• This action is used across all versions by 9 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The dimitrmo/cargo-verison-action automates version management for Rust projects using the cargo-verison tool. It simplifies the process of bumping version numbers, creating Git tags, and committing these changes, helping developers streamline release workflows and maintain version consistency.

What’s Changed

• Release 1.0.48 (5a2f6d5)
• Bump @actions/core from 3.0.0 to 3.0.1 (#33) (43d9815)
• Release 1.0.47 (b4b3094)
• Bump @actions/github from 9.1.0 to 9.1.1 (#34) (c859a32)
• Release 1.0.46 (9867e0c)
• Build dist (359001d)
• Audit fix (d4a0608)
• Release 1.0.45 (caed13c)
• Bump @actions/github from 9.0.0 to 9.1.0 (#31) (fcd472b)
• Release 1.0.44 (885bbbf)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

AutoPR is a GitHub Action and CLI tool that automates the generation of pull request (PR) descriptions and performs AI-powered code reviews using lightweight language models via OpenRouter. It eliminates the need for manual PR documentation and reviews, saving developers time and reducing context-switching. Key capabilities include instant generation of professional PR descriptions, inline code review with security and performance checks, and seamless integration into any Git repository.

What’s Changed

🚀 AutoPR v1.0.1 - Stop Writing PR Descriptions Manually

AutoPR is an AI-powered CLI tool and GitHub Action that auto-generates PR descriptions and reviews code using 100% free LLMs via OpenRouter.

✨ What’s Included

• CLI Commands: autopr generate and autopr review
• GitHub Action: Fully automated PR descriptions and code reviews on every PR
• Smart Caching: Avoid duplicate API calls
• Secure by Default: Sends only diffs, sanitizes secrets, dry-run mode
• Zero Cost: Uses OpenRouter’s free tier (Gemma, Llama, Mistral)
• Improved Error Handling: Now with friendly error messages for git repo validation

📦 Installation

npm install -g @eulogik/autopr

🚀 Quick Start

Get your free API key from [OpenRouter](https://openrouter.ai/)
Set it: export OPENROUTER_API_KEY="your-key"
Generate PR description: autopr generate --no-dry-run
🤖 GitHub Action

Add .github/workflows/autopr.yml to your repo (already included in the repo) and let AutoPR handle every PR automatically.

name: AutoPR
on:
  pull_request:
    types: [opened, synchronize, reopened]
permissions:
  contents: read
  pull-requests: write
jobs:
  autopr:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
      - run: npm install -g @eulogik/autopr
      - name: Generate PR Description
        if: github.event.action == 'opened'
        env:
          OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: autopr generate --no-dry-run
      - name: Review PR
        env:
          OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: autopr review ${{ github.event.number }} --no-dry-run
📊 Stats

✅ 22 passing tests
✅ TypeScript strict mode
✅ ESLint clean
✅ MIT License
🔄 Changes in v1.0.1

Fixed git validation: added repo checks and improved error messages
Copied prompt templates to dist/ for proper global installs
Fixed base branch option passing to generatePRDescription()
Updated action.yml with branding (icon: git-pull-request, color: purple)

Star the repo if you find it useful! ⭐

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The tfdocs-extras GitHub Action automates the generation and updating of structured documentation for Terraform modules, particularly enhancing support for complex object() type definitions, including nested objects. It solves the challenge of parsing these definitions into human-readable Markdown documentation, addressing gaps in Terraform Docs functionality. Key capabilities include automatic documentation updates upon changes to Terraform files and support for advanced documentation directives to improve clarity and maintainability.

What’s Changed

We’ve reached Release Candidate status! :tada: Special shoutout to @chris-m-powell for helping me with testing and reporting bugs!

BREAKING: Go Package Renamed

The Go package has been renamed from tfdocextras (singular “tfdoc”) to tfdocsextras. I hadn’t noticed this typo until now.

New: Backward Compatibility Promise

New explicit rules and guidelines have been added for how future changes to any part of this project will be made.

New: GitHub Action

Easily integrate tfdocs-extras with your repository by using our GitHub Action. There’s nothing to install or run manually; just create a workflow for your pull requests. For example, the FriendsOfTerraform organization has a workflow that will render docs when a PR is labeled as “needs formatting”.

Added in https://github.com/FriendsOfTerraform/tfdocs-extras/pull/4 https://github.com/FriendsOfTerraform/tfdocs-extras/pull/7

Fixes

• Added a new “Required” column to nested objects in the documentation; it was not possible to tell whether a property in an object was required prior to this. #4
  • New Required field in the ArgumentGroup struct
• Default values are now rendered correctly for all inputs and objects. This was especially problematic where empty lists were not displayed. #6
• Indentation is preserved for code blocks that exist in DocBlocks. #8
• Objects as default values no longer appear in the cells; instead, a link to the relevant documentation is rendered. #9
• Add workaround for the “Sensitive” column not being correct due to a bug in Terraform Docs.

Documentation

• Added missing documentation for the @deprecated directive.
• Added clarifying notes for the @regex directive

Full Changelog: https://github.com/FriendsOfTerraform/tfdocs-extras/compare/v0.0.0-beta.6...v0.0.0-rc.1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Gaffer Uploader GitHub Action automates the process of uploading test reports to Gaffer, a platform for managing test data and results. It simplifies associating test reports with specific commits, branches, and test suites, enabling better tracking and visualization of testing outcomes. Key capabilities include support for various test frameworks, customizable API endpoints, and integration with GitHub Actions workflows.

What’s Changed

What’s Changed

• chore: bundle dependabot upgrades by @alexgandy in https://github.com/gaffer-sh/gaffer-uploader/pull/61
• chore: bundle dependabot upgrades (round 2) by @alexgandy in https://github.com/gaffer-sh/gaffer-uploader/pull/68
• Bump @actions/io from 1.1.3 to 3.0.2 by @dependabot[bot] in https://github.com/gaffer-sh/gaffer-uploader/pull/69

Full Changelog: https://github.com/gaffer-sh/gaffer-uploader/compare/v0.5.0...v0.5.1

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Padlock is a CLI tool designed to analyze and optimize memory layout in data structures, identifying issues such as padding waste, false sharing, and poor cache locality across multiple programming languages including C, C++, Rust, Go, and Zig. It automates the detection of inefficiencies, provides actionable reorder suggestions, flags concurrency risks, and ranks findings by impact to help developers improve performance and reduce memory overhead. With multi-language, multi-architecture support and CI-readiness, it streamlines the process of diagnosing and resolving memory-related problems in structs.

What’s Changed

What’s Changed

• Feat/fix ux improvements by @gidotencate in https://github.com/gidotencate/padlock/pull/4
• chore: workflow permissions, community standards, remove unused core deps by @gidotencate in https://github.com/gidotencate/padlock/pull/5
• feat: PDB accuracy fixes, cache improvements, Zig detection, docs — v0.10.0 by @gidotencate in https://github.com/gidotencate/padlock/pull/6

Full Changelog: https://github.com/gidotencate/padlock/compare/v0.9.7...v0.10.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Bulk GitHub Repository Settings Sync Action automates the process of updating and synchronizing settings across multiple GitHub repositories. It streamlines tasks such as configuring merge strategies, enabling security features like secret scanning and Dependabot alerts, managing repository topics, and synchronizing files (e.g., .gitignore, workflow files, templates) via pull requests. This action is ideal for organizations seeking to enforce consistent repository configurations and simplify large-scale updates efficiently.

What’s Changed

What’s Changed

• feat: sync repository environments by @Copilot and @joshjohanning in https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/pull/169

Full Changelog: https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/compare/v2.7.0...v2.8.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The salesforce-field-inspector GitHub Action automates the process of retrieving Salesforce FieldDefinition records from the Tooling API and generates outputs in various formats, including JSON, CSV, and Metadata API package manifests (package.xml). It simplifies Salesforce metadata inspection and management by filtering fields and objects based on criteria like object type, modification date, and specific fields, enabling streamlined analysis and metadata retrieval workflows. This action is particularly useful for Salesforce developers and admins managing large datasets or automating metadata extraction.

What’s Changed

What’s Changed

• Add EntityDefinition fetch to retrieve object-level metadata by @Copilot in https://github.com/kotaoue/salesforce-field-inspector/pull/32

Full Changelog: https://github.com/kotaoue/salesforce-field-inspector/compare/v1...v1.0.4

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

mcpunit is a GitHub Action designed to audit MCP servers for quality issues, such as poorly named tools, vague schemas, and risky capabilities, ensuring they are reliable for AI agent interactions. It automates the detection of critical flaws across 24 deterministic rules, providing actionable reports in formats like JSON and SARIF. Built for CI environments, its lightweight, fast, and dependency-free design makes it ideal for maintaining high server standards without slowing down development workflows.

What’s Changed

What’s Changed

• Update actions/checkout version in README.md by @vjik in https://github.com/lee-to/mcpunit/pull/1

New Contributors

• @vjik made their first contribution in https://github.com/lee-to/mcpunit/pull/1

Full Changelog: https://github.com/lee-to/mcpunit/compare/v1.3.0...v1.4.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The ReversingLabs GitHub Action rl-protect integrates the rl-protect CLI tool into CI/CD workflows to scan software package manifest files and identify security vulnerabilities in open-source dependencies before build jobs proceed. By leveraging the Spectra Assure API, it helps developers proactively detect and mitigate threats in third-party packages, ensuring a secure software supply chain. This action automates dependency security checks, enabling organizations to adopt a “shift-left” approach for enhanced confidence in their software releases.

What’s Changed

test verbose influences fail-only

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

SecondBrain is a CLI tool that integrates with external data sources like Salesforce, Zendesk, and Slack to retrieve, filter, and analyze data using Retrieval Augmented Generation (RAG) and Large Language Models (LLMs). It automates tasks such as generating reports, summarizing insights, and querying data across disconnected sources, making it valuable for analyzing complex datasets efficiently. Key capabilities include directory scanning for document analysis, GitHub repository change summarization, and YouTube transcript processing for content insights.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Totem is a CLI tool designed to provide a persistent memory and enforcement layer for AI coding agents, addressing their tendency to forget context and repeat architectural mistakes. It automates the creation and enforcement of coding rules by converting plain-English lessons into deterministic linting rules, ensuring consistent adherence to best practices without relying on runtime LLMs. This helps maintain architectural integrity, reduces repetitive review cycles, and prevents recurring errors in AI-assisted development workflows.

What’s Changed

Patch Changes

• 1c766c2: 1.15.2 ships the archive-in-place durability substrate from #1587 and the new totem lesson archive atomic command.

  Governance durability (closes #1587)

  • totem lesson compile --refresh-manifest — new no-LLM primitive that recomputes compile-manifest.json output_hash from the current compiled-rules.json state. Closes the postmerge inline-archive gap where the no-op compile path only detected input-hash drift. Strict exclusivity with --force.
  • totem lesson compile --force now preserves status, archivedReason, and archivedAt additively on rules whose lessonHash survives to the new output. Transient compile failures (network / rate-limit / manual reject / example-verification / cloud parse) leave the old rule intact instead of silently dropping it. Implemented via the new preserveLifecycleFields helper in core and upsertRule / removeRuleByHash helpers in the CLI compile loop (replace-by-hash on success; remove-on-skipped; unchanged on failed / noop). Dangling-archive guard preserved — rules whose source lesson was deleted are never resurrected.
  • totem lesson archive <hash> [--reason <string>] — new atomic command mirroring totem rule promote. Flips the rule’s status to archived, stamps archivedAt on first transition, preserves archivedAt on reruns, refreshes the manifest, and regenerates copilot + junie exports — all in one call. Matches prefix on lessonHash; duplicate-full-hash collisions surface as data-corruption errors distinct from prefix ambiguity.
  • /postmerge skill doc rewritten to call totem lesson archive directly, retiring the hand-rolled scripts/archive-bad-postmerge-*.cjs pattern.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The GitHub Action agent-bom is an open security scanner designed to analyze vulnerabilities across the AI supply chain, including agents, MCP servers, packages, containers, cloud infrastructure, GPUs, and runtime environments. It automates the identification of CVEs (Common Vulnerabilities and Exposures) and maps their blast radius, tracing the impact from vulnerable components to exposed credentials, tools, and systems. By providing targeted remediation recommendations, it simplifies vulnerability management and helps mitigate risks in complex AI ecosystems.

What’s Changed

What’s Changed

• [platform] align published runtime image surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1612
• [ci] normalize Dependabot UI lockfile updates by @msaad00 in https://github.com/msaad00/agent-bom/pull/1613
• chore(deps-dev): bump @tailwindcss/postcss from 4.2.2 to 4.2.3 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1610
• chore(deps-dev): bump typescript-eslint from 8.58.0 to 8.59.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1611
• chore(deps-dev): bump tailwindcss from 4.2.2 to 4.2.3 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1609
• docs: align deployment modes and image model by @msaad00 in https://github.com/msaad00/agent-bom/pull/1614
• fix: harden tenant-scoped metrics and proxy audit by @msaad00 in https://github.com/msaad00/agent-bom/pull/1615
• fix: harden proxy startup and gateway HA defaults by @msaad00 in https://github.com/msaad00/agent-bom/pull/1616
• chore: validate shipped helm deployment profiles by @msaad00 in https://github.com/msaad00/agent-bom/pull/1617
• chore(deps): bump lxml from 6.0.4 to 6.1.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1618
• feat(ui): add deployment-context-aware navigation by @msaad00 in https://github.com/msaad00/agent-bom/pull/1619
• feat(auth): add key rotation overlap and admin UX by @msaad00 in https://github.com/msaad00/agent-bom/pull/1620
• feat(deploy): add one-command Helm profile installer by @msaad00 in https://github.com/msaad00/agent-bom/pull/1629
• feat(endpoint): add managed proxy onboarding bundle by @msaad00 in https://github.com/msaad00/agent-bom/pull/1630
• feat(gateway): add tenant-scoped runtime rate limiting by @msaad00 in https://github.com/msaad00/agent-bom/pull/1631
• fix(auth): fail closed on missing OIDC tenant claims by default by @msaad00 in https://github.com/msaad00/agent-bom/pull/1632
• feat(packaging): add one-command pilot compose path by @msaad00 in https://github.com/msaad00/agent-bom/pull/1633
• feat(terraform): add AWS baseline module and destroy guidance by @msaad00 in https://github.com/msaad00/agent-bom/pull/1634
• feat(deploy): add AWS EKS reference rollout installer by @msaad00 in https://github.com/msaad00/agent-bom/pull/1641
• feat(deploy): add teardown helper for AWS EKS installs by @msaad00 in https://github.com/msaad00/agent-bom/pull/1652
• feat(gateway): stitch W3C trace context across relay by @msaad00 in https://github.com/msaad00/agent-bom/pull/1654
• feat(api): add inbound OCSF ingest route by @msaad00 in https://github.com/msaad00/agent-bom/pull/1655
• docs(deploy): publish enterprise auth and operator guides by @msaad00 in https://github.com/msaad00/agent-bom/pull/1656
• docs(runtime): publish operator guides and remediation contract by @msaad00 in https://github.com/msaad00/agent-bom/pull/1658
• docs(model): publish control-plane data model and store parity by @msaad00 in https://github.com/msaad00/agent-bom/pull/1659
• docs(deploy): refresh self-hosted diagrams and runtime flow by @msaad00 in https://github.com/msaad00/agent-bom/pull/1661
• feat(proxy): preserve upstream W3C trace context across stdio JSON-RPC boundary by @msaad00 in https://github.com/msaad00/agent-bom/pull/1662
• feat(deploy): add Helm teardown cleanup hooks by @msaad00 in https://github.com/msaad00/agent-bom/pull/1663
• feat(endpoint): add packaged installer assets and MDM rollout by @msaad00 in https://github.com/msaad00/agent-bom/pull/1664
• feat(k8s): add proxy sidecar mutating webhook by @msaad00 in https://github.com/msaad00/agent-bom/pull/1665
• fix(api): close middleware RBAC route coverage gaps by @msaad00 in https://github.com/msaad00/agent-bom/pull/1671
• feat(deploy): add EKS preflight and post-deploy verify by @msaad00 in https://github.com/msaad00/agent-bom/pull/1672
• feat(proxy): sign cached gateway policy bundles by @msaad00 in https://github.com/msaad00/agent-bom/pull/1673
• feat(gateway): hot-reload file-backed policy by @msaad00 in https://github.com/msaad00/agent-bom/pull/1675
• feat(proxy): extend replay window with bounded memory by @msaad00 in https://github.com/msaad00/agent-bom/pull/1676
• feat(graph): wire skill audit findings into graph by @msaad00 in https://github.com/msaad00/agent-bom/pull/1678
• test(runtime): add gateway and OCSF contract coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1680
• chore(deps-dev): bump vitest from 4.1.4 to 4.1.5 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1683
• docs(runtime): add operations runbook by @msaad00 in https://github.com/msaad00/agent-bom/pull/1682
• feat(ui): add feedback and bug-report entrypoints by @msaad00 in https://github.com/msaad00/agent-bom/pull/1685
• feat(ui): make MCP inventory obvious before proxy rollout by @msaad00 in https://github.com/msaad00/agent-bom/pull/1688
• docs(deploy): simplify self-hosted deployment story by @msaad00 in https://github.com/msaad00/agent-bom/pull/1689
• docs(architecture): define unified platform control plane by @msaad00 in https://github.com/msaad00/agent-bom/pull/1690
• feat(platform): surface MCP provenance across discovery and fleet by @msaad00 in https://github.com/msaad00/agent-bom/pull/1698
• docs(deploy): align EKS rollout to unified platform surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1699
• docs(deploy): define retention and security-lake strategy by @msaad00 in https://github.com/msaad00/agent-bom/pull/1700
• feat(platform): persist MCP observation provenance by @msaad00 in https://github.com/msaad00/agent-bom/pull/1701
• docs(deploy): clarify entrypoints and self-hosted runtime model by @msaad00 in https://github.com/msaad00/agent-bom/pull/1702
• feat(graph): clarify snapshot and blast-radius semantics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1703
• docs(mcp): add proxy vs gateway vs fleet guide by @msaad00 in https://github.com/msaad00/agent-bom/pull/1704
• docs(release): tighten scale and runtime caveats by @msaad00 in https://github.com/msaad00/agent-bom/pull/1705
• chore(release): bump version to 0.81.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1706
• [codex] feat(multitenancy): enforce tenant-scoped gateway routing by @msaad00 in https://github.com/msaad00/agent-bom/pull/1707
• [codex] docs(multitenancy): tighten self-hosted tenancy boundary by @msaad00 in https://github.com/msaad00/agent-bom/pull/1708
• [codex] fix(release): close audit followups by @msaad00 in https://github.com/msaad00/agent-bom/pull/1709
• docs(auth): define UI and API session model by @msaad00 in https://github.com/msaad00/agent-bom/pull/1710
• docs(deploy): clarify official deployment paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/1711
• docs(deploy): split enterprise self-hosted diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/1712
• docs(trust): define customer data and support boundary by @msaad00 in https://github.com/msaad00/agent-bom/pull/1713

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.81.1

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Arbiter is a GitHub Action that automates AI-powered triage of security findings from static application security testing (SAST) tools. It processes SARIF output from any scanner, uses an AI model to classify issues (true positive, false positive, or needs review) with confidence and reasoning, and generates actionable reports as pull request comments. By streamlining vulnerability triage and optionally enforcing build gates for high-confidence issues, it enhances code scanning workflows and reduces manual effort.

What’s Changed

What’s new

New TRIAGE_PROVIDER=openai for any OpenAI-compatible endpoint — uses standard Bearer token auth instead of the Azure-specific api-key header.

Use cases

GitHub Models example

env:
  TRIAGE_PROVIDER:   openai
  AZURE_AI_ENDPOINT: https://models.inference.ai.azure.com
  AZURE_AI_API_KEY:  ${{ secrets.GITHUB_TOKEN }}   # PAT with models:read
  AZURE_AI_MODEL:    gpt-4o

The existing azure and azure-openai providers are unchanged.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CTGuard is a GitHub Action and Go tool designed to detect timing side-channel vulnerabilities in Go code, such as non-constant-time operations or secret-dependent branches. It automates the identification of potential leaks of sensitive data through execution timing, providing confidence levels for each finding to prioritize risk assessment. Key capabilities include scanning for specific patterns like secret leaks to logs, insecure comparisons, and variable-time arithmetic, with support for customizable rules and CI integration.

What’s Changed

Full Changelog: https://github.com/oasilturk/ctguard/compare/v0.9.0...v0.10.0

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The despagettifier GitHub Action performs static code analysis to measure cyclomatic complexity and related metrics for individual functions within supported programming languages, such as Go, JavaScript, and Rust. It helps developers identify overly complex “god functions” that may be difficult to test and maintain, enabling more modular and maintainable code. By leveraging Tree-sitter for language-independent parsing, the tool automates the detection of problematic functions and provides actionable insights to improve code quality.

What’s Changed

Publish action to the Marketplace

Full Changelog: https://github.com/Pafaul/despagettifier/commits/v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automatically adds a random “thank you” GIF from Giphy as a comment on pull requests. It streamlines the process of expressing gratitude or acknowledgment in repositories, enhancing engagement and communication. By automating this task, it saves time for maintainers and adds a fun, personalized touch to PR interactions.

What’s Changed

• updated the branding icon and name of js actions (8c4adbb)
• added the initial js actions for pr giphy comment (2de2058)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Docker 镜像缓存 GitHub Action enables cross-workflow caching of Docker images to accelerate CI/CD pipelines that rely on large container images. It automates the process of restoring and saving Docker images as tar files using GitHub Actions’ caching mechanism, ensuring faster build times by avoiding redundant image downloads. The action supports cache invalidation based on image changes, providing an efficient and seamless way to manage Docker image dependencies in workflows.

What’s Changed

Full Changelog: https://github.com/sanbei101/image-cache-action/commits/v1

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 24,210 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Slack GitHub Action enables automated interactions with Slack by sending data, triggering workflows, and executing Slack CLI commands directly from GitHub workflows. It streamlines communication and task execution by supporting integrations via webhooks, API methods, and service tokens. This action is ideal for automating Slack notifications, workflow triggers, and command execution as part of CI/CD pipelines or other automated processes.

What’s Changed

Patch Changes

• 79529d7: fix: resolve url.parse deprecation warning for webhook techniques

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The RsMetaCheck GitHub Action automates the detection of metadata issues in software repositories by leveraging the RsMetaCheck Python tool and SoMEF. It streamlines the identification and analysis of potential metadata pitfalls, enabling developers to improve the quality and compliance of their repository’s metadata. Key capabilities include generating detailed outputs for detected pitfalls, analyzing existing SoMEF results, and supporting customizable thresholds and outputs for metadata evaluation.

