• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The gentesty-evaluation-action is a GitHub Action designed to automate the process of triggering evaluation runs on the Gentesty platform. It streams real-time logs from the evaluation process into GitHub Actions workflows and provides the final test result (success/failure) directly in the workflow logs. This action streamlines integration with Gentesty, enabling secure and efficient testing workflows for CI/CD pipelines.

What’s Changed

Release v.1.1.12 published from b-nova/gentesty@30a923932981e2cf4ed1d3d945638b060ccd9f66

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The getbao Deploy Action automates the deployment of the getbao authentication service to Cloudflare Workers directly from a GitHub workflow. It streamlines tasks such as downloading release assets, provisioning Cloudflare infrastructure, applying database migrations, deploying workers, and initializing encryption keys and secrets. This action simplifies the deployment process, enhances infrastructure management, and ensures secure and efficient updates for applications using getbao.

What’s Changed

Full Changelog: https://github.com/getbao/action/compare/v1.0.0-alpha.11...v1.0.0-alpha.12

• This action is used across all versions by 12 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automatically generates and updates a list of Hugo FixIt theme components in a repository’s README file. It simplifies the task of maintaining an up-to-date component list by dynamically replacing specified placeholders in the README with the latest information. The action supports scheduled updates or manual workflow triggers, streamlining documentation management for projects using Hugo FixIt themes.

What’s Changed

v1.0.8 - 6 May 2026

:tada: New Features

• Ensure multibyte UTF-8 characters are decoded safely in json response 3166729 by @Lruihao

Full Changelog: https://github.com/hugo-fixit/action-component-list/compare/v1.0.7...v1.0.8

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Jankurai is a repository management tool designed to audit and enforce coding standards for AI-assisted workflows, ensuring auditable and reproducible merge decisions. It identifies and addresses issues like CI/tooling failures, security risks, secret sprawl, and generated code drift by generating human- and agent-readable reports, proof artifacts, and adoption guidance. Its key capabilities include repository-wide analysis, configurable adoption levels, and integration with CI pipelines to maintain code quality and prevent regressions.

What’s Changed

Added

• Added default audit inventory exclusion for tips/, plus user-configurable [scan] excluded_paths entries in agent/audit-policy.toml.
• Added bounded score history commands: jankurai history latest/export/compact/restore, plus bounded audit retention and optional mirror sink support.
• Added May 6 public-repository paper evidence, score tables, and a README score table for the v0.8.8 Marketplace action release.
• Added accepted-baseline ratchet scaffolding and strict scoring-integrity smoke tests for fail-closed audit decisions.

Changed

• Routed jankurai score trend through the shared score-history loader and added stable score-history entry/export schemas.
• Bumped the auditor/action package release to 0.8.10; standard compatibility remains 0.8.0 and report schema remains 1.5.0.
• Hardened CI scoring order, required proof/security evidence, SHA-pinned Actions usage, SARIF upload, and badge source routing for release readiness.
• Fixed the isolated empty-repository ratchet regression so decision.ratchet.score_delta is always emitted, including --no-score-history runs.
• Prepared the v0.8.10 GitHub Marketplace action release for the hardened scoring-integrity lane.
• Scoped crates.io publication out of this Marketplace release until the proof crates are published first.

Release evidence:

• Green jankurai workflow on main: https://github.com/jeppsontaylor/Jankurai/actions/runs/25419934072
• Marketplace packaging branch: marketplace/v0.8.10
• Tag points at the Marketplace packaging commit, which removes only .github/workflows/jankurai.yml.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
agentpreflight is a pre-execution validation tool for AI agents that intercepts and evaluates tool calls before they are executed. It ensures security, correctness, and adherence to workflow rules by blocking unsafe operations (e.g., force-pushing to main, reading nonexistent files) and enforcing personal or project-specific guidelines like naming conventions and time estimation. With zero runtime dependencies, it provides composable, customizable rule sets for streamlined and disciplined agent behavior.

What’s Changed

agentpreflight is a pre-execution gate for AI tool calls: it validates the action an agent is about to run against live system state before the action executes.

v0.1.3 adds the GitHub Action wrapper, so CI can replay planned tool calls and fail a PR when any rule blocks.

Before an agent writes a file, runs a shell command, commits, pushes, or calls an external system, agentpreflight validates the planned tool call against the real state of the system at that moment.

If the action is unsafe, stale, or malformed, it blocks the call and returns a concrete correction.

Examples:

• A file write checks that the parent directory exists before dispatch.
• A git commit checks that staging actually contains changes.
• A read against a missing file fails before wasting a tool call.

How it is different:

Guardrails AI and NeMo Guardrails operate on model output or dialog behavior. agentpreflight operates on the tool call itself, before the action runs.

Microsoft’s Agent Governance Toolkit wraps the agent runtime. agentpreflight is a small tool-call gate with zero runtime dependencies.

It also ships workflow rules, not just security checks.

agentpreflight ships with thirteen default rule sets: six security rule sets for filesystem, git, secrets, environment, network, and parallel execution, plus seven workflow rule sets for naming, scope, editorial discipline, session hygiene, time estimation, prewrite checks, and release safety.

Adapters cover Claude Code, Cursor, Codex, and OpenClaw.

• This action is used across all versions by 34 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Create DMG Actions” GitHub Action automates the creation of standard .dmg installation files for macOS applications. It simplifies the process of packaging macOS apps into the widely used .dmg format, providing a user-friendly installation experience. Key capabilities include customizable options for file naming, application bundling, background images, and visual layout of the .dmg file.

What’s Changed

What’s Changed

1. add more options
2. upgrade node

Full Changelog: https://github.com/L-Super/create-dmg-actions/compare/v1.0.3...v1.1.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, “Just Release It! (from TOML),” automates the release process for Python projects by reading the version from pyproject.toml, generating a changelog based on commit history, and publishing a standardized GitHub release. It simplifies version management and release creation, solving the problem of manual changelog assembly and ensuring consistent release tagging for repositories using pyproject.toml. Key capabilities include changelog generation, version standardization, and seamless integration with GitHub workflows.

What’s Changed

✨ New Features

• Added depr group + group-ordering approach: XX -> y-z + improve regexes — 1a41541f4565e2de85834d3752d01a55d1b6cdbe by @Lex-DRL
• Add alert blocks — 5d0ab60203f5feaa3a521a1c5703b7c8ab80af20 by @Lex-DRL

🚀 Improvements

• Improve/Extend detected groups — 6399ee808813611f5953e04f92d6807c225f16d6 by @Lex-DRL
• Better stripping of <!-- X-Y --> from group names, according to cliff docs — 3dbe0c112ebbb56b9b83df3e908c4f6ed3155e45 by @Lex-DRL

🛠️ Fixes

• fix: release always created on default branch, regardless on what branch the action is launched on — 956b0a9dc3e91434aa1cacf145ce2496cc33deb3 by @Lex-DRL
• fix breaking changes parsers — 2dbf993c2b159148fe294e27fbc928d15c0fc98a by @Lex-DRL
• fix extra empty lines before titles — 03d5c89a0c47e235d9f53dd84f221d9ab8e43b38 by @Lex-DRL

📝 Documentation

• README — b0d9acf2e2115688b37db4c95efea724b997e4da by @Lex-DRL

♻️ Refactor

• Fully reimplement the whole configuration-preparing step as Python script — d3e815844f35ad1d66f1777209e1d83b747b8f4f by @Lex-DRL
• refactor: proper indentation/comments/tiny fixes in Tera template for readability — 783b6029884d121345206f6c44cc93d0c68cef6c by @Lex-DRL

📦 Build/Packaging

• bld: Eat your own meal - pyproject — b0effd745e918e4d69e87983dba198a0529905ba by @Lex-DRL
• bld: Eat your own meal - workflow — a250e0b6071e40a3324fd138f559938cc9ece0c1 by @Lex-DRL

🧹 Maintenance

• .gitignore: exclude test/debug names (qqq, zzz, etc) — 942a01a64746bdcf6adb21f8e5aa6c3b9b10905f by @Lex-DRL

🔀 Other changes

• Tweak inputs + properly exclude commits from merged branch + fix default template — 358fc86353857e4cfc4e1a83e3d78a0c5d3414e1 by @Lex-DRL
• Match previous release-tag only to v[0-9]*... pattern — 848507f070fb6f02abdeb8a92da78cc3ed2ef140 by @Lex-DRL
• … or any tag starting with a raw version-alike — 3df1e97c4e240204d2f7af38a2ce62dc8e4e63a0 by @Lex-DRL
• tweaks: nicer commit hash/author — 3190ed030877d1daf1d6906981cf279cae762498 by @Lex-DRL
• Rework groups detection — 920de3dc5899a80750a4f86b7d08d2d4f13b2d38 by @Lex-DRL
• More inputs: version field in TOML + category names — be2b5f729fb976729cc0ae728f5dc5736a59b47a by @Lex-DRL
• Also catch add/support/upd/change — dd7cb3559593c1babd9ddd16d0c68e2df224ee5c by @Lex-DRL
• _shared_just_release_it.py — 8d5f2c59c10b932c7f980b3c4d918878c5845029 by @Lex-DRL
• Set version outputs step -> switch-version-outputs.py — 6ca0aae26d2b6b763abc9b7a816a8825adf2ea73 by @Lex-DRL
• small action fixes — 9abc86fb70ce7c0074997f2becdc1499063db15b by @Lex-DRL

Version

• v1.0 — b14c508124293f969bc02edfff95ad660accad11 by @Lex-DRL

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Create Ephemeral Environment” GitHub Action automates the creation of temporary, on-demand test environments in Octopus Deploy. It is designed to help developers validate changes efficiently while minimizing infrastructure costs. Key capabilities include integrating with Octopus Deploy projects and spaces, enabling dynamic environment creation tied to pull requests or other CI/CD workflows.

