1.1.3

• [Remove] tweet to X when release [ bc5cd27 ] (@JanGalek)

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Vulnerability patches. by @harrymaynard in https://github.com/harrymaynard/markdown-to-epub-action/pull/14

Full Changelog: https://github.com/harrymaynard/markdown-to-epub-action/compare/v2.1.4...v2.1.5

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

This release features a redesign of the manual changelog entries, deprecating the use of NEXT_RELEASE.md in favor of directly writing these changelogs into the CHANGELOG.md file (or whatever file name is configured). This makes versionary compatible with keep-a-changelog style changelogs, and allows users to highlight important changes in the changelog itself.

Features

• redesign manual changelog entries (5c32e52)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Fix: a fresh clone now starts cleanly with npm install && npm run dev — @spek/core resolves to its gitignored dist/ build, which neither install nor dev used to produce, so the Express API failed with ERR_MODULE_NOT_FOUND and Vite failed to resolve @spek/core/headings. npm install now compiles @spek/core (new prepare script) and the root dev script rebuilds it before launching (#2)

• This action is used across all versions by 3 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Added

• pyproject.toml [project.scripts] entry points (PEP 621 console scripts) are now extracted as runnable tasks for Python projects. They surface under the pyproject.toml source in runner list (with the entry-point target shown as the description) and dispatch via the detected Python package manager’s run subcommand — uv run <name>, poetry run <name>, or pipenv run <name>. Previously a uv/poetry project’s declared scripts were invisible to runner, which detected the package manager but listed no tasks.
• AUR distribution channel. Two packages on the Arch User Repository: runner-run-bin (prebuilt binaries for x86_64, aarch64, armv7h) and runner-run (source build for x86_64, aarch64). -bin provides/conflicts runner-run, so install whichever you prefer — https://aur.archlinux.org/packages/runner-run-bin and https://aur.archlinux.org/packages/runner-run.
• Shell completions shipped by both AUR packages and auto-loaded from the canonical system dirs: bash at /usr/share/bash-completion/completions/{runner,run}, zsh at /usr/share/zsh/site-functions/{_runner,_run}, fish at /usr/share/fish/vendor_completions.d/{runner,run}.fish. PowerShell on Linux has no autoload convention, so the pwsh script is installed at /usr/share/runner/runner.ps1 for users to dot-source from their $PROFILE. Completions are clap-dynamic — the shell shells out to the binary for candidates, so tab-completing in a project picks up the current task list from package.json / turbo.json / Justfile / etc., not a static snapshot.
• .github/workflows/aur-release.yml publishes both packages on every release: published event (with manual workflow_dispatch + dry-run for validation). Gated behind a dedicated aur GitHub Environment so the AUR_SSH_PRIVATE_KEY secret is only readable from that job. Per-pkg concurrency: group serializes manual + automatic triggers for the same package without blocking the other matrix leg.
• .github/scripts/publish/aur-prepare.sh rewrites pkgver/pkgrel in the checked-in PKGBUILDs and, for the -bin package, injects per-arch sha256sums_* read directly from the release’s published .sha256 companion assets (avoids the updpkgsums host-arch-only limitation). Strict semver regex on the version input refuses anything containing &, /, \, or newlines before any sed runs.
• Man pages for runner, run, and each subcommand. Rendered from the clap command tree by a man subcommand gated behind the man feature (off by default — never in the shipped binary, never committed) and shipped by every channel: crates.io (in the published crate), npm (facade man field), both AUR packages (/usr/share/man/man1/), and a runner-<tag>-man.tar.gz GitHub release asset that install.sh and runner-run-bin pull from. man runner / man run work everywhere.

Security

• All third-party uses: in crates-release.yml, npm-release.yml, and release.yml pinned to commit SHAs (with a # vN trailing comment for readability), so an upstream tag rewrite or account-takeover cannot silently swap in a different action build.
• persist-credentials: false added to every actions/checkout step in release.yml, so GITHUB_TOKEN is not persisted into git config.
• Release verification no longer saves Rust caches from pull request runs, preventing untrusted PRs from persisting cache contents.

Fixed

• runner list, runner run, and runner why now find pyproject.toml scripts and Python package-manager signals from nested directories (bounded by the containing VCS root), so running from src/ inside a uv/poetry/pipenv project still surfaces and dispatches [project.scripts] tasks.
• runner why now reports Python package-manager resolution for pyproject.toml tasks, including --pm and [pm].python overrides, matching the actual runner run dispatch path.
• runner list --source invalid-label help now includes pyproject.toml in the accepted source list.
• Restore the multiple_crate_versions Clippy allow so CI accepts the current unavoidable duplicate transitive crate versions while keeping the broader clippy::cargo deny group enabled.
• Hide the feature-only runner man generator from shipped runner.1 output, so installed man pages no longer document an unavailable subcommand.

What’s Changed

• feat(aur): publish runner-run + runner-run-bin with shell completions by @kjanat in https://github.com/kjanat/runner/pull/35
• docs: document AUR install channel in README, site, and changelog by @kjanat in https://github.com/kjanat/runner/pull/36
• Man pages: render from the CLI, ship on every channel by @kjanat in https://github.com/kjanat/runner/pull/37
• Surface pyproject.toml [project.scripts] as runnable tasks by @kjanat in https://github.com/kjanat/runner/pull/39

Full Changelog: https://github.com/kjanat/runner/compare/v0.12.0...v0.12.1

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Auto-generated release for ctxloom-pr-bot v1.7.10. Source: https://github.com/kodiii/ctxloom/releases/tag/v1.7.10

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Newer py and java versions supported

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Upgrade CCS version to v20.5.1

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Add setup ossutil action (99670c5)
• Initial commit (8ddbd1b)

• This action is used across all versions by 2 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/14
• build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/15
• build(deps): bump actions/stale from 10.2.0 to 10.3.0 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/16
• build(deps-dev): bump @vitest/coverage-v8 from 4.1.6 to 4.1.7 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/17
• build(deps): bump semver from 7.8.0 to 7.8.1 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/18
• build(deps-dev): bump vitest from 4.1.6 to 4.1.7 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/19
• build(deps-dev): bump @types/node from 25.7.0 to 25.9.1 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/20
• ci: move dist/ auto-commit to PR branch instead of main by @ranarn in https://github.com/ranarn/release-pilot/pull/21
• build(deps-dev): bump vitest from 4.1.7 to 4.1.8 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/22
• build(deps-dev): bump @biomejs/biome from 2.4.15 to 2.4.16 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/24
• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/25
• build(deps): bump github/codeql-action from 4.36.0 to 4.36.1 by @dependabot[bot] in https://github.com/ranarn/release-pilot/pull/26

Full Changelog: https://github.com/ranarn/release-pilot/compare/v1.0.6...v1.0.7

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

This release prepares shipgrade for the GitHub Marketplace and adds the first real-world proof gallery. No new probe, OWASP category, or rule pack; the v1 scope is unchanged. shipgrade is an automated heuristic audit, not a certification, a security guarantee, or a legal or compliance sign-off.

What changed

• The bundled GitHub Action is now drop-in. It installs uv for you, so a consumer workflow needs only actions/checkout. Pinning the action at a ref now also pins the shipgrade release, because the scan step pins the package to this version.
• New paste-ready ## Use in CI section in the README, with the minimal workflow and the permissions it needs.
• An OpenSSF Scorecard workflow and badge report the repo’s supply-chain posture.
• A real-world proof gallery under examples/real-world/ grades three regulated-domain assistant prompts and shows the findings shipgrade emits.
• The rendered tool version now matches the package version everywhere.
• PyPI discovery keywords broadened with owasp and compliance.

Install

uvx shipgrade demo
pipx install shipgrade

Requires Python 3.11 or newer.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.0.1 (2026-06-03)

Bug Fixes

• action: shorten description to <125 chars for Marketplace (e1ac936)

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

oss-signal v0.6.4

oss-signal v0.6.4 publishes the OSS Maintainer Signal brand refresh.

Changes

• Adds a README banner, icon, and GitHub social preview assets.
• Adds docs/brand.md with recommended GitHub repository description, topics, and UI asset guidance.
• Updates the npm package description and keywords to better reflect maintainer-readiness, GitHub Action, SARIF, and inventory workflows.
• Updates the GitHub Action metadata description and branding icon.