What’s Changed

RSMetaCheck actions will automatically diagnose and identify pitfalls in your software metadata to ensure consistency, discoverability, and proper citation. Additionally create a curated report pinpointing the issues found and suggestions specific for your repository.

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The helm-kustomize-lint-action is a GitHub Action designed to automate linting and validation tasks for Helm charts and optionally for Kustomize manifests. It simplifies workflows by providing end-to-end linting, rendering, and validation capabilities, including YAML linting, strict Helm linting, Helm template rendering, and optional schema validation via kubeconform. Additionally, it supports monorepos by detecting and processing only changed Helm charts, reducing manual effort and ensuring robust CI/CD pipelines for Kubernetes-related projects.

What’s Changed

Bug Fixes

• Install ct chart_schema.yaml + pin helm 3.16.4 for changed-charts (b1ff453)
• Pip install yamale+yamllint for ct lint in changed-charts mode (333beeb)

CI/CD

• Add changed-charts test and smoke jobs (5bf4509)

Documentation

• Update changelog (6ff5ead)
• Update CONTRIBUTORS.md (d070e8c)

Features

• Add changed-charts mode for Helm monorepos (b46fc32)

Miscellaneous

• Add monorepo fixture for changed-charts mode (07be850)

Full Changelog: https://github.com/somaz94/helm-kustomize-lint-action/compare/v1.0.0...v1.1.0

• This action is used across all versions by 8 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Sprocket GitHub Action integrates the Sprocket CLI tool into CI/CD pipelines, automating the validation, linting, and formatting of WDL (Workflow Description Language) documents. It performs static analysis, schema validation, and ensures proper formatting of WDL files, helping developers maintain code quality and consistency. Key capabilities include customizable linting rules, input schema validation, and configuration synchronization between local and CI environments.

What’s Changed

What’s Changed

Bumps Sprocket from v0.23.0 to v0.24.0.

See the Sprocket releases for full details.

• This action is used across all versions by 4 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Causinator 9000 is a reactive causal inference engine designed to identify the root cause of infrastructure degradations by analyzing dependency graphs, recent deployment changes, and observed symptoms. It automates the process of tracing causal paths and ranking potential causes using Bayesian inference, temporal decay, and dependency attenuation, providing confidence scores for each candidate. This action helps teams quickly diagnose and resolve issues in complex, interconnected cloud systems while minimizing false positives.

What’s Changed

Full Changelog: https://github.com/sylvainsf/causinator9000/compare/v1.8.0...v1.9.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

compose-lint is a security-focused linter for Docker Compose files that identifies and flags potentially dangerous misconfigurations before deployment. It automates the process of validating configurations against best practices and security standards such as OWASP and CIS, providing developers with actionable insights to improve container security. Designed to be fast, opinionated, and zero-configuration, it helps mitigate risks by catching issues early in the development pipeline.

What’s Changed

Security

• Container image no longer ships pip or its dist-info. pip was only used at build time against --require-hashes lockfiles and was unreachable at runtime (distroless, no shell, nonroot entrypoint), but its presence in the runtime layer surfaced ongoing Docker Scout alerts (CVE-2025-8869, CVE-2026-1703 against pip 25.1.1) and would have generated more on every future pip CVE. The runtime venv now contains only PyYAML, compose_lint, and the Python interpreter symlinks; image drops ~17 MB. (#116)

Fixed

• parser.load_compose now wraps RecursionError as ComposeError. PyYAML’s composer is recursive; deeply-nested flow input like [[[[...]]]] exhausted the interpreter stack from inside yaml.load and raised RecursionError — a RuntimeError, not a YAMLError — bypassing the existing wrapper and crashing the CLI with an unhandled exception instead of returning exit code 2. Surfaced by ClusterFuzzLite (#114). (#115)

Added

• SLSA build provenance attestations on PyPI sdist + wheel and the Docker image, providing verifiable supply-chain proof that release artifacts were built from this repository’s tagged source. (#107)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Runner Guard is a CI/CD supply chain security scanner designed to detect and mitigate vulnerabilities in GitHub Actions workflows. It automates the detection of pipeline injection attacks, unpinned dependencies, AI configuration poisoning, and supply chain threats, while also scanning dependency pipelines for security issues. Key features include vulnerability reporting, auto-fixing issues, continuous monitoring of dependencies, and generating security scores to enhance workflow integrity.

What’s Changed

Changelog

• 025efb26fa44000131d96b036ed1e17b2ff0a049 Add CanisterWorm/CanisterSprawl and Strapi-Cryptosteal IOCs, clean external references (v3.1.5)
• 208650943cd89560b2bd61da9ee61f5a4d9c188e Update GitHub Action SHA for v3.1.4

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Vercel Deploy Comment” GitHub Action automates the deployment of one or more Vercel projects and updates a single comment in a pull request with the deployment status, environment, and preview links. It solves the problem of managing and tracking multiple Vercel deployments directly from GitHub Actions while maintaining an organized and up-to-date summary within pull requests. Key capabilities include serial updates to comments for multiple projects/environments and integration with the Vercel CLI for seamless deployment workflows.

What’s Changed

What’s Changed

• feat: support project-driven multi-environment Vercel deploys by @wiyco in https://github.com/wiyco/vercel-deploy-comment/pull/2

Full Changelog: https://github.com/wiyco/vercel-deploy-comment/compare/v1.0.0...v2.0.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

AgentRepoCoach is a GitHub Action and CLI tool that evaluates the readiness of a codebase for autonomous AI agents by calculating a composite Codebase Agent Health (CAH) score. It automates the analysis of key aspects like navigability, error quality, decision-making support, testing practices, and module organization, offering actionable insights to improve code maintainability and AI compatibility. This tool helps teams identify and address structural and documentation gaps in their repositories while providing automated thresholds for CI/CD workflows.

What’s Changed

v0.2.0 — Full Language Coverage + Coaching Recommendations

AgentRepoCoach now scores repos in 5 languages and tells you exactly what to fix first.

What’s new

Full language adapters for TypeScript, Go, and Rust

All three previously-stubbed adapters are now fully implemented:

• TypeScript — tsconfig.json/package.json detection, throw-site scanning with multi-line context, JSDoc detection, Jest/Vitest test method extraction
• Go — go.mod detection, errors.New/fmt.Errorf/custom error mapping, Go doc comment detection, Test* function extraction
• Rust — Cargo.toml detection, panic!/Err(Custom) mapping, /// doc comment detection, #[test] attribute detection

All adapters use regex-only analysis (no AST parser dependencies) and implement the full 9-method LanguageAdapter interface.

Coaching recommendations engine

AgentRepoCoach no longer just scores your repo — it coaches you through the fixes. The new coaching engine:

• Analyzes sub-component score gaps across all five components
• Surfaces the top-3 actionable fix tips ranked by weighted impact
• Works in every output format: terminal summary, verbose mode, markdown PR comments, and JSON reports (new coaching array)

Dogfood improvements

AgentRepoCoach now scores 100/100 on its own repo:

• AGENTS.md for agent-friendly codebase navigation
• codebase-map.md for repo structure overview
• cli-manifest.json for CLI discoverability
• docs/architecture.md documenting the system design
• 5 Architecture Decision Records (ADRs)
• Fix hints on all raise sites; docstrings on all public declarations

Bug fixes

• Python adapter _TEST_METHOD_PATTERN was missing re.MULTILINE flag, causing zero test methods to be detected in Python repositories

What’s supported

Highlights

• Still zero runtime dependencies (Python 3.11+ stdlib only, including tomllib)
• Composite Action (no Docker, no slow cold start)
• TOML config (.agentrepocoach.toml) with zero-config defaults
• JSON + Markdown output formats
• fail-threshold input for PR gating
• Output is safe to publish as a CI artifact (no source snippets)

Upgrade

GitHub Action

- uses: WouterDeBot/agentrepocoach@v0.2.0

CLI

pip install --upgrade agentrepocoach

Feedback

Feedback welcome via GitHub Issues and Discussions.

License

Apache 2.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Sentinel MCP Scanner is a security-focused GitHub Action that automates the detection of misconfigurations in Model Context Protocol (MCP) servers, live endpoints, and Docker containers. It performs static and dynamic analyses to identify vulnerabilities, provides severity ratings with remediation guidance, and integrates seamlessly into CI/CD workflows to block pull requests based on critical findings. Key capabilities include comprehensive scanning across multiple modules, customizable output formats, and support for SARIF reporting for GitHub Code Scanning.

What’s Changed

What’s Changed

• chore: relicense from MIT to Apache-2.0 by @asiridalugoda in https://github.com/Helixar-AI/sentinel/pull/5

Full Changelog: https://github.com/Helixar-AI/sentinel/compare/v1...v1.0.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The pinchtab-detector GitHub Action is a security tool designed to scan environments for artifacts and indicators of PinchTab, a stealth browser hijacking toolkit that exploits the Chrome DevTools Protocol for unauthorized access. It automates detection of suspicious processes, open ports, filesystem artifacts, and other signs of PinchTab, providing actionable risk assessments to protect against silent browser session takeovers and AI agent compromise. This tool is particularly valuable for securing environments against threats that bypass traditional endpoint security measures.

What’s Changed

What’s Changed

• chore: relicense from MIT to Apache-2.0 by @asiridalugoda in https://github.com/Helixar-AI/Unpinched/pull/1

New Contributors

• @asiridalugoda made their first contribution in https://github.com/Helixar-AI/Unpinched/pull/1

Full Changelog: https://github.com/Helixar-AI/Unpinched/compare/v0.2.0...v0.3.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

EvalView is an open-source GitHub Action designed to detect and manage silent regressions in the behavior of AI agents, such as changes in tool usage, output quality, or decision-making processes. It automates tasks like tracking behavior drift, classifying changes, and facilitating safe auto-healing of issues, providing graded confidence levels instead of binary alarms to distinguish between provider/model updates and actual regressions. This tool empowers developers and teams to ensure their AI agents continue to function correctly and reliably without requiring extensive resources.

What’s Changed

Minor release — 33 commits since 0.6.2, 14 new user-facing features.

Highlights

• Aider CLI adapter — drive Aider as an EvalView adapter
• Autopr loop — prod-incident → regression-test → PR, closed loop
• Flake quarantine — known-flaky tests don’t block CI, with governance metadata
• Release verdict + evalview since — graded ship/hold verdict + change brief
• progress / drift / slack-digest — investigative loop commands
• Noise confirmation gate + --strict bypass — two-cycle rule before alerting
• Slow-agent warning — real wall-clock latency regression detection
• Observability signals — trust score, tool-loop, brittle-recovery, gaming checks
• Improvement recommendation engine — prioritized stabilize / tighten / add-check suggestions
• Simulation harness + decision-rationale (schema v2) — scripted multi-turn scenarios, machine-readable reasons
• snapshot --json — CI-friendly, hardened for edge cases
• check --explain — deep trace narrative for root-cause hypotheses
• Token cost breakdown in check — input/output/cached tokens + cost delta vs baseline
• Skill-doctor char-budget refinement — disable-model-invocation skills excluded

Plus ~10 fixes (mypy narrowing, dogfood hardening, slack-digest type errors, noise strict-bucket leak, snapshot --json CI hardening) and README/CLI doc improvements.

Install

pip install evalview==0.7.0
# or
npm install evalview@0.7.0

Full changelog: https://github.com/hidai25/eval-view/blob/v0.7.0/CHANGELOG.md

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Hyperlocalise GitHub Action automates localization workflows by integrating with CI pipelines to streamline translation management for modern applications. It provides functionality to detect localization changes (drift) and validate translation integrity (check) using the Hyperlocalise CLI, offering reporting, annotation, and artifact upload capabilities. This action eliminates manual localization processes, making it easier to maintain accurate and consistent translations directly within engineering workflows.

What’s Changed

What’s Changed

• Update pnpm to v10.33.1 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/322
• feat(web): translation job by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/321
• Update dependency vite-plus to v0.1.19 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/317
• feat(github): add @hyperlocalise fix bot with sandboxed auto-fix workflow by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/323
• Update tailwindcss monorepo to v4.2.4 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/318
• Update dependency shadcn to v4.4.0 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/319
• feat(web): resend adapter by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/324
• refactor(web): switch GitHub chat state to Postgres adapter by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/325
• feat(cli): add OpenAI image localization support by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/326

Full Changelog: https://github.com/hyperlocalise/hyperlocalise/compare/v1...v1.5.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Versionary is an automated release tool designed to streamline version management, changelog generation, tagging, and release workflows across diverse ecosystems while adhering to semantic versioning and conventional commits. It supports both direct releases and release-PR workflows, enabling maintainers to review changes before publication. By centralizing versioning and release metadata tasks, it eliminates the need for manual intervention, leaving artifact publication to CI/CD systems triggered by tags or releases.

What’s Changed

Features

• guard against concurrency and race conditions (2739163)
• support expl3 latex packages (5f12c53)

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the bulk synchronization of repository settings and files across multiple repositories, streamlining administrative tasks for organizations. It addresses common challenges such as managing pull request settings, enabling security features, and syncing configuration files (e.g., .gitignore, dependabot.yml, workflow files) across repositories while allowing for dynamic targeting and per-repository overrides. Key capabilities include dry-run previews, intelligent change detection, and comprehensive logging to ensure accurate updates.

What’s Changed

What’s Changed

• feat: add private vulnerability reporting syncing support by @Wuodan in https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/pull/185

Full Changelog: https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/compare/v2.6.1...v2.7.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The a11yscout GitHub Action automates WCAG 2.1 A/AA accessibility audits for pull requests, focusing on preview deployments hosted on platforms like Vercel and Netlify. It scans provided URLs for accessibility violations, generates detailed reports, and optionally integrates with source code via a Vite plugin for precise file and line annotations. This tool simplifies accessibility testing for indie developers, reducing friction and ensuring compliance with modern accessibility standards.

What’s Changed

First Marketplace release of a11yscout — WCAG 2.1 A/AA accessibility audits for GitHub pull requests.

What it does

Scans any URL with axe-core + headless Chromium, filters to WCAG 2.1 A/AA rules, and posts a sticky PR comment summarizing violations. Outputs JSON + SARIF, so failures can be uploaded to GitHub Code Scanning for inline PR annotations.

Quick start

# .github/workflows/a11y.yml
on: pull_request                                                                                                                                                                                  
jobs:
  a11y:                                                                                                                                                                                           
    runs-on: ubuntu-latest                                
    permissions: { contents: read, pull-requests: write }                                                                                                                                         
    steps:
      - uses: jpatel3/a11yscout@v1                                                                                                                                                                
        with:                                                                                                                                                                                     
          urls: https://your-preview-url.example.com
          level: AA                                                                                                                                                                               
          fail-on: serious                                

Optional: source-mapped violations

Install @a11yscout/vite-plugin in your app and PR comments point at the exact JSX file and line (src/Button.tsx:12:4) instead of a CSS selector. See the README for setup.

Inputs

urls, level, fail-on, wait-for, viewport, screenshot, comment-on-pr, upload-artifact, github-token. All have sensible defaults — only urls is required.

Outputs

report-path, sarif-path, total-violations.

Notes

• Runs on any ubuntu-latest runner. First run installs Chromium (~30s); cached on subsequent runs.
• Free for all uses.
• Source: https://github.com/jpatel3/a11yscout

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

SecondBrain is a CLI tool that integrates with external data sources like Salesforce, Slack, and GitHub to retrieve, filter, and analyze data using a Large Language Model (LLM) powered by Retrieval Augmented Generation (RAG) techniques. It automates tasks like generating summaries, insights, and reports from a variety of disconnected data sources, including documents, GitHub repositories, and YouTube transcripts. The tool’s key capabilities include keyword-based filtering, data analysis, and the ability to answer queries or generate content based on aggregated and processed data.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The MergeWire GitHub Action automates the processing of Terraform plans within a CI pipeline by extracting routing-safe metadata and sending it to the MergeWire API for policy evaluation and routing. It simplifies the review process by identifying potential changes, escalating destructive actions, and ensuring compliance with repository-specific policies. Key capabilities include integration with Terraform workflows, metadata extraction, API-based policy routing, and support for custom review rules.

What’s Changed

What’s Changed

• fix(payload): remove pricingResources to comply with api schema by @baires in https://github.com/mergewire/action/pull/4

Full Changelog: https://github.com/mergewire/action/compare/v1.2.2...v1.2.3

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Totem is a CLI tool designed to provide AI coding agents with a persistent memory and enforcement layer to prevent repeated architectural mistakes and maintain code integrity. It automates the process of turning plain-English lessons from past errors into enforceable linting rules that run offline in under two seconds, ensuring AI-generated code adheres to established standards. By acting as a deterministic safeguard, Totem helps streamline code reviews, reduces redundant feedback, and promotes consistent coding practices across projects.

What’s Changed

Patch Changes

• e69edb2: 1.15.1 ships the totem proposal new and totem adr new scaffolding commands that close out #1288.

  Governance authoring (closes #1288)

  • totem proposal new <title> scaffolds a new strategy proposal at .strategy/proposals/active/NNN-kebab-title.md with the canonical template (Status / Author / Date / Milestone + Motivation / Problem Statement / Proposed Solution / Consequences / Decision Needed).
  • totem adr new <title> scaffolds a new ADR at .strategy/adr/adr-NNN-kebab-title.md with the Format B convention (# ADR NNN: Title, Status / Context / Decision / Consequences).
  • Both commands auto-increment the number by scanning the target directory, collision-check before any disk writes, and warn-and-continue on post-scaffold hooks so partial failures do not leave orphan files.
  • Runs pnpm run docs:inject automatically when the project has that script configured, so the PROPOSAL_INBOX and ADR_TABLE dashboards in README.md refresh without manual intervention.
  • New orchestrator at packages/cli/src/utils/governance.ts with 5 helpers and 2 default templates. 34 new tests covering slug validation, collision detection, number inference, template selection, and hook degradation.
  • @totem/pack-agent-security allowlist updated for the 2 legitimate spawn sites the new commands introduce.

• Updated dependencies [e69edb2]

  • @mmnto/totem@1.15.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The aer GitHub Action enables validation, testing, and execution of Salesforce Apex code within a lightweight, Salesforce-compatible runtime, eliminating the need to deploy to a live Salesforce org. It automates test execution and debugging for Apex projects, making development cycles faster and more reproducible. Key capabilities include running test suites, executing individual code paths, and supporting interactive debugging with tools like VS Code and IntelliJ.

What’s Changed

Version v0.0.162

• Treat Automated Process As System Mode For Cross-Reference Access

• Add Auto-Number Name Display Format Coverage

• Support Triple-Quoted Text Block String Literals

• Resolve DataWeave Result Class Name Against Namespace

• Hoist Record Lookup Variables In Converted Flows

• Implement Crypto.signWithCertificate With Configurable Keys

• Stop Caching Apex Parse Failures

• Add License Renew Command For Expired Developer Keys

• Implement JEP 378 Text Block Escapes

• Add String.template() And Match sfapex Rendering Semantics

• Resolve Nested Types Before SObject Canonicalization When Creating Package

• Bulkify Flow Apex Actions And Correct Platform Event ReplayId Semantics

• Guard Bulkified Invocable Calls With isEmpty Check

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, Multi-repo CLOC, automates the process of analyzing code across multiple repositories using the cloc tool, generating detailed reports on lines of code and other metrics. It aggregates JSON outputs from each repository and produces a summary in Markdown format, simplifying cross-repository code analysis and reporting tasks. Key capabilities include support for scanning multiple repositories, applying custom configurations per repository, and outputting structured data for further use or integration into workflows.

What’s Changed

Initial release for multi repo cloc

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The gha-sbom-action GitHub Action automates the generation of Software Bill of Materials (SBOM) files using the GitHub dependency graph API and Syft, providing a comprehensive overview of a project’s dependencies in the SPDX format. It simplifies dependency tracking and compliance by resolving Python dependencies, scanning the repository, and optionally creating a pull request to update SBOM files if changes are detected. This action streamlines the process of maintaining accurate and up-to-date SBOMs, improving visibility and security in software projects.

What’s Changed

SBOM Generator (Syft + GitHub Depgraph) v0.1.1

Composite GitHub Action that generates SPDX SBOM files using the GitHub dependency graph API and Syft, optionally opening a pull request with the results.

Features

• Export GitHub dependency graph SBOM (SPDX JSON) via gh api
• Generate Syft SPDX SBOM scan of the repository
• Auto-detect changes and optionally open a PR with updated SBOMs
• Configurable output directory, Python version, and PR creation
• Syft DB caching for faster repeat runs
• All third-party actions pinned to commit SHA

Usage

- uses: qte77/gha-sbom-action@v0.1.1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}

Prerequisites

Calling repository must have a pyproject.toml. The action runs uv sync to resolve Python dependencies before scanning.

Full changelog

https://github.com/qte77/gha-sbom-action/commits/v0.1.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The manage-gorg-permissions GitHub Action automates the management of organization permissions by syncing team memberships, repository access, and direct collaborator roles based on a YAML configuration file (gorg.yaml). By enabling permissions as code, it simplifies and standardizes the administration of GitHub organizations, ensuring consistent access control across teams and repositories. The action leverages a GitHub App for authentication and generates reports to track applied changes.

What’s Changed

v1.0.0 — Initial release

Manage GitHub organization permissions as code using a single YAML file.

Features

• Define teams, repo permissions, and direct collaborators in gorg.yaml
• Sync is triggered automatically on push via GitHub Actions
• Authenticates using a GitHub App
• Auto-generates a markdown report of the applied state
• Validates config before touching any API
• Handles rate limiting, missing resources, and concurrent runs gracefully

Requirements

• A GitHub App installed with required permissions (README.md)
• Three repository secrets: GORG_APP_ID, GORG_APP_PRIVATE_KEY, GORG_INSTALLATION_ID

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The setup-love GitHub Action automates the setup of the LÖVE framework in GitHub Actions workflows, enabling developers to run and test LÖVE applications in CI/CD pipelines. It simplifies the process of installing the LÖVE runtime environment by allowing users to specify a desired version or use the default version. This action is particularly useful for automating tasks like version checks or testing LÖVE-based projects in a consistent and repeatable manner.

What’s Changed

1.0.6 (2026-04-23)

Build System

• deps: bump @actions/core from 3.0.0 to 3.0.1 (#188) (2172aa2)

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The rumdl GitHub Action is a high-performance Markdown linter and formatter, built with Rust, designed to ensure consistency and enforce best practices in Markdown files. It automates tasks such as identifying common Markdown issues, applying 71 lint rules, and optionally auto-fixing violations, all while offering fast execution and compatibility with multiple Markdown flavors (e.g., GFM, MkDocs, MDX). Its zero-dependency design, detailed error reporting, and CI/CD integration make it an efficient and user-friendly tool for maintaining high-quality Markdown documentation.