What’s Changed

1.4.0 (2026-05-06)

Features

• Trigger Release Please 8 (7980540)

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The gha-mergify-ci GitHub Action integrates with Mergify to streamline CI workflows by automating the processing of JUnit XML test reports and managing pull request scopes for the Mergify Merge Queue. It helps identify and quarantine test failures, upload relevant test and scope data, and ensures dependent CI jobs are completed before proceeding. This action enhances CI/CD pipelines by improving test result insights and optimizing pull request merging processes.

What’s Changed

What’s Changed

• chore: update documentation for v16 by @jd in https://github.com/Mergifyio/gha-mergify-ci/pull/171
• feat: add test_step_outcome input to detect silent test failures by @jd in https://github.com/Mergifyio/gha-mergify-ci/pull/174
• ci: auto-update documentation after releases by @jd in https://github.com/Mergifyio/gha-mergify-ci/pull/172
• ci: warn when token is unset for scopes upload by @sileht in https://github.com/Mergifyio/gha-mergify-ci/pull/187
• fix(action): use –scopes-json instead of deprecated –file flag by @sileht in https://github.com/Mergifyio/gha-mergify-ci/pull/194
• feat(action): allow pinning mergify-cli version by @sileht in https://github.com/Mergifyio/gha-mergify-ci/pull/196

Full Changelog: https://github.com/Mergifyio/gha-mergify-ci/compare/v16...v17

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The setup-fortran GitHub Action automates the installation and configuration of Fortran compilers across Linux, macOS, and Windows environments. It simplifies the process of setting up various Fortran compilers, including gfortran, ifx, ifort, and others, ensuring compatibility with different runner platforms and versions. This action is particularly useful for automating build and testing workflows in projects that rely on Fortran.

What’s Changed

Initial Release

• GitHub Action to set up Fortran compilers and toolchains.
• Complete rewrite in TypeScript.
• Supports gfortran, ifx, ifort, nvfortran, aocc, lfortran, flang.
• Running on ubuntu-x64, ubuntu-arm, macos-arm, macos-intel, windows-x64, windows-arm, msys2-ucrt64, msys2-clang64.
• Tested with Fortran code: Module linking, polymorphism, iso_fortran_env, iso_c_binding, cpp, OpenMP.
• Add:

 - uses: minhqdao/setup-fortran@v1

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The mipiti-verify GitHub Action provides automated verification of threat model assertions for Mipiti-based security controls, ensuring they remain aligned and free from drift. It streamlines tasks such as validating assertions locally or in CI pipelines, auditing signed reports, and performing batch verification from JSON files. Key capabilities include integration with Tier 2 large language models for enhanced verification, support for API key-based scoped access, and detailed reporting on control verification and drift detection.

What’s Changed

Docker Image

Pre-built image for faster CI (pulls cached image instead of building from source):

- uses: docker://ghcr.io/mipiti/mipiti-verify:v0.37.0@sha256:ef8c7e670e9750a839dd29902f3b235cefa035bec15272d2c2f04ea0f51b0e16

Image: ghcr.io/mipiti/mipiti-verify:v0.37.0 Digest: sha256:ef8c7e670e9750a839dd29902f3b235cefa035bec15272d2c2f04ea0f51b0e16

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The GitHub Action “agent-bom” is a security scanner designed for AI supply chains and infrastructure, including packages, containers, cloud environments, GPUs, and runtimes. It identifies vulnerabilities (CVEs) in the AI stack, maps their blast radius to affected components such as MCP servers, connected agents, tools, and exposed credentials, and provides actionable fixes to collapse the vulnerability chain. This tool automates comprehensive security assessments, enabling organizations to mitigate risks efficiently and protect sensitive data.

What’s Changed

What’s Changed

• fix(release): prevent registry serialization tag failures by @msaad00 in https://github.com/msaad00/agent-bom/pull/2304
• Harden gateway and proxy production guards by @msaad00 in https://github.com/msaad00/agent-bom/pull/2305

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.86.0...v0.86.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action enforces disciplined behavior in AI coding agents, such as Claude Code, by implementing a structured 7-step workflow (research, plan, execute, verify, reflect, learn, iterate) to prevent common failures like skipping steps or incomplete verification. It automates this process using 13 integrated skills, including test-driven development enforcement, verification loops, and an instinct engine that adapts to usage patterns. Additionally, it provides a transcript linter for CI to catch violations of the workflow, ensuring consistent and reliable agent performance.

What’s Changed

Added

• Node observer + npx continuous-improvement backfill (#52) — replaces the bash thin-schema fallback that depended on jq. The new bin/observe.mjs reads stdin, parses the hook payload natively, and writes the rich event schema (tool_input.command for Bash, Edit.file_path for Edit/Write/Read, tool_output for tool_complete) without external dependencies. hooks/observe.sh becomes a two-phase shim: prefer the Node observer when present, fall back to the prior bash thin-schema path when not, so operators who do not re-run npx continuous-improvement install see no behavior change. The companion backfill subcommand walks existing observations.jsonl files and tags every row with schema: "thin" | "rich" so the analysis pass can cleanly skip thin rows and surface a “X% thin” stat to operators. Idempotent; preserves operator data via .bak and observations.corrupt.jsonl quarantine. Closes the audit-derived gap where 22,065 observations across 11 projects on a jq-less host yielded 0 auto-detected instincts. Live backfill against the maintainer’s host: 25,077 rows tagged → 24,547 thin (97.9%), 530 rich (2.1%), across 14 projects.
• Proactive Roadmap Surfacing section in wild-risa-balance (#53) — names the surface-don’t-execute boundary explicitly. Trigger conditions (persistent roadmap, finished tasks implying next steps, drift, instinct/memory predictions); hard boundary citing global CLAUDE.md and Auto Mode rules; format with (surfaced — <source>) marker; anti-patterns (nagging, citation-free speculation, bundling surface with execution, inventing roadmaps).
• meta instinct pack (#50) — promotes the two cross-project reflection-instincts (skip-thin-observation-schema, parallelize-independent-tool-calls) from per-project YAML into a shared starter pack. Test loop drives off PACK_FLOORS so language packs keep ≥5 floor while meta ships at ≥2.

Changed

• README install ergonomics (#50) — jq listed alongside Node and bash in Preconditions with per-OS install commands; new “Operator modes” section adjacent to install with both bash/zsh and PowerShell export syntax for CLAUDE_THREE_SECTION_CLOSE_DISABLED.
• CONTRIBUTING.md Source of truth: src/ callout (#50) — hoisted as a one-line warning at the top of ## Architecture; the existing edit-src-then-build workflow at lines 101-118 was correct but buried.

Fixed

• hooks/observe.sh jq-missing one-shot warning (#50) — emits a single stderr line per host on the first invocation when jq is absent on PATH, so operators learn the auto-instinct gap at install time instead of discovering weeks of thin-schema collection. Marker lives at ~/.claude/.continuous-improvement-jq-warned, deliberately outside ~/.claude/instincts/ so directory iterators are unaffected.

• This action is used across all versions by 5 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Website Preview and Deployment Action automates the deployment of a built website artifact to both production and preview environments via SSH, with an optional link-checking feature. It streamlines the process of handling website deployments by supporting automated preview deployments for pull requests, conditional production deployments, and enhanced GitHub integration through PR comments and step summaries. This action is ideal for teams looking to simplify and standardize their website deployment workflows while ensuring link integrity.

What’s Changed

1.3.1 (2026-05-06)

🔥 Bug Fixes

• previews not cleaned up after merge (#59) (e612557)

📦 CI Improvements

• add zizmor workflow (#55) (b26121b)
• restrict some workflows to only run upstream (#58) (551d30b)

⚙️ Chores

• config: update renovate preset name (debe1d9)
• deps: pin dependencies (#57) (5e70db8)
• deps: update googleapis/release-please-action action to v5 (#53) (3356619)
• improve workflow for proper version/digest in README (#56) (0aa692a)

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Starlight Action is a GitHub Action designed to automate the process of building and deploying an Astro Starlight-based static site to GitHub Pages directly from a Markdown repository. It simplifies site creation by requiring minimal configuration and provides features like autogenerated sidebars, Open Graph image generation, internal link rewriting, and YouTube embedding. This action streamlines static site deployments by handling content transformation, templating, and publishing seamlessly.

What’s Changed

First Marketplace-ready release — registered on the GitHub Marketplace as Starlight Pages Builder. Major rewrite from v1 (which was wiki-specific) into a generic Astro Starlight builder with batteries-included content tooling.

What this action does

Builds an Astro Starlight site from a Markdown content repo and uploads it as a GitHub Pages artifact. Drop in your *.md files and ship.