Verification

npm run check
npm publish --dry-run

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• chore(deps-dev): Bump @types/node from 22.19.19 to 25.9.1 by @dependabot[bot] in https://github.com/santosh3743/stackhealth/pull/11
• chore(deps): Bump tailwind-merge from 2.6.1 to 3.6.0 by @dependabot[bot] in https://github.com/santosh3743/stackhealth/pull/9

New Contributors

• @dependabot[bot] made their first contribution in https://github.com/santosh3743/stackhealth/pull/11

Full Changelog: https://github.com/santosh3743/stackhealth/commits/v0.1.0

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Bug Fixes

• Verify ct and kubeconform download checksums before install (3d009fd)

Documentation

• Update changelog (4fa8c9b)

Full Changelog: https://github.com/somaz94/helm-kustomize-lint-action/compare/v1.1.3...v1.1.4

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Bug Fixes

• Harden entrypoint input validation and tarball error handling (d6b0244)

CI/CD

• Add concurrency guards to recurring workflows (f915a93)

Documentation

• Update changelog (9ab84a9)

Miscellaneous

• Set CODEOWNERS to @somaz94 (8559ec0)

Full Changelog: https://github.com/somaz94/helm-oci-push-action/compare/v1.0.1...v1.0.2

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

:dependabot: Dependency updates

• Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in https://github.com/sue445/sashimi_tanpopo_action/pull/37
• Bump reviewdog/action-actionlint from 1.69.1 to 1.71.0 by @dependabot[bot] in https://github.com/sue445/sashimi_tanpopo_action/pull/39
• Bump ruby/setup-ruby from 1.268.0 to 1.288.0 by @dependabot[bot] in https://github.com/sue445/sashimi_tanpopo_action/pull/38
• Bump act10ns/slack from 2.1.0 to 2.2.0 by @dependabot[bot] in https://github.com/sue445/sashimi_tanpopo_action/pull/42
• Bump reviewdog/action-actionlint from 1.71.0 to 1.72.0 by @dependabot[bot] in https://github.com/sue445/sashimi_tanpopo_action/pull/41
• Bump ruby/setup-ruby from 1.288.0 to 1.305.0 by @dependabot[bot] in https://github.com/sue445/sashimi_tanpopo_action/pull/40
• Bump ruby/setup-ruby from 1.305.0 to 1.310.0 by @dependabot[bot] in https://github.com/sue445/sashimi_tanpopo_action/pull/43

Full Changelog: https://github.com/sue445/sashimi_tanpopo_action/compare/v0.7.0...v0.7.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• push: skip re-uploading a file whose contents haven’t changed, so repeated pushes no longer create redundant version-history entries (the CLI now sends a keyed content hash the server uses to detect no-op pushes)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• release: 0.29.1 (8533ac9)
• feat: add proof-first activation path (78fda25)
• fix(marketing): preserve rejected cycle decisions (03e46f3)
• ci: update actions to node24 runtimes (86f824b)
• release: 0.29.0 (0a24e51)
• feat(marketing): add local Twitter agent team (ed1e3e9)
• Allow launch intent pageview events (5eb9ab6)
• Link README to proof thread (6ae94b6)
• Add markdown prove receipts (3a2c1bc)
• Polish prove source selection (f802faa)

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/try-chance/setup-typos/commits/v0.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Worai version fix by @numanwordlift in https://github.com/wordlift/graph-sync/pull/5

New Contributors

• @numanwordlift made their first contribution in https://github.com/wordlift/graph-sync/pull/5

Full Changelog: https://github.com/wordlift/graph-sync/compare/v6.10...v6.11.0

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

🚀 Initial Release (v1.0.0)

We are excited to announce the first stable release of the AI-Driven ADR Enforcer! This GitHub Action automatically audits your Pull Requests against your project’s Architecture Decision Records (ADRs) using the Gemini LLM.

✨ Features

• Context-Aware Review: Dynamically reads Markdown files from your specified adr_directory (default: docs/adr).
• LLM-as-a-Judge: Uses the advanced @google/genai SDK to evaluate if PR diffs violate your established architectural rules.
• Automated Enforcement: Posts clear, reasoning-backed inline Review Comments directly to the PR and fails the CI check (core.setFailed) if a violation is detected.
• Zero-Configuration Setup: Just drop it into your workflow YAML and provide your GitHub and Gemini API keys.
• Resilience: Optional fail_open flag to prevent blocking CI when the LLM API is down.

📖 How to use

Add the following step to your .github/workflows/adr-enforcer.yml:

- name: AI-Driven ADR Enforcer
  uses: y-matsuo081991/ai-adr-enforcer@v1.0.0
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    gemini_api_key: ${{ secrets.GEMINI_API_KEY }}
    adr_directory: 'docs/adr'

For more details, please refer to the README.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Initial release of the setup-mockserver action. Usage: uses: mock-server/setup-mockserver@v1.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• chore: update checkout and setup-node actions to version 6 (544230b)
• refactor: replace axios with native fetch and update runtime to node24 (8b6f98c)
• Initial commit (fdc166a)

• This action is used across all versions by 17 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Immutable Releases

Supply chain attacks have become more quite a bit more common over the past few months.

uv lock report will now use immutable releases as a measure to prevent any exploit of this project.

What’s Changed

• chore(deps): lock file maintenance by @renovate[bot] in https://github.com/mw-root/uv-lock-report/pull/140
• chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.15.13 by @renovate[bot] in https://github.com/mw-root/uv-lock-report/pull/144
• chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.15.14 by @renovate[bot] in https://github.com/mw-root/uv-lock-report/pull/146
• chore(deps): lock file maintenance by @renovate[bot] in https://github.com/mw-root/uv-lock-report/pull/145
• chore(deps): update minor and patch github actions updates by @renovate[bot] in https://github.com/mw-root/uv-lock-report/pull/143
• chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.15.15 by @renovate[bot] in https://github.com/mw-root/uv-lock-report/pull/148

Full Changelog: https://github.com/mw-root/uv-lock-report/compare/v0.13.2...v0.14.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Ouroboros Code Scanner (Lite Version) is a blazing-fast static analysis tool for mapping your code’s architecture.

⚠️ IMPORTANT LIMITATION: This free Lite version only performs basic syntax and function mapping. The advanced security modules are disabled.

To unlock the full potential of Ouroboros and detect CRITICAL (10/10) vulnerabilities such as:

• Remote Code Execution (RCE)
• Command Injection
• Local File Inclusion (LFI)
• Zero-Day Logic Anomalies

🚀 Get Ouroboros Premium Version: https://www.sellanycode.com/item.php?id=27442

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/nikeokoronkwo/version/commits/v0.1.0-pre

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.4.2 (2026-06-04)

Bug Fixes

• regenerate dist bundles and release history for v1.4.1 (2734365)

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/octofhir/banshee/commits/v0.1.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Switch to Agent Skills Specification for skill install by @owenbush in https://github.com/owenbush/decodie-github-action/pull/3

Full Changelog: https://github.com/owenbush/decodie-github-action/compare/v1...v1.3.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• chore(prompt): add ‘perf’ and ‘security’ review too by @Phurba-Sherpa in https://github.com/Phurba-Sherpa/ollama-pr-review-gh-action/pull/4
• chore: remove accidentally pushed .iml file and update gitignore by @Phurba-Sherpa in https://github.com/Phurba-Sherpa/ollama-pr-review-gh-action/pull/8
• ci(release): add cicd pipeline for auto release by @Phurba-Sherpa in https://github.com/Phurba-Sherpa/ollama-pr-review-gh-action/pull/9

Full Changelog: https://github.com/Phurba-Sherpa/ollama-pr-review-gh-action/compare/v1.2.0...v1.3.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Libraries v0.161.0

• Release type: minor
• Previous libraries tag: libraries-v0.160.2
• Manual override: no

Features

• feat(agent): add xlsx mcp startup guidance (d92fd792)

Internal runtime changes

• chore(release): runtime packages v0.161.0 (21422848)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

UI

🔄 Changed

• Account and provider-type selector triggers now show the provider icon, with a non-deduped icon stack (#11424)

🐞 Fixed

• Add Provider modal now closes without reloading the providers page (#11424)
• Users page now shows the “Delete User” action only on the current user’s row, matching the backend rule that a user can only delete their own account (#11447)

🔐 Security

• Vitest toolchain upgraded 4.0.18 → 4.1.8 to clear two critical pnpm audit advisories (#11424)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Bug Fixes

• code reformat
• add missing tests
• code reformat
• unit tests

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Bump sigs.k8s.io/kind from 0.31.0 to 0.32.0 in /hack/kind by @dependabot[bot] in https://github.com/reconcilerio/kind/pull/22

Full Changelog: https://github.com/reconcilerio/kind/compare/v1...v1.0.3

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

v1.3.3 — Documentation accuracy

No code changes — README only. Three drifts caught during audit:

• Inputs table: documents claude-timeout and pin-arxiv. Both shipped in v1.2.0 but were missing from the table.
• Status-codes section: corrected outcome count to 17 (the prior “16” and “15” before that were both off-by-one — error was already in the table).
• Guardrails default allowlist: documented value now matches the DEFAULT_ALLOWLIST_GLOBS constant in src/run.py — Markdown anywhere (**/*.md), not just README.md. The “append-only attribution” framing came from a prompt instruction to Claude, not from any enforced guardrail.