What’s Changed

Added

• wasm: validate rule-config value types at parse time (ab3d3d5)
• wasm: honor exclude patterns via path-aware check() and fix() (e578308)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Sekrd GitHub Action automates deep security scans for deployed web applications, identifying vulnerabilities such as leaked secrets, insecure configurations, and compliance issues across 15 security domains. It integrates with GitHub workflows to provide actionable security insights by uploading results to the Security tab as SARIF files and posting PR comments with scores and critical findings. This action helps development teams streamline security checks during CI/CD processes without requiring self-hosted scanning infrastructure.

What’s Changed

Adds retry-with-backoff (5 attempts, 30/60/90/120/150s) on 429 Too Many Requests from /api/v1/scan/*. Prior versions failed the workflow with curl exit code 22 on any rate-limit hit; now the action survives transient 429s and only bails loud on sustained rate-limiting.

No migration required; v1 tag moved to v1.0.3.

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Constellation Index GitHub Action automates the process of indexing a repository by extracting abstract syntax tree (AST) metadata using the Constellation CLI. This privacy-first solution enables AI assistants to analyze code structure without transmitting source code, solving the problem of secure code analysis. Key capabilities include automatic updates, cross-platform compatibility, smart diff detection to optimize indexing, and seamless integration with minimal configuration.

What’s Changed

What’s new?

• Manual runs always re-index: workflow_dispatch triggers now bypass the diff_check step and force a full re-index, so clicking “Run workflow” always produces a fresh index regardless of the changed files on the current commit
• Clarified README to reflect that manual runs explicitly force indexing, while schedule triggers continue to rely on missing push baseline context

Full Changelog: https://github.com/ShiftinBits/constellation-github/compare/v1.2.1...v1.2.2

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The niks3-action GitHub Action automates the process of pushing built Nix packages to a binary cache using the niks3 tool. It simplifies package distribution by enabling authentication through tokens or OIDC, managing concurrent uploads, and verifying package integrity in storage. This action is ideal for streamlining workflows that involve building and deploying Nix packages.

What’s Changed

• bump: v0.3.1 -> v0.3.2 (6c9d4101744b114cc5b5de376fdd2e3a6ce916e2)
• fix(deps): update node packages (#54) (17d63b1a55f759d26de5f686f8e70f33d254a3f6)
• chore(deps): lock file maintenance (#34) (98e7b3f29877c809ca698ea7f641c21ce5b06a03)
• chore(deps): update node packages (#53) (09df1f58b298b5c52cceaa438e04abbb7c31bbf7)
• style: rename to init (5e0b79e408478213fbd791a58a03a96649f4fedb)
• Merge pull request #37 from spotdemo4/renovate/typescript-6.x (47e9481cf5f92f98e8f8330e97a1b25bb7155789)
• chore(deps): update dependency typescript to v6 (809cc7ff5bc00d815ef1c7aad26ff914ebe9edd4)
• chore: update flake (b73e0e9b3da30b9804a240e2e7125150c04d0901)
• chore(deps): lock file maintenance (#52) (a4cf1d8fe802bb17c3a40efe5c6c646ceb43e4b6)
• chore(deps): update dependency rolldown to v1.0.0-rc.16 (#51) (fb093120ef2b3ce1bacf773351dc589efc7d4cbf)
• chore(deps): update spotdemo4/nix-init action to v1.43.0 (#50) (10455f24a440436da4297397c7e402e7d1e51097)
• chore(deps): update spotdemo4/nix-init action to v1.42.0 (#49) (b70afbae5498cbb7620f815477f4bb84779a7b42)
• chore(deps): lock file maintenance (#48) (db14c9634cabb8b0476d5a3e688f76bdbfa2fc7e)
• chore(deps): update dependency rolldown to v1.0.0-rc.15 (#47) (de349e697ffbf68ac9b4a9a02f7001d173c9e401)
• chore(deps): lock file maintenance (#46) (2c716849447eb73e7a552321e9e663e0f49d7def)
• chore(deps): update dependency @types/node to v24.12.2 (#45) (e73e529d2deb62304fb441054ee98b18e126e4d9)
• chore(deps): update dependency @types/node to v24.12.1 (#44) (5f7d8c0ea415d31c09f8864b23956af1422ec518)
• chore(deps): update dependency rolldown to v1.0.0-rc.13 (#43) (c18bea0f452cc1dbd08144820e18b85679f235a8)
• chore(deps): update spotdemo4/nix-init action to v1.41.0 (#42) (ae5cee67a7aa461036e4d3d654b1d89c8d579932)
• chore(deps): lock file maintenance (#41) (a822eebf08d0fd48e995325b6ec57f6e945b3fa7)
• chore(deps): update spotdemo4/nix-init action to v1.40.0 (#40) (514803dc221e8fa56e28858f52e342fbf4c0babc)
• chore(deps): update dependency rolldown to v1.0.0-rc.12 (#39) (cf75604a89f6f2d040c8e8b2e5e021deacf072b6)
• chore(deps): update spotdemo4/nix-init action to v1.39.0 (#38) (449beee4dd60608fb6c9bdbdd2e0f346fb15f585)
• chore(deps): update dependency rolldown to v1.0.0-rc.11 (#36) (f3542600e2e77ad9f479ad80ff9db7bb87be10de)
• chore(deps): lock file maintenance (#35) (4c286007f4717325449f46ed78b07f2aa5361213)
• chore(deps): update spotdemo4/nix-init action to v1.38.0 (#33) (a9b991f40c5e1d34ff0a105286fbf062a993534e)
• chore(deps): update dependency rolldown to v1.0.0-rc.10 (#32) (60b1f3930446c84e979ca5a988ec52dac338c0a0)
• chore(deps): update spotdemo4/nix-init action to v1.37.0 (#31) (848c3ef9f10807e0220cffa5194f16de877abde0)
• chore(deps): lock file maintenance (#29) (13a08f55c9817b18c418ce51d6f6fdbd251f3f66)
• chore(deps): lock file maintenance (#30) (c8c7ded1888d30b53fafc9605f526ac7d9757c8c)
• chore(deps): update spotdemo4/nix-init action to v1.36.1 (#28) (6b148c9e770297f1b41308096e5b8d42a43ccba1)
• chore(deps): update spotdemo4/nix-init action to v1.36.0 (#27) (31d1859d6854d656efb0b5939b116e0b37290b0d)
• chore(deps): update dependency rolldown to v1.0.0-rc.9 (#26) (695de82d01974c4151e3e49ca5b060a695956ade)
• chore(deps): update dependency rolldown to v1.0.0-rc.8 (#25) (46a2c66181c68ec35bd493480c690f0f72455351)
• chore(deps): lock file maintenance (#24) (44951544cdacdd5f8d114b514933a1d8a0d1663e)
• chore(deps): update spotdemo4/nix-init action to v1.34.1 (#23) (f38da09288ff700b92a0c62df957a38ab20c12ba)
• chore(deps): update dependency @types/node to v24.12.0 (#22) (86dab94e733b3d869d20d0b54b9feb19fcbf5e5d)
• chore(deps): update spotdemo4/nix-init action to v1.32.0 (#21) (ca7ed6c7b7d2effb2bc0d71e0b212f1083fe5b63)
• chore(deps): update dependency rolldown to v1.0.0-rc.7 (#20) (976c7cee91310266a3546f34988f050250325e9a)
• chore(deps): lock file maintenance (#19) (23155e2a030de0be3a2df5086587c46cde641f4f)
• chore(deps): update dependency @types/node to v24.11.0 (#18) (25394eb3e99bd05ede3863064befd564ef1cad95)
• chore(deps): update node packages (#17) (76e8fa9e684d19892c3bd033c91d00e37c07f4b5)
• chore(deps): update dependency @types/node to v24.10.14 (#16) (4110f3b597af584f6666bc2bd4811035cef025c2)
• chore(deps): update spotdemo4/nix-init action to v1.31.0 (#15) (8688650a75b9cc60234a54358ffdbb8346ddfcf0)
• chore(deps): lock file maintenance (#14) (88cbb0172246c30e6e1dfc3b566c79fdc562e5bb)
• chore(deps): update dependency rolldown to v1.0.0-rc.5 (#13) (881df6d6894221b967e1e71968eca5d85f87b109)
• chore(deps): update spotdemo4/nix-init action to v1.30.0 (#12) (57b9d5b78af84ed42a91e1cdfe272b6be01230dd)
• chore(deps): lock file maintenance (#11) (24dc0397b3d4d993452b699c1720f162cf8bcfc6)
• chore(deps): update dependency @tsconfig/node-ts to v23.6.4 (#9) (34ccb21ed99942d8e934e4c0f07f9a0ad5ce5ff5)
• chore(deps): update dependency mic92/niks3 to v1.4.0 (#10) (071fa7abccc0d0c08b83d28c2d84425004b66ffd)
• chore(deps): update spotdemo4/nix-init action to v1.29.0 (#8) (d058b99db52ee097ca4ecb406886d19ad67d98fe)
• chore(deps): update spotdemo4/nix-init action to v1.28.0 (#7) (78979dd17427323b0cb93ee5c1ad445ecd1892dd)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The comment-action GitHub Action enables automated, trackable review comments on pull requests using group identifiers, allowing for updates, deletions, and resolutions of previous comments. It simplifies collaboration by supporting file-specific comments, line-based annotations, and handling large comment bodies through splitting or truncation. This action streamlines review workflows, ensuring comments are organized and easily managed across iterations.

What’s Changed

Compare v0.2.0 with v0.3.0

Changes

Features

• add hide option @srz-zumix (#7)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The SPT Package Action is a GitHub Action designed to automate the process of packaging Single Player Tarkov (SPT) mods into distributable ZIP files. It streamlines tasks such as scanning for project files, extracting metadata, organizing mod folder structures, collecting resources, compressing files, and uploading artifacts with configurable options for multiple projects. This action simplifies the deployment of SPT mods, saving developers time and ensuring consistent packaging.

What’s Changed

What’s Changed

• docs(readme): 更新 GitHub Action 引用版本至 v1.0.0 by @SunYanbox in https://github.com/SunYanbox/spt-package-action/pull/8
• Try fix issue #9 by @SunYanbox in https://github.com/SunYanbox/spt-package-action/pull/10

Full Changelog: https://github.com/SunYanbox/spt-package-action/compare/v1.0.0...v1.1.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

DepVault is a comprehensive web platform designed to analyze dependencies across multiple programming ecosystems, identify vulnerabilities via OSV.dev, and securely manage environment variables and secret files using AES-256-GCM encryption. It addresses the challenges of dependency management, secret storage, and secure sharing by automating tasks like vulnerability detection, license compliance checks, and CI/CD secret injection. Key features include multi-language dependency scanning, encrypted vaults with version history, secret sharing via auto-expiring links, and developer tools for configuration management and onboarding.

What’s Changed

• Flatten vault model: drop the vault-group / environment abstraction so each vault is a single flat keyset, and retarget pull/push to a vault directly instead of selecting a group + environment
• Replace the old FileEnvironmentAssigner / DirectoryVaultGroupMapper flow with a new directory-to-vault mapper that infers file-to-vault assignments from the directory structure on push
• Suggest tags on push via TagSuggester to help categorize imported variables
• Regenerate the Kiota API client against the flattened backend OpenAPI spec

• This action is used across all versions by 2 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The action-ccstudio-ide GitHub Action automates the setup and use of Texas Instruments’ Code Composer Studio (CCS) IDE within CI/CD workflows, enabling users to build embedded projects for TI microcontrollers and processors. It streamlines the process by downloading, installing, and configuring CCS in a Linux-based Docker environment, ensuring compatibility with versions 7.x–20.x. This action simplifies building and testing CCS projects, saving developers time and effort in managing manual setup and builds for embedded systems.

What’s Changed

• 🔀 Merge pull request #7 from uoohyo/develop (e17a187)
• ✨ add auto-import option for workspaces with shared dependencies (2ea1764)
• 📝 document SLF4J warning as known harmless Eclipse warning (fcdebba)
• 🐛 resolve project-path against /github/workspace in Docker (24dc2d8)
• 🔀 Merge pull request #6 from uoohyo/develop (b54f41a)
• 🔀 merge main into develop — resolve CCS_ECLIPSE_DIR conflict (7078dff)
• 📝 use floating major tag @v2 in README usage example (f5c8ed1)
• 📝 add supported version range and v9- components caveat to README (b108584)
• 📝 update action version in README usage example to v2.0.2 (157dfe2)
• 🐛 add export PATH for CCS_ECLIPSE_DIR (a5cb37d)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The difftrace GitHub Action is designed to optimize CI pipelines for monorepos by identifying which packages are directly or transitively affected by changes in the codebase. It parses uv.lock files to build a workspace dependency graph and maps git diff output to determine impacted packages, enabling workflows to run targeted builds, tests, and deployments instead of processing the entire repository. This action automates change detection, improving CI efficiency and reducing unnecessary resource usage.

What’s Changed

What’s Changed

• perf: speed up action startup by dropping per-call uv overhead by @vanandrew in https://github.com/vanandrew/difftrace/pull/9

Full Changelog: https://github.com/vanandrew/difftrace/compare/v1.2.0...v1.3.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action enables users to run Continuous Integration (CI) workflows on the MidnightBSD operating system, which is not natively supported by GitHub Actions. It automates the setup of a MidnightBSD virtual machine, synchronizes the host environment and source code with the VM, and allows users to execute CI scripts with consistent environment variables and file structures. Key capabilities include customizable VM configuration (memory, CPU, architecture, and OS version), flexible file synchronization methods, and network port mapping between the host and VM.

What’s Changed

init release

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The UA-.NETStandard Test Suite is a robust tool designed for integration testing of OPC UA client libraries across various programming languages. It provides a realistic test environment with 10 pre-configured OPC UA server instances that cover all major security policies, authentication methods, and communication modes as defined by the OPC UA specification. Key capabilities include testing connectivity, security, authentication, and interoperability, as well as supporting dynamic variables, events, alarms, historical data, and advanced OPC UA features, all deployable with minimal setup via Docker.

What’s Changed

v1.2.0 — 2026-04-22

Added — Security Key Service (service 11, port 4851)

• opcua-sks service — new classic OPC UA server instance that boots the shared TestServer image with OPCUA_ENABLE_SKS=true. Exposes the OPC UA Part 14 §8.4.2 GetSecurityKeys method under ns=1;s=TestServer/SecurityKeyService, letting PubSub subscriber-side clients (e.g. php-opcua/opcua-client-ext-pubsub’s SksGroupKeyProvider) exercise the real RPC path against a live server instead of only MockClient.
• SecurityKeyServiceBuilder under src/TestServer/AddressSpace/ — mirrors the existing builder pattern, self-contained, opt-in via EnableSks config flag so the other 10 server instances are unaffected.
• Env-driven config — OPCUA_ENABLE_SKS, OPCUA_SKS_GROUP_ID, OPCUA_SKS_POLICY_URI, OPCUA_SKS_TOKEN_ID, OPCUA_SKS_SIGNING_KEY_HEX, OPCUA_SKS_ENCRYPTING_KEY_HEX, OPCUA_SKS_KEY_NONCE_HEX, OPCUA_SKS_TIME_TO_NEXT_KEY_MS, OPCUA_SKS_KEY_LIFETIME_MS. All off by default on the other services; on only for the dedicated opcua-sks service.
• Action update — sks is a new option for the servers CSV input in action.yml.
• Docs — new section “11. Security Key Service” in docs/servers.md, new row in the endpoint table of docs/ci-integration.md, new row in README.md “What’s Inside”.
• Test-only scope — hardcoded keys, no caller authentication, no rotation scheduling, no revocation. Real SKS deployments are expected to do all of the above.

Added — PubSub publisher (service 12, port 4850)

• opcua-pubsub service — new UA-.NETStandard UDP+UADP publisher built from src/TestPublisher/ (separate Dockerfile Dockerfile.publisher, separate .csproj against the OPCFoundation.NetStandard.Opc.Ua.PubSub NuGet package). Broadcasts a deterministic DataSet (counter / timestamp / sine-value) every 500 ms, bringing real UADP interop coverage for Part 14 subscriber-side clients (e.g. php-opcua/opcua-client-ext-pubsub).
• Env-driven configuration — same OPCUA_* prefix convention as the TestServer services. OPCUA_URL, OPCUA_NETWORK_INTERFACE, OPCUA_PUBLISHER_ID, OPCUA_WRITER_GROUP_ID, OPCUA_DATASET_WRITER_ID, OPCUA_DATASET_NAME, OPCUA_PUBLISH_INTERVAL_MS, OPCUA_TICK_INTERVAL_MS, OPCUA_LOG_LEVEL — one image, reconfigure via compose env.
• Networking — publisher + opcua-pubsub-relay sidecar pair. Publisher sends unicast UADP to the relay on a shared compose bridge (pubsub-net); the relay forwards each datagram to host.docker.internal:14850. Subscribers on the physical host listen on 127.0.0.1:14850 (or 0.0.0.0:14850). Works identically on Docker Engine bare-metal (GitHub Actions runners, CI) and Docker Desktop (Linux / macOS / Windows) — multicast over the VM boundary is sidestepped entirely.
• Security — unsecured (mode None). For signed and encrypted PubSub streams subscribers pair this with the opcua-sks service (service 11) — full end-to-end secured publisher + SKS is planned follow-up work.
• Action update — pubsub is a new option for the servers CSV input in action.yml.
• Docs — new section “12. PubSub Publisher” in docs/servers.md, new row in the endpoint table of docs/ci-integration.md, new row in README.md “What’s Inside”.

Changed

• Pinned UA-.NETStandard NuGet version to 1.5.378.134 (previously 1.5.*). The wildcard would auto-upgrade on every Docker build, which defeats the purpose of a stable interop counterpart: any upstream change to protocol semantics would silently break every client test run until someone noticed. Pinning makes NuGet upgrades an explicit decision.
  • Why 1.5.378.134 specifically: it is the latest stable (released 2026-03-26) that predates the “Secure channel enhancements 2025 11” rework in UA-.NETStandard master (commit d188383, merged 2026-04-16). That rework turns on strict OPC UA 1.05.4 ECC behaviour — first sequence number for ECC policies MUST be 0, with wrap at UInt32.MaxValue — and adds _AesGcm / _ChaChaPoly policy variants. A client speaking 1.05.3 ECC against a strict server would fail at the first message.
  • When to bump: once a client in the ecosystem (e.g. php-opcua/opcua-client) ships the 1.05.4 ECC fix, coordinate a bump here and in the client’s integration tests in the same release train.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

git-vbranch is a Git extension that introduces virtual branches, logical branches defined by shared labels on pull/merge requests (PRs/MRs). It automates the creation of these virtual branches by dynamically materializing them via octopus-merging the source branches of all labeled PRs/MRs. This enables tasks such as validating feature branch integration in CI, deploying shared preview environments, and creating ad-hoc branch groupings without the need for long-lived branches.

What’s Changed

1.0.0 (2026-04-22)

Features

• initial commit (e1f5921)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The patch-docker-image GitHub Action automates vulnerability scanning, patching, and verification for Node.js and Python container images. It ensures that targeted fixable CVEs are fully remediated by scanning the base image, applying OS and package-level patches, re-scanning for vulnerabilities, and failing the process if issues remain. This action provides a reliable way to enforce vulnerability-free container builds, improving security outcomes in CI/CD pipelines.

What’s Changed

Improved documentation for public GitHub Action and CLI usage, clarified image and Dockerfile input resolution, and cleaned up generated report artifacts to keep the repository lean. No runtime patching logic changes.

Release Notes

• Expanded and simplified README guidance for setup, inputs, security, troubleshooting, artifacts, and exit codes.
• Clarified how image source selection works in both registry and Dockerfile flows.
• Removed large generated vulnerability report samples from tracked content.
• Removed a redundant local workflow template to reduce confusion.
• No breaking changes for existing public action consumers.

Marketplace Compliance Updates

• Added end-user policy documents for Marketplace readiness:
  • EULA
  • Privacy Policy
  • Support Policy
• Updated README with a Marketplace Compliance Documents section.
• No runtime patching logic changes; this update is documentation and compliance focused.

• This action is used across all versions by 11 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Release Please Action automates the process of creating and managing releases in GitHub repositories by analyzing commit messages that follow the Conventional Commits standard. It eliminates manual work by generating release pull requests, updating changelogs, and handling version bumps in a consistent and configurable way. This action is especially useful for projects requiring streamlined release management and adherence to semantic versioning practices.

What’s Changed

6.0.1 (2026-04-22)

Bug Fixes

• reuse single Manifest instance for releases and pull requests (#41) (6be9b2e)

Miscellaneous Chores

• deps: update github-actions (#42) (363ed7a)
• deps: update npm dependencies (#33) (1321c41)

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The rearm-helm-action GitHub Action automates the versioning, packaging, and publishing of Helm charts to OCI-compliant registries (or ECR/ChartMuseum) while integrating with ReARM for release metadata submission. It streamlines Helm chart management by updating the chart version, committing changes back to the repository, publishing the chart, and submitting metadata like SHA256 digests to ReARM. This action is particularly useful for developers looking to automate release processes, maintain versioning consistency, and integrate with ReARM for enhanced release tracking.

What’s Changed

• Bump rearm-actions to 1.3.1

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The rust-affected GitHub Action analyzes changes in a Rust workspace to identify which packages are impacted based on the Cargo dependency graph. It automates the detection of directly modified crates, affected library crates, and affected binary crates, enabling targeted builds, tests, or deployments. This action helps streamline workflows by avoiding unnecessary processing of unaffected packages and supports force-trigger mechanisms for workspace-wide updates.

What’s Changed

What’s Changed

• build(deps): bump rust from 1.94.1-alpine3.23 to 1.95.0-alpine3.23 by @dependabot[bot] in https://github.com/RobertRautenbach/rust-affected/pull/15

Full Changelog: https://github.com/RobertRautenbach/rust-affected/compare/v4.0.1...v4.0.2

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the installation of go-task/task on Linux and macOS runners, ensuring verified downloads and seamless integration into the PATH. It simplifies dependency management by leveraging caching to optimize download and verification steps across workflow runs. This action is ideal for workflows requiring reliable and secure access to the Task CLI tool.

What’s Changed

What’s Changed

• fix(action): harden task download curl requests by @rsclarke in https://github.com/rsclarke/install-task/pull/11

Full Changelog: https://github.com/rsclarke/install-task/compare/v3.0.0...v3.1.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

AGENT-ARTIFACT-FIREWALL is a GitHub Action and CLI tool designed to scan and analyze AI agent-related artifacts—such as skills, plugins, hooks, and configuration files—for security risks before execution. It automates the identification of potential threats, including prompt injections, unsafe commands, and credential leaks, ensuring safer deployment of AI agents. Key features include customizable risk thresholds, various output formats (e.g., JSON, SARIF), and integration with CI pipelines for automated security checks.