Highlights

Core

• Markdown + MDX → static Starlight site, GitHub Pages artifact
• Optional starlight.config.mjs for full sidebar/theme/components control
• src/components/ overlay + @components/* / @assets/* path aliases
• README.md fallback as homepage when no index.md (respects existing src/content/docs/index.md from overlays)
• Per-project starlight-version / astro-version overrides — no fork required
• base input for project pages at /<repo>/
• Default title derived from repo name when caller has no config

Content tooling

• Auto-generated Open Graph images per page (Satori + Resvg). 1200×630 PNG at `/og/.png` with refined default layout (typography hierarchy, accent gradient bar, soft radial blooms). Configurable via the new `og:` block (brand, tagline, domain, accent gradient, logo, custom `bgGradient`). Per-page override via `ogImage:` frontmatter. Bring your own renderer by dropping `src/og/renderer.tsx` into your repo.
• Bundled Inter (Regular + Bold) with full glyph coverage — Czech, Polish, Vietnamese and other Latin-extended scripts render correctly out of the box (no font-fetch at build time).
• YouTube embed remark plugin: bare `youtube.com` and `youtu.be` links auto-render as embedded iframes with full `allow` attributes.
• Internal-link rewriting rehype plugin — links pointing at your site host become relative URLs.
• Built-in `/path.md` raw-markdown endpoint and `/rss.xml` feed.

Breaking from v1

v1 was wiki-specific with a hardcoded sidebar bundled in the action. v2 is generic — you must provide your own `starlight.config.mjs` if you want a custom sidebar. See README for the new layout.

• This action is used across all versions by 3 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The rumdl GitHub Action is a high-performance Markdown linter and formatter built with Rust to ensure consistency and best practices in Markdown files. It automates linting, formatting, and error detection across multiple Markdown flavors (e.g., GFM, MDX), providing speed, configurability, and CI/CD compatibility. With features like automatic fixes, detailed error reporting, and zero dependencies, it streamlines workflows for developers and teams managing Markdown documentation.

What’s Changed

Added

• md031: enforce blank lines around Azure DevOps colon code fences (488a157)
• lint_context: wire Azure DevOps colon fence detection and extend code_blocks (a9dc0cd)
• lint_context: add colon fence detection for Azure DevOps flavor (b2a742b)
• flavor: add AzureDevOps flavor variant with colon code fence support (59592e5)

Fixed

• md046: replace index loop with iterator to satisfy clippy needless_range_loop (605c3da)
• md048: skip colon fence lines in style detection for Azure DevOps flavor (b4833fa)
• md046: skip colon fence lines in style detection for Azure DevOps flavor (386330c)
• md055: normalize style config to snake_case so kebab-case values are applied (8d4dfd2)

Downloads

Installation

Using uv (Recommended)

uv tool install rumdl

Using pip

pip install rumdl

Using pipx

pipx install rumdl

Direct Download

Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

AgentAuditKit is a security scanner designed for MCP-connected AI agent pipelines, identifying vulnerabilities such as misconfigurations, hardcoded secrets, supply chain risks, and tainted data flows across 13 AI platforms. It automates the detection and remediation of security issues using 193 rules and 59 scanner modules, while offering compliance mapping for major regulatory frameworks and offline, cloud-independent operation. This tool addresses the growing need for robust security auditing in AI systems, ensuring adherence to industry standards and rapid response to emerging CVEs.

What’s Changed

Installation

pip:

pip install agent-audit-kit==v0.3.15

Docker:

docker pull ghcr.io/sattyamjjain/agent-audit-kit:v0.3.15

GitHub Action:

- uses: sattyamjjain/agent-audit-kit@v0.3.15
  with:
    fail-on: high

Supply chain

• rules.json — deterministic rule bundle
• rules.json.sha256 — trusted digest
• sbom.cdx.json / sbom.spdx.json — CycloneDX + SPDX SBOM
• *.sigstore — Sigstore keyless signatures (verify with agent-audit-kit verify-bundle)

What’s Changed

• feat(agent-audit-kit): v0.3.15 — GPT-Researcher MCP transport-flip + MCP-2026-Roadmap conformance by @sattyamjjain in https://github.com/sattyamjjain/agent-audit-kit/pull/182

Full Changelog: https://github.com/sattyamjjain/agent-audit-kit/compare/v0.3.14...v0.3.15

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Refinery is a build orchestrator and CI/CD pipeline generator that simplifies artifact lifecycle management, including validation, cross-compilation, multi-format packaging, and automated workflow generation. It abstracts complex build and deployment processes by integrating with multiple ecosystems (e.g., Rust, Go, GitHub Actions) and enabling developers to define their build and distribution requirements without needing to write custom scripts. Key features include fail-fast validation, cross-platform compatibility (e.g., Linux, Windows, WebAssembly), and automated generation of CI workflows to optimize build and deployment pipelines.

What’s Changed

• fix: resolve refinery_version flexibly and fix musl/aarch64 cross-compilation (0f3acb5)
• fix: update ARM linker installation command to create symlink for aarch64-gcc (059ff13)
• refactor: simplify version resolution logic and improve API calls for fetching tags and releases (b4dbd71)
• feat: implement version resolution for Refinery in build artifact step (9a40689)
• fix: update musl-tools installation command to create symlink for musl-gcc (ed5b8ee)
• fix: filter package formats by target OS to avoid errors in CI matrix (f5e32b1)
• fix: map GitHub Actions runner arch (X64/ARM64) to Refinery binary arch (amd64/arm64) (702ad8a)
• fix: use refinery_version from config instead of github.ref_name in CI workflow (3ab4b30)
• docs: rename files to UpperCamelCase for wiki (9f27a98)
• docs: replace Go Reference badge with Wiki badge (2892013)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Kustomize Apply GitHub Action automates the deployment of Kubernetes configurations by applying Kustomize overlays directly to clusters. It simplifies cluster management by supporting namespace creation, precise workload tracking, and structured output for integration with other workflows. Additional features include dry-run previews, server-side apply, and customizable waiting for workload readiness, making it an efficient tool for streamlining Kubernetes deployment processes.

What’s Changed

1.3.0 (2026-05-06)

Features

• also pass –load-restrictor=LoadRestrictionsNone when helmCharts present (157c841)
• auto-detect helmCharts and pass –enable-helm (931accf)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, Kustomize Deploy, automates Kubernetes application deployments by supporting both GitOps workflows (e.g., ArgoCD) and direct kubectl commands, with automatic mode detection. It simplifies deployment processes by managing kustomize overlays, updating manifests with image tags, labels, and environment variables, creating namespaces if needed, and monitoring deployment rollouts. Its dual-mode functionality and flexible image update methods address common challenges in managing containerized deployments, making it suitable for CI/CD pipelines.

What’s Changed

1.12.0 (2026-05-06)

Features

• also pass –load-restrictor=LoadRestrictionsNone when helmCharts present (5869e7c)
• auto-detect helmCharts and pass –enable-helm (7c03da4)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Kustomize Edit” GitHub Action automates updates to Kustomize overlays by modifying image tags, labels, annotations, and environment files. It simplifies deployment workflows by enabling dynamic configuration of Kubernetes manifests, such as updating container images, adding metadata, and patching environment files for ConfigMap generation. Key capabilities include smart detection of Kustomize patterns, automatic timestamping, and support for managing multiple images or settings in bulk.

What’s Changed

1.6.0 (2026-05-06)

Features

• also pass –load-restrictor=LoadRestrictionsNone when helmCharts present (6f9b1c4)
• auto-detect helmCharts and pass –enable-helm (5f058aa)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Kustomize Inspect GitHub Action is a read-only tool designed to extract structured metadata from Kustomize overlays without making any changes to the files. It automates tasks such as detecting Kubernetes workloads (e.g., Deployments, StatefulSets) and target namespaces, validating successful kustomization builds, and generating JSON outputs for easy integration into CI/CD pipelines. This action is particularly useful for pre-deployment analysis, enabling informed decision-making based on the extracted configuration details.

What’s Changed

1.2.0 (2026-05-06)

Features

• also pass –load-restrictor=LoadRestrictionsNone when helmCharts present (89a71ed)
• auto-detect helmCharts and pass –enable-helm (7d0d07b)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

DockDesk is a local-first semantic documentation auditor that ensures alignment between your code and its associated documentation by analyzing code logic and identifying discrepancies. It automates the detection of “semantic drift,” provides detailed analysis, and suggests documentation fixes, all while running entirely on local infrastructure to ensure privacy. Key features include natural language interaction, customizable audit rules, a React-based dashboard, and support for exporting detailed audit reports in various formats.

What’s Changed

Full Changelog: https://github.com/srivatsa-source/dockdesk/compare/v3.0.0...v3.0.1

• This action is used across all versions by 2 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The action-ccstudio-ide GitHub Action provides an automated environment for building embedded projects using Texas Instruments’ Code Composer Studio (CCS) IDE within a Docker container. It streamlines CI/CD workflows by enabling quick and consistent builds of CCS projects on Linux runners, eliminating the need for manual setup of the CCS development environment. Key capabilities include support for multiple CCS versions (v7.0.0–v20.5.1) and pre-built Docker images to minimize build time.

What’s Changed

Code Composer Studio v20.5.1.00012

This release uses the pre-built Docker image with CCS 20.5.1.00012 from docker-ccstudio-ide.