No behavior change. Existing customers don’t need to update any workflow inputs.

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Fixed

• MD077: normalize over-indented loose list continuation (6b9fcee)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Initial release. Composite action that runs slopless on Markdown and fails the workflow on findings.

Usage:

- uses: seochecks-ai/slopless-action@v1
  with:
    files: 'docs/**/*.md'

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Ignore tests by @sfroning88 in https://github.com/sfroning88/python-nurse/pull/9

Full Changelog: https://github.com/sfroning88/python-nurse/compare/v1.0.5...v1.0.6

• This action is used across all versions by 6 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

2.19.1 - 2026-06-03

Changed

• add deps versions to readme, update package workflow
• add warning about GITHUB_TOKEN limitation for .github/workflows (#256)
• ensure all deps are show in readme
• move PI_PACKAGE_DIR env var handling from Agent to action adapter
• note that Pi is bundled and deps update daily (#253)
• README.md: remove hallucination (#257)
• update readme

Fixed

• comments: abs() possible negative costs (#254)

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

0.4.0 (2026-06-04)

Features

• add support for UNIRTM_ENV in cache key generation (436e727)

Bug Fixes

• bundle action as cjs to avoid dynamic require errors in @actions dependencies (1fb0b83)
• bundle action as esm to fix require is not defined error (fe9c6e1)
• correctly mock exact cache hit in main.test.ts (4e2f3f9)
• correctly save CACHE_RESULT state in main.ts (6d9149f)

• This action is used across all versions by 8 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Bumps sprocket to v0.26.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

SwarmFlow Security Gate v1 — fail your CI build when SwarmFlow finds code-security issues at or above a severity threshold.

• uses: swarmflow-security/scan-action@v1 with: api-key: ${{ secrets.SWARMFLOW_API_KEY }} threshold: high

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• added verification and testing files gonna test this bitch now (d578fbe)
• Merge pull request #7 from talK951/(MVP)-Enable-Action-to-Communicate-With-Backend (ea9f7bb)
• fix3 (c6da94b)
• fix2 (45473ab)
• -fix1 (0fd6c06)
• fixing error i made on env variables for action.yml (6003e1c)
• removed uneended github action input (0b9ce97)
• Fixing github action (21de4c8)
• Made changes to action.yml to ensure it can registar with backed (1ca5b28)
• Fixed github action test to work with backed (49cf477)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Trigger from any repo during an active incident to get a correlated timeline and AI-generated narrative in a GitHub Issue.

What it does

1. Pulls cloud audit logs for a time window from your connected GCP environment
2. Runs AI analysis focused on lateral movement, privilege escalation, and cross-service correlation
3. Creates a GitHub Issue with a timeline table, narrative summary, and severity counts

Usage

name: Incident Scope            
on:                       
  workflow_dispatch:                                                                                                                                                                                                                                                
    inputs:
      time_from:                                                                                                                                                                                                                                                    
        description: 'Start of incident window (ISO 8601)'     
        required: true                                                                                                                                                                                                                                              
      time_to:            
        description: 'End of incident window'                                                                                                                                                                                                                       
        required: false                                        
                                
jobs:                     
  scope:
    runs-on: ubuntu-latest
    permissions:
      issues: write
    steps:                                                                                                                                                                                                                                                          
      - uses: tryflare-ai/incident-scope@v1
        with:                                                                                                                                                                                                                                                       
          token: ${{ secrets.FLARE_API_KEY }}                  
          time-from: ${{ inputs.time_from }}                                                                                                                                                                                                                        
          time-to: ${{ inputs.time_to }}
                                                                                                                                                                                                                                                                    
Requirements                                                   
                                
- Flare account with a connected GCP connector (sign up)                                                                                                                                                                                                            
- API key from Settings > API Keys
- issues: write permission on the workflow                                                                                                                                                                                                                          
                                                               
Limits                                                                                                                                                                                                                                                              
                                                               
- Max time window: 24 hours     
- Max events: 5,000 (severity-prioritized truncation)
- Daily limit: 10 analyses/day                                                                                                                                                                                                                                      
- Latency: under 90s for windows under 4 hours 

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/vmactions/tribblix-vm/commits/v1.0.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.0.1 (2026-06-03)

Fixed

• decouple the bundle from the package version (1576eb3)

Build

• bundle action with @vercel/ncc and stop vendoring node_modules (42e8d28)
• drop ncc –minify for reproducible cross-Node bundles (9e61566)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/getsuperjolt/deploy-action/compare/v1.1.0...v1.1.1

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Fixed error handling.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• feat: added vizb logo animation using anime by @fahimfaisaal in https://github.com/goptics/vizb/pull/111
• feat(ci): added multi lang examples pipeline by @fahimfaisaal in https://github.com/goptics/vizb/pull/112
• docs: added animated logo gif at readme by @fahimfaisaal in https://github.com/goptics/vizb/pull/113
• fix(ui): used missing showlabels state at line chart by @fahimfaisaal in https://github.com/goptics/vizb/pull/114
• chore: used init function to embed version flag by @fahimfaisaal in https://github.com/goptics/vizb/pull/115
• fix: inject version via ldflags in goreleaser build by @fahimfaisaal in https://github.com/goptics/vizb/pull/116
• docs/ci: enrich examples page and fix deploy-docs trigger by @fahimfaisaal in https://github.com/goptics/vizb/pull/117
• feat: add cpu and os info to history entries with popover badges by @fahimfaisaal in https://github.com/goptics/vizb/pull/118
• feat(html): add –data-url flag to decouple benchmark UI by @fahimfaisaal in https://github.com/goptics/vizb/pull/119

Full Changelog: https://github.com/goptics/vizb/compare/v0.11.0...v0.12.0

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 4,001 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Bump the “all” group with 2 updates across multiple ecosystems by @dependabot[bot] in https://github.com/graalvm/setup-graalvm/pull/217

Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.5.3...v1.5.4

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Summary

chore: update dist/index.js to latest.

Full Changelog: https://github.com/guitarrapc/setup-seiton/compare/v1.0.1...v1.0.2

• This action is used across all versions by 9 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

v0.15.1

Fixed

• SEO: og:type and JSON-LD schema now distinguish page-bundle leaves from section landings, so bundle sites no longer label every page website/WebSite; a new home? helper detects homepages (#608, #601)
• Scaffold nav: nav-hint comment no longer leaks a {% raw %} delimiter into generated pages (#609)

Full Changelog: https://github.com/hahwul/hwaro/compare/v0.15.0...v0.15.1

• This action is used across all versions by 250 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Node.js version updated on 24, by @ijsvogelaar

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

First stable release of ai-pr-reviewer.

What’s included

• Automatic AI code review on every PR open/update
• Support for OpenAI (GPT-4o) and Anthropic (Claude)
• English and Chinese review output
• Configurable file exclusions and review limits
• Clean, structured Markdown review comments

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

0.9.5 (2026-06-02)

Bug Fixes

• deps: update ghcr.io/icoretech/codex-docker docker tag to v0.136.0 (#22) (7d891f9)

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Bug Fixes

• Boost no longer rewrites bare environment-variable assignments (e.g. FOO=bar), so setting variables behaves exactly as it does without Boost. (#371)

Full Changelog: https://github.com/jfrog/boost/compare/v0.7.10...v0.7.11

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

⚠️ v2 is a breaking release — migration guide

v2 talks to the Markup AI agentic API directly and runs the style agent per file. Most workflows migrate in two edits: bump the version tag and replace the old style inputs (dialect, tone, style-guide) with the single optional style_guide.