What’s Changed

v0.1.3 makes AGENT-ARTIFACT-FIREWALL easier to try, easier to trust, and easier to demo.

What changed

• upgraded the README to an activation-first flow
• moved install and first-run output higher up the page
• added deterministic local demo fixtures for:
  • AAF017 + AAF018
  • AAF015
  • AAF007 + AAF017
• added end-to-end scan tests for those fixtures
• refreshed the scanner test matrix doc

Why it matters

• faster first successful runs in external repos
• clearer proof of real scanner coverage
• stronger public-facing demo story

Validation

• deterministic fixture scans verified locally
• go test ./internal/aaf passed
• no scanner engine logic changed

Scope

• README, docs, fixtures, and tests only
• no rule expansion
• no engine rewrite

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The rumdl GitHub Action is a high-performance Markdown linter and formatter built with Rust, designed to ensure consistency and enforce best practices in Markdown files. It automates tasks such as identifying and fixing common Markdown issues, formatting files, and validating compliance with customizable linting rules. The action is optimized for speed, supports multiple Markdown flavors, and offers seamless integration into CI/CD workflows, making it an efficient tool for maintaining clean and standardized Markdown documentation.

What’s Changed

Fixed

• md051: strip HTML comments from heading anchors (e4e3c4b)
• md077: accept task-item post-checkbox column to break MD013 reflow cycle (1c3cbef)
• lint-context: honor CommonMark Type-1 HTML blocks (6f37e49)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Sekrd GitHub Action performs deep security scans on deployed applications by analyzing public URLs for vulnerabilities across various security categories, including secrets exposure, authentication, compliance, and infrastructure. It automates the detection of security issues, uploads findings as SARIF files to GitHub’s Security tab, and provides actionable insights via pull request comments, enabling development teams to integrate security checks into their CI/CD workflows. This action is particularly suited for teams working on modern web applications and eliminates the need for managing dedicated Dynamic Application Security Testing (DAST) infrastructure.

What’s Changed

Sekrd Deep Security Scanner

Full Changelog: https://github.com/sekrdcom/sekrd-action/compare/v1.0.0...v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Ship Happens is a GitHub Action designed to automate the tracking and auditing of deployment activities by posting detailed deployment records as comments on associated pull requests or commits. It captures key information such as environment, status, approver, timestamp, and workflow run link, providing transparency and eliminating the need to manually search through logs. This tool simplifies deployment monitoring, ensures accountability, and supports streamlined communication during development workflows.

What’s Changed

🚢 Initial release of Ship Happens.

Automatically stamps a deployment audit record on your PR — environment, approver, timestamp, and run link. Because ship happens.

What’s included

• Automatic PR detection by branch
• Environment approver tracking via GitHub protection rules
• Commit fallback when no PR is open
• Smart comment updates on re-deploys
• Status-aware (success / failure / cancelled)
• Colour-coded environment emoji
• Custom notes field

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The go-docker-action-ci-action is a composite GitHub Action designed to streamline continuous integration for Go-based projects that build and push Docker images. It automates tasks such as setting up the Go environment, running unit tests (with optional coverage thresholds), starting a local Docker registry, and building/pushing Docker images. This action simplifies CI workflows by consolidating multiple common steps into a single action, providing default configurations for typical Go/Docker setups while allowing customization for specific needs.

What’s Changed

Bug Fixes

• Trim description to marketplace 125-char limit and point docker dependabot at fixture (834e0df)

Documentation

• Update changelog (f581e02)
• Update CONTRIBUTORS.md (8f6e00b)

Full Changelog: https://github.com/somaz94/go-docker-action-ci-action/compare/v1.0.0...v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The helm-kustomize-lint-action is a GitHub Action designed to automate comprehensive linting and validation of Helm charts in CI workflows. It performs tasks such as YAML linting (yamllint) of chart metadata, strict Helm linting for each values file, template rendering checks (helm template --debug), and optional schema validation of rendered manifests using kubeconform. This action eliminates the need for repetitive manual setups in Helm chart repositories, streamlining the process with a single, configurable step while supporting both simple and multi-environment chart structures.

What’s Changed

CI/CD

• Add release, mirror, and changelog workflows (6dec88c)

Features

• Implement helm-kustomize-lint-action (4b6b147)

Miscellaneous

• Add baseline repo files and license (7848307)

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The kind-e2e-test-action is a GitHub Action designed to streamline end-to-end (E2E) testing for Kubernetes projects using kind and Go. It automates the process of setting up a kind cluster, configuring dependencies, and executing tests, replacing the manual multi-step workflow typically used in kubebuilder repositories. Key capabilities include customizable configurations, multi-architecture support, automatic failure diagnostics, and output summaries, making it ideal for simplifying and standardizing E2E testing workflows.

What’s Changed

Documentation

• Update changelog (247c4e5)
• Update CONTRIBUTORS.md (28ed161)

Refactoring

• V1.1.0 bundle — readiness wait, kind_config, failure logs artifact, cache_dependency_path (ce83e78)

Full Changelog: https://github.com/somaz94/kind-e2e-test-action/compare/v1.0.0...v1.1.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action provides a comprehensive CI/CD solution for building, testing, and deploying Flutter applications across multiple platforms, including iOS, Android, Web, macOS, Windows, and Linux. It automates tasks such as environment setup, code generation, static analysis, testing, platform-specific builds, and deployment to various app stores and hosting services. The action supports both an all-in-one pipeline for end-to-end automation and modular workflows for customizable integration.

What’s Changed

Flutter CI/CD Actions Suite — First Release

A composable GitHub Actions library for Flutter multi-platform CI/CD. Use the full pipeline in a single step, or wire up individual actions for full control over your workflow.

What’s included

• Prepare — Flutter setup, flutter pub get, build_runner, and gen-l10n code generation.
• Check — Static analysis, formatting, dependency license validation, and unit/widget tests with optional coverage reports.
• Build — Signed builds for iOS, Android (APK + App Bundle), Web, macOS, Windows, and Linux.
• Publish — Deployment to:
  • iOS & macOS → App Store Connect
  • Android → Google Play Store
  • iOS & Android → Firebase App Distribution
  • Web → Firebase Hosting, GitHub Pages
  • Linux → Snap Store
  • Windows → Microsoft Store

Highlights

• Single-action full pipeline or fully modular — use only what you need.
• Automatic code signing for iOS and macOS (certificates, provisioning profiles, installer identity).
• Android keystore signing out of the box.
• Parallel multi-platform builds via a two-phase job pattern (prepare once, build all platforms concurrently).
• Monorepo support via Flutter workspaces.

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Podcast Generator GitHub Action automates the creation and publishing of Spotify-compliant podcast RSS feeds from a simple YAML configuration. It streamlines the podcast publishing process by generating valid podcast.xml feeds, ensuring compliance with major podcast platforms, and enabling easy hosting via GitHub Pages or other static hosts. This action is ideal for developers and content creators seeking a lightweight, automated workflow for managing podcast feeds directly within GitHub.

What’s Changed

📢 Release Notes – Podcast Generator v1.0.0

Initial release of the Podcast Generator GitHub Action.
This action automates the creation and publishing of a Spotify‑compliant podcast RSS feed directly from your GitHub repository.

✨ Features

• Generate podcast.xml feed from a simple feed.yaml configuration
• Automatically add required tags:
  • <guid> for each episode
  • <itunes:owner> with name and email
• Support for episode metadata:
  • Title, description, publish date, duration, file path, length
• Lightweight Dockerized workflow using Python + PyYAML
• GitHub Pages integration for hosting the feed
• Clean, optimized Dockerfile for faster builds

🛠️ Fixes & Improvements

• Added missing dependencies (build-essential, libyaml-dev) to support PyYAML installation
• Optimized image size by cleaning apt cache
• Ensured entrypoint.sh is executable by default
• Improved error handling during GitHub Actions workflow runs

📖 Documentation

• Added README.md with setup instructions and usage examples
• Provided sample feed.yaml configuration
• Included workflow example for easy integration

🚀 Next Steps / Roadmap

• Add automated feed validation step in CI/CD pipeline
• Support multiple podcast feeds per repository
• Optional analytics and distribution integrations

📜 Version

v1.0.0 – Stable release for GitHub Marketplace

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the process of syncing custom actions from your GitHub repository to the SuperAnnotate platform by detecting changes, validating configurations, and either updating or creating corresponding actions. It simplifies the deployment workflow for custom automation scripts in SuperAnnotate, ensuring that any updates to code or configurations in your repository are reflected in the platform. Key features include folder structure validation, change detection, and error handling for seamless integration.

What’s Changed

• Add debug logging for GIT_BEFORE, GIT_AFTER, and ghRange (c8d0120)
• add (b98c1e1)
• add (ea1fb39)
• add (b3c3a7a)
• Update README.md (6414d4d)
• Update README (0ca5965)
• Initial commit: custom action deployment with pipe workflow (edc96b8)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The SurrealKit GitHub Action automates the installation and execution of the SurrealKit CLI for managing and testing SurrealDB databases in continuous integration workflows. It supports tasks such as running migrations, tests, data synchronization, and seeding against a SurrealDB instance, streamlining database operations during CI/CD processes. The action provides flexibility for different environments and workflows, including ephemeral database setups, remote migrations, and manual CLI execution.

What’s Changed

Full Changelog: https://github.com/surrealdb/surrealkit-action/commits/v1.0.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

ZIRAN is a GitHub Action designed to identify and test vulnerabilities in AI agents, including those with tools, memory, and multi-step reasoning. It automates security testing by modeling agents as interconnected graphs of capabilities, enabling the detection of vulnerabilities that arise from the interaction of tools and features, which traditional isolated testing methods often miss. Key capabilities include graph-based tool chain discovery, side-effect detection, autonomous pentesting, and multi-agent coordination, providing a comprehensive approach to AI agent security.

What’s Changed

0.30.0 (2026-04-22)

Features

• defence: defence profile schema + evasion-rate metric (#268) (da39cd8), closes #45

What’s Changed

• feat(defence): defence profile + evasion-rate metric (US5) by @leoneperdigao in https://github.com/taoq-ai/ziran/pull/268
• chore(main): release 0.30.0 by @leoneperdigao in https://github.com/taoq-ai/ziran/pull/269

Full Changelog: https://github.com/taoq-ai/ziran/compare/v0...v0.30.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Regis is a GitHub Action designed for container security and compliance in CI/CD pipelines, providing automated analysis of container images from OCI-compliant registries. It integrates multiple industry-standard tools to perform vulnerability scanning, metadata inspection, and policy enforcement, while generating both machine-readable (JSON) and interactive (HTML) reports. By offering customizable playbooks, efficient caching, and seamless integration into CI/CD workflows, it simplifies security, compliance, and best practices enforcement for production-ready environments.

What’s Changed

0.29.0 (2026-04-22)

Features

• ci: integrate pip-audit severity gate, SBOM artifacts, and provenance attestation (#458) (5a64588)
• ci: Sprint 1 — M001 deliverables (snapshot retention, snapshot date, action dogfooding, docs) (#494) (16dd6af)
• cli: add create-playbook OMC skill (#435) (987ca3a)
• playbook: playbook bundles with metadata validation and –rerun support (#438) (01622e2)

Bug Fixes

• deps: cap webpack below 5.106.0 to fix Docusaurus build (#416) (cb2f93c)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Telegram Discussion Notifications” GitHub Action automates the process of sending notifications about events in GitHub Discussions (e.g., new discussions or comments) directly to a specified Telegram chat. It supports features like customizable event types, multi-language notifications (English and Russian), integration with Telegram supergroup topics, and mapping GitHub usernames to Telegram handles. This action is designed to streamline communication and keep teams updated on GitHub discussion activity efficiently.

What’s Changed

What’s Changed

• feat: add action by @Val-d-emar in https://github.com/Val-d-emar/discussions-tg-notifications/pull/1
• Dev by @Val-d-emar in https://github.com/Val-d-emar/discussions-tg-notifications/pull/5
• chore: conf agent by @Val-d-emar in https://github.com/Val-d-emar/discussions-tg-notifications/pull/6
• feat: Add edited event support, message truncation, and documentation by @ai-agent-net in https://github.com/Val-d-emar/discussions-tg-notifications/pull/7

New Contributors

• @Val-d-emar made their first contribution in https://github.com/Val-d-emar/discussions-tg-notifications/pull/1
• @ai-agent-net made their first contribution in https://github.com/Val-d-emar/discussions-tg-notifications/pull/7

Full Changelog: https://github.com/Val-d-emar/discussions-tg-notifications/commits/v1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The verzly/setup-aube GitHub Action automates the installation of the aube package manager in CI workflows by downloading official prebuilt binaries, resolving versions from npm dist-tags, and adding the binary to the system PATH. It simplifies dependency management and ensures reproducibility across Linux, macOS, and Windows runners, optionally allowing automated execution of install commands for streamlined package handling.

What’s Changed

First public release of the GitHub Action verzly/setup-aube, built for use with the aube package manager.

[!WARNING] aube is still in beta, so please use it with caution.

Node.js is not required to use aube, but since it manages JavaScript packages, it is recommended to install Node.js as well (e.g. using verzly/setup-aube) if you plan to run those packages.

name: CI

on:
  push:
  pull_request:

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v6

      # Optional but recommended if running JS packages
      - uses: actions/setup-node@v6
        with:
          node-version: 24

      - uses: verzly/setup-aube@v1

      # Optional: cache dependencies
      - name: Cache aube store
        uses: actions/cache@v6
        with:
          path: ~/.aube
          key: ${{ runner.os }}-aube-${{ hashFiles('**/aube.lock') }}
          restore-keys: |
            ${{ runner.os }}-aube-

      - run: aube install
      - run: aube test

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The setup-vp GitHub Action is designed to automate the setup of Vite+ (vp) in workflows, including global installation, dependency caching, and optional Node.js version management. It simplifies the process of configuring Vite+ environments by handling dependency detection, installation, and support for major package managers, while also streamlining authentication for private registries. This action helps developers save time and ensure consistent project setups across CI/CD pipelines.

What’s Changed

What’s Changed

• fix: surface vp install errors outside collapsed log group by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/52
• feat: respect project .npmrc without requiring registry-url by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/54

Full Changelog: https://github.com/voidzero-dev/setup-vp/compare/v1.7.0...v1.8.0

• This action is used across all versions by 5 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The install-spaces GitHub Action automates the installation of a specific software, tool, or environment referred to as “Spaces” within a CI/CD workflow. It streamlines the setup process, saving time and ensuring consistency across development pipelines by eliminating the need for manual installation steps.

What’s Changed

What’s Changed

• #16. auto replace tool by @tyler-gilbert in https://github.com/work-spaces/install-spaces/pull/17

This uses spaces v0.15.36. Fixed a bug in install-spaces with build tool caching.

Full Changelog: https://github.com/work-spaces/install-spaces/compare/v0.15.36...v0.15.37

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Download Workflow Artifact GitHub Action enables users to download and extract artifacts uploaded by a previous workflow, even if the artifact originates from a different workflow, repository, or commit. This action addresses the limitation of the official actions/download-artifact by allowing artifact retrieval using flexible criteria such as workflow name, commit SHA, branch, PR, or run ID. It automates cross-workflow artifact sharing and provides extensive options for specifying and filtering artifact sources.

What’s Changed

What’s Changed

• fix: stream artifact downloads to disk to avoid OOM on large artifacts by @Copilot in https://github.com/yeicor/action-download-artifact/pull/1

New Contributors

• @Copilot made their first contribution in https://github.com/yeicor/action-download-artifact/pull/1

Full Changelog: https://github.com/yeicor/action-download-artifact/compare/v1.0.0...v1.0.1

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The XML Model Validator GitHub Action automates the validation of XML files using xml-model processing instructions, supporting Relax NG and Schematron standards. It provides inline annotations for validation errors, detailed step summaries, and structured outputs, enabling efficient feedback on pull requests and downstream automation. This action is ideal for repositories with complex XML workflows, such as technical publishing, scholarly editing, and journal XML, by streamlining schema validation and offering actionable insights directly within GitHub.

What’s Changed

This patch release ships an updated Schematron engine by bumping schxslt2 from 1.10.1 to 1.10.3. There are no intentional CLI or GitHub Action interface changes in 2.2.1.

Highlights

• Bumped name.dmaus.schxslt:schxslt2 from 1.10.1 to 1.10.3.

Fixes

• Added the Gradle wrapper to the repository.
• Updated CI, release workflow, and documentation to use ./gradlew.
• Removed the deprecated overwrite-settings input from the GitHub Action setup.
• Refined internal formatting and small CLI help/version-provider cleanups.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “ATR - Agent Threat Rules” GitHub Action provides a set of open-source, community-driven detection rules designed to identify and mitigate security threats targeting AI agents (e.g., ChatGPT, Claude, Copilot). It automates the detection of attacks such as data leaks, malicious command execution, and bypassing safety restrictions by analyzing AI agent behaviors, similar to how antivirus signatures detect malware. ATR integrates with AI security ecosystems, offering real-time threat matching that aligns with industry standards like the OWASP Agentic Top 10 and SAFE-MCP framework.

What’s Changed

Auto-published from Threat Cloud flywheel.

• Previous: v2.0.16
• Total rules: 314
• Trigger commit: 80daf41387f4c8a76939fd28f321c2d88bff4f3d
• Pipeline: tc-pr-back → safety gate → auto-merge → this release

npm install agent-threat-rules@2.0.17

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CBrowser is a browser automation tool designed to simulate and analyze user cognitive behavior, predicting usability challenges and abandonment risks based on cognitive traits and personas. It automates tasks such as cognitive audits, accessibility empathy testing, and attention analysis, providing insights like cognitive transport scores, bottleneck identification, and abandonment risk percentages. By leveraging research-backed models, it helps developers optimize user experiences and address accessibility challenges effectively.

What’s Changed

Full Changelog: https://github.com/alexandriashai/cbrowser/compare/v18.64.1...v18.65.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

AI PR Reviewer is a GitHub Action that automates code reviews for pull requests by leveraging large language models (LLMs) to generate structured feedback, including assessments of bugs, security, performance, and testing gaps. It supports multiple LLM providers (e.g., Groq, Gemini, Anthropic, OpenAI) with automatic fallback to ensure reliability, making it a robust tool for streamlining the PR review process and maintaining code quality. Additionally, it updates reviews dynamically when new commits are pushed, reducing redundancy and enhancing collaboration.

What’s Changed

AI PR Reviewer v1.0.0

Automated pull request reviews powered by LLMs. Set up in minutes, get actionable feedback on every PR.

Features

• Multi-provider support — Groq, Gemini, Anthropic, OpenAI
• Automatic fallback — comma-separated providers with key rotation (groq,gemini)
• Smart file filtering — skip lock files, minified code, configurable ignore patterns
• Multi-language reviews — English, Italian, French, Spanish, German
• Prompt injection protection — PR title/body sanitized before LLM prompt
• Zero dependencies — only requests in production

Quick Start

- uses: AndreaBonn/ai-pr-reviewer@v1
  with:
    llm_provider: 'groq'
    llm_api_key: ${{ secrets.LLM_API_KEY }}
    github_token: ${{ secrets.GITHUB_TOKEN }}

Full documentation

See README for all configuration options.

• This action is used across all versions by 16 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The andrewaylett/pre-commit-action GitHub Action automates the execution of pre-commit hooks in a CI/CD pipeline. It simplifies the process of running code quality checks, such as linting and formatting, by automatically setting up the pre-commit environment and running the configured hooks on code changes. This action addresses the need for consistent enforcement of coding standards and streamlined code validation during development workflows.

What’s Changed

What’s Changed

• Update pre-commit hook renovatebot/pre-commit-hooks to v43.126.0 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/945
• Update andrewaylett/pre-commit-action digest to 2fcf714 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/946
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.127.2 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/947
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.127.3 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/948
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.128.1 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/949
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.129.0 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/950
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.129.1 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/951
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.131.0 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/952
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.132.0 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/953
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.132.1 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/954
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.132.3 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/955
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.136.0 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/956
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.136.1 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/957
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.136.3 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/958
• Update pre-commit hook renovatebot/pre-commit-hooks to v43.138.0 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/959
• Update dependency pre-commit to v4.6.0 by @renovate[bot] in https://github.com/andrewaylett/pre-commit-action/pull/961

Full Changelog: https://github.com/andrewaylett/pre-commit-action/compare/v4.5.1-46...v4.6.0-0

• This action is used across all versions by 7,212 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the process of importing Apple code-signing certificates and keys into a CI/CD pipeline by securely handling .p12 certificate files and their associated passwords. It simplifies the setup required for signing iOS apps during automated builds, ensuring proper integration with Apple’s code-signing requirements. This action is particularly useful for streamlining app deployment workflows to the App Store or other distribution platforms.

What’s Changed

What’s Changed

• Switch from ncc to esbuild
• Bump flatted from 3.4.1 to 3.4.2 by @dependabot[bot] in https://github.com/Apple-Actions/import-codesign-certs/pull/166
• Bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in https://github.com/Apple-Actions/import-codesign-certs/pull/167
• Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in https://github.com/Apple-Actions/import-codesign-certs/pull/168
• Bump knip from 5.78.0 to 6.2.0 by @dependabot[bot] in https://github.com/Apple-Actions/import-codesign-certs/pull/173

Full Changelog: https://github.com/Apple-Actions/import-codesign-certs/compare/v6.1.0...v7.0.0

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 6,312 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Kubernetes Create Secret GitHub Action automates the creation and management of Kubernetes secrets, including generic secrets and Docker registry (image pull) secrets, within a Kubernetes cluster. It simplifies the process of securely provisioning sensitive data like credentials or configuration files by supporting both plaintext and base64-encoded formats and integrating seamlessly with workflows that set the Kubernetes cluster context. This action eliminates the need for manual kubectl commands, streamlining secret management in CI/CD pipelines.