Usage

- uses: uoohyo/action-ccstudio-ide@v20.5.1.00012
  with:
    project-path: 'path/to/project'
    project-name: 'YourProject'
    build-config: 'Debug'
    components: 'PF_C28'

What’s Changed

• CCS Version: 20.5.1.00012
• Base Image: uoohyo/ccstudio-ide:20.5.1.00012
• Docker Hub: https://hub.docker.com/r/uoohyo/ccstudio-ide/tags

Installation Time

⚡ No installation needed - CCS is pre-installed in the Docker image, reducing build time from 15-30 minutes to 1-3 minutes!

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

ZeroThreat is a GitHub Action that automates AI-powered penetration testing for web applications and APIs, identifying real, exploitable vulnerabilities with proof-based validation and robust CVE coverage. It leverages adaptive attacker workflows, authenticated and business logic testing, and community-driven templates to minimize false positives and help teams prioritize critical risks. The action integrates with the ZeroThreat platform to trigger scans and provides detailed reports via its centralized dashboard.

What’s Changed

What’s Changed

• chore(doc): update readme content by @JeelGajera in https://github.com/zerothreatai/github-action/pull/2
• chore(info): rename action and update description for clarity by @JeelGajera in https://github.com/zerothreatai/github-action/pull/3

Full Changelog: https://github.com/zerothreatai/github-action/compare/0.0.4...0.0.5

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Accessibility Pro — GitHub Action is an automated WCAG 2.2 AA compliance scanner designed to analyze web accessibility on every pull request. It identifies accessibility violations, ranks their impact, and provides actionable solutions, including sandbox-validated “Copy as PR” diffs to resolve issues without regressions. This action streamlines accessibility compliance by integrating directly into CI/CD pipelines, offering detailed reports, and ensuring precise, verified fixes for web development teams.

What’s Changed

What’s new

First public release of accessibility-pro/action. Production-ready composite GitHub Action for WCAG 2.2 AA scanning on every PR.

Features

• 7 inputs: url, wcag-level (A/AA/AAA), fail-on (error/warning/none), accessibility-pro-token (optional), comment-on-pr, backend-url, report-domain
• 5 outputs: scan-id, score (0-100), violations-critical, violations-high, report-url
• Sandbox-validated Copy-as-PR diffs — every patch is applied to the captured DOM, re-scanned, and emitted only if it resolves the violation without regressions. Token-gated unlock surfaces the validated diff in PR comments.
• Impact-ranked top-5 PR comment with deep-link to the hosted report
• GitHub step-summary with severity table + scan metadata
• Anonymous rate limits: 100/day per runner IP (10/hour burst protection); tokens bypass via Team/Business plan quota
• Self-host friendly: backend-url and report-domain inputs override the Accessibility Pro defaults

Usage

- uses: accessibility-pro/action@v1
  with:
    url: ${{ secrets.STAGING_URL }}
    wcag-level: AA
    fail-on: error
    # Optional — unlocks Team-quota + Copy-as-PR in PR comments
    accessibility-pro-token: ${{ secrets.ACCESSIBILITY_PRO_TOKEN }}

See README.md for the full input/output reference and CHANGELOG.md for the feature list.

Why this is different

We don’t sell overlay widgets. Every Copy-as-PR diff is validated against the captured DOM before emit; failed patches fall back to a Needs manual review snippet rather than emitting an unverified diff. See our public accuracy benchmark for reproducible precision/recall numbers vs axe-core.

Source

Development canon lives at HasanTayem/access-pro-ai/action. This Marketplace repo is a curated subset for tagged releases.

• This action is used across all versions by 392 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The gcloud GitHub Action enables seamless interaction with Google Cloud Platform (GCP) by automating tasks such as running gcloud commands, managing cloud storage with gsutil, and deploying Kubernetes resources via kubectl. It simplifies authentication using service account credentials or access tokens, allowing users to integrate GCP operations directly into their CI/CD workflows. This action is particularly useful for automating deployments, managing GCP resources, and streamlining cloud operations.

What’s Changed

• updated gcloud-sdk to 566.0.0 (b2034f5)
• updated gcloud-sdk to 565.0.0 (b4202d7)
• updated gcloud-sdk to 564.0.0 (965fea7)
• updated gcloud-sdk to 563.0.0 (e772e0c)
• updated gcloud-sdk to 562.0.0 (39f3e6e)
• updated gcloud-sdk to 561.0.0 (bc0b752)
• updated gcloud-sdk to 560.0.0 (d37326e)
• updated gcloud-sdk to 559.0.0 (042476d)
• updated gcloud-sdk to 558.0.0 (a694a12)
• updated gcloud-sdk to 557.0.0 (25a6ba6)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Averlon Actions is a suite of GitHub Actions designed to automate security analysis and risk assessment for infrastructure and application code. It helps identify and remediate vulnerabilities, misconfigurations, and potential risks in containers, Infrastructure-as-Code (IaC), and Kubernetes deployments. The actions provide capabilities such as vulnerability detection, proactive risk prediction, and security guardrails to enhance the security posture of development workflows.

What’s Changed

Update for container analysis and other actions

• This action is used across all versions by 201 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the conditional building of Docker/Podman containers based on file changes, optimizing CI/CD pipelines by only rebuilding specific packages or applications when necessary. It supports fallback tagging for unchanged builds, integrates with the GitHub Container Registry (ghcr.io), and generates security-related artifacts like attestations and Software Bill of Materials (SBOMs). Key capabilities include configurable build contexts, triggers, and metadata tagging to streamline container management and deployment workflows.

What’s Changed

What’s Changed

• chore(deps): update actions/attest-build-provenance action to v3 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/125
• chore(deps): update docker/metadata-action digest to c299e40 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/126
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/127
• chore(deps): update actions/upload-artifact action to v6 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/128
• chore(deps): update actions/attest-build-provenance action to v3.1.0 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/129
• feat: add automatic fork PR detection and retag authentication by @DerekRoberts in https://github.com/bcgov/action-builder-ghcr/pull/131
• chore(deps): update actions/attest-build-provenance action to v3.2.0 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/134
• chore(deps): update bcgov/action-diff-triggers action to v1.1.0 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/135
• chore(deps): update github actions (major) by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/136
• chore(deps): update bcgov/action-diff-triggers action to v1.1.1 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/137
• chore(deps): update docker/login-action action to v4 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/138
• chore(deps): update github actions (major) by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/139
• feat: suppress raw attestation error when permissions are missing by @DerekRoberts in https://github.com/bcgov/action-builder-ghcr/pull/140
• chore(deps): update shrink/actions-docker-registry-tag action to v5 by @renovate[bot] in https://github.com/bcgov/action-builder-ghcr/pull/143
• feat: pull_request_target only, drop dual-trigger complexity by @DerekRoberts in https://github.com/bcgov/action-builder-ghcr/pull/153
• feat: enable rich metadata labels by default by @DerekRoberts in https://github.com/bcgov/action-builder-ghcr/pull/145
• feat: registry caching for branch-agnostic cache sharing by @DerekRoberts in https://github.com/bcgov/action-builder-ghcr/pull/154
• fix: Use vars step for lowercase (action syntax) by @DerekRoberts in https://github.com/bcgov/action-builder-ghcr/pull/156

Full Changelog: https://github.com/bcgov/action-builder-ghcr/compare/v4.2.1...v4.3.0

• This action is used across all versions by 8 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the process of updating or adding a Node-RED package to the Node-RED flow library (flows.nodered.org). It streamlines the management of Node-RED packages by handling updates to the flow library directly from your workflow. This action is particularly useful for developers seeking to automate the publication or maintenance of their Node-RED packages.

What’s Changed

What’s Changed

🏕 Features

• chore: add devcontainer for isolated development by @BigThunderSR in https://github.com/BigThunderSR/update-package-node-red-flow-library-action/pull/165

📦 Dependencies

• Bump @actions/github from 9.0.0 to 9.1.0 by @dependabot[bot] in https://github.com/BigThunderSR/update-package-node-red-flow-library-action/pull/164
• Bump tough-cookie from 6.0.0 to 6.0.1 by @dependabot[bot] in https://github.com/BigThunderSR/update-package-node-red-flow-library-action/pull/159
• Bump @actions/github from 9.1.0 to 9.1.1 by @dependabot[bot] in https://github.com/BigThunderSR/update-package-node-red-flow-library-action/pull/168
• Bump @actions/core from 3.0.0 to 3.0.1 by @dependabot[bot] in https://github.com/BigThunderSR/update-package-node-red-flow-library-action/pull/169
• Bump got from 14.6.6 to 15.0.3 by @dependabot[bot] in https://github.com/BigThunderSR/update-package-node-red-flow-library-action/pull/170

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “SSH For EC2 Action” is a GitHub Action that automates the establishment of secure, temporary SSH connections to AWS EC2 instances using AWS Systems Manager (SSM) and EC2 Instance Connect (EIC). It eliminates the need for persistent SSH keys, open inbound ports, and manual setup by generating ephemeral keys, using IAM-based access control, and leveraging SSM for tunneling traffic securely. This action simplifies remote EC2 instance management while enhancing security and auditability through AWS CloudTrail logging.