Input changes at

Outputs (event-type, files-analyzed, results) keep their names; the results JSON shape changed (see note at bottom).

1. Bump the version

- uses: markupai/content-guardian-action@v1
+ uses: markupai/content-guardian-action@v2

2. Replace the style inputs

with:
  markup_ai_api_key: ${{ secrets.MARKUP_AI_API_KEY }}
  github_token: ${{ secrets.GITHUB_TOKEN }}
  dialect: american_english
  tone: formal
  style-guide: ap

After (v2):

with:
  markup_ai_api_key: ${{ secrets.MARKUP_AI_API_KEY }}
  github_token: ${{ secrets.GITHUB_TOKEN }}
  # dialect / tone / style guide rules now live on the style guide itself
  # at console.markup.ai. Omit style_guide to use the org default, or pin one:
  style_guide: "AP Style" # target ID or display name (case-insensitive); optional

⚠️ A find-and-replace of style-guide → style_guide is not enough. The name changed from hyphen to underscore, and the accepted values changed: v1 took canonical names like ap/chicago; v2 takes a style guide (target) ID or display name from your org. Passing ap will fail unless you have a style guide named “ap”.

style_guide is optional — set a default style guide in the console and omit it entirely. List valid values with:

curl -H "Authorization: Bearer $MARKUP_AI_API_KEY" \
  https://api.markup.ai/style-agent/targets | jq '.[] | {id, display_name, is_default}'

3. Expect risk-based scoring by default

• Risk labels are always shown — 🔴 High / 🟡 Medium / 🟢 Low / ✅ No issues, plus severity counts (H:_ M:_ L:_).
• Numeric 0–100 scores appear only if your org has style_agent_numeric_scoring enabled. No fabricated scores otherwise.
• If you gate branch protection on the commit status, its state is now derived from risk: error for High, failure for Medium, else success.

Note for downstream consumers

outputs.results is still a JSON string but the per-file object shape changed. scores is null when numeric scoring is off, so guard for null before reading scores.*.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• feat: add baseline diffs and compose policy checks by @matijazezelj in https://github.com/matijazezelj/aib/pull/25
• fix: include changed diff details in reports by @matijazezelj in https://github.com/matijazezelj/aib/pull/26

Full Changelog: https://github.com/matijazezelj/aib/compare/v1.4.4...v1.4.5

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

Dependency Updates

• build(deps): lock file maintenance by @renovate[bot] in https://github.com/ncaq/kyosei-action/pull/141
• build(deps): update actions/checkout action to v6.0.3 by @renovate[bot] in https://github.com/ncaq/kyosei-action/pull/142
• build(deps): update anthropics/claude-code-action action to v1.0.134 by @renovate[bot] in https://github.com/ncaq/kyosei-action/pull/143

Full Changelog: https://github.com/ncaq/kyosei-action/compare/v2.2.0...v2.2.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.2.3 (2026-06-03)

Bug Fixes

• stabilize v1.2.2 release CI (dist, KiCad metadata, CHANGELOG) (adb7bb1)

CI

• ci: add governance workflow concurrency (b1a735e), closes #100

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Bug Fixes

• Guard fix: v1 floating tag now correctly points to v1.0.2, the guarded and stable version of the action.
• Auth patch: Resolved an issue where API-key authentication was failing on workflow re-runs when using @v1.

Details

Users pinning prodxcloud/vxcloud-deploy-action@v1 will automatically receive this fix. Workflows that previously returned a failure result on re-run due to the auth guard will now resolve correctly.

Upgrade

No changes required to your workflow files. Simply re-run any failing workflow — @v1 now resolves to this patched release.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

API

🐞 Fixed

• GET /api/v1/findings N+1 query loading resources__tags when listing findings (#11420)
• Clean up the scan tmp output directory when scan-report fails so partial files do not accumulate and fill the worker disk (No space left on device) (#11421)

SDK

🐞 Fixed

• OCSF output writer now re-raises I/O errors (e.g. ENOSPC) instead of logging them per finding and leaving a truncated file (#11421)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Installation

Node.js:

npm install -g @rafter-security/cli@0.8.4

Python:

pip install rafter-cli==0.8.4

OpenClaw (via ClawHub):

clawhub skill install rafter-security

See CHANGELOG.md for details.

What’s Changed

• feat(agent-init): add Hermes platform support (sable-gyw) by @Rome-1 in https://github.com/Raftersecurity/rafter-cli/pull/151
• feat: add JSON output for agent status by @cettyTheDev in https://github.com/Raftersecurity/rafter-cli/pull/153
• feat(policy): read backend’s .rafter/config.yml + flat-shape compat (sable-c1c) by @Rome-1 in https://github.com/Raftersecurity/rafter-cli/pull/154
• fix(scan): honor .rafter.yml scan.exclude_paths on both engines (sable-yz0) by @Rome-1 in https://github.com/Raftersecurity/rafter-cli/pull/152
• chore(release): bump to v0.8.4 by @Rome-1 in https://github.com/Raftersecurity/rafter-cli/pull/155
• fix(agent): report OpenClaw via canonical ClawHub path in status (sable-1vq) by @Rome-1 in https://github.com/Raftersecurity/rafter-cli/pull/157
• feat(agent): surface Hermes in verify/status/list detection (sable-gyw) by @Rome-1 in https://github.com/Raftersecurity/rafter-cli/pull/156
• pattern: add HashiCorp Vault token detection by @cettyTheDev in https://github.com/Raftersecurity/rafter-cli/pull/159

New Contributors

• @cettyTheDev made their first contribution in https://github.com/Raftersecurity/rafter-cli/pull/153

Full Changelog: https://github.com/Raftersecurity/rafter-cli/compare/v0.8.3...v0.8.4

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Fixed

• MD062: treat a lone quote in a link destination as part of the URL (b3aea98)
• config: stop directory config discovery at the canonical project root (ef9f3f6)
• config: match root config by canonical path in per-directory resolution (4442a9f)
• output: relativize the verbose ‘Processing file’ path on Windows (35986d6)
• output: normalize remaining displayed paths to forward slashes on Windows (dbfb3ef)
• output: use forward slashes in displayed paths on Windows (7049c01)
• MD049,MD037: Preserve inline code inside emphasis during auto-fix (#652) (a1b1055)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Changelog

🚀 Features

• feat: Add merge_group trigger and refine if conditions for pull request specific steps in build workflow.
• feat: Add an all-tests-passed job to aggregate test results and set commit status.
• feat: Add changelog configuration file and integrate it into the release workflow.
• feat: add GitHub issue templates for bug reports and feature requests.
• feat: add release workflow, MPL-2.0 license, and update REUSE.toml.
• feat: add workflow concurrency to build-and-test workflow and update core action paths in version bumping actions.
• feat: rename core package and action display names to pull-request-semver-bumper
• feat: update package name to pull-request-semver-bumper-core and add peer dependencies in package-lock.json

🐛 Fixes

• fix: Add step to copy actions to workspace as a workaround for a GitHub Actions runner limitation.
• fix: correct copyright year in README.md
• fix: correct core action path in npm version bumping workflow
• fix: correctly copy action contents to the workspace instead of the directory itself.
• fix: correctly copy action directory contents to workspace (#12)
• fix: correctly copy action directory contents to workspace instead of the directory itself.
• fix: fix calling branch in documentation (#22)
• fix: fixed the core action name (#25)
• fix: make ‘build-type’ input required and update default value in action.yml
• fix: remove angle brackets from SPDX fields in REUSE.toml
• fix: restore MPL-2.0 license file required by bundled dependency (#106)
• fix: update workflow group (#7)
• fix: use external invoking for sub-actions (#13)
• fix: workaround for invoke local action from external repo (#11)