What’s Changed

Added

• #172 Added logic for TLS secret type handling
• #166 Add husky pre-commit hook

Changed

• #238 Migrate project to ESM with esbuild and vitest
• #229 Update Node.js runtime from node20 to node24
• #215 Use docker driver in minikube setup
• #180 Update CODEOWNERS
• Bump npm dependencies: @types/node, prettier, undici, @actions/http-client, handlebars, picomatch, minimatch, js-yaml, glob, tar-fs, form-data, jest (#174, #175, #178, #179, #194, #201, #203, #205, #206, #209, #213, #223, #226, #231, #235, #236)
• Bump GitHub Actions: github/codeql-action, actions/setup-node, and other grouped action updates in .github/workflows (#163, #164, #169, #170, #182, #183, #184, #185, #186, #187, #188, #189, #190, #191, #197, #198, #199, #200, #204, #207, #208, #210, #211, #212, #214, #216, #217, #218, #219, #221, #224, #225, #227, #228, #233, #237)

Fixed

• #168 Fix for generic secret types

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 1,066 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Kubernetes lint GitHub Action is designed to validate and lint Kubernetes manifest files, ensuring they conform to specifications or are pre-checked for server-side compatibility using dry-run validation. It automates the process of identifying errors or inconsistencies in Kubernetes configurations, helping developers maintain deployment accuracy and compliance. Key capabilities include schema validation through kubeconform and server-side validation for Kubernetes versions 1.12 and above.

What’s Changed

Changed

• #189 Update Node.js runtime from node20 to node24
• #198 build: migrate action to ESM with esbuild and Vitest
• Dependabot - GitHub Actions workflow updates: bumps to github/codeql-action, actions/setup-node, and other workflow actions in #145, #147, #148, #150, #152, #156, #158, #160, #167, #169, #171, #173, #175, #177, #179, #181, #183, #185, #187, #188, #193, #197
• Dependabot - npm dependency updates: @types/node (#144, #146, #159, #166, #174), undici / @actions/http-client (#184, #191), jest (#149), handlebars (#196), picomatch (#195), minimatch (#186), js-yaml (#163), glob (#165), and grouped npm actions updates in #151, #155, #157, #164, #168, #170, #172, #176, #178

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, PR Pilot Summary, automates the generation of intelligent, context-aware pull request descriptions using AI. It analyzes code changes to create professional summaries, developer notes, and checklists, helping teams and contributors improve communication and streamline the PR review process. Key features include support for multiple AI models, dynamic checklist generation based on file types, and efficient handling of large or noisy diffs.

What’s Changed

PR Pilot Summary

Automatically generate intelligent, context-aware pull request descriptions using AI.

What’s new

PR Pilot Summary v1.0.0

Initial stable release with complete AI-powered PR description generation.

• AI-powered PR analysis — Supports OpenAI GPT-4, GPT-4o-mini, Google Gemini, and OpenAI-compatible models
• Professional PR templates — Auto-generates Summary, Key Points, and Technical Highlights sections
• Smart content preservation — Intelligently extracts and preserves existing PR descriptions in Developer Notes
• Dynamic checklists — Auto-populates checklist items based on file types changed (tests, docs, configs, performance)
• Incremental diff processing — Handles large diffs efficiently with configurable line limits
• Idempotent execution — Won’t reprocess the same commits on subsequent updates
• Multi-language support — Detects and analyzes 20+ programming languages
• Smart filtering — Automatically ignores build artifacts, node_modules, lock files, and dependency files
• Timeout-safe — Graceful error handling ensures it never breaks your CI/CD pipeline
• Comprehensive test coverage — Type-safe TypeScript codebase with production-ready reliability

Usage

- uses: bishalprasad321/prpilot-summary@v1
  with:
    # GitHub token with permissions to read PR details and post comments
    # Required
    github_token: ${{ secrets.GITHUB_TOKEN }}

    # LLM provider API key (OpenAI, Gemini, or compatible provider)
    # Required
    llm_api_key: ${{ secrets.LLM_API_KEY }}

    # LLM provider to use: auto, openai, openai-compatible, gemini
    # Default: auto
    llm_provider: ''

    # Optional custom API endpoint for OpenAI-compatible providers or proxies
    # Default: ''
    llm_api_base_url: ''

    # AI model to use (e.g., gpt-4o-mini, gemini-2.5-flash)
    # Default: gpt-4o-mini
    ai_model: ''

    # Maximum diff lines to process before generating summary
    # If exceeded, a summary will be generated instead
    # Default: 5000
    max_diff_lines: ''

    # Enable incremental diff processing for large diffs
    # Processes diffs in chunks to handle large changesets efficiently
    # Default: true
    enable_incremental_diff_processing: ''

    # Enable debug mode for verbose logging
    # Default: true
    debug: ''

Scenarios

Basic Setup

name: Generate PR Description

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  generate-description:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: read
    steps:
      - uses: actions/checkout@v4

      - name: Generate AI PR Description
        uses: bishalprasad321/prpilot-summary@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          llm_api_key: ${{ secrets.GEMINI_API_KEY }}
          llm_provider: gemini
          ai_model: gemini-2.5-flash

Using OpenAI GPT-4o-mini

- uses: bishalprasad321/prpilot-summary@v1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    llm_api_key: ${{ secrets.OPENAI_API_KEY }}
    llm_provider: openai
    ai_model: gpt-4o-mini

Using Custom OpenAI-Compatible Provider

- uses: bishalprasad321/prpilot-summary@v1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    llm_api_key: ${{ secrets.LLM_API_KEY }}
    llm_provider: openai-compatible
    llm_api_base_url: https://your-custom-endpoint.com/v1
    ai_model: your-model-name

Handling Large Pull Requests

- uses: bishalprasad321/prpilot-summary@v1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    llm_api_key: ${{ secrets.GEMINI_API_KEY }}
    llm_provider: gemini
    ai_model: gemini-2.5-flash
    max_diff_lines: 10000
    enable_incremental_diff_processing: true

Development Workflow with Debug Mode

- uses: bishalprasad321/prpilot-summary@v1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    llm_api_key: ${{ secrets.GEMINI_API_KEY }}
    llm_provider: gemini
    debug: true

Recommended Permissions

When using PR Pilot Summary in your GitHub Actions workflow, it is recommended to set the following GITHUB_TOKEN permissions:

permissions:
  pull-requests: write
  contents: read

• pull-requests: write — Required to post PR descriptions and comments
• contents: read — Required to read repository contents and PR diffs

Note

For detailed setup instructions and to get your LLM API key:

• Gemini (Free): Google AI Studio
• OpenAI: OpenAI API Keys
• Other Providers: Refer to your provider’s documentation

For more information, see the Quick Start Guide and Full Documentation.

License

The scripts and documentation in this project are released under the MIT License.

• This action is used across all versions by 199 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the compilation of LaTeX documents and publishes the resulting artifacts directly to GitHub Releases, streamlining the process of managing and distributing LaTeX-generated outputs. It also supports generating differential documents by integrating with auto-latexdiff, enabling users to track changes between versions. This action simplifies workflows for teams or individuals working with LaTeX by handling compiling, versioning, and release management.

What’s Changed

2.3.3 (2026-04-21)

Dependency updates

• core-deps: update adityagarg8/remove-unwanted-software action to v5 (#405) (498701e)

Build and continuous integration

• deps: update actions/setup-node action to v6.4.0 (#404) (9faa920)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
The swarm-review GitHub Action automates pull request reviews by leveraging multiple AI agents, each specializing in areas like security, performance, architecture, or developer experience. These agents independently analyze code changes, engage in structured debates to challenge or reinforce findings, and produce a synthesized final review comment via a principal agent. This action streamlines and enhances code review processes, providing teams with comprehensive, collaborative, and specialized feedback.

What’s Changed

What’s Changed

• Harden PR targeting and managed comment updates by @EvanGribar in https://github.com/EvanGribar/Swarm-Review/pull/40
• Add diff budgeting and stronger LLM retries by @EvanGribar in https://github.com/EvanGribar/Swarm-Review/pull/41
• Expand unit coverage for diff and GitHub helpers by @EvanGribar in https://github.com/EvanGribar/Swarm-Review/pull/42
• Prepare v0.0.2 release docs and metadata by @EvanGribar in https://github.com/EvanGribar/Swarm-Review/pull/43
• Consolidated fixes for v0.0.2 release feedback by @EvanGribar in https://github.com/EvanGribar/Swarm-Review/pull/44

Full Changelog: https://github.com/EvanGribar/Swarm-Review/compare/0.01...0.1.1

• This action is used across all versions by 9 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Fallow is a static analysis tool for TypeScript and JavaScript that identifies unused code, duplication, complexity, and architectural issues across an entire codebase. It automates codebase cleanup and optimization, helping developers improve maintainability, enforce boundaries, and streamline AI-assisted development workflows. With its zero-configuration setup, sub-second performance, and optional runtime insights for production behavior, Fallow provides a comprehensive and efficient solution for code quality and health analysis.

What’s Changed

Interface-mediated class member usage, React Router 7 routes, and a crypto-rng dev-dep fix

Three targeted fixes landed on top of v2.44.1.

Fixes

• Class members used only through interface-typed bindings are no longer flagged unused (thanks @M-Hassan-Raza, #132). A class method called only via an interface-typed variable or parameter (e.g. const strategy: VirtualScrollStrategy = ...; strategy.attach(); where FixedSizeScrollStrategy implements VirtualScrollStrategy) appeared as an unused class member because the access resolved to the interface name, not the implementer. The extractor now tracks type-annotated bindings (locals, parameters, class fields, parameter properties) alongside new ClassName() bindings, and the member-usage analysis propagates interface member accesses to every class that implements the interface. Same-named interface exports in separate files stay isolated by ExportKey, so unrelated implementers do not silently credit each other. Real-world check on vite: 163 → 160 unused class members (3 false positives eliminated, zero new findings).
• react-router.config.ts route modules with a routesFn are honored. Config-driven route modules (import { flatRoutes } from "@react-router/fs-routes"; export default { routes: flatRoutes() }) are extracted the same way as static routes: [...] arrays, so route files referenced only through the filesystem convention are no longer reported as unused files in React Router 7 apps.
• rand 0.8 re-pinned in fallow-license dev-dependencies. A Dependabot bump to rand 0.9 broke the OsRng + SignatureEncoding wiring used by test key generation; dev-deps stay on 0.8 until the signing path is ported to 0.9’s new TryRngCore trait set.

Cache

• Cache version bumped 43 → 44. The new visitor handlers (parameter types, property types, this.field aliases) produce additional MemberAccess records, so warm caches must be invalidated on upgrade for users to pick up the fix without touching individual files.

Thanks

• @M-Hassan-Raza for #162, continuing an ongoing streak of contributor fixes to class-member detection.

Full Changelog: https://github.com/fallow-rs/fallow/compare/v2.44.1...v2.44.2

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Checkov + Reviewdog GitHub Action automates security scanning for Infrastructure as Code (IaC) files such as Terraform, CloudFormation, and Kubernetes, using Checkov. It integrates with Reviewdog to provide inline feedback on pull requests, helping developers identify and address security issues directly within their workflows. This action simplifies the process of enforcing security best practices, offering configurable severity levels, filtering options, and streamlined execution via a pre-built Docker image.

What’s Changed

2.10.0 (2026-04-21)

Features

• deps: update dependency bridgecrewio/checkov to v3.2.524 (f78d666)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The getbao Deploy Action automates the deployment of a getbao authentication service to Cloudflare Workers directly from a GitHub workflow. It streamlines tasks such as retrieving versioned assets, provisioning infrastructure (e.g., databases and namespaces), applying migrations, deploying workers, and initializing encryption keys and secrets. This action simplifies and accelerates the deployment process while ensuring infrastructure changes are tracked and committed via pull requests.

What’s Changed

• release: v0.0.0-alpha (b1fbed7)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The agent-cfi GitHub Action provides Control Flow Integrity (CFI) for AI agents by verifying that their tool-call behavior remains consistent across code changes. It automates the detection of unauthorized tool calls or deviations in the agent’s call graph, helping identify vulnerabilities like prompt injections or unexpected behavior during CI workflows. Key capabilities include baseline graph creation, PR-based drift detection, and proactive security testing with red-team probes based on real-world vulnerabilities.

What’s Changed

What it does

agent-cfi gates every PR on your AI agent’s tool-call graph shape.

Runtime guardrails (Lakera, LLM-Guard, NeMo Guardrails) look at a single call in isolation. Red-team frameworks (Garak, PyRIT, Promptfoo) ask “did it fail this scenario?” Neither models allowed behavior as a graph and blocks drift in CI. agent-cfi does.

Quick start

Record a baseline from eval traces on main, then commit the graph:

agent-cfi record --traces traces.jsonl --out .agent-cfi/baseline.json

In your PR workflow, re-run evals to capture pr-traces.jsonl, then:

- uses: grcwarlock/agent-cfi@v0.2.1
  with:
    traces: pr-traces.jsonl
    baseline: .agent-cfi/baseline.json
    config: .agent-cfi/config.yaml
    upload-sarif: true

What it catches

Inputs

What’s in v0.2.1

All v0.2.0 features — MCP schema hash-pinning, diff-overlay graph visualization, native LangGraph/CrewAI/AutoGen tracer adapters, offline paraphrase fuzzer, and a CVE-derived probe pack — plus Marketplace polish: the Action now exposes MCP pinning inputs, CLI gains --version, SARIF tool version tracks package version, reference probe-agent example ships in examples/, unit-test CI runs pytest on Python 3.10 / 3.11 / 3.12.

Docs

• README
• CHANGELOG

• This action is used across all versions by 3 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The HiddenLayer Model Scanner GitHub Action integrates model scanning into CI pipelines, automating the detection of potential security issues in machine learning models stored in repositories or on AWS S3. It provides clear scan results (e.g., identifying malicious models) in the GitHub Actions Job Summary or pull requests, and supports optional features like SARIF output and community scan capabilities. This action helps streamline security checks for machine learning workflows, ensuring the integrity of deployed models.

What’s Changed

What’s Changed

• github action doc change by @bpham-hl in https://github.com/hiddenlayerai/hiddenlayer-model-scan-github-action/pull/153

New Contributors

• @bpham-hl made their first contribution in https://github.com/hiddenlayerai/hiddenlayer-model-scan-github-action/pull/153

Full Changelog: https://github.com/hiddenlayerai/hiddenlayer-model-scan-github-action/compare/v1.0.7...v1.0.8

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

jPipe Runner is a command-line tool designed to execute and validate workflows created using the jPipe framework. It automates tasks such as defining template variables, loading custom Python modules, generating workflow diagrams, and performing dry-run validations. Its key capabilities include flexible workflow execution, diagram generation, and configuration management to streamline workflow development and visualization.

What’s Changed

• Add jpipe_link decorator for explicit function binding to pipeline (#72) (f328ab7)
• feat: validate justification JSON files against a declarative JSON Schema (#71) (fe103ba)
• docs: remove all references to decommissioned GUI (bc9db35)
• fix(release): add python3-tomli to release job apt dependencies (25d85ce)
• fix(deb): install python3-tomli via apt, not pip (62922d1)
• Refactor to use pure-Python graphviz and fix PPA build dependencies (#70) (e7191af)
• bumping version to 3.2.0 (9b5490e)
• Enhance documentation, fix logger issues, and refactor setup (#69) (623f0f0)
• release v3.1.0 (#62) (2db1414)
• feat(action): adding branding informations (5c93d3a)

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

SecondBrain is a CLI tool that integrates with external data sources (e.g., Salesforce, Slack, Zendesk) to retrieve, filter, and analyze data using a Large Language Model (LLM). By leveraging Retrieval Augmented Generation (RAG) techniques, it automates tasks such as generating summaries, reports, and insights from diverse and disconnected datasets. Key capabilities include analyzing directories of files, summarizing GitHub repository changes, and extracting insights from YouTube transcripts.

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

MemBrowse is a GitHub Action designed to analyze the binary size and memory footprint of embedded firmware by extracting detailed memory information from ELF files and linker scripts. It automates symbol-level analysis with source file mapping, memory region extraction, and historical tracking by integrating with the MemBrowse platform for continuous monitoring, reporting, and CI gating. Key capabilities include PR memory analysis with utilization changes, symbol-level deltas, and customizable PR comments, as well as historical onboarding of previous builds for comprehensive memory tracking.

What’s Changed

What’s Changed

• cpp demangle local symbols
• support lma and vma addresses
• properly detect arc and toolchain
• fix formatting default pr commit message

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The aer GitHub Action enables developers to validate Apex code, execute tests, and simulate a lightweight Salesforce-compatible runtime directly in their CI/CD pipelines. It automates the process of running Apex tests without requiring deployment to a Salesforce org, significantly improving iteration speed and test reproducibility. Key capabilities include running test suites, debugging code interactively, and simulating Salesforce-like behavior using local SObject metadata.

What’s Changed

Version v0.0.161

• Add CommercePayments Parent Type Coverage And Interface Tests

• Implement Grouped Report Execution

• Implement Report Date Filtering

• Add PersonAccounts Metadata And Fix Setup Test Harnesses

• Implement Report Boolean Filters And Grouping Sort Order

• Implement Report Sorting And Row Limits

• Add Builtin AiJob Schema Objects

• Fix Platform Event Publish Validation Results

• Restrict Unqualified Type Fallback To System Namespace For Unnamespaced Classes

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Ogoron Setup Action automates the initialization or migration of Ogoron configurations in a repository by downloading the required Ogoron Linux bundle, setting up or upgrading repository artifacts, and performing an analysis step. It addresses the need for seamless repository setup and updates, while providing key capabilities such as preparing the Ogoron UI workspace and creating or updating pull requests with the resulting changes. This action is designed specifically for manual bootstrap or migration workflows.

What’s Changed

Initial public release of the Ogoron Setup action.

This action bootstraps or upgrades Ogoron in a repository, can run ogoron analyze business, can prepare the UI workspace, and can open a pull request with the resulting repository changes.

Current scope:

• Linux runners only
• Requires OGORON_REPO_TOKEN
• OGORON_LLM_API_KEY is required only in BYOK mode

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The RepoClip Generate Video Action automates the creation of AI-powered promotional videos for GitHub repositories, integrating narration, visuals, and music. It streamlines the process of showcasing repository updates, features, or releases, solving the challenge of manually producing engaging video content. Key capabilities include customizable video styles, aspect ratios, and direct integration into GitHub workflows for seamless sharing.

What’s Changed

Initial Release

Generate promotional videos for your GitHub repositories directly from CI/CD with RepoClip.

Features

• AI-powered video generation from any GitHub repository
• • Multiple video modes: image, video_short, video_long
• • Customizable prompts, aspect ratios, and visual styles
• • Optional background music
• • Automatic polling with configurable timeout
• • Outputs video URL, thumbnail, and share page URL