What’s Changed

Breaking changes

• IAM policy for deployment no longer requires arn:aws:ssm:*:*:document/AWS-RunShellScript but now requires ec2-instance-connect:SendSSHPublicKey

 {
 	"Version": "2012-10-17",
 	"Statement": [
 		{
 			"Effect": "Allow",
 			"Action": [
 				"ssm:StartSession"
 			],
 			"Resource": [
 				"arn:aws:ssm:*:*:document/AWS-StartSSHSession",
				"arn:aws:ec2:*:*:instance/i-ec2-instance-id"
 			]
 		},
 		{
 			"Effect": "Allow",
-			"Action": "ssm:SendCommand",
-			"Resource": [
-				"arn:aws:ssm:*:*:document/AWS-RunShellScript",
-				"arn:aws:ec2:*:*:instance/i-ec2-instance-id"
-			]
+			"Action": "ec2-instance-connect:SendSSHPublicKey",
+			"Resource": "arn:aws:ec2:*:*:instance/i-ec2-instance-id",
+			"Condition": {
+				"StringEquals": {
+					"ec2:osuser": "remote-user"
+				}
+			}
 		}
 	]
 }

[!CAUTION] The Condition block of the policy is not required but is recommended. Your deployment should only be able to login as the specified user, preventing privilege escalation.

What’s Changed

• Switch to ephemeral keys with send-ssh-public-key by @bondz in https://github.com/bondz/ssh-ec2-action/pull/60

Full Changelog: https://github.com/bondz/ssh-ec2-action/compare/v2.0.1...v3.0.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The carabiner-dev/verify GitHub Action is a streamlined tool for verifying AMPEL supply chain security policies within a continuous integration (CI) pipeline. It automates the evaluation of security policies against specified files or artifacts and can generate and manage policy evaluation attestations. This action simplifies compliance and ensures alignment with security standards in software development workflows.

What’s Changed

Initial release of the standalone 🔴🟡🟢 AMPEL action

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Setup Goose Action” is a GitHub Action that installs and caches the Goose AI CLI tool for use in CI/CD workflows. It streamlines tasks such as automated AI-driven analysis by providing version pinning, caching for faster runs, and lightweight integration without external dependencies. This action simplifies the setup of Goose CLI, enabling reproducible builds and efficient AI-powered operations in development pipelines.

What’s Changed

Summary

Fixes broken installs caused by the Goose project moving from block/goose to aaif-goose/goose on GitHub, updates GitHub Actions dependency SHAs, and includes documentation and infrastructure improvements since v1.0.7.

What’s Changed

Bug Fixes

• Fix broken binary downloads and attestation verification after Goose repo rename from block/goose to aaif-goose/goose (#123)
• Bump pinned test version to v1.30.0, the earliest Goose release with attestations registered under the new org (#123)

Documentation

• Update all block/goose repository links to aaif-goose/goose in README, ASSURANCE.md, and SECURITY.md (#123)
• Update block.github.io/goose documentation links to goose-docs.ai (#123)
• Migrate badges to shields.io for-the-badge style (#115)
• Add OpenSSF Silver certification callout to SECURITY.md (#114)
• Pin action SHA examples and update example workflows to ubuntu-24.04 (#111)
• Update SHA pin example in README to v1.0.7 (#110)
• Add AI policy, CODEOWNERS, and PR template review checkbox (#117)
• Soften AI policy enforcement language (#118, #119)

Infrastructure

• Update actions/cache to v5.0.5 (#124)
• Update actions/upload-artifact to v7.0.1 (#124)
• Update actions/checkout and zizmorcore/zizmor-action SHAs (#122)
• Default Goose version updated to v1.33.1 (#121, #120)
• Remove scripts directory (moved to private dotfiles) (#116)
• Migrate license from MIT to Apache 2.0 (#112)

SLSA Attestation Note

This release corrects a regression introduced by the upstream Goose project renaming its GitHub repository. The gh attestation verify call now targets aaif-goose/goose; attestations for releases prior to v1.30.0 are not available under the new org and will fail verification.

Breaking Changes

None - this release is fully backward compatible with v1.0.7.

Full Changelog: https://github.com/clouatre-labs/setup-goose-action/compare/v1.0.7...v1.0.8

• This action is used across all versions by 43 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Fallow is a static analysis tool for TypeScript and JavaScript codebases, designed to identify unused code, duplication, complexity issues, and architectural inconsistencies. It automates the process of detecting inefficiencies, reducing technical debt, and maintaining code quality without requiring configuration or a runtime environment. Additionally, it offers optional runtime insights to analyze production execution paths, making it a valuable tool for streamlining development and improving maintainability.

What’s Changed

Highlights

Two new framework integrations and four detection-accuracy fixes from external contributors. All five external issues filed since v2.64.0 are credited and closed.

Added

Lit and Web Components: registered classes are now credited as used

Classes registered through runtime side effects on module load are now credited even when no other file imports them by name.

Two patterns are recognized end-to-end:

1. Lit @customElement('tag') decorator on a class, in named-import form (import { customElement } from 'lit/decorators.js'), aliased imports, namespace-call form (@decorators.customElement('tag')), and anonymous export default @customElement('x') class extends LitElement {}. The decorator binding is verified against lit/decorators.js / lit/decorators/custom-element.js before crediting, so a same-named decorator from any other module is intentionally ignored.
2. customElements.define('tag', ClassRef) call expressions at any depth where the second argument is an Identifier.

Lit lifecycle methods (render, updated, connectedCallback, etc.) are heritage-scoped to LitElement / ReactiveElement subclasses via the new lit plugin. Native Custom Elements lifecycle members (connectedCallback, observedAttributes, adoptedCallback, etc.) are heritage-scoped allowlists for HTMLElement subclasses, so they work without a Lit dependency. Non-lifecycle methods on Web Component classes are still reported, so member-level dead code detection on the rest of the class is preserved.

schema.json shipped inside the npm package

Consumers can now point $schema at the bundled file:

{
  "$schema": "./node_modules/fallow/schema.json",
  ...
}

The published fallow package now contains schema.json, so editors get version-aligned autocomplete and validation with no network round-trip to raw.githubusercontent.com. The release workflow copies the file in before publishing, and CI asserts it is present in every published tarball so the package never silently loses it.

Thanks @ChrisJr404 for the patch and @OmerGronich for the report. (Closes #275)

Fixed

Angular signal queries and plural QueryList iteration are traced for unused-class-members

Six previously-missed Angular query patterns now feed the bound-member-access pipeline:

• viewChild<T>(...), contentChild<T>(...) (singular signal factories)
• viewChildren<T>(...), contentChildren<T>(...) (plural signal factories)
• @ViewChildren ... readonly q?: QueryList<T>, @ContentChildren ... readonly q?: QueryList<T> (plural decorator queries)

Methods called via this.vc()?.method() and this.vcs().forEach(c => c.method()) (and the this.q?.forEach(...) decorator form) are now credited correctly. The pre-existing @ViewChild and @ContentChild paths continue to work unchanged.

Thanks @ChrisJr404 for the patch and @OmerGronich for the eight-pattern reproducer. (Closes #274)

vite.config.* default export reachable under --include-entry-exports

The vite plugin now contributes used_exports for vite.config.{ts,js,mts,mjs} (default), mirroring the existing vitest treatment. With --include-entry-exports the strict reachability check previously surfaced the default export even though Vite’s CLI consumes it.

Thanks @ChrisJr404 for the patch and @filipw01 for the report. (Fixes #282)

prisma.config.* recognized as an entry point

The prisma plugin now treats prisma.config.{ts,mts,cts,js,mjs,cjs} as an entry, so the Prisma 6 config file (and any imports it reaches) stays alive in the graph and does not surface as unused-file.

Thanks @ChrisJr404 for the patch and @FunctionDJ for the report. (Closes #281)

fallow migrate accepts JSONC trailing commas

Real-world JSONC files (tsconfig.json, .vscode/settings.json, and similar) routinely trail commas before } / ]. load_json_or_jsonc previously ran the input through comment-stripping and then handed the result to serde_json, which rejects trailing commas. A final byte-level pass now strips them only when the comment-stripped parse fails, leaves commas inside string literals untouched, and still rejects genuinely malformed input like {,} (the comma_follows_json_value predicate keeps malformed leading-commas reporting as parse errors).

Thanks @ChrisJr404 for the patch and @madflow for the report. (Closes #276)

Vue generic and Svelte generics script-tag attributes scan for type references

A type-only import whose only consumer was a generic constraint on the <script> tag was falsely flagged as unused_types because the constraint lives on the tag, not in the script body:

<script setup lang="ts" generic="T extends Test<boolean>">
import type { Test } from './types';
defineProps<{ items: T[] }>();
</script>

The SFC parser now appends an augmented-source probe that re-introduces the constraint to the parse so the imported type’s binding shows up as referenced and oxc_semantic no longer classifies it as unused. Affects Vue SFCs (generic="...") and Svelte 5 components (generics="...").

Full Changelog: https://github.com/fallow-rs/fallow/compare/v2.64.0...v2.65.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Faultline GitHub Action provides automated structural risk analysis for Go codebases by scanning repositories on pull requests and pushes. It identifies potential risks, posts advisory comments on pull requests, uploads SARIF results to GitHub code scanning, and optionally integrates with Faultline Enterprise for portfolio-level governance and compliance tracking. Its key features include risk scoring with test coverage integration, architecture boundary enforcement, and the ability to fail workflows on high-severity findings, enabling developers to proactively manage code quality and security risks.