🧰 Maintenance

• chore: Add CHANGELOG.md to REUSE ignore list
• chore: add build test final status for PR’s status check (#14)
• chore: Add configuration.json to REUSE ignore list.
• chore: add renovate.json to REUSE.toml annotations (#91)
• chore: build core action dist (auto)
• chore: build core action dist (auto)
• chore: remove package-lock.json
• chore: Rename action from “pull request semver bumper” to “Version Bumping Action”.
• chore: rename action from “Version Bumping Action” to “pull request semver bumper”
• chore: Replace copyright placeholder with actual project name in REUSE.toml.
• chore: update action usage examples to use a unified gateway action (#2)
• chore: Update action usage paths in READMEs and project metadata in REUSE.toml.
• chore: update changelog for v1.0.0 (#26)
• chore: Use pull request number for workflow concurrency groups.
• chore(deps-dev): bump jest and @types/jest in /.github/actions/core (#8)
• chore(deps-dev): bump ts-jest from 29.4.5 to 29.4.6 in /.github/actions/core (#9)
• chore(deps): bump simple-git from 3.33.0 to 3.36.0 in /.github/actions/core (#73)
• chore(deps): update dependency @actions/core to v2.0.3
• chore(deps): update dependency @actions/core to v2.0.3 (#57)
• chore(deps): update dependency @types/node to v25.6.0
• chore(deps): update dependency @types/node to v25.6.0 (#60)
• chore(deps): update dependency ts-jest to v29.4.11 (#97)
• chore(deps): update dependency ts-jest to v29.4.9
• chore(deps): update dependency ts-jest to v29.4.9 (#59)
• chore(deps): update github artifact actions (#108)
• ci: change workflow trigger from pull_request_target to pull_request
• ci: Configure semver bumper to explicitly use HEAD as the target tag in the release workflow.
• ci: Configure semver bumper to explicitly use HEAD as the target tag in the release workflow. (#18)
• ci: improved changelog generation (#16)
• ci: pin third-party action SHAs and add Dependabot cooldown (#102)
• ci: replace pull_request_target with pull_request for CodeQL fork PR analysis (#107)
• ci: retrigger workflows
• ci: switch GitHub Actions runners from ‘solinas’ to ‘ubuntu-latest’
• ci: Update build runner from solinas to ubuntu-latest
• ci: verify GitHub Actions recovery
• refactor: Remove merge_group trigger and simplify pull request condition checks in build workflow
• refactor: Update uses path for core action and rename build-type input to type.
• refactor: update action usage examples to use a unified gateway action with a type input and add clarifying documentation
• refactor: Update build workflow to use a unified version bumper action with a type input.
• refactor: update internal action uses path and rename type input to build-type
• refactor: update workflow trigger from pull_request to pull_request_target
• refactor: validation workflow now test from gateway action (#4)

📝 Documentation

• docs: add ‘Why use this Action?’ section, enhance project description, and update usage example to @v1 in README.
• docs: add issue templates and reuse api badege (#21)
• docs: add project name into copyright place holder (#5)
• docs: add requirements section and update licensing link in README (#10)
• docs: add requirements section and update licensing link in README.
• docs: add REUSE status badge to README
• docs: update Maven README (#3)
• docs: update Maven README to remove outdated credential example and add Nexus env vars to main usage.
• docs: update project links in README for consistency
• docs: Update README examples to use v1 tag for the version bumping action.
• docs: update readme highlighting USP and update meta information (#23)

What’s Changed

• chore: Update action usage paths in READMEs and project metadata by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/1
• chore: update action usage examples to use a unified gateway action by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/2
• docs: update Maven README by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/3
• refactor: validation workflow now test from gateway action by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/4
• docs: add project name into copyright place holder by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/5
• fix: update workflow group by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/7
• chore(deps-dev): bump jest and @types/jest in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/8
• docs: add requirements section and update licensing link in README by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/10
• fix: workaround for invoke local action from external repo by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/11
• chore(deps-dev): bump ts-jest from 29.4.5 to 29.4.6 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/9
• fix: correctly copy action directory contents to workspace by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/12
• fix: use external invoking for sub-actions by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/13
• chore: add build test final status for PR’s status check by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/14
• ci: improved changelog generation by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/16
• ci: Configure semver bumper to explicitly use HEAD as the target tag in the release workflow by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/18
• chore: update changelog for v1.0.0 by @github-actions[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/19
• docs: add issue templates and reuse api badege by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/21
• fix: fix calling branch in documentation by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/22
• docs: update readme highlighting USP and update meta information by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/23
• chore: update changelog for v1.0.0 by @github-actions[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/24
• fix: fixed the core action name by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/25
• chore: update changelog for v1.0.0 by @github-actions[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/26
• chore(deps-dev): bump @types/node from 24.10.1 to 25.0.2 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/29
• chore(deps): bump @actions/core from 1.11.1 to 2.0.1 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/28
• chore(deps): bump @actions/exec from 1.1.1 to 2.0.0 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/27
• chore(deps-dev): bump @types/node from 25.0.2 to 25.0.3 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/32
• feat: Expose bump level as output by @mdanish98 in https://github.com/SAP/pull-request-semver-bumper/pull/33
• chore: update changelog for v1.0.1 by @github-actions[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/34
• chore(deps-dev): bump @types/node from 25.0.3 to 25.2.3 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/45
• chore(deps): bump semver from 7.7.3 to 7.7.4 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/41
• chore(deps): bump @actions/core from 2.0.1 to 2.0.2 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/36
• chore(deps-dev): bump jest from 30.2.0 to 30.3.0 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/54
• chore: Configure Renovate by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/55
• chore(deps): bump simple-git from 3.30.0 to 3.31.1 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/44
• chore(deps): update dependency @actions/core to v2.0.3 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/57
• chore(deps): update dependency @types/node to v25.6.0 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/60
• chore(deps): update dependency ts-jest to v29.4.9 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/59
• chore(deps): update dependency node to v24 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/66
• chore(deps): bump simple-git from 3.33.0 to 3.36.0 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/73
• chore(deps): update actions/setup-node action to v6 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/65
• fix: correct release workflow sequencing to merge changelog PR before tagging by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/40
• chore(deps): update s4u/setup-maven-action action to v1.20.0 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/63
• chore(deps-dev): bump @types/node from 25.6.0 to 25.6.2 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/81
• chore(deps): bump @actions/exec from 2.0.0 to 3.0.0 in /.github/actions/core by @dependabot[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/42
• chore(deps): update dependency jest to v30.4.2 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/83
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/64
• chore(deps): update dependency semver to v7.8.0 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/84
• chore(deps): update dependency python to 3.14 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/61
• chore(deps): update dependency @types/node to v25.7.0 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/79
• chore(deps): update mikepenz/release-changelog-builder-action action to v6 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/69
• chore(deps): update endbug/add-and-commit action to v10 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/68
• chore(deps): update softprops/action-gh-release action to v3 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/70
• fix: set all-tests-passed status on changelog PR to unblock auto-merge by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/87
• chore: update changelog for v1.0.2 by @github-actions[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/88
• docs: align README output name with action output by @ricogu-claw in https://github.com/SAP/pull-request-semver-bumper/pull/49
• fix(deps): update dependency @actions/core to v3 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/74
• chore(deps): update dependency typescript to v6 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/67
• chore: fix REUSE compliance by annotating missing files in REUSE.toml by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/91
• chore(deps): update dependency @types/node to v25.8.0 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/93
• chore(deps): update dependency @types/node to v25.9.1 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/94
• chore(deps): update dependency ts-jest to v29.4.10 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/95
• chore(deps): update dependency ts-jest to v29.4.11 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/97
• fix: use commit-message input by @Herrtian in https://github.com/SAP/pull-request-semver-bumper/pull/98
• ci: switch CodeQL to advanced setup with JS/TS, same-repo and fork PR scanning by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/99
• chore(deps): update dependency semver to v7.8.1 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/96
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/100
• ci: add REUSE compliance lint as PR status check by @mdanish98 in https://github.com/SAP/pull-request-semver-bumper/pull/103
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/104
• fix: restore MPL-2.0 license file required by bundled dependency by @mdanish98 in https://github.com/SAP/pull-request-semver-bumper/pull/106
• ci: harden CI workflows against fork PR privilege abuse by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/107
• chore(deps): update github artifact actions (major) by @renovate[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/108
• ci: pin third-party action SHAs and add Dependabot cooldown by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/102
• ci: skip Build & Test e2e for docs/workflow-only PRs by @ricogu in https://github.com/SAP/pull-request-semver-bumper/pull/101
• chore: update changelog for v1.0.3 by @github-actions[bot] in https://github.com/SAP/pull-request-semver-bumper/pull/110