Quick Start

- uses: TwistTheoryGames/generate-video@v1
-   with:
-     api-key: ${{ secrets.REPOCLIP_API_KEY }}
- ```
Get your API key at [repoclip.io/dashboard/settings](https://repoclip.io/dashboard/settings).

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The nx-resolve-affected GitHub Action automates the creation of a deployment matrix for NX-based monorepos, identifying which apps in the repository need redeployment based on their last successful deployment SHA. It solves the problem of incorrectly using a single base SHA for all apps by determining the base SHA per app, ensuring only affected apps are included in the deployment matrix. This action streamlines deployment workflows in environments where different apps within a monorepo have varying deployment frequencies.

What’s Changed

First public release of nx-resolve-affected: a GitHub Action that builds an NX deploy matrix for a monorepo, with a separate base SHA per app.

In a multi-app monorepo, what changed depends on which app you ask. App A deployed this morning; App B hasn’t shipped in a month. A single base SHA is wrong for at least one of them. This action asks GitHub Deployments for each app’s last successful deploy SHA and runs nx show projects --affected against that SHA per app — so the matrix only contains apps that genuinely need redeploying.

Full Changelog: https://github.com/rogiervanstraten/nx-resolve-affected/commits/v0.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CVE Lite CLI is a GitHub Action and CLI tool designed to scan JavaScript and TypeScript projects for known dependency vulnerabilities by analyzing lockfiles and querying the Open Source Vulnerabilities (OSV) database. It automates the process of identifying and prioritizing fixes with actionable remediation guidance, including direct fix commands, while offering features like offline scanning, transitive dependency visibility, and local-first operation without requiring a cloud account. The tool is optimized for fast, developer-friendly use in secure environments and supports multiple package managers.

What’s Changed

Added

• Usage-aware dependency analysis phase 1: The CLI now statically analyzes project source code to detect if vulnerable dependencies are actually imported and reachable.
• Added --usage and --only-used flags. Used findings bubble to the top, and --only-used aggressively filters out unreachable/unused dependencies to eliminate noise.
• CLI tables now feature a dedicated Usage column indicating import counts or unused status, color-coded red and green.
• Migrated the breaking change annotation into its own dedicated Breaking? column with a ⚠ symbol in the fix plan tables.

Validation

• npm test
• npm run build

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The tinted-builder-rust GitHub Action provides a command-line tool and library for building themes from base16 and base24 templates according to the 0.11.1 builder specification. It automates tasks such as syncing the latest theme schemes and generating theme files based on user-defined templates, simplifying theme creation and updating workflows. Key capabilities include customizable scheme directories, ignore patterns, and integration into Rust applications for direct template management.

What’s Changed

Changed

• Updated to tinted-builder 0.14.0 lib

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Build Assistant GitHub Action integrates with the Build Assistant system to streamline CI/CD workflows by automating build event tracking, artifact uploads, Docker image registration, and commit analysis. It simplifies tasks such as reporting build statuses, managing container images, and sending notifications to platforms like Telegram. This action enhances pipeline visibility and reduces manual effort in managing build artifacts and deployment processes.

What’s Changed

• docs: add build_number usage to README, update examples to v2.0.2 (b2ed0a1)
• chore: bump version to 2.0.2 (30711c0)
• feat: add build_number input to CLI event action (329de50)
• up version to 2.0.1 (b8d53c7)
• Refactor action to use Node.js; remove Dockerfile and related scripts. Transition from Docker-based execution to a Node.js environment for improved performance and simplicity. (0ec9847)
• Remove ACTION_README.md and PUBLISHING.md files; update Dockerfile to streamline build process and adjust paths for CLI source files. (bd54b01)
• add all (35ead39)

• This action is used across all versions by 9 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, Fallow, provides static and optional runtime analysis for TypeScript and JavaScript codebases to identify and address issues like unused code, code duplication, high complexity, and architecture drift. It automates the detection of inefficiencies and risky code patterns across entire projects, offering insights beyond traditional file-local tools. With a focus on improving code health and maintainability, Fallow delivers rapid, zero-configuration analysis and supports runtime intelligence to enhance production-level decision-making.

What’s Changed

Highlights

--coverage now matches arrow-function exports

Istanbul records arrow functions bound to a const as (anonymous_N) while fallow extracts the binding identifier name. Neither the exact (name, line) match nor the name-only fuzzy match succeeded, so arrow-heavy codebases silently fell through to the estimated coverage model with istanbul_matched: 0, and --max-crap (new in v2.44.0) ran against estimates instead of observed coverage.

IstanbulFileCoverage::lookup now has a third fallback: when no name-based match exists and exactly one (anonymous_N) entry starts within ±2 lines of the requested line, use it. The single-candidate guard keeps the match unambiguous (multiple candidates return None rather than risk attributing coverage to the wrong function).

Before:

{ "coverage_model": "istanbul", "istanbul_matched": 0, "istanbul_total": 1880 }

After:

{ "coverage_model": "istanbul", "istanbul_matched": 1874, "istanbul_total": 1880 }

Closes #155.

Full Changelog: https://github.com/fallow-rs/fallow/compare/v2.44.0...v2.44.1

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Aguara is a security scanner designed to detect and prevent vulnerabilities in AI agent skills and MCP (Modular Command Platform) servers before deployment. It automates the identification of risks such as prompt injection, data exfiltration, supply-chain attacks, and other threats using advanced static analysis techniques, including pattern matching, NLP analysis, and cross-file toxic flow detection. Key capabilities include support for 189 detection rules, multi-layer analysis, evasion decoding, context-aware scanning, and risk scoring, providing robust protection for AI and MCP environments without requiring external APIs or cloud resources.

What’s Changed

Maintenance release. Bundles one install-reliability fix, four rule calibration tweaks, a noisy update-check message, and a hardening change to the composite action. No engine changes, no rule-count change. There is no CVE, no known exploitation, and no action required beyond upgrading normally.

Fixed

Fresh installs of v0.14.0 / v0.14.1 / v0.14.2 were failing

install.sh extracted the expected checksum with grep "$file" checksums.txt | awk '{print $1}'. After v0.14.0 started shipping per-archive SBOMs, the substring grep also matched the sibling .sbom.json line, so awk '{print $1}' returned two hashes concatenated. Every install aborted with checksum mismatch: expected <hash1><hash2>, got <hash1>. The script was failing closed - no one was silently compromised - but nobody could install Aguara fresh.

Fix: exact-filename match on column 2 with awk. Users who already had v0.14.x installed (via Homebrew, go install, or a pre-v0.14 install.sh) were unaffected.

Four rule false positives on real-world skill docs

Detection-engineering pass over a 1247-file corpus of real skills caught four regexes firing on legitimate content without any corresponding true-positive loss:

• PROMPT_INJECTION_004 (Zero-width char obfuscation) fired on a single UTF-8 BOM at file start. Pattern 2 now requires {2,} like pattern 1.
• PROMPT_INJECTION_011 (Jailbreak template) matched DAN inside unrelated words - Enable zone reDANdancy, clippy::peDANtic. Tokens are now anchored with \b.
• UNI_001 (RTL override) fired on U+202D (LRO), which appears in legitimate mixed-direction layout. Narrowed to U+202E (RLO, the actual Trojan Source signal).
• UNI_006 (Tag characters) had a range that missed U+E0000 (LANGUAGE TAG). Extended to the full Unicode Tag Characters block.

All true-positive coverage preserved. testdata/malicious/ still produces 98 findings, unchanged.

Update available: v0.14.2 → v0.14.2 on every invocation

The ldflag-injected binary version came in as 0.14.2 while the GitHub Releases API returns v0.14.2. The equality check compared them as raw strings, so up-to-date binaries kept printing an “update available” line pointing to the same version they were running. Fix: strip the leading v on both sides before comparing.

The tag_name returned by the GitHub API is now also validated against ^v\d+\.\d+\.\d+$ before being displayed, so a future hijacked release page cannot surface arbitrary text in the user’s terminal.

Changed

action.yml no longer pulls install.sh from main

The composite action previously fetched install.sh directly from the main branch on every consumer run. That is a poor supply-chain pattern - a future compromise of the repository’s write access would propagate to downstream CI without a release ever being cut, bypassing the Cosign/SBOM/SLSA signing pipeline that covers the tagged path. This is a hardening change, not a response to any observed incident.

The action now resolves the install ref from inputs.install-script-ref → github.action_ref → a baked-in tag default, rejecting anything that is not a semver tag (vX.Y.Z) or a 40-char commit SHA. @main, @v1, @<branch> all fall back to the pinned default and emit a GHA ::warning::. Consumers who pin uses: garagon/aguara@v0.14.3 (or any exact tag or SHA) see no behavior change.

DEFAULT_REF is bumped to v0.14.3 so consumers using non-semver refs fall back to this release’s fixed install.sh.

Upgrade

• Homebrew: brew update && brew upgrade aguara
• go install: go install github.com/garagon/aguara/cmd/aguara@v0.14.3
• install.sh (fresh): curl -fsSL https://raw.githubusercontent.com/garagon/aguara/v0.14.3/install.sh | bash
• Docker: docker pull ghcr.io/garagon/aguara:0.14.3
• GitHub Action: uses: garagon/aguara@v0.14.3

Verification

Post-release acceptance script passed all 6 checks on darwin/arm64: Cosign-signed checksums, archive sha256, extracted binary version, Cosign-signed Docker image, native multi-arch pull, SBOM + SLSA provenance attestations.

Reproduce locally:

VERSION=v0.14.3 .github/scripts/verify-release.sh

What’s Changed

• fix(action): pin install.sh fetch to a tagged ref, never main in #56
• fix(install): exact-filename match in verify_checksum in #56
• fix(rules): tighten regex boundaries on four unicode + jailbreak rules in #57
• fix(update-check): normalize v-prefix + validate tag shape in #58
• release: v0.14.3 in #59

Full Changelog: https://github.com/garagon/aguara/compare/v0.14.2...v0.14.3

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 38 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The AI-powered Accessibility Scanner is a GitHub Action designed to automate the detection of accessibility issues in websites, repositories, and dynamic content. It identifies accessibility barriers, creates actionable GitHub issues, and optionally leverages GitHub Copilot to propose AI-powered fixes for review. This tool streamlines the process of improving digital accessibility and helps teams efficiently address compliance gaps.

What’s Changed

What’s Changed

New Features

• Support TypeScript plugins in find plugin manager via esbuild by @Copilot in https://github.com/github/accessibility-scanner/pull/187

Dependency/documentation updates

• chore(deps): Bump ruby/setup-ruby from 1.300.0 to 1.301.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/192
• chore(deps-dev): Bump typescript from 5.9.3 to 6.0.2 in /.github/actions/fix by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/197
• chore(deps-dev): Bump typescript from 5.9.3 to 6.0.2 in /.github/actions/find by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/196
• chore(deps-dev): Bump typescript from 5.9.3 to 6.0.2 in /.github/actions/file by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/195
• chore(deps-dev): Bump typescript from 5.9.3 to 6.0.2 in /.github/actions/auth by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/194
• chore(deps): Bump the npm-minor-and-patch group across 5 directories with 6 updates by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/199
• chore(deps): Bump puma from 7.2.0 to 8.0.0 in /sites/site-with-errors by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/191
• chore(deps): Bump ruby/setup-ruby from 1.301.0 to 1.302.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/204
• chore(deps): Bump the npm-minor-and-patch group across 5 directories with 4 updates by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/205

Full Changelog: https://github.com/github/accessibility-scanner/compare/v3.0.1...v3.1.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action simplifies setting up the Gungraun toolchain by automating the installation and synchronization of gungraun-runner and Valgrind based on the specified or auto-detected versions. It addresses compatibility and version management challenges across various Linux distributions and supports multiple installation strategies for flexibility. Key capabilities include automated dependency installation, version detection, and customizable configuration for efficient development workflows.

What’s Changed

[1.0.1] - 2025-04-21

Changed

• Upgrade @actions/core to v2, @actions/exec to v2, @actions/github to v8, @actions/io to v2, @actions/tool-cache to v3

Fixed

• Fix a dependency vulnerability undici <=6.23.0 with severity: high by updating @actions/github to v8

New Contributors

• @gamma0987 made their first contribution in https://github.com/gungraun/setup-gungraun/pull/16

Full Changelog: https://github.com/gungraun/setup-gungraun/compare/v1.0.0...v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action integrates with Elixir projects to parse mix test.coverage output, automate posting or updating sticky pull request comments with test coverage details, and enforce coverage thresholds at both total and per-module levels. It streamlines code review by providing actionable insights into coverage metrics, highlighting changed files, and ensuring consistent enforcement of coverage standards across multiple Elixir versions.

What’s Changed

Two fixes bundled into a single patch release.

Pre-1.20 coverage format supported

The 1.20 release introduced a markdown-pipe coverage table (| Percentage | Module |). Older Elixir versions emit a plain Percentage | Module table without leading or trailing pipes. The parser now recognises both, so hex packages that test across Elixir 1.17–1.20 in the same workflow can use this action without per-version branching.

Changed-files matching fixed for non-standard layouts

Two bugs in include-changed-files: true:

1. The lib/ prefix strip required a leading slash, so paths starting directly with lib/ (like lib/my_app/account.ex) weren’t normalised.
2. Projects whose filesystem layout doesn’t mirror their module namespace (e.g. lib/my_app/account.ex defining MyApp.Data.Account) never matched any module.

Matching now includes a basename fallback alongside the existing strict path comparison.

Full diff: https://github.com/hipcall/mix-coverage-action/compare/v1.0.0...v1.0.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The hyperlocalise GitHub Action provides CI automation for managing localization workflows in software development. It automates tasks such as detecting translation changes (drift mode) and validating localization integrity (check mode), helping teams ensure consistent, high-quality translations as part of their development process. This action integrates seamlessly into the CI/CD pipeline, offering features like dry-run reporting, integrity checks, and artifact uploads for localization management.

What’s Changed

What’s Changed

• fix(deps): update dependency ai to v6.0.161 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/284
• fix(deps): update dependency hono to v4.12.14 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/287
• chore(deps): update dependency vite-plus to v0.1.18 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/286
• fix(deps): update dependency @ai-sdk/openai to v3.0.53 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/283
• fix(deps): update dependency inngest to v4.2.4 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/289
• cli: add –file and –key filters to check command by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/291
• chore(deps): update node.js to v24.15.0 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/292
• fix(deps): update dependency next to v16.2.4 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/290
• chore(deps): update dependency typescript to v6.0.3 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/294
• feat(cli): add diff-scoped check mode by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/295
• Revert “feat(cli): add diff-scoped check mode” by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/296
• fix(deps): update dependency shadcn to v4.3.0 - autoclosed by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/293
• fix(deps): update dependency ai to v6.0.168 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/288
• feat(cli): add diff-scoped validation for changed keys by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/297
• chore: prepare github app by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/298
• feat(web): add WorkOS org-aware auth flow and session-backed API auth + github action events by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/299
• privacy + tos by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/300
• fix workos by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/302
• Cut over from Inngest to internal workflow executor and remove Inngest integration by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/301
• docs(commands): add missing check command docs by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/304
• feat(web): add multi-org WorkOS context and local teams support by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/303
• feat(web): add zero-org onboarding and encrypted org provider setup by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/305
• docs(docs): use distinct icons for global anchors by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/306
• fix(deps): update go dependencies by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/307
• new landing page by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/308
• fix(deps): update dependency recharts to v3.8.1 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/309
• fix(deps): update dependency shadcn to v4.3.1 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/310
• chore(deps): update dependency bazel to v9.1.0 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/314
• Update dependency @base-ui/react to v1.4.1 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/311
• Update tailwindcss monorepo to v4.2.3 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/312
• Update dependency react-hook-form to v7.73.1 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/315
• update landing page by @cungminh2710 in https://github.com/hyperlocalise/hyperlocalise/pull/316
• Update dependency @workos-inc/authkit-nextjs to v3.0.1 by @renovate[bot] in https://github.com/hyperlocalise/hyperlocalise/pull/313

Full Changelog: https://github.com/hyperlocalise/hyperlocalise/compare/v1...v1.4.5

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
The cibuild GitHub Action simplifies the setup and management of continuous integration (CI) pipelines for iOS and Android projects. It automates tasks such as pipeline generation, platform detection, secret management, and workflow validation, enabling developers to quickly configure and run CI workflows locally or on GitHub Actions. Key features include auto-creation of pipelines, interactive setup wizards, local and remote pipeline execution, and seamless integration with GitHub for deploying secrets and workflows.

What’s Changed

Release v1.5.4

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Skills Update Action automates the process of keeping your repository’s agent skills up to date by wrapping Vercel’s Skills CLI to run updates in CI/CD workflows. It ensures controlled updates by enforcing a path safety policy, allowing only explicitly permitted files to be modified, and supports workflows such as read-only updates, creating commits, or managing a single rolling pull request. This action streamlines skills maintenance while maintaining human oversight on approval and merge decisions, addressing the need for secure and efficient automation in CI pipelines.

What’s Changed

Full Changelog: https://github.com/iyaki/skills-update/compare/v1...v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, “Michael,” analyzes .NET build logs to identify, group, and rank warnings and errors by impact, helping developers prioritize and address issues efficiently. It automates the creation of detailed reports and optional AI-ready fix scripts, streamlining the debugging and remediation process in both local and CI workflows. Key outputs include machine-readable issue data, summary reports, and customizable fix scripts.

What’s Changed

What’s Changed

• feat: add –template-file option to specify a fix-script template and… by @Jonesie in https://github.com/Jonesie/Michael/pull/29

Full Changelog: https://github.com/Jonesie/Michael/compare/v1.0.7...v1.0.8

What’s Changed

• feat: add –template-file option to specify a fix-script template and… by @Jonesie in https://github.com/Jonesie/Michael/pull/29

Full Changelog: https://github.com/Jonesie/Michael/compare/v1.0.7...v1.0.8

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The CA Certificate Import GitHub Action automates the installation of custom SSL/TLS certificates into CI/CD runner environments, ensuring tools like Docker can interact with private registries or internal resources using non-standard certificate authorities. It simplifies certificate management by supporting multiple input methods (file, URL, or inline content), validating certificates, and optionally generating BuildKit configuration files for Docker integration. This action solves the problem of enabling secure communication with custom CAs in automated workflows.

What’s Changed

📦 Uncategorized

• chore: migrate from standard-version to npm lifecycle hooks + conventional-changelog-cli
• chore: add devcontainer with Docker and act support
• chore: migrate devcontainer to file-based secrets
• chore: harden install-certificate shell script
• chore(ci): bump actions/checkout and actions/setup-node to v6
• chore(release): 3.0.2

Usage

- uses: LiquidLogicLabs/git-action-ca-certificate-import@v3.0.2
  with:
    certificate: 'path/to/cert.crt'  # Auto-detects: file path, URL, or inline content

Installation

The certificate will be installed to the system CA store and trusted by:

• ✅ Docker (push/pull from registries with custom certs)
• ✅ curl, wget, and other HTTP clients
• ✅ pip, npm, apt, and other package managers
• ✅ Git operations over HTTPS
• ✅ Any tool that uses the system CA store

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The aer GitHub Action provides a streamlined solution for validating, testing, and debugging Salesforce Apex code within CI/CD pipelines. It automates the execution of Apex tests and creates a lightweight Salesforce-compatible runtime on local machines, enabling developers to rapidly iterate on Apex logic without deploying to a Salesforce org. Its key features include running test suites, executing specific code paths, and integrating with tools like VS Code for interactive debugging.

What’s Changed

Version v0.0.160

• Add Health Cloud Authorization And Contact Objects To The Schema

• Add CartExtension Test Coverage And Gate Subscription Methods

• Add Apex Coverage For UserProvisioning Batchables

• Set Authenticated User On VM For Apex REST Requests

• Fix UserProvisioning Batchable Interface Enforcement

• Add CommerceExtension ExtensionInfo And Resolution Builtins

• Cover Remaining CommerceExtension ResolutionException Methods

• Add Asset Lifecycle And Partner Fund Objects To The Schema

• Add CommercePayments Builtins For Remaining Classes

• Track UserProvisioning Coverage Through Parent Builtins

• Cover Remaining CommercePayments Testable Methods

• Cover Remaining UserProvisioning Apex Methods

• Add Requested Experience, FSC, HealthCloud, And LiveAgent Objects

• Enforce Attachment Sharing And Direct Role Imports

• Add RevenueCloud Objects And Fix Standard Prefixes

• Fix getPopulatedFieldsAsMap field order after JSON deserialization

• Add More Action Plan Objects

• Add SObject.class and construction-style deserialization field order tests

• Add ConsumerGoodsCloud Objects And Fix Standard Prefixes

• Model Permissionable Name Fields In Schema

• Fix Content USER_MODE Field Access

• Refine Optional Schema Metadata And Add ManufacturingCloud

• Omit Empty Child Subqueries From JSON.serialize Output

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Tobi Validator GitHub Action serves as a public wrapper for the Stage 1 release of Organetic’s AI Verification Engine. It automates the validation of files and workflows using two primary modes: canon for canonical structure validation and golden for conformance checks against predefined fixtures, enabling deterministic diagnostics and verification processes. This action streamlines integration into GitHub workflows by providing a controlled evaluation-token-based onboarding process and essential tools for diagnostics, support, and adoption.

What’s Changed

Public Marketplace release for the released Stage 1 Tobi Validator action wrapper.

This action provides a narrow validator-first GitHub Actions path for:

• canon mode
• golden mode
• controlled private artifact access via TOBI_DIST_TOKEN

Current v1 reading:

• Windows-only
• public action wrapper
• private binary delivery from OrganeticSphere/tobi-validator-dist
• checksum verification required
• no runtime/backend/API/platform claims

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The ansible-lint GitHub Action automates the process of linting Ansible playbooks, roles, and collections using the ansible-lint tool. It helps ensure Ansible configurations adhere to best practices and coding standards, saving time and reducing errors during code reviews or continuous integration workflows. This action provides seamless integration with GitHub workflows, enabling automated checks for YAML files in your repository.

What’s Changed

Full Changelog: https://github.com/pako-23/action-ansible-lint/commits/v0.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automatically generates professional Japanese (Keigo) summaries for Pull Requests using Google Gemini AI, streamlining communication in Japanese corporate environments. It eliminates the need for manual translations by providing accurate, context-aware bilingual summaries tailored for business use.

What’s Changed

Full Changelog: https://github.com/preeti-ballal/bilingual-commit-translator/compare/v1.0.0...v1.0.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The UNPWNED Security Scan GitHub Action automates security checks for web applications by scanning domains for vulnerabilities, such as missing security headers, expired certificates, exposed sensitive files, and misconfigured DNS or CORS policies. It runs on every push or pull request and can fail builds based on critical findings, helping developers catch security regressions early. Key features include generating security scores, identifying data breaches, and optionally commenting results on pull requests.

What’s Changed

First public release of the UNPWNED Security Scan GitHub Action.

What it does

Runs the UNPWNED CLI against your domain on every push or pull request. Surfaces a score, grade, and severity breakdown in the Actions tab, and fails the workflow when findings exceed your configured threshold.

Checks included

Security Headers, SSL/TLS, DNS Security, Cookie Security, CORS Policy, Sensitive Files, Tech Stack, Data Breaches.

Quick start

+ '```yaml' +

• uses: razazu/unpwned-action@v1 with: domain: yoursite.com + '```' +

See the README for full input/output documentation and examples.

Want more?

The full unpwned.io platform adds 700+ checks, AI fix prompts, continuous monitoring, PDF reports, and GitHub Issues integration.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, cargo-workspace-inheritance-check, automates the detection and resolution of dependency inheritance issues in Rust’s Cargo workspaces. It identifies cases where workspace member crates specify dependency versions directly instead of using { workspace = true }, flags version mismatches, and suggests candidates for centralizing shared dependencies in the [workspace.dependencies] section of the root Cargo.toml. By enforcing consistent dependency management, it helps prevent version drift, reduces duplication, and simplifies dependency maintenance across workspace projects.

What’s Changed

[1.3.0] - 2026-04-21

Full Changelog: https://github.com/RomarQ/cargo-workspace-inheritance-check/compare/v1.2.0...v1.3.0

Added

• Ignore rules via [workspace.metadata.inheritance-check] in the root Cargo.toml:

  [workspace.metadata.inheritance-check]
  ignore = [
    { dependency = "rand", member = "crates/bar" }, # skip in a specific crate
    { dependency = "openssl" },                     # skip everywhere
  ]
  

  Ignored (dependency, member) pairs are suppressed from both reporting and --fix. Without member, the rule applies to every crate and also drops the dependency from promotion-candidate grouping. Both inline-array and [[workspace.metadata.inheritance-check.ignore]] array-of-tables syntax are accepted.

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
The “rumdl” GitHub Action is a high-performance Markdown linter and formatter built with Rust, designed to ensure consistency and enforce best practices in Markdown files. It automates the identification and correction of common Markdown issues through highly configurable linting rules, automatic formatting, and support for multiple Markdown flavors. With its speed, zero dependencies, and CI/CD-friendly design, rumdl streamlines documentation quality control in modern development workflows.

What’s Changed

Fixed

• lsp: discover .config/rumdl.toml when walking up from a file (9d32fa7)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

AgentAuditKit is a comprehensive security scanner designed for AI agent pipelines connected to Multi-Agent Collaboration Protocols (MCP). It automates the detection of vulnerabilities such as misconfigurations, hardcoded secrets, tool poisoning, trust boundary violations, and tainted data flows across 13 agent platforms, using 151 rules and 28 scanning modules. The tool provides robust compliance mapping, OWASP standard coverage, supply chain integrity features, and offline functionality, streamlining security audits and ensuring rapid response to emerging AI-related vulnerabilities.

What’s Changed

Installation

pip:

pip install agent-audit-kit==v0.3.3

Docker:

docker pull ghcr.io/sattyamjjain/agent-audit-kit:v0.3.3

GitHub Action:

- uses: sattyamjjain/agent-audit-kit@v0.3.3
  with:
    fail-on: high

Supply chain

• rules.json — deterministic rule bundle
• rules.json.sha256 — trusted digest
• sbom.cdx.json / sbom.spdx.json — CycloneDX + SPDX SBOM
• *.sigstore — Sigstore keyless signatures (verify with agent-audit-kit verify-bundle)

Full Changelog: https://github.com/sattyamjjain/agent-audit-kit/compare/v0.3.2...v0.3.3

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

ZIRAN is a security testing tool designed to identify vulnerabilities in AI agents, particularly those using tools, memory, and multi-step reasoning. It models agents as capability graphs to uncover risks arising from tool interactions, such as transitive attack paths and silent failures, which are often missed by traditional prompt-based testing. Key features include graph-based tool chain analysis, execution-level side-effect detection, multi-phase attack simulations, and support for autonomous pentesting and multi-agent coordination.

What’s Changed

0.28.0 (2026-04-21)

Features

• atlas: retro-map every vector + atlas_coverage + CLI/report surface (#263) (cd427ef)

What’s Changed

• feat(atlas): retro-map every vector + atlas_coverage + CLI/report surface by @leoneperdigao in https://github.com/taoq-ai/ziran/pull/263
• chore(main): release 0.28.0 by @leoneperdigao in https://github.com/taoq-ai/ziran/pull/265

Full Changelog: https://github.com/taoq-ai/ziran/compare/v0...v0.28.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automatically detects and expands AWS IAM wildcard actions in pull request (PR) diffs, adding inline comments that detail the specific actions matched by each wildcard, along with links to AWS documentation. It streamlines code reviews by helping reviewers quickly understand the security implications of IAM changes, especially in scenarios involving wildcard permissions. The action supports various file types, groups consecutive wildcards into a single comment, and logs full expansions for very large wildcard matches.

What’s Changed

Fixed

• Require the Verify Draft Release workflow to run from the same release tag it verifies, so artifact attestations can be verified with --source-ref refs/tags/vX.Y.Z instead of a commit SHA

• This action is used across all versions by 2 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The ghstats GitHub Action generates visually appealing SVG cards summarizing a GitHub user’s profile, including data such as activity statistics, language usage, contributions, and productivity over time. It automates the process of fetching GitHub user data and creating customizable graphics for embedding in profile READMEs, solving the need for clear and engaging profile summaries. Key features include detailed visualizations like contribution heatmaps, language breakdowns, productivity charts, and repository stats.

What’s Changed

• chore(demo): regenerate gallery (2cde89f)
• chore(readme): mirror profile layout in preview, demo uses Monday start (e686f2f)
• chore(demo): mirror author profile README layout in per-theme pages (f1cc28b)
• chore(demo): regenerate gallery (7f592da)
• feat(card): configurable start of week (#25) (1763422)
• chore(demo): regenerate gallery (fb1be29)
• fix(card): productive titles render at 15 px for every timezone (#24) (f184ac8)
• chore(demo): regenerate gallery (234d2ef)
• feat(card): stack heatmap into two halves; unify font-size vocabulary (#23) (3cd7b29)
• chore(demo): regenerate gallery (f55d229)

• This action is used across all versions by 85 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The setup-tombi GitHub Action automates the installation and setup of the Tombi tool within GitHub Actions workflows. It simplifies the process of managing Tombi versions by supporting specific version installation, lock file-based version resolution, and optional checksum validation for security. This action is ideal for automating tasks like TOML file validation directly in CI/CD pipelines.

What’s Changed

What’s Changed

• Remove unnecessary GITHUB_TOKEN usage examples by @ya7010 in https://github.com/tombi-toml/setup-tombi/pull/30

Full Changelog: https://github.com/tombi-toml/setup-tombi/compare/v1.0.9...v1.0.10

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, Review Insights, analyzes pull request review data to identify workload imbalances, reviewer-author dynamics, merge trends, and the impact of AI involvement, providing detailed visual reports with metrics such as heatmaps, bar charts, and time-series trends. It automates the detection of review bottlenecks, zero-review merges, and AI adoption patterns, helping teams optimize collaboration and improve code review practices. Key capabilities include tracking human review burden, highlighting review biases, and generating actionable insights for repository management.

What’s Changed

What’s Changed

• chore: add octocov metric badges by @wiyco in https://github.com/wiyco/review-insights/pull/43
• ci: use GitHub App token for badge publishing by @wiyco in https://github.com/wiyco/review-insights/pull/44
• Revert “ci: use GitHub App token for badge publishing” by @wiyco in https://github.com/wiyco/review-insights/pull/45
• ci: pass app token to octocov action by @wiyco in https://github.com/wiyco/review-insights/pull/46
• chore(tsconfig): enable noUncheckedIndexedAccess by @wiyco in https://github.com/wiyco/review-insights/pull/47
• fix: align change request rate with observed reviews by @wiyco in https://github.com/wiyco/review-insights/pull/48
• chore(deps): update action dependencies by @wiyco in https://github.com/wiyco/review-insights/pull/49

Full Changelog: https://github.com/wiyco/review-insights/compare/v2.0.0-rc.1...v2.0.0-rc.2

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

dbt-semguard is a semantic change detection tool for dbt’s Semantic Layer, designed to identify and classify changes to metrics and models as breaking, risky, or safe. It automates the process of detecting semantic drift by comparing two versions of semantic contracts, focusing on meaningful changes that could impact downstream consumers, such as dashboards or APIs, while ignoring non-functional YAML changes. This tool helps teams safeguard metric integrity by providing actionable insights during code reviews and CI workflows.

What’s Changed

dbt-semguard v0.3.0

Focused semantic-depth release.

Added

• breaking change detection for entity and dimension expression changes
• end-to-end support for cumulative and conversion metrics in YAML and semantic_manifest.json
• field-coverage policy for the semantic contract so diffed, nested, and intentionally excluded fields are auditable in tests
• CI smoke coverage for the published action in manifest mode with hostile spaced paths

Changed

• declarative field comparators in the diff engine instead of ad hoc per-field branching
• grouped markdown/text findings under the same semantic object for easier review
• more precise semantic object context in change messages, especially for nested entities and dimensions

• This action is used across all versions by 9 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

NeuroLink is a universal AI integration platform that consolidates 13 major AI providers and over 100 models into a single, consistent API, enabling seamless integration of AI capabilities into applications. It simplifies tasks such as provider switching, tool usage, memory management, and cost optimization, while offering advanced features like multi-provider failover and intelligent routing. NeuroLink streamlines AI workflows by automating complex processes, making it ideal for organizations seeking scalable, production-ready AI solutions.

What’s Changed

9.56.1 (2026-04-21)

Bug Fixes

• (context): Add support to filter out empty content chunks (5f13d91)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The spek GitHub Action provides a lightweight, read-only viewer for managing and navigating OpenSpec content locally. It automates tasks like browsing structured specifications, tracking changes, monitoring task progress, and conducting full-text searches, offering a user-friendly alternative to reading raw Markdown files. Key features include a searchable dashboard, BDD syntax highlighting, revision history tracking, and compatibility with web browsers, VS Code, and IntelliJ, making it a versatile tool for organizing and visualizing specification data.

What’s Changed

• Add table-of-contents (TOC) sidebar to spec detail pages — sticky navigation lists all h2/h3 headings, with scrollspy highlighting and smooth scrolling on click
• Add TOC sidebar to change detail pages for the Proposal, Design, and Specs tabs (Tasks tab excluded); TOC updates when switching tabs
• Persist the active tab in the change detail URL (?tab=<id>) and support deep links with both tab + hash (e.g., ?tab=design#decision-1)
• Specs tab: prefix each delta spec’s heading ids with <topic>-- so multiple specs with the same heading text no longer collide
• Support URL hash anchors on spec detail pages (e.g., /specs/foo#requirement-bar scrolls to that heading)
• Expand spec items in the VS Code sidebar to reveal their headings as child nodes; clicking a heading opens the webview at the corresponding section
• Add extractHeadings and slugifyHeading utilities to @spek/core for shared heading parsing across web and extension hosts
• Web: reloads and direct URL visits now restore the most recent repo from localStorage instead of bouncing back to the repo-selection page

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
The mcpunit GitHub Action performs a comprehensive quality audit of MCP servers, identifying issues such as poorly named tools, weak schemas, hidden risks, and inefficiencies in server responses. It automates the validation process with deterministic, CI-friendly checks, ensuring high standards for server configuration to improve AI agent behavior and prevent operational errors. Built for speed and simplicity, it provides lightweight, fast execution with zero runtime dependencies.

What’s Changed

Full Changelog: https://github.com/lee-to/mcpunit/compare/v1.2.0...v1.3.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Cassandra - AI Review Agent is an autonomous code review tool designed to analyze code changes, provide structured feedback, and identify potential issues before deployment. It integrates with local Git workflows and CI/CD pipelines, supporting inline GitHub pull request reviews with actionable, context-aware feedback facilitated by AI models like Anthropic Claude and Google Gemini. This tool automates the code review process, enhancing code quality and reducing the risk of production bugs.

What’s Changed

What’s Changed

• Add Copilot setup steps workflow by @menny in https://github.com/menny/cassandra/pull/49
• Restructure prompt assembly for prefix caching + add prompt dev guide by @Copilot in https://github.com/menny/cassandra/pull/48
• feat: log prompt summary to stderr after BuildSystemPrompt by @Copilot in https://github.com/menny/cassandra/pull/52
• feat: add retry logic for LLM and GitHub API calls by @Copilot in https://github.com/menny/cassandra/pull/53
• refactor(llm): cleanup + scoped AGENTS.md by @menny in https://github.com/menny/cassandra/pull/54
• refactor(core): cleanup and idiom pass by @menny in https://github.com/menny/cassandra/pull/55
• refactor(tools): error idioms and helper extraction by @menny in https://github.com/menny/cassandra/pull/56
• refactor(cmd): cleanup and shared helpers by @menny in https://github.com/menny/cassandra/pull/57
• docs: correct AGENTS.md/DESIGN.md and add CODE_STYLE.md by @menny in https://github.com/menny/cassandra/pull/58
• feat: use pre-built binaries when available by @menny in https://github.com/menny/cassandra/pull/59

Full Changelog: https://github.com/menny/cassandra/compare/v0.0.1...v0.1.0

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The middleBrick Scan Action is a GitHub Action designed to automate security assessments for API endpoints, including REST, GraphQL, LLM/AI, and Web3 JSON-RPC. It evaluates APIs for vulnerabilities across 14 security categories, assigns a risk score (A–F), and provides actionable findings to help maintain security standards. Key features include the ability to fail CI pipelines based on a score threshold, post findings as PR comments, add inline annotations, and support authenticated scanning, streamlining API security testing in CI workflows.

What’s Changed

First public release of the middleBrick API Security Scan Action.

What’s in this release

• Authenticated scanning — new headers input accepts a JSON map of auth headers. Allowlist: Authorization, X-API-Key, Cookie, X-Custom-*. Requires one-time domain verification in the dashboard.
• Marketplace-ready README with full coverage, examples (threshold gate, PR comment, matrix, OpenAPI), and safety notes.
• Apache 2.0 license (LICENSE + NOTICE).
• Rebuilt bundle — ncc-packaged dist/index.js at ~1.9MB.

Coverage

14 security categories: OWASP API Top 10 (12 checks) + LLM/AI Security (system prompt leakage, injection, jailbreaks) + Web3 JSON-RPC (EVM / Solana / Cosmos) + DeFi application (oracles, slippage, leaked provider keys).

Protocols auto-detected: REST, GraphQL, gRPC-Web, SOAP, JSON-RPC, EVM-RPC, Solana-RPC, Cosmos-RPC.

Compliance mapping: PCI-DSS 4.0, SOC 2 Type II, OWASP API Top 10 2023.

Usage

- uses: middlebrick/scan-action@v1
  with:
    api-key: ${{ secrets.MIDDLEBRICK_API_KEY }}
    url: https://api.staging.example.com/v1/users
    threshold: 70

See README for full inputs, outputs, and examples.

Links

• middlebrick.com
• Dashboard
• Pricing

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, mipiti-verify, automates the verification of security controls and threat model assertions within CI pipelines using the Mipiti framework. It ensures that security controls remain up-to-date and detects configuration drift by verifying assertions locally, in batch mode, or against AI-assisted models. Key capabilities include automated verification, signed report auditing, and integration with AI models for enhanced analysis.

What’s Changed

Docker Image

Pre-built image for faster CI (pulls cached image instead of building from source):

- uses: docker://ghcr.io/mipiti/mipiti-verify:v0.30.1@sha256:6a202cc6994e8425dc216593bc23c7685d552ab68486bbddba28007d1ce53544

Image: ghcr.io/mipiti/mipiti-verify:v0.30.1 Digest: sha256:6a202cc6994e8425dc216593bc23c7685d552ab68486bbddba28007d1ce53544

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:

The GitHub Action agent-bom is a security scanner designed for AI supply chains, including agents, MCP servers, packages, containers, cloud infrastructure, GPUs, and runtimes. It automates the identification of vulnerabilities (CVEs) across interconnected components, providing detailed blast radius analysis to pinpoint impacted credentials, tools, and remediation steps. This action helps organizations secure their AI stack by offering end-to-end visibility and actionable fixes for potential security risks.

What’s Changed

What’s Changed

• [codex] add hosted product spec and split deployment diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/1601
• Add source registry and wire the Sources page by @msaad00 in https://github.com/msaad00/agent-bom/pull/1602
• Fix release coherence and tenant isolation by @msaad00 in https://github.com/msaad00/agent-bom/pull/1603
• [docs] simplify self-hosted deployment and runtime flow diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/1604
• [platform] sharpen scoring, lookup, and tracing by @msaad00 in https://github.com/msaad00/agent-bom/pull/1605
• [platform] wire sources schedules to the control plane by @msaad00 in https://github.com/msaad00/agent-bom/pull/1606
• [docs] simplify self-hosted deployment and runtime diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/1607
• [release] prepare 0.81.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1608

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.81.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The kyosei-action is a GitHub Action that automates multi-perspective AI-powered code reviews for pull requests, analyzing code quality, performance, security, test coverage, and documentation accuracy. It addresses issues with repetitive or outdated feedback by leveraging the kyosei plugin to exclude already-posted, resolved, or acknowledged comments, ensuring only new and relevant insights are provided. Additionally, it removes opinionated defaults from other review tools, enabling project-specific conventions to be defined via configuration files.

What’s Changed

What’s Changed

Bug Fixes

• fix: Node.jsセットアップを追加し依存関係の解決をcomposite actionに集約 by @ncaq in https://github.com/ncaq/kyosei-action/pull/68

Dependency Updates

• build(deps): lock file maintenance by @renovate[bot] in https://github.com/ncaq/kyosei-action/pull/66
• build(deps): update ncaq/nix-composite-action action to v1.1.1 by @renovate[bot] in https://github.com/ncaq/kyosei-action/pull/67

Full Changelog: https://github.com/ncaq/kyosei-action/compare/v1.5.0...v1.5.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Faultline AI Trust & Safety Scanner is a GitHub Action designed to verify the integrity and compliance of AI-generated content during the CI pipeline process. It detects issues such as hallucinations, manipulations, and policy violations (e.g., GDPR, EU AI Act) by analyzing specified files and generating detailed security alerts and inline PR annotations for identified issues. This action helps automate AI content validation, ensuring safer and more reliable AI outputs before deployment.

What’s Changed

Faultline AI Trust & Safety Scanner v1.0.0

Forensic AI output verification for your CI pipeline.

What it does

• Scans AI-generated content for hallucination, manipulation, and policy violations
• Outputs SARIF to GitHub Code Scanning (inline PR annotations + Security tab alerts)
• EU AI Act Article 5/Annex III/Article 50 compliance detection
• Free mock mode — no API key required

Usage