What’s Changed

Patch release moving the Marketplace v1 tag to the current Action workflow with restored self-test coverage.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action resolves issues caused by stacked pull request tools (e.g., Graphite’s gt submit --stack) that trigger duplicate workflow runs, leading to one being canceled and causing misleading status indicators in the GitHub PR Checks sidebar. By detecting and rerunning the prematurely canceled workflow run, it ensures that the correct status is displayed, eliminating confusion for reviewers. The action automates this healing process for workflows configured with cancel-in-progress concurrency, ensuring accurate and up-to-date PR check statuses.

What’s Changed

Full Changelog: https://github.com/gathertown/heal-stacked-pr-concurrency-cancels/compare/v1.0.0...v1.0.1

v1.0.0

First stable release.

Changes

• Functionality: Adds all initial release of functionality: re-running cancelled CI runs that result from stacked PRs where it would show up in the GitHub UI.

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CI Dokumentor is a GitHub Action that automates the generation of documentation for CI/CD components, such as workflows, pipelines, and configurations. It addresses the challenge of maintaining up-to-date documentation by automatically creating detailed and consistent documentation directly from source files like action.yml. Key capabilities include integration with platforms like Docker, GitHub Actions, and GitLab CI, offering flexibility and efficiency in streamlining documentation workflows.

What’s Changed

Release Summary

GitLab support is now available through a new repository provider and CI/CD documentation generator, while GitHub Actions examples now better handle job-level permissions.

Core markdown generation is more reliable for inline code, table code blocks, multiline content, special characters, and overview additional content.

Internal changes include shared section generator refactoring, documentation refreshes, dependency updates, and CI maintenance.

Breaking changes

There is no breaking change.

What’s Changed

• docs: update action documentation by @hoverkraft-bot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/202
• feat: add comprehensive GitLab support with repository provider and CI/CD generator by @Copilot in https://github.com/hoverkraft-tech/ci-dokumentor/pull/170
• refactor: factorize section generators at core level to avoid duplicates by @Copilot in https://github.com/hoverkraft-tech/ci-dokumentor/pull/204
• build(deps-dev): Bump the npm-dev-dependencies group with 7 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/206
• build(deps): Bump @gitbeaker/rest from 40.6.0 to 43.5.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/207
• build(deps): Bump hoverkraft-tech/ci-github-publish from 0.10.1 to 0.11.2 in the github-actions-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/205
• build(deps-dev): Bump the npm-dev-dependencies group with 3 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/208
• build(deps): Bump hoverkraft-tech/ci-github-nodejs from 0.14.1 to 0.15.0 in the github-actions-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/209
• build(deps): Bump the github-actions-dependencies group with 2 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/210
• build(deps): Bump inversify from 7.10.2 to 7.10.3 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/212
• build(deps-dev): Bump the npm-dev-dependencies group with 8 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/211
• build(deps-dev): Bump vite from 7.1.10 to 7.1.11 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/213
• fix(core): escape curly braces in inline code to prevent template interpolation by @Copilot in https://github.com/hoverkraft-tech/ci-dokumentor/pull/214
• docs: update action documentation by @hoverkraft-bot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/215
• build(deps): Bump p-limit from 7.1.1 to 7.2.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/219
• build(deps): Bump hoverkraft-tech/ci-github-publish from 0.11.2 to 0.12.1 in the github-actions-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/216
• build(deps-dev): Bump the npm-dev-dependencies group with 18 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/218
• build(deps-dev): Bump @swc/core from 1.13.20 to 1.13.21 in the npm-dev-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/220
• build(deps): Bump the npm-docs-dependencies group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/217
• chore(cli): improve error message by @neilime in https://github.com/hoverkraft-tech/ci-dokumentor/pull/221
• build(deps): Bump commander from 14.0.1 to 14.0.2 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/228
• build(deps): Bump simple-git from 3.28.0 to 3.29.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/226
• build(deps): Bump @gitbeaker/rest from 43.5.0 to 43.7.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/225
• build(deps): Bump @octokit/graphql from 9.0.2 to 9.0.3 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/224
• build(deps-dev): Bump the npm-dev-dependencies group with 11 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/223
• build(deps): Bump the github-actions-dependencies group with 3 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/222
• build(deps-dev): Bump jsdom from 27.0.1 to 27.1.0 in the npm-dev-dependencies group across 1 directory by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/229
• build(deps): Bump inversify from 7.10.3 to 7.10.4 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/227
• build(deps): Bump hoverkraft-tech/ci-github-publish from 0.12.1 to 0.13.0 in the github-actions-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/230
• build(deps): Bump hoverkraft-tech/ci-github-common from 0.27.0 to 0.28.0 in the github-actions-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/233
• build(deps): Bump @gitbeaker/rest from 43.7.0 to 43.8.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/234
• build(deps): Bump simple-git from 3.29.0 to 3.30.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/235
• build(deps-dev): Bump the npm-dev-dependencies group with 5 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/231
• feat(cicd-github-actions): merge and sort workflow permissions from job-level definitions by @Copilot in https://github.com/hoverkraft-tech/ci-dokumentor/pull/232
• build(deps-dev): Bump the npm-dev-dependencies group with 10 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/237
• build(deps-dev): Bump the npm-dev-dependencies group with 4 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/238
• build(deps): Bump the github-actions-dependencies group with 5 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/236
• build(deps-dev): Bump the npm-dev-dependencies group with 11 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/240
• feat(cicd-github): move permissions from root to job level in workflow usage examples by @Copilot in https://github.com/hoverkraft-tech/ci-dokumentor/pull/241
• build(deps): Bump the github-actions-dependencies group across 1 directory with 11 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/244
• build(deps-dev): Bump the npm-dev-dependencies group with 13 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/243
• build(deps-dev): Bump the npm-dev-dependencies group with 10 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/246
• build(deps): Bump the github-actions-dependencies group across 1 directory with 12 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/247
• build(deps): Bump yaml from 2.8.1 to 2.8.2 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/251
• build(deps): Bump inversify from 7.10.4 to 7.10.5 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/250
• build(deps-dev): Bump the npm-dev-dependencies group with 7 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/248
• build(deps): Bump react from 19.2.0 to 19.2.1 in the npm-docs-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/249
• build(deps): Bump inversify from 7.10.5 to 7.10.6 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/255
• build(deps): Bump the npm-docs-dependencies group with 2 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/254
• build(deps-dev): Bump the npm-dev-dependencies group with 12 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/253
• build(deps): Bump the github-actions-dependencies group with 12 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/252
• fix(core): escape styling markdown chars in table code blocks by @neilime in https://github.com/hoverkraft-tech/ci-dokumentor/pull/256
• build(deps): Bump the github-actions-dependencies group with 2 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/257
• build(deps-dev): Bump the npm-dev-dependencies group with 10 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/258
• fix(core): handle multiline and special chars properly for markdown code by @neilime in https://github.com/hoverkraft-tech/ci-dokumentor/pull/259
• fix(core): do not escape braces in markdown code anymore by @neilime in https://github.com/hoverkraft-tech/ci-dokumentor/pull/260
• build(deps-dev): Bump the npm-dev-dependencies group with 15 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/262
• build(deps): Bump inversify from 7.10.6 to 7.10.8 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/263
• build(deps): Bump the github-actions-dependencies group with 3 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/261
• build(deps-dev): Bump the npm-dev-dependencies group with 9 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/266
• build(deps): Bump the github-actions-dependencies group with 11 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/265
• build(deps-dev): Bump the npm-dev-dependencies group with 4 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/267
• docs: update action documentation by @hoverkraft-bot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/268
• build(deps): Bump inversify from 7.10.8 to 7.11.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/270
• build(deps-dev): Bump the npm-dev-dependencies group with 3 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/269
• build(deps): Bump diff from 8.0.2 to 8.0.3 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/271
• build(deps-dev): Bump the npm-dev-dependencies group with 8 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/272
• build(deps-dev): Bump the npm-dev-dependencies group with 14 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/274
• build(deps): Bump actions/checkout from 6.0.1 to 6.0.2 in the github-actions-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/273
• build(deps-dev): Bump the npm-dev-dependencies group with 11 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/275
• build(deps): Bump the npm-docs-dependencies group with 2 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/276
• build(deps): Bump p-limit from 7.2.0 to 7.3.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/279
• build(deps): Bump commander from 14.0.2 to 14.0.3 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/280
• build(deps-dev): Bump the npm-dev-dependencies group with 8 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/278
• build(deps): Bump the github-actions-dependencies group with 7 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/277
• build(deps-dev): Bump the npm-dev-dependencies group with 12 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/281
• build(deps): Bump simple-git from 3.30.0 to 3.31.1 in the npm-production-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/283
• build(deps): Bump the github-actions-dependencies group with 8 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/284
• build(deps-dev): Bump the npm-development-dependencies group across 1 directory with 13 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/286
• build(deps): Bump simple-git from 3.31.1 to 3.32.3 in the npm-production-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/289
• build(deps): Bump the github-actions-dependencies group with 2 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/287
• build(deps-dev): Bump the npm-development-dependencies group with 14 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/288
• build(deps-dev): Bump the npm-development-dependencies group with 7 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/290
• build(deps): Bump simple-git from 3.32.3 to 3.33.0 in the npm-production-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/293
• build(deps-dev): Bump the npm-development-dependencies group with 9 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/292
• build(deps): Bump actions/download-artifact from 8.0.0 to 8.0.1 in the github-actions-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/291
• build(deps-dev): Bump the npm-development-dependencies group with 10 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/295
• build(deps): Bump the github-actions-dependencies group with 3 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/294
• build(deps): Bump inversify from 7.11.0 to 8.1.0 in the npm-production-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/296
• build(deps): Bump yaml from 2.8.2 to 2.8.3 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/297
• build(deps): Bump diff from 8.0.3 to 8.0.4 in the npm-production-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/300
• build(deps): Bump the github-actions-dependencies group with 6 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/298
• chore: upgrade minor dev deps by @neilime in https://github.com/hoverkraft-tech/ci-dokumentor/pull/301
• build(deps-dev): Bump vite from 8.0.3 to 8.0.5 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/304
• build(deps): Bump the github-actions-dependencies group with 3 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/306
• build(deps): Bump simple-git from 3.33.0 to 3.35.2 in the npm-production-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/308
• build(deps): Bump the npm-production-dependencies group with 2 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/311
• build(deps): Bump ghcr.io/devcontainers/features/node from 1.7.1 to 2.0.0 by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/312
• fix(core): overview generator should append additional content if any by @neilime in https://github.com/hoverkraft-tech/ci-dokumentor/pull/314
• build(deps): Bump the github-actions-dependencies group across 1 directory with 13 updates by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/310
• build(deps): Bump yaml from 2.8.3 to 2.8.4 in the npm-production-dependencies group by @dependabot[bot] in https://github.com/hoverkraft-tech/ci-dokumentor/pull/315
• chore: upgrade dev dependencies by @neilime in https://github.com/hoverkraft-tech/ci-dokumentor/pull/317