New Contributors

• @ricogu made their first contribution in https://github.com/SAP/pull-request-semver-bumper/pull/1
• @dependabot[bot] made their first contribution in https://github.com/SAP/pull-request-semver-bumper/pull/8
• @github-actions[bot] made their first contribution in https://github.com/SAP/pull-request-semver-bumper/pull/19
• @mdanish98 made their first contribution in https://github.com/SAP/pull-request-semver-bumper/pull/33
• @renovate[bot] made their first contribution in https://github.com/SAP/pull-request-semver-bumper/pull/55
• @ricogu-claw made their first contribution in https://github.com/SAP/pull-request-semver-bumper/pull/49
• @Herrtian made their first contribution in https://github.com/SAP/pull-request-semver-bumper/pull/98

Full Changelog: https://github.com/SAP/pull-request-semver-bumper/compare/v0.0.0...v1.0.3

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• ci: migrate GitHub App auth from app-id to client-id by @seijikohara in https://github.com/seijikohara/docker-compose-cache-action/pull/284
• chore(deps): lock file maintenance by @renovate[bot] in https://github.com/seijikohara/docker-compose-cache-action/pull/283

Full Changelog: https://github.com/seijikohara/docker-compose-cache-action/compare/v1.8.7...v1.8.8

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• project create: default the new-project name to the current repo’s directory and auto-fill the repository URL from git remote origin
• Warn when the active project doesn’t match the current repository, giving an early signal to switch projects

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Set up Lefthook on all GitHub-hosted runner platforms: Linux, macOS, and Windows on both x64 and arm64.
• Install the latest Lefthook version by default, or pin a specific version via the version input.
• Use the version output to read the exact version of Lefthook that was installed.
• Cache the downloaded binary using the runner tool cache to avoid redundant downloads across runs.

Full Changelog: https://github.com/threeal/setup-lefthook-action/commits/v1.0.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

8.0.9 (2026-06-03)

Bug Fixes

• publishers: publish cargo workspace members in dependency order (#26) (8e81978)

Full Changelog

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.2.1 (2026-06-03)

Documentation

• readme: reflect shipped live-state overlay (#125) (4f99322)

What’s Changed

• docs(readme): reflect shipped live-state overlay by @vakaobr in https://github.com/vakaobr/iac-cartographer/pull/125
• chore(main): release 1.2.1 by @vakaobr in https://github.com/vakaobr/iac-cartographer/pull/126

Full Changelog: https://github.com/vakaobr/iac-cartographer/compare/v1.2.0...v1.2.1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• chore: update built files (7f26042)
• chore: new build (21b8001)
• Update action name to include ’truly open source’ (f86ad8e)
• Remove validateSubscription function (be235b0)
• Merge pull request #130 from step-security/yarn-audit-fix (80f302c)
• fix: apply audit fixes (440fa24)
• Merge pull request #129 from step-security/dependabot/npm_and_yarn/ip-address-10.2.0 (503e417)
• Merge branch ‘main’ into dependabot/npm_and_yarn/ip-address-10.2.0 (a3daadd)
• Merge pull request #128 from step-security/Raj-StepSecurity-patch-7 (9f3390d)
• build(deps): bump ip-address from 10.1.0 to 10.2.0 (436bc61)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Embed resource monitor to report peak memory usage on each run by @rpanfili in https://github.com/wordlift/graph-sync/pull/4

Full Changelog: https://github.com/wordlift/graph-sync/compare/v6.9...v6.10.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Bug Fixes

• Deep freeze settings output. Object.freeze() was shallow — nested objects and arrays inside the returned settings were still mutable. The loader now applies a recursive deep freeze so the full settings tree is immutable. (closes #8)
• Throw on whitespace-only overrideEnvKey env var. When the override env var was set to a whitespace-only string (e.g. " "), the override was silently skipped with no indication anything was wrong. Now raises NodeSettingsError with code OVERRIDE_ENV_EMPTY at boot time. Empty string ("") continues to be silently skipped. (closes #12)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

Features

• Security: Detect leaked GitHub App installation tokens (ghs_) – covers both the current opaque format and the new stateless JWT format rolling out in May 2026 (#1283)

Refactor

• Edition 2024: Remove redundant ref patterns and into_owned residuals across the workspace (#1289)

Tests

• Replace assert!(matches!()) with assert_matches! (stabilized in Rust 1.96); remove two placeholder assert!(true) tests in facade.rs (#1287)

Docs

• Security: Update authority_url description to reflect CWE-1336 for prompt-injection patterns (#1290)

Chores

• Toolchain: Bump Rust to 1.96.0 (#1286)
• CI: Use ubuntu-24.04-arm runners everywhere (#1277)
• Deps: Bump aptu-coder-core to 0.15.0 (#1278)
• Deps: Update octocrab to 0.51 (#1280)
• Deps: Update non-major dependencies (#1285)
• Deps: Update GitHub Actions (#1279, #1284)

Full changelog: https://github.com/clouatre-labs/aptu/compare/v0.8.4...v0.8.5

• This action is used across all versions by 25 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Bump to 5.5.10

Full Changelog: https://github.com/codebeltnet/dotnet-tool-install-reportgenerator/compare/v1...v1.0.3

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Solana Security Standard — now installable everywhere.

The SOL-0XX rule set (28 Solana/Anchor bug classes drawn from real audits) now runs wherever you work, all from one source of truth:

• GitHub Action — scan every PR in CI: uses: Copenhagen0x/solana-security-guidance@v1. Uploads SARIF for inline annotations + an adoption badge.
• CLI — npx @jelleo/solana-security-standard scan ./programs (human / JSON / SARIF output; non-zero exit gates CI).
• VS Code extension — inline SOL-0XX squiggles as you type, in VS Code, Cursor, and Windsurf. 100% local, no telemetry.
• Semgrep ruleset — semgrep --config for any Semgrep pipeline.
• Claude Code plugin — the original guidance file + patterns.

Same 17 deterministic patterns + 28 documented rules, no logic duplicated. SOL-001 is backed by two confirmed bounty wins. Built by Jelleo — the team that finds the bugs.

• This action is used across all versions by 151 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Update competitive matrix and migration pages by @github-actions[bot] in https://github.com/CopilotKit/aimock/pull/237
• ci(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 in the minor-and-patch group by @dependabot[bot] in https://github.com/CopilotKit/aimock/pull/243
• Record gpt-oss harmony tool calls + stream/recorder hardening by @jpr5 in https://github.com/CopilotKit/aimock/pull/245

Full Changelog: https://github.com/CopilotKit/aimock/compare/v1.27.3...v1.28.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• chore(release): bump to v0.4.8 (#96) (c69e48d)
• feat(gaps): add forerunner-gaps skill (#95) (da1207a)
• chore(release): bump to v0.4.7 (1596e4f)
• fix(installer): fix agent detection, global install, and add interactive agent selection (#93) (7ce30a3)
• chore(release): bump to v0.4.6 (#92) (980a74f)
• refactor(prompt-session): own bundle outcome behind resolve() (f9dd50b)
• chore(npm): declare SPDX license, add author, add SECURITY.md (0542703)
• refactor(installer): make Install Plan the unit of work (f06b264)
• chore: purge iCloud sync-conflict files and block future ones (e56432a)
• refactor(skill-parity): own canonical↔copies body rule in one module (c7ec8dd)

• This action is used across all versions by 67 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Fix show-progress boolean evaluation

Use == ’true’ comparison so the string ‘false’ evaluates to a proper boolean false instead of being truthy in actions/checkout.

• This action is used across all versions by 35 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

5.1.4 (2026-06-02)

Bug Fixes

• deps: update dependency tar to v7.5.16 (b29e498)

• This action is used across all versions by 22 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

15.0.6 (2026-06-02)

Bug Fixes

• deps: update dependency eslint to v10.4.1 1f484c9

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Full Changelog: https://github.com/hugorolimf/kimi-code-review/commits/v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• Add the human0 AI code review action (#1) (bb31312)
• Initial commit (c2f5f0c)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Makes the scripts/llm-docs/ generators stack-agnostic across the JS/TS ecosystem — they previously assumed Next.js + Prisma + pnpm and crashed or produced wrong output on anything else.