```yaml

• uses: nxtg-ai/faultline-action@v1 with: input: ‘docs/ai-output.md’ fail-on: ‘high’ env: GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} ```

See README for full documentation.

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The r2-setup-action GitHub Action configures the AWS CLI to seamlessly interact with Cloudflare R2, a storage solution similar to Amazon S3. It automates the setup process, enabling users to upload files to R2 using the AWS CLI by specifying the appropriate endpoint, simplifying integration with Cloudflare’s storage services.

What’s Changed

Full Changelog: https://github.com/rarestype/r2-setup-action/commits/v1

• This action is used across all versions by 123 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Drawio Export Action is a GitHub Action that automates the export of diagrams created in draw.io to various formats, including PNG, PDF, SVG, and more. It simplifies the process of keeping exported diagram files synchronized with their source .drawio files by automatically generating updated exports on changes. This action supports configurable options like output format, image quality, scaling, and background transparency, making it a powerful tool for managing and versioning diagram assets in repositories.

What’s Changed

2.48.0 (2026-04-21)

Features

• bump rlespinasse/drawio-export from v4.48.0 to v4.49.0 (#100) (7f483fb)

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

rumdl is a high-performance Markdown linter and formatter built with Rust to ensure consistency and best practices in Markdown files. It automates the detection and correction of common Markdown issues, offers 71 lint rules, supports multiple Markdown flavors, and provides configurable, CI/CD-friendly functionality with fast execution and intelligent caching. By combining speed, automatic formatting, and comprehensive error reporting, rumdl streamlines the management of Markdown files for developers.

What’s Changed

Fixed

• md046: ignore container content when detecting code-block style (2685388)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Ansible Galaxy Publish Action is a GitHub Action designed to automate the publishing of Ansible collections or roles to Ansible Galaxy. It streamlines the process by handling tasks such as building and publishing collections or importing roles, with features like dry-run mode for validation without using an API key and artifact uploads for manual inspection. This action simplifies CI workflows by providing key outputs like published references, artifact paths, and collection versions, while supporting version pinning for Ansible.

What’s Changed

Documentation

• Update changelog (3f456b7)
• Update CONTRIBUTORS.md (7137176)
• Update changelog (2471da7)

Miscellaneous

• Bump softprops/action-gh-release from 2 to 3 (4526385)

Refactoring

• Unify namespace+name inputs, derive version from galaxy.yml, upload dry-run artifact, polish summary (12fb2a7)

Full Changelog: https://github.com/somaz94/ansible-galaxy-publish-action/compare/v1.0.0...v1.1.0

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The ansible-molecule-test-action is a GitHub Action designed to automate the testing of Ansible roles and collections using Molecule. It streamlines the entire Molecule testing pipeline, including setting up Python, installing dependencies (Ansible, Molecule, Docker driver), and running molecule test across specified Linux distributions, making it ideal for validating Ansible configurations in CI workflows. The action supports version pinning, additional package installations, and provides test results and metadata as outputs.

What’s Changed

CI/CD

• Bump softprops/action-gh-release v2 to v3 for sibling-repo alignment (8429e50)

Documentation

• Update changelog (d06d1d5)
• Add Known Compatibility section for ansible-core 2.19 issue (4ad2f4e)

Full Changelog: https://github.com/somaz94/ansible-molecule-test-action/compare/v1.0.1...v1.0.2

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The go-kubebuilder-test-action is a GitHub Action designed to automate the testing and verification process for projects using the Kubebuilder framework. It streamlines tasks such as setting up Go, running tests, ensuring manifests and deepcopy code are up-to-date, and verifying no drift in generated files, all in a single step. This action simplifies the development workflow for Kubebuilder-based repositories by replacing multiple manual steps with a customizable and efficient solution.

What’s Changed

Bug Fixes

• Unify verify step so manifests_drift output is set when verify is skipped (dd8f73e)

CI/CD

• Add release, mirror, and changelog workflows (5a081ec)

Features

• Implement go-kubebuilder-test-action (d9ccae4)

Miscellaneous

• Add baseline repo files and license (d563298)

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The helm-chart-release-action is a GitHub Action that automates the release process for Helm charts by packaging them, publishing them to a gh-pages branch as a Helm repository, and optionally pushing them to an OCI registry. It streamlines the Helm chart release pipeline, supporting both single and multi-chart workflows, with features like dry-run validation, app version auto-bumping, and flexible toggles for gh-pages and OCI push operations. This action simplifies and accelerates Helm chart deployments while ensuring consistent and repeatable processes for developers.

What’s Changed

Bug Fixes

• Use ’latest’ string for helm_version (azure/setup-helm v5 rejects empty) (062ccac)

Documentation

• Update changelog (5254bcf)

Full Changelog: https://github.com/somaz94/helm-chart-release-action/compare/v1.0.1...v1.0.2

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The helm-oci-push-action is a GitHub Action designed to automate the packaging and pushing of Helm charts to OCI-compliant registries, such as GHCR, ECR, GAR, Harbor, and more. It simplifies workflows by supporting multiple input modes (e.g., tarballs, chart paths, or directory scans), providing features like dry-run validation, idempotent releases by skipping existing versions, and built-in Helm registry authentication. This action streamlines Helm chart management, making it efficient for CI/CD pipelines and registry publishing tasks.

What’s Changed

Documentation

• Update changelog (c70f442)
• Update CONTRIBUTORS.md (ed80ee2)
• Fix license reference (MIT, matches LICENSE file) (a64097b)

Refactoring

• Install latest helm at build time, drop hardcoded v3.16.4 pin (0a6ab94)

Full Changelog: https://github.com/somaz94/helm-oci-push-action/compare/v1.0.0...v1.0.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The ci-delta GitHub Action analyzes changes in GitHub Actions workflow files between two code revisions and generates semantic diff reports, highlighting potential pipeline behavior changes that may not be obvious in raw YAML diffs. It automates the detection of critical changes, such as new high-risk triggers, permission escalations, environment modifications, and job structure alterations, helping developers identify and mitigate risks in CI/CD configurations. The action also supports generating reports in markdown or JSON formats and can optionally post findings as comments on pull requests.

What’s Changed

Refresh the npm package README with a visible GitHub repository link and publish updated package metadata.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Soundcheck Security Review GitHub Action automates the process of performing an OWASP-based security review on your repository’s source code. It scans for vulnerabilities, rewrites code with Critical, High, and Medium severity findings in place, and generates a pull request containing the updated code alongside a severity-ranked findings table. This action streamlines security auditing, ensures code hygiene, and helps developers address vulnerabilities efficiently.

What’s Changed

Bumps SOUNDCHECK_SHA to soundcheck e63ae37 (release v1.8.1).

Pulls in self-review poisoning protection, empty-findings integrity gate, and the new quarterly-threat-review drafting job. The floating v1 tag now points here.

See https://github.com/thejefflarson/soundcheck/releases/tag/v1.8.1 for details.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, “Expand AWS IAM Wildcards,” automates the process of identifying and expanding wildcard actions in AWS IAM policy changes within pull requests. It analyzes PR diffs, identifies IAM actions with wildcards, and posts inline comments detailing the specific actions each wildcard matches, including links to AWS documentation. This helps reviewers quickly and accurately assess the security implications of IAM policy changes, improving code review efficiency and reducing the risk of unintended permissions.

What’s Changed

Added

• Add OIDC-backed release attestation for the shipped dist/index.js action bundle
• Add release verification docs and extend verify-release.sh to check artifact attestations when GitHub CLI is available
• Add action entrypoint orchestration tests covering pull request handling, comment sync paths, truncation logging, and failure reporting

Changed

• Refresh bundled IAM action data from AWS
• Generate release bundles on Ubuntu through the Prepare Release workflow instead of from a local machine
• Include the IAM data generator script in TypeScript checking
• Update npm dependencies

Fixed

• Validate the collapse-threshold input and fail clearly for invalid values instead of accepting partial parses

• This action is used across all versions by 2 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The action-ccstudio-ide GitHub Action automates the setup and build process for projects developed in Texas Instruments’ Code Composer Studio (CCS), an IDE for embedded development on TI microcontrollers and processors. It streamlines CI/CD workflows by downloading, installing, and configuring CCS within a Docker-based Linux environment, enabling developers to build and test their embedded projects directly within GitHub Actions. Key capabilities include specifying project paths, build configurations, and CCS versions to tailor the build process to individual project requirements.

What’s Changed

• 🐛 fix versioned eclipse dir path for CCS v12 and below (dd4f8c9)
• 🔀 Merge pull request #5 from uoohyo/develop (5fb9267)
• 🐛 correct v12 download URL directory path from 4-part to 3-part version (5b505a5)
• 💚 update workflow actions to Node.js 24 compatible versions (df651ab)
• ✨ implement CCS headless CI build with version-aware install and build failure detection #major (8d82eb0)
• Set execute permission for the entrypoint script #major (53fea92)
• #major readme update (2ccf4fe)
• fix: Update Version (4199643)
• fix: delete build: (19564f1)
• fix: action jobs.. checkout and create release.. (53a7319)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Gemini Discussion Agent is a GitHub Action that automates the analysis and response to GitHub Discussions using Google AI’s Gemini. It reads the entire discussion thread for context and generates meaningful, AI-driven replies when triggered by a mention. This action streamlines community interaction by providing automated, context-aware responses, with support for configurable prompts, languages, and AI models.

What’s Changed

What’s Changed

• Dev by @Val-d-emar in https://github.com/Val-d-emar/gemini-discussions-agent/pull/4
• Dev by @Val-d-emar in https://github.com/Val-d-emar/gemini-discussions-agent/pull/5

Full Changelog: https://github.com/Val-d-emar/gemini-discussions-agent/compare/v1...v1.1.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The setup-vp GitHub Action streamlines the setup of Vite+ (vp) environments by automating the global installation of Vite+, optional Node.js version management, and dependency caching with lockfile detection. It simplifies project setup workflows by supporting all major package managers, enabling automated dependency installation, and offering flexibility for custom configurations like working directories and private package registries. This action is ideal for automating consistent, efficient development and CI/CD pipelines.

What’s Changed

What’s Changed

• chore: update README with bun support and bump deps by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/44
• chore(deps): update dependency typescript to v6.0.3 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/45
• chore(deps): update vite-plus to v0.1.19 by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/46
• feat: retry Vite+ install on transient network failures by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/47

Full Changelog: https://github.com/voidzero-dev/setup-vp/compare/v1.6.0...v1.7.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The depenemy-action GitHub Action scans project dependencies for supply chain risks, reputation concerns, and behavioral issues. It automates security and reliability checks by identifying vulnerabilities, outdated packages, malicious elements, and other risks, with results integrated directly into GitHub’s Code Scanning interface. Key capabilities include multi-ecosystem support (e.g., npm, Python, Rust) and configurable severity thresholds to streamline dependency management and enhance software supply chain security.

What’s Changed

• fix YAML syntax in action.yml (df6aa9e)
• add LICENSE (dc50abc)
• add README (025e7ba)
• initial action release (2060010)

• This action is used across all versions by 111 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the process of searching for specific strings in matching files and replacing them with designated values, saving the modified files afterward. It is particularly useful for bulk string replacements across multiple files, including handling complex replacement scenarios using regular expressions or large replacement payloads via external JSON files. Key capabilities include support for wildcard file matching, JSON-based replacement definitions, and customizable prefix/suffix contexts for precise pattern matching.

What’s Changed

Changes

• audit fixes @flcdrg (#1046)
• Bump typescript from 5.9.3 to 6.0.3 @dependabot[bot] (#1042)
• Bump axios from 1.15.0 to 1.15.1 @dependabot[bot] (#1045)
• Bump rollup from 4.60.1 to 4.60.2 @dependabot[bot] (#1044)
• Bump dependabot/fetch-metadata from 3.0.0 to 3.1.0 @dependabot[bot] (#1043)
• Bump lru-cache from 11.3.3 to 11.3.5 @dependabot[bot] (#1040)
• Bump @typescript-eslint/eslint-plugin from 8.58.1 to 8.58.2 @dependabot[bot] (#1041)
• Bump @typescript-eslint/parser from 8.58.1 to 8.58.2 @dependabot[bot] (#1039)
• Bump globals from 17.4.0 to 17.5.0 @dependabot[bot] (#1038)
• Bump eslint-plugin-jest from 29.15.1 to 29.15.2 @dependabot[bot] (#1035)
• Bump rollup-plugin-license from 3.7.0 to 3.7.1 @dependabot[bot] (#1034)
• Bump lru-cache from 11.3.2 to 11.3.3 @dependabot[bot] (#1033)
• Bump @typescript-eslint/eslint-plugin from 8.58.0 to 8.58.1 @dependabot[bot] (#1032)
• Bump axios from 1.14.0 to 1.15.0 @dependabot[bot] (#1031)
• Bump @typescript-eslint/parser from 8.58.0 to 8.58.1 @dependabot[bot] (#1030)
• Bump lru-cache from 11.3.0 to 11.3.2 @dependabot[bot] (#1029)
• Bump @types/node from 20.19.37 to 20.19.39 @dependabot[bot] (#1028)
• Bump lru-cache from 11.2.7 to 11.3.0 @dependabot[bot] (#1027)
• Bump ts-jest from 29.4.6 to 29.4.9 @dependabot[bot] (#1026)
• Bump @typescript-eslint/eslint-plugin from 8.57.2 to 8.58.0 @dependabot[bot] (#1025)
• Bump @typescript-eslint/parser from 8.57.2 to 8.58.0 @dependabot[bot] (#1024)
• Bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 @dependabot[bot] (#1021)
• Bump rollup from 4.60.0 to 4.60.1 @dependabot[bot] (#1023)
• Bump axios from 1.13.6 to 1.14.0 @dependabot[bot] (#1022)
• Bump eslint-plugin-jest from 29.15.0 to 29.15.1 @dependabot[bot] (#1020)
• Bump @typescript-eslint/eslint-plugin from 8.57.1 to 8.57.2 @dependabot[bot] (#1019)
• Bump @typescript-eslint/parser from 8.57.1 to 8.57.2 @dependabot[bot] (#1018)
• Bump rollup from 4.59.0 to 4.60.0 @dependabot[bot] (#1017)
• Bump @typescript-eslint/eslint-plugin from 8.57.0 to 8.57.1 @dependabot[bot] (#1016)
• Bump pnpm/action-setup from 4 to 5 @dependabot[bot] (#1015)
• Bump @typescript-eslint/parser from 8.57.0 to 8.57.1 @dependabot[bot] (#1014)

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The gha-timer GitHub Action provides functionality to group and log tasks within GitHub Actions workflows, while tracking and displaying elapsed time for each group. It visually highlights task outcomes (e.g., success, failure, canceled, or skipped) with customizable colors and icons, improving workflow transparency and debugging efficiency. Additionally, it includes a command-line tool for starting timers and reporting elapsed times outside GitHub workflows.

What’s Changed

Bug Fixes

• Git tag in release process (#8) (842f5ef9)
• The coloring of installation completing (#9) (55c38437)

Documentation

• Update fulcrum genomics logo with light/dark theme support (#11) (b6f3e01c)

Miscellaneous Tasks

• Fix logo in the README (7ca47964)
• Update orhun/git-cliff-action from v3 to v4 (#10) (ec6ec57d)

Ci

• Pin GitHub Actions to full-length commit SHAs (#12) (d5868d83)

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The setup-docker-desktop-macos GitHub Action installs and starts Docker Desktop on macOS runners in GitHub Actions workflows. It automates the setup of a Docker environment on macOS for testing workflows or applications that rely on Docker, eliminating manual configuration steps. This action is specifically designed for scenarios requiring Docker on macOS and is not intended for building or publishing Linux containers.

What’s Changed

Full Changelog: https://github.com/gh-workflow/setup-docker-desktop-macos/compare/0.0.9...0.0.10

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The gRPC Testify GitHub Action automates the installation and execution of the grpctestify tool in CI workflows, enabling users to validate, test, and format gRPC test files without requiring a Rust toolchain. It simplifies CI setups by downloading the appropriate grpctestify binary, adding it to the PATH, and optionally running commands like run, check, or fmt on specified files. This action streamlines gRPC test management in CI pipelines, saving setup time and ensuring consistency.

What’s Changed

What’s Changed

• first version by @rez1dent3 in https://github.com/gripmock/grpctestify-action/pull/1

New Contributors

• @rez1dent3 made their first contribution in https://github.com/gripmock/grpctestify-action/pull/1

Full Changelog: https://github.com/gripmock/grpctestify-action/commits/v1.0.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The helmfile-action GitHub Action simplifies the setup and use of Helmfile and Helm within GitHub Actions workflows. It automates tasks such as managing Helmfile and Helm versions, installing Helm plugins, and executing Helmfile commands, streamlining Kubernetes configuration and deployment processes. This action is cross-platform and provides outputs for better workflow integration, such as command exit codes and output logs.

What’s Changed

What’s Changed

• build(deps-dev): bump @typescript-eslint/parser from 8.58.0 to 8.58.1 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/670
• build(deps-dev): bump eslint-plugin-jest from 29.15.1 to 29.15.2 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/673
• build(deps-dev): bump prettier from 3.8.1 to 3.8.2 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/672
• build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.58.0 to 8.58.1 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/669
• build(deps-dev): bump @types/node from 25.5.2 to 25.6.0 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/671
• build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/674
• build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.58.1 to 8.58.2 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/676
• build(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/679
• build(deps-dev): bump @swc/core from 1.15.24 to 1.15.30 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/680
• build(deps-dev): bump prettier from 3.8.2 to 3.8.3 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/677
• build(deps-dev): bump @typescript-eslint/parser from 8.58.1 to 8.58.2 by @dependabot[bot] in https://github.com/helmfile/helmfile-action/pull/675

Full Changelog: https://github.com/helmfile/helmfile-action/compare/v2.4.2...v2.4.3

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The cibuild GitHub Action simplifies setting up CI/CD pipelines for iOS and Android projects by auto-generating, customizing, and managing GitHub Actions workflows. It automates tasks such as platform detection, pipeline configuration, secret management, and validation, streamlining the process of creating and running CI pipelines locally or on GitHub. Its key capabilities include non-interactive pipeline creation, interactive setup wizards, local pipeline execution, and seamless secret synchronization with GitHub environments.

What’s Changed

Release v1.5.3

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Setup protoc GitHub Action simplifies the process of downloading, installing, and configuring the Google Protocol Buffers (protoc) compiler in CI workflows. It automates locating the appropriate protoc release based on the specified version and runner environment, downloads and caches it, and adds it to the system PATH for immediate use. This action streamlines workflow setup by ensuring the correct version of protoc is readily available, reducing manual effort and potential configuration errors.

What’s Changed

Full Changelog: https://github.com/Jisu-Woniu/setup-protoc/compare/v1.0.0...v1.0.1

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Versionary is an automated release tool designed to simplify semantic versioning, changelog generation, and release workflows using conventional commits. It supports both direct releases and release pull request (PR) workflows, enabling maintainers to review changes before publication. The tool is software-agnostic, extensible, and integrates versioning, tagging, and SCM release metadata management, streamlining the release process while leaving artifact publishing to external CI workflows.

What’s Changed

Features

• strategies: add latex strategy (ff225d2)
• merge fixing and closing phrases in changelogs (7a57758)

Bug Fixes

• deduplicate “fixes #” notes (e6c895e)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Verify Agent Execution Receipt” GitHub Action automates the validation of signed execution receipts against corresponding evidence bundles using a public key. It ensures the integrity and authenticity of artifacts produced by agent workflows, making it particularly useful for CI pipelines to verify execution evidence and fail jobs when validations fail. The action generates a verdict (valid or invalid) and a detailed verification report, helping to maintain trust and transparency in automated processes.

What’s Changed

v0.1.0 - Verify Agent Execution Receipt Action

Initial release.

What this action does

This GitHub Action validates signed agent execution receipts against evidence bundles using the verifiable-tool-invocation-flow Python package.

Features

• Installs verifiable-tool-invocation-flow==0.1.1
• Runs the independent receipt validator CLI
• Validates receipt, evidence bundle, and public key
• Outputs verdict
• Outputs report-path
• Supports configurable audience
• Supports configurable Python version
• Supports configurable package version
• Supports fail-on-invalid

Inputs

• receipt
• evidence
• public-key
• audience
• output
• package-version
• python-version
• fail-on-invalid

Outputs

• verdict
• report-path

Scope

This action validates signed execution evidence.

It does not prove semantic correctness of the tool output. It does not prove that the policy itself is correct. It does not protect against a compromised signer. It does not replace sandboxing, IAM, access control, monitoring, or human approval.

Related project

Core package: https://pypi.org/project/verifiable-tool-invocation-flow/0.1.1/

Core repository: https://github.com/joy7758/verifiable-tool-invocation-flow

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The AI Code Reviewer GitHub Action automatically reviews pull requests using Groq AI to assess code across five categories: Security, Bugs, Performance, Maintainability, and Best Practices. It provides inline comments with severity levels and can optionally auto-fix issues by committing changes directly to the PR branch, enabling a fully automated review workflow. This action helps streamline code review processes, enhance code quality, and identify critical issues like OWASP Top 10 security vulnerabilities with minimal human intervention.

What’s Changed

What’s included

• Full 5-category review: Security, Bugs, Performance, Maintainability, Best Practices
• Inline line comments with severity levels (CRITICAL, HIGH, MEDIUM, LOW, SUGGESTION)
• OWASP Top 10 security checks
• auto_fix: "true" — AI commits fixes directly to the PR branch, re-review runs automatically
• Infinite loop protection — skips auto-fix if last commit was already a bot fix
• /fix and /review slash commands via PR comments
• Powered by Groq (free API key at console.groq.com)

Quick Start

- uses: krishthesmart/github-code-reviewer@v1
  with:
    groq_api_key: ${{ secrets.GROQ_API_KEY }}
    github_token: ${{ secrets.GITHUB_TOKEN }}
    auto_fix: "true"

See the README for full setup instructions.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Kida is a Python-based component framework for generating HTML, terminal output, and markdown with modern frontend patterns, such as typed props, named slots, scoped state, and error boundaries, all without relying on JavaScript or a build step. It automates template validation, component discovery, and compile-time checks to enhance reliability and scalability across multi-core Python environments. Key features include static type-checking, context propagation, co-located styles, and error handling, making it a robust alternative to traditional templating engines like Jinja2.

What’s Changed

0.7.0 (2026-04-20)

+6842 / -703 across 87 files

New Features

• feat: agent-UX — narrow {% set %} warning, parser trap hints, docs truth (#106)

• feat: reject non-top-level {% def %}/{% region %}, retarget Undefined hint (#100)

• feat: RenderCapture — block-level capture, search indexing, freeze cache (#99)

• feat: adopt Python 3.14+ patterns — TypedDict, match/case, slots (#98)

Bug Fixes

• fix: extend CoercionWarning to collection/number filters, add lint gates (#97)

• fix: suppress PrecedenceWarning when nullish fallback is parenthesized (#96)

• fix: bump action default python-version from 3.12 to 3.14 (#94)

Documentation

• docs: add AGENTS.md — contributor safety/values guide (#104)

Refactoring

• refactor: leaf-node hardening — bug fixes, dead code, test gap closure (#105)

Other Changes

• feat!: flip strict_undefined default to True (#107)

• Render-surface hardening: parity corpus, fragment scaffold, sandbox fuzz (#103)

• release: prepare v0.6.0 — version bump, changelog, and docs (#93)

Contributors

@lbliii

Full diff: 0.6.0…0.7.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

SecondBrain is a CLI tool designed to retrieve, filter, and analyze data from various external sources (e.g., Salesforce, Slack, YouTube, and GitHub) using Retrieval Augmented Generation (RAG) techniques and Large Language Models (LLMs). It automates tasks such as generating insights, summaries, and reports by extracting relevant information from disconnected datasets and applying natural language processing to analyze the data. Key capabilities include directory scanning for document analysis, querying GitHub repository changes, and summarizing YouTube video transcripts.

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The mipiti-verify GitHub Action automates the verification of threat model assertions for security controls using the Mipiti platform. It streamlines tasks such as validating assertions locally, in CI pipelines, or offline, leveraging AI-powered analysis for advanced checks. This action helps ensure security controls remain accurate, detect configuration drift, and maintain compliance by providing capabilities like batch verification, drift detection, and signed audit report validation.

What’s Changed

Docker Image

Pre-built image for faster CI (pulls cached image instead of building from source):

- uses: docker://ghcr.io/mipiti/mipiti-verify:v0.29.0@sha256:e580e0fb5dbe68acc9cfea588fa5574a5529430422714bad975ce136fb0531af

Image: ghcr.io/mipiti/mipiti-verify:v0.29.0 Digest: sha256:e580e0fb5dbe68acc9cfea588fa5574a5529430422714bad975ce136fb0531af

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Totem is a CLI tool designed to provide a persistent, cross-repository memory and enforcement layer for AI coding agents. It automates the process of converting lessons learned from past mistakes into enforceable rules, preventing recurring architectural errors and ensuring code consistency without relying on live LLMs. By using deterministic, offline linting, Totem enhances the reliability and efficiency of AI-assisted development workflows.

What’s Changed

Minor Changes

• f9c287b: 1.15.0 ships Pack Distribution: the first shippable Totem pack, plus the compile-hardening and zero-trust substrate that makes packs safe to distribute.

  Pack Distribution

  • @totem/pack-agent-security (ADR-089 flagship pack). 5 immutable security rules covering unauthorized process spawning, dynamic code evaluation with non-literal arguments, network exfiltration via hardcoded IPs or suspicious domains (API + shell-string variants), and obfuscated string assembly via byte-level primitives. Every rule ships immutable: true + severity: error + category: security with bad/good fixture pairs and 57 unit tests.
  • totem install pack/<name> command installs a published pack into the local manifest.
  • pack-merge primitive refuses downgrade of immutable rules to warning or archived; bypass attempts log to the Trap Ledger.
  • Content-hash substrate across TypeScript and bash (review + sync + pre-push hook) so pack integrity verifies without relying on file timestamps.

  Zero-trust default (ADR-089)

  • Pipeline 2 and Pipeline 3 LLM-generated rules now ship unverified: true unconditionally. Activation via the atomic totem rule promote <hash> CLI or the ADR-091 Stage 4 Codebase Verifier in 1.16.0.
  • Pipeline 1 (manual) keeps its conditional semantics; human-authored rules are self-evidencing.

  Compile hardening (ADR-088 Phase 1)

  • Layer 3 verify-retry loop: rules that fail their own smoke test re-prompt once before the compiler rejects them.
  • Compile-time smoke gate runs both badExample and goodExample; rules that fire on both directions are rejected with reason code matches-good-example (closes the over-matching hole that drove the 2026-04-18 security-pack 10-of-10 archive rate).
  • archivedAt timestamp preserved across schema round-trips so the institutional first-archive-provenance ledger survives every compile cycle.
  • unverified flag and nonCompilable 4-tuple with 9-value reason-code enum replaces the opaque 2-tuples.
  • totem doctor stale-rule advisory (ADR-088 Phase 1) plus the grandfathered-rule advisory that surfaces the pre-zero-trust cohort categorized by vintage-pre-1.13.0, no-badExample, and no-goodExample.

  Platform

  • Compound ast-grep rules (ADR-087, promoted from Proposal 226). astGrepYamlRule field on CompiledRule with mutual exclusion on astGrepPattern, structural combinators (all / any / not / inside / has / precedes / follows), and canonical-serialization hashing via canonicalStringify.
  • Windows shell-injection fix in safeExec via cross-spawn.sync (closes a three-week-latent vector).
  • Cross-Repo Context Mesh (totem search federation + totem doctor Linked Indexes health check).
  • Standalone binary distribution unblocked (darwin-arm64, linux-x64, win32-x64).

  Positioning

  • ADR-090 (Multi-Agent State Substrate). Scopes Totem as the shared state, enforcement, and audit substrate for multi-agent development. Totem does not own agent routing, capability negotiation, session lifecycle, or live-edit conflict resolution. Future feature admission passes the Scope Decision Test.
  • ADR-091 (Ingestion Pipeline Refinements). Redefines the 1.16.0 ingestion pipeline as a 5-stage funnel: Extract → Classify → Compile → Verify-Against-Codebase → Activate. Renames the legacy allowlist terminology to baseline.
  • ADR-085 (Pack Ecosystem). Accepted with five deferred decisions resolved: Behavioral SemVer with refinement classification, array-order precedence plus totem doctor shadowing warning, Local Supreme Authority with ADR-089 immutable-severity carve-out, Sigstore + in-toto signing, native npm lifecycle with 72-hour unpublish constraint.

  Detailed patch-level changes: CHANGELOG.md entries 1.14.1 through 1.14.17.

Patch Changes

• Updated dependencies [f9c287b]
  • @mmnto/totem@1.15.0

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Check Action Versions” GitHub Action automates the process of auditing and updating actions referenced in workflow files to ensure they use the latest strict-semver releases. It scans workflows, identifies outdated actions, and creates a tracking issue and pull request to update uses: references with the latest commit SHAs, ensuring compliance with SHA-pinning requirements. This action simplifies maintaining up-to-date dependencies and enhances workflow security and reliability.

What’s Changed

Docs

Full README overhaul. No behavior changes.

• Quickstart now SHA-pins the action itself, matching the form this action writes for every other entry in consumer workflow files and satisfying any repo or organization enforcing SHA-pinning on uses: references.
• Updating the pin: new dedicated section explaining how to resolve the commit SHA for the latest release (GitHub UI and gh CLI one-liner).
• GPG setup: complete caller-side YAML example. Notes that the GPG path is implemented but not yet validated end-to-end in production.
• Troubleshooting: headings now match real log output. New entry for the org-policy error (“Actions must be pinned to a full-length commit SHA”).
• Versioning: simplified to exact semver releases. The floating v1 tag has been retired; consumers should pin by commit SHA as described in Quickstart.
• Removed the “Security design notes” section (the framing was confusing; the useful content is implicit elsewhere).
• Brand-voice pass throughout: shorter sentences, fewer em dashes, less marketing cadence.

Consumer impact

For repos already pinned to v1.0.2’s SHA: the next scheduled run of this action opens a PR rewriting the pin to v1.0.3’s SHA and comment. No manual action needed.

For new consumers: see Quickstart in the new README.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The aer GitHub Action provides a lightweight, Salesforce-compatible runtime to validate and test Apex code directly in CI/CD pipelines without deploying to a Salesforce org. It simplifies and accelerates development workflows by enabling fast, reproducible test execution and debugging for Apex code. Key capabilities include running Apex tests, executing specific code paths, and interactive debugging within tools like VS Code or IntelliJ.

What’s Changed