Full Changelog: https://github.com/hoverkraft-tech/ci-dokumentor/compare/0.2.2...0.3.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Git-Iris is a GitHub Action powered by an intelligent agent, Iris, that analyzes your codebase to automate and enhance key Git workflows. It generates context-aware commit messages, performs in-depth code reviews, creates detailed pull request descriptions, and produces changelogs and release notes. By providing these capabilities, it streamlines code management tasks, ensures high-quality documentation, and improves collaboration efficiency.

What’s Changed

Released: 2026-05-05

This release adds direct GitHub publishing for PR descriptions and code reviews, improves output quality with anti-slop tone rules, and includes dependency upgrades with breaking API changes handled.

✨ Highlights

🪄 GitHub Publishing for PRs and Reviews

Publish AI-generated PR descriptions and code reviews directly to GitHub without leaving the CLI. The --update flag on git-iris pr pushes descriptions to open PRs, while --github-review on git-iris review posts formal review comments. Both commands auto-detect the PR from the current branch or accept an explicit --pr <number>.

🪄 Intelligent PR Description Revision

When updating an existing PR, Iris reads the current body first and revises it instead of replacing it wholesale. Accurate reviewer-facing content is preserved while stale sections are removed. Iris also discovers GitHub PR templates from standard locations (.github/pull_request_template.md, PULL_REQUEST_TEMPLATE/, etc.) and adapts generated descriptions around them.

🗣️ Anti-Slop Tone Rules

Iris’s default preamble now includes explicit guidance to avoid common LLM tells: no em dashes, no hedge phrases (“it’s worth noting”), no filler intros (“I’d be happy to”), no hype vocabulary (“robust”, “leverage”), and no stacked emoji. These rules produce cleaner, more direct output.

🧹 Agentic Review Strategy

Code reviews now follow a staged investigation pattern: plan from the summary diff, run specialist passes for distinct concerns (security, API contracts, concurrency), aggregate findings ruthlessly, and verify suspicious issues before reporting them. The review prompt also requires confidence levels (High/Medium/Low) on every finding.

🤖 GitHub Integration

• GitHubClient in src/github.rs wraps the octocrab crate for PR and review operations
• Auto-PR detection finds the open PR for the current branch, falling back to --pr <number> when ambiguous
• Inline review comments with --github-inline-comments post findings at the exact file:line locations present in the PR diff; unreachable lines are filtered out
• Review events selectable via --github-review-event (Comment, Approve, RequestChanges)
• Token resolution via GH_TOKEN, GITHUB_TOKEN, or the GitHub CLI auth store

🔧 Tooling and Dependencies

• rig-core 0.36 upgrade: from_env() client constructors are now fallible, with proper error handling for missing credentials
• rustls aws-lc-rs pinned as the process crypto provider to avoid TLS initialization races
• Clippy restriction lints added for panic, unimplemented, let_underscore_future, and unchecked_time_subtraction
• Clippy 1.95 compatibility: nested if let chains collapsed into match arm guards
• Dependency bumps: clap 4.6.1, lru 0.18, tokio 1.52, reqwest 0.13.3, uuid 1.23, rand 0.10.1

📝 Code Quality

• src/changelog.rs refactored: long write_changelog method split into focused helpers (clean_generated_changelog, extract_version_content, apply_version_override, ensure_version_date, merge_existing_changelog)
• src/services/git_commit.rs refactored: perform_commit and perform_amend unified into perform_local_change with shared hook execution
• Emoji deduplication: format_commit_message now strips redundant gitmoji when the title already includes it

📚 Documentation

• Claude Code skill added at skills/git-iris/SKILL.md teaching AI coding agents to delegate commit messages, PR descriptions, and reviews to git-iris
• User guide updates for --update, --pr, --github-review, and template discovery

Upgrade Notes

• If you use environment-based LLM credentials, verify the relevant variables (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY) are set; the new fallible from_env() will fail fast with a clear error instead of panicking later.
• GitHub publishing requires authentication via gh auth login or a GH_TOKEN/GITHUB_TOKEN environment variable.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Jankurai is a repository control plane and CLI tool designed to audit and enforce AI-assisted merge standards by identifying and addressing issues like security gaps, tooling failures, and generated code drift. It automates tasks such as creating auditable reports, proof artifacts, and repository-local evidence while enabling teams to adopt best practices and CI gates incrementally. Its key capabilities include generating human- and agent-readable files, scoring repository health, and supporting reproducible merge decisions through structured, local evidence.

What’s Changed

Jankurai v0.8.0 publishes the first Marketplace-ready CI action for running the Jankurai repository audit in GitHub Actions.

Jankurai helps teams make AI-assisted merges reviewable by turning ownership maps, proof lanes, generated-zone policy, security boundaries, score history, merge witnesses, and repair queues into local evidence files.

What this action does

• Installs the Jankurai CLI on the runner.
• Runs jankurai audit in advisory, observe, or ratchet mode.
• Writes JSON and Markdown audit reports.
• Writes SARIF, GitHub step summary output, and a repair queue JSONL artifact.
• Supports baseline-backed ratchet mode with agent/repo-score.json.

Example

name: Jankurai Audit

on: [pull_request, push]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: jeppsontaylor/Jankurai@v0.8.0
        with:
          mode: advisory

### Inputs

- mode: observe, advisory, or ratchet. Defaults to advisory.
- baseline: baseline score JSON path for ratchet mode. Defaults to agent/repo-score.json.

### Notes

- Jankurai is a local audit CLI and repository standard, not a hosted AI service.
- The action does not require secrets.
- The project does not send repository contents to a hosted Jankurai service.
- Jankurai is pre-1.0, so public CLI behavior and report schemas may still evolve with compatibility notes.

### Release identity

- Standard version: 0.8.0
- Auditor version: 0.8.0
- Report schema: 1.5.0
- Paper edition: 2026.05-ed8
- License: MIT


## Validation Before Clicking Publish

Run and keep receipts for:

```bash
cargo test -p jankurai --test action_metadata_smoke
cargo run -p jankurai -- versions
just fast
just score

Then test the action from a separate throwaway repository using jeppsontaylor/Jankurai@v0.8.0 or the candidate SHA. Stop if the
action cannot install Jankurai from the action repository, if Marketplace rejects the repo because of workflow files, or if GitHub
reports the action name Jankurai is unavailable.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Bulk GitHub Repository Settings Sync Action” automates the process of updating and synchronizing settings across multiple GitHub repositories. It simplifies tasks such as configuring pull request settings, enabling security features (e.g., secret scanning, Dependabot alerts), and syncing files like .gitignore, workflow files, and repository rulesets via pull requests. This action is ideal for organizations looking to streamline repository management and ensure consistent settings across projects.

What’s Changed

What’s Changed

• refactor: repository settings sync internals by @Wuodan in https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/pull/186

Full Changelog: https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/compare/v2.9.4...v2.9.5

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The OpenGrep Action is a GitHub composite action designed to automate security scanning in CI workflows using the OpenGrep tool. It installs a verified OpenGrep release, validates user-defined inputs, performs scans on the target codebase, and generates JSON and SARIF reports, which can be used in downstream processes. This action streamlines the integration of OpenGrep into CI pipelines, ensuring reproducibility, security, and ease of use for identifying and managing code vulnerabilities.

What’s Changed

• feat: release v1.0.0 (b0f4c3a)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

“Find the Gaps” is a CLI tool that analyzes codebases and their associated documentation to identify outdated, missing, or incomplete documentation. It automates the detection of mismatches between code (e.g., function signatures, new APIs) and documentation, solving the problem of “documentation drift” often overlooked by other tools like link or spell checkers. The tool supports multiple programming languages and generates detailed reports highlighting gaps, enabling project maintainers to keep documentation accurate and up-to-date.

What’s Changed

What’s Changed

• fix(site): rendered-site polish — TOC anchors, layout, mapping cards by @britt in https://github.com/sandgardenhq/find-the-gaps/pull/59
• feat: suppress missing-screenshot gaps for unanalyzable images by @britt in https://github.com/sandgardenhq/find-the-gaps/pull/60

Full Changelog: https://github.com/sandgardenhq/find-the-gaps/compare/v0.4.1...v0.4.2

• This action is used across all versions by 4 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The nix-init action is a composite GitHub Action designed to automate the setup of Nix-based repositories for CI/CD workflows. It simplifies and accelerates common initialization tasks, such as repository checkout, Git configuration, Nix installation, environment setup, and caching. This action is particularly useful for setting up consistent and efficient Nix environments across different platforms, including self-hosted runners, while minimizing repetitive configuration.

What’s Changed

• bump: v1.44.2 -> v1.45.0 (b0b33f024c18fa92f42f732e2e2001de507210cd)
• feat: Update cachix/install-nix-action action to v31.10.6 (#129) (56eaff40f92f49ac7b684d4e94e32bdd09584fc8)
• feat: Update dependency NixOS/nix to v2.34.7 (#130) (60f3b364c25f63b978892cbb99d38e9299ad95d1)
• chore(deps): lock file maintenance (#128) (f84c4ef50a6962067bc0aa01674f96b567d45539)
• chore(deps): update spotdemo4/nix-init action to v1.44.2 (#127) (491730ecf4cdf20580e6d8e2d1ec49166399ad84)

• This action is used across all versions by 17 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Skylos is an open-source static analysis tool and CI/CD pull request gate designed for Python, TypeScript/JavaScript, Java, Go, PHP, and Rust projects. It automates the detection of dead code, security vulnerabilities, hardcoded secrets, code quality issues, and mistakes in AI-generated code, ensuring these issues are identified and addressed before being merged into the main branch. Skylos offers framework-aware analysis, diff-aware regression checks, and PR-native feedback to streamline code review and improve repository standards.

What’s Changed

4.11.0 (2026-05-05)

Features

• cicd: add AI PR risk passport (#294) (750faa4)
• cicd: add PR evidence cards (#291) (10b21fd)
• debt: show saved history (#287) (8b4a4c1)
• defend: add versioned OWASP coverage (#295) (355b4f2)
• quality: add standards-backed practice enforcement (#283) (c432260)
• security: flag mixed-script paths (#288) (8689902)
• security: flag unverified webhook handlers (#289) (4127578)

Bug Fixes

• architecture: preserve submodule coupling targets (#296) (90a1e1d)
• cli: repair display severity filtering (#280) (0c3b929)

Documentation

• contributing: add contributor roadmap (#292) (d398b8a)
• security: document webhook signature rule (#290) (3024850)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The occam-gitignore GitHub Action automates the generation and maintenance of deterministic, hash-verifiable .gitignore files for any repository. By analyzing the project structure, it generates a consistent .gitignore tailored to the project’s ecosystems (e.g., Python, Docker, Node) and ensures that changes to the file are free of drift, inconsistencies, or noise. This tool simplifies .gitignore management across repositories, supports CI workflows for drift detection and auto-fixing, and provides an API for integration with other systems.

What’s Changed

Full Changelog: https://github.com/fabriziosalmi/gitignore/compare/v0.1.3...v0

• This action is used across all versions by 22 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action provides a comprehensive ESLint configuration tailored for Försäkringskassan’s development standards, streamlining linting processes across various JavaScript and TypeScript projects. It automates the enforcement of consistent code quality and style rules, integrating with CI/CD pipelines to prevent warnings from being overlooked in production builds. Key capabilities include specialized configurations for different frameworks (e.g., TypeScript, Vue, Svelte) and flexible rule customization for diverse project needs.

What’s Changed

14.1.20 (2026-05-04)

Bug Fixes

• deps: update dependency globals to v17.6.0 8324ab9

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The agent-friendly-action GitHub Action evaluates pull requests by calculating and commenting on the delta in the Agent Friendly Code score between the base and head commits, including a breakdown of contributing factors. It automates the process of assessing code changes for compatibility and optimization with AI agents, providing actionable feedback directly within PRs. The action is self-contained, runs entirely within CI without external dependencies, and supports opt-in usage via repository secrets.

What’s Changed

[0.1.2] - 2026-05-05

Changed

• Six static signals now recognise more language-ecosystem conventions, so repos correctly scaffolded in non-Node idioms (JVM, .NET, Swift, Ruby, Elixir, Haskell, OCaml, Erlang, Crystal, Zig, Dart, PHP, Lua, Clojure, Nim, C/C++) no longer score low for the ecosystem-equivalent setup:
  • contributing — accepts CONTRIBUTING.rst (Python/Sphinx, e.g. pytest/Django) and CONTRIBUTING.adoc (AsciiDoc / JVM), in root, .github/, and docs/.
  • dev_env — accepts tox.ini and noxfile.py (Python), mvnw / gradlew (JVM build wrappers), bin/setup (Ruby/Rails), and compose.yaml (the Docker-preferred canonical name, alongside the existing compose.yml / docker-compose.yml).
  • deps_manifest — accepts mix.exs (Elixir), Package.swift (Swift), build.gradle.kts (Kotlin DSL), build.sbt (Scala), deps.edn / project.clj (Clojure), stack.yaml + root *.cabal (Haskell), dune-project (OCaml), rebar.config (Erlang), shard.yml (Crystal), build.zig (Zig), CMakeLists.txt / meson.build / conanfile.txt/.py / vcpkg.json (C/C++), root-level *.csproj / *.fsproj / *.vbproj / *.sln (.NET), and root *.nimble (Nim). global.json is intentionally not counted here — it pins the .NET SDK version, not dependencies (real .NET deps live in *.csproj).
  • type_config — typed-by-default credit extended to JVM (pom.xml / build.gradle[.kts]), Scala (build.sbt), Swift (Package.swift), C# (global.json or root *.csproj / .sln), OCaml (dune-project), Haskell (stack.yaml / root *.cabal), and Zig (build.zig), in addition to the existing Rust/Go credit.
  • linter — accepts .rubocop.yml / .standard.yml (Ruby), .swiftlint.yml / .swiftformat / .swift-format (Swift, both Nick Lockwood’s and Apple’s tools), detekt.yml + config/detekt/detekt.yml / .scalafmt.conf (JVM), phpstan.neon[.dist] / psalm.xml[.dist] / .php-cs-fixer.dist.php (PHP), .credo.exs / .formatter.exs (Elixir), stylua.toml (Lua), checkstyle.xml + config/checkstyle/checkstyle.xml (Java, including the canonical Gradle plugin path), analysis_options.yaml (Dart/Flutter — the canonical lint config), .clang-format / .clang-tidy (C/C++), and .clj-kondo/config.edn (Clojure). Intentionally not counted: .editorconfig (formatting baseline, no feedback loop) and .ktlint (not a real config file — ktlint reads .editorconfig).
  • tests — adds Tests/ (Swift convention, case-sensitive filesystems) and src/test/ (Java/Kotlin) to the directory list. File regex now also recognises *Test.java, *Test[s].kt, *_test.exs (Elixir), *_test.dart (Dart), and *Spec.scala / *Test.scala.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Versionary is a software-agnostic GitHub Action designed to automate semantic versioning, changelog generation, tagging, and release PR workflows based on conventional commits. It bridges the gap between tools like semantic-release and release-please, enabling both direct and review-based release processes while being adaptable to various programming ecosystems and repository types. By centralizing version management and release metadata, it eliminates manual release tasks and integrates seamlessly into CI/CD workflows for triggering artifact publication.

What’s Changed

Features

• add follows option for declaring package-deps (4b4482c)

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Bulk GitHub Repository Settings Sync Action automates the process of updating and synchronizing settings across multiple GitHub repositories. It streamlines tasks such as configuring repository features (e.g., merge strategies, secret scanning, Dependabot alerts), syncing files (e.g., .gitignore, workflow files, CODEOWNERS), and managing repository rulesets and topics. This action solves the challenge of manually updating settings for large numbers of repositories by providing centralized control, dynamic targeting, and detailed logging for change tracking.

What’s Changed

What’s Changed

• chore(deps): bump @actions/core from 3.0.0 to 3.0.1 in the github group by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/pull/195

Full Changelog: https://github.com/joshjohanning/bulk-github-repo-settings-sync-action/compare/v2.9.2...v2.9.3

• This action is used across all versions by 5 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The bulk-github-repo-sync-action automates the synchronization of repositories between source and target GitHub organizations using mirror cloning. It simplifies tasks such as creating target repositories if they don’t exist, managing repository visibility, disabling GitHub Actions, and archiving repositories post-sync. It supports both GitHub.com and GitHub Enterprise Server, providing a streamlined solution for bulk repository management with detailed post-run analytics.

What’s Changed

What’s Changed

• chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/67
• chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/69
• chore: update copilot-instructions.md by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/70
• chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 in the eslint-plugins group by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/71
• chore(deps-dev): bump prettier from 3.8.1 to 3.8.2 by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/74
• chore