Added

• Stack auto-detection (detect-stack.sh): Next.js (monorepo/single), Express, Fastify, Hono; Prisma vs. Drizzle; npm/pnpm/yarn/bun; API-route + schema locations.
• Express, Fastify, and Hono endpoint extraction in gen-api.sh; Drizzle schema support in gen-data.sh (+ no-ORM fallback).
• Broader dependency/integration detection and dynamic gen-map.sh sections for single-package repos.
• A 93-assertion shell suite wired into CI on both the grep-fallback and ripgrep paths.

Fixed

• docentic init now scaffolds detect-stack.sh — without it every generator failed at startup.
• gen-api.sh no longer truncates API.md (sed delimiter collision, Express field-order, no-match aborts).
• detect-stack.sh no longer aborts on a Hono repo with no new Hono match.

Docs

• README accuracy fixes (any JS/TS codebase, broken nav anchor, auto-regenerated, valid default model id).

Full changelog: https://github.com/intrepideai/docentic/blob/v0.2.2/CHANGELOG.md · Compare: https://github.com/intrepideai/docentic/compare/v0.2.1...v0.2.2

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Release v0.7.5 by @yahav-ohana in https://github.com/jfrog/boost/pull/32

Full Changelog: https://github.com/jfrog/boost/compare/v0.7.5...v0.7.9

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• fix: variable expansion in action.yml by @ReenigneArcher in #91
• chore: update global workflows by @LizardByte-bot in #92
• chore(deps): update lizardbyte/actions action to v2026.522.121358 by @renovate[bot] in #93
• chore(deps): update lizardbyte/actions action to v2026.524.145234 by @renovate[bot] in #94
• fix: Use repository.full_name for SOURCE_REPOSITORY by @ReenigneArcher in #95

Full Changelog: https://github.com/LizardByte/jellyfin-plugin-repo/compare/v2026.417.125702...v2026.602.212143

Contributors

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Auditor release covering the v11 cycle: a defect-injection oracle that measures cheat-detection recall against ground truth, the judge running as a primary detector for cheats with no structural tell, and an opt-in execution-grounded layer that runs the change instead of only reading it. Findings stay advisory by default; nothing blocks a merge unless you opt into gate mode.

Measured results

• Oracle recall: 253/300 (84%) planted cheats caught, up 20.5% from the pre-upgrade baseline of 210/300, across twelve categories. Pre/post A/B in benchmarks/results/AB-REPORT.md; per-detector table in benchmarks/oracle-corpus/per-detector-recall.md. Reproduce with npm run benchmarks:full.
• Two real merged Cloudflare cheats reproduce offline and are invisible to Semgrep and the ESLint security rules: #14063 (fake refactor: a function renamed but two callers still call the old name) and #14132 (error swallow: a bare empty catch hides every error in the block). Reproduce with swarm audit --diff-file benchmarks/real-prs/diffs/cloudflare-workers-sdk/<pr>.diff. Full cross-repo study in benchmarks/real-prs/v11-BENEFIT-REPORT.md.
• Low noise on unbiased PRs: 0.11 false-alarm findings per PR on an 18-PR pilot, at or below the pre-upgrade auditor, with the recall gain intact (benchmarks/real-prs/REAL-WORLD-REPORT.md).

11.1.0 — execution-grounded checks

An opt-in, advisory-only layer (executionGrounded.enabled: true) provisions a sandboxed checkout of a PR and runs it, with three checks scoped to the changed lines:

• Diff-scoped mutation testing (Stryker): a surviving mutation on a changed line is a line the tests run past without constraining.
• Issue-linked repro execution: a repro from a closed issue that still fails means the fix did not deliver.
• Coverage delta (Istanbul): a changed line no test executes.

Verified end to end on trpc/trpc#6098: of the mutants on changed lines, 8 covered survivors fall on the exact lines the later hotfix trpc/trpc#6140 changed, a signal no diff-only tool in this repo can emit. Corpus headline M=1, R=0, U=1, F_clean=3.357. Needs no LLM and no external cost; runs under a Node 22 toolchain. Full evaluation in benchmarks/real-prs/v11-EXECUTION-GROUNDED-REPORT.md (npm run execution-grounded:full).

New ledger kinds: pr-audit-mutation-finding, pr-audit-issue-repro-finding, pr-audit-coverage-finding. Dev-only deps (@stryker-mutator/core + runner adapters); no new runtime dependencies.

11.0.0 — defect-injection oracle and a judge-primary path

• Defect-injection oracle (src/audit/oracle/): splices one labeled cheat into a presumed-clean real PR, so recall is measured against ground truth. npm run oracle:build writes the corpus byte-identically; every injection carries a sha256-pinned label.
• Judge as a primary detector (judge-primary.ts): raises a finding for the two semantic categories (goal-not-fixed, cheat-mock-mutation) that no regex or AST detector keys on, lifting them from 0/50 to 20/50. Advisory by default, opt-out via judgePrimary.enabled: false.
• Chunking, not truncation (diff-chunker.ts): oversized diffs are split into hunk-grouped chunks so a tail defect reaches the judge, and into per-hunk chunks so a verdict localizes to a (file, hunk-index) id.
• Eleventh detector: type-suppression (a @ts-ignore / eslint-disable added over a changed line) ships in the default set, bringing the default set to eight and the full set to eleven.

Honest scope

The structural detectors over-flag normal PRs at scale, which is why findings ship advisory and nothing blocks by default. No detector has yet cleared the 0.90-precision gate to block on its own, and the 205-PR real-corpus baseline is AI-labeled with a “pending human review” stamp on every entry: human re-labeling is the next milestone. Use this as a cheat and under-constraint signal, not a general bug finder. See the README’s “Limitations and what’s next” and benchmarks/real-prs/REDUNDANCY-FINDING.md.

Install

git clone https://github.com/moonrunnerkc/swarm-orchestrator.git
cd swarm-orchestrator
npm install
npm run build
npm link
swarm --help

Node 20 or later (the execution-grounded layer wants Node 22). Full notes in CHANGELOG.md.

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

(2026-06-02)

1.0.19 (2026-06-02)

• chore(deps): update docker.io/nickfedor/shoutrrr docker tag to v0.16.0 (#527) (7f600f1), closes #527

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

BoardReadyOps v1.2.2

This release publishes BoardReadyOps as a GitHub Marketplace Action and completes the v1.2.x stabilization pass.

Highlights

• Publishes the root action.yml metadata for GitHub Marketplace discovery.
• Stabilizes the v1.2.1/v1.2.2 release path after CI, dist, changelog, and metadata fixes.
• Restores release integrity by keeping generated bundles, package metadata, and action metadata aligned.
• Keeps the action suitable for board-ready CI governance, fabrication readiness checks, release evidence, and repository quality workflows.

Validation

• CI passed on main.
• Release workflows completed.
• Branch protection was restored on main.
• Required checks are active and current.
• Marketplace metadata validation reports: “Everything looks good!”

Usage

- name: Run BoardReadyOps
  uses: oaslananka/boardreadyops@v1.2.2

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Aggregate release for the 2.3.2 line. Both packages published to npm at 2.3.2 (@kindlm/cli, @kindlm/core, and the kindlm alias).

Honesty + safety remediation (audit-driven), no breaking changes. See @kindlm/cli@2.3.2 for the full notes.

Highlights: cost gates fail on unknown cost instead of passing at $0; baseline set→compare works end-to-end; PII enabled:false honored; judge cost counted; compliance report reframed as a draft with disclaimers; engines.node>=20; corrected core dep pin.

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

First public release of the vxcloud Deploy GitHub Action.

Deploy, provision, and manage infrastructure on VxCloud directly from your GitHub Actions workflows using vxcli.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Libraries v0.157.0

• Release type: minor
• Previous libraries tag: libraries-v0.155.0
• Manual override: no

Features

• feat(agent): emit installable WorkPaper rules (8baf3b7b)

Internal runtime changes

• chore(release): runtime packages v0.156.0 (02d058e1)
• chore(format): satisfy markdown formatter (1d7c27a4)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

v0.1.0 - June 03, 2026

New Features

• 53886cf add composite action that installs and executes gpg-import (#2) (@purpleclay)

Generated with release-note

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Zenzic Action v1.2.0

This release aligns the Action with Zenzic Core v0.9.1, adds new pipeline integration inputs/outputs, and hardens the security and compliance gates.

What’s Changed

Added

• guard-scan Input: Run zenzic guard scan before the main quality gate to intercept credentials early.
• cap-exceeded Output: Exposes suppression-cap failures for downstream workflow/CI logic.
• Sovereign Job Summary: Produces GitHub Action Job Summary outputs for every critical non-zero exit code.

Changed

• Zenzic Core Pin: Aligned and pinned the default Zenzic core engine version to 0.9.1.
• Runtime Governance Parity: The wrapper script now executes score governance checks directly after running the checks.
• ADR-089 Alignment: GitHub Actions dependencies pinned to immutable SHA-40 hashes.
• ADR-037 Alignment: Unified formatting of release names to a standardized semantic form.
• Final Guard documentation aligned with the exact sequence of the just verify recipe.

Security & Compliance

• Explicitly documented non-suppressible action boundaries for exit codes 2 and 3.
• Enforced end-to-end forwarding contracts for security-related runtime flags.
• Inherited core governance semantics, including additive brand_obsolescence merge behavior.
• Cleaned up contributing and release files for REUSE licensing compliance.

For more details, see the Changelog.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

• chore(profiler): bump drift-static-profiler 0.8.0 → 0.8.1; correlate wasm/extension release to the bump (9def8df)
• feat(action): replace Piper TTS with Kokoro via sherpa-onnx for the PR audio summary (558935f)
• feat(chrome-extension): client-side TTS + in-browser live scan pipeline (351d2af)
• feat(chrome-extension): cache spoken-summary audio so it never re-downloads (5ad1f39)
• feat(action): commit-driven audio on docs-only PRs + drop MP4 sibling (e971d8f)
• feat(action): honest no-source notice for docs/config-only PRs (854f159)
• ci(chrome-ext): silence SC2016 on the JS template-literal in the preflight (actionlint clean) (fc01578)
• ci(chrome-ext): preflight Chrome Web Store auth + package to surface the real 400 (dd38812)
• feat(chrome-extension): Andy chat assistant + Chrome Web Store publishing prep (b6359cc)
• feat(profiler): React finding reference links + bump 0.7.1 → 0.8.0 (019eaef)

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Changelog

Bug Fixes 🐛

• 4c3dc174546caa08e3a16084d4bf228c3495d2e7: fix: add directory: Formula to goreleaser brews config (#319) (@shinagawa-web)

Documentation 📝

• 159e353d0098ce64042dfbb176221acafb02b464: docs: add npm version and weekly downloads badges to README (#316) (@shinagawa-web)
• 928965d4894ec6c67bc8138592aa43aa838f466b: docs: sync website homepage with README badges and fix GIF rendering (#314) (@shinagawa-web)

Maintenance 🔧

• 990c1830f0c7302811f380ddbbc296ca1b45567a: chore(deps): update actions/checkout action to v6.0.3 (#318) (@renovate[bot])
• 2cf327c85c29c6765f95c10209efe0c0fde83cf1: chore(deps): update github/codeql-action action to v4.36.1 (#317) (@renovate[bot])
• e196d1bb6fddff8ea0a8edfc3d2e1a35c735e35a: chore(deps): update shinagawa-web/gomarklint action to v3.2.2 (#313) (@renovate[bot])
• 1c60b62d282e4021d86de8ad7b7cd6c96391c5d9: chore(deps): update suzuki-shunsuke/pinact-action action to v3 (#307) (@renovate[bot])

Other Changes

• 92400ae88f4edcef7213cbfb01d4cbd5d5c105e5: ci: replace go-install-check with scheduled verify-distribution workflow (#312) (@shinagawa-web)

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

🐛 Bug Fixes

• reki search always returned “No rekipedia DB” — search.py was hardcoded to look for .rekipedia/rekipedia.db but reki scan writes .rekipedia/store.db. Fixed with store.db-first + rekipedia.db fallback for backward compat.
• reki export --format obsidian/graphml/cypher — same hardcoded old DB path bug in export.py (2 blocks). Fixed.
• reki search --all-repos — cross_repo_search.py never found any repos for the same reason. Fixed.
• Wiki CI rebase conflicts — wiki workflow was committing before pulling, causing merge conflicts in docs/wiki/. Fixed to stash → pull → stash pop → commit → push.

All three DB path fixes follow the same pattern as hotspots, tour, affected, and impact commands.

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.1.0 (2026-06-02)

Added

• overlays: Terraform Cloud / HCP overlay + stale failed-apply alerts (#98) (#121) (85bb997)

What’s Changed

• feat(overlays): Terraform Cloud / HCP overlay + stale failed-apply alerts (#98) by @vakaobr in https://github.com/vakaobr/iac-cartographer/pull/121
• chore(main): release 1.1.0 by @vakaobr in https://github.com/vakaobr/iac-cartographer/pull/122

Full Changelog: https://github.com/vakaobr/iac-cartographer/compare/v1.0.0...v1.1.0

• This action is used across all versions by 4 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

1.0.9 (2026-06-02)

Miscellaneous Chores

• deps: update dependency binaryen to v127 (c90cb5e)
• deps: update dependency binaryen to v128 (0e9f542)
• deps: update dependency binaryen to v129 (1c55583)
• deps: update dependency binaryen to v130 (e4eb9d7)
• deps: update dependency macos to v26 (9a50f9a)
• deps: update googleapis/release-please-action action to v5 (a4b8833)
• deps: update googleapis/release-please-action digest to 5c625bf (0e9bd6f)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Marketplace-ready ProdVerdict GitHub Action. See https://prodverdict.com

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Libraries v0.154.0

• Release type: minor
• Previous libraries tag: libraries-v0.153.0
• Manual override: yes

Internal runtime changes

• docs(workpaper): show npm proof output (cf1ae506)

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Use GOTOOLCHAIN for all go commands by @scothis in https://github.com/reconcilerio/go-install-action/pull/14

Full Changelog: https://github.com/reconcilerio/go-install-action/compare/v1...v1.0.3

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• feat(action): commit-driven audio on docs-only PRs + drop MP4 sibling by @ilyashusterman in https://github.com/refactorlab/drift/pull/74

Full Changelog: https://github.com/refactorlab/drift/compare/drift-action-v0.1.23...drift-action-v0.1.24

• This action is used across all versions by 2 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• chore: bump leftover node from 20 to 24 by @rehanvdm in https://github.com/rehanvdm/cdk-express-pipeline-github-diff/pull/53

Full Changelog: https://github.com/rehanvdm/cdk-express-pipeline-github-diff/compare/v0.1.7...v0.1.8

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

What’s Changed

• Reduce false positives in Unicode scanner for emojis by @richkazz in https://github.com/richkazz/Operation-PolinRider/pull/14

Full Changelog: https://github.com/richkazz/Operation-PolinRider/compare/v0.1.3...v0.1.4

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

What’s Changed

Droid LLM Hunter — Update v1.1.8

BUGFIX UPDATE: “CLI Stability, JSON Parser Fix & Documentation Restructure”

🐛 Bug Fixes

[1] dlh.py — create_profile() destroys settings.yaml 🔴 CRITICAL

[2] dlh.py — config model silently fails for anthropic / openrouter 🟠 HIGH

[3] dlh.py — config wizard missing anthropic / openrouter support 🟠 HIGH

[4] dlh.py — list-rules linter error from hidden=True 🟡 MEDIUM

[5] dlh.py — scan command returns exit code 0 on failure 🟡 MEDIUM

[6] core/engine.py — JSON parse fails on nested LLM responses 🔴 CRITICAL

📄 Documentation Restructure

README.md was too long (619 lines) and hard to navigate on GitHub. Restructured into focused files with backlinks.

✅ Summary

• settings.yaml is never destroyed during profile creation
• All 6 LLM providers work correctly in config model and config wizard
• JSON nested responses from gemini-2.5-flash are now parsed correctly — no more silent missed findings
• Scan failures now return exit code 1 (CI/CD compatible)
• README split into 10 focused .md files for easier reading and maintenance

Droid LLM Hunter v1.1.8 — Stable CLI, Accurate Parser & Documentation Restructure. 🛡️🔍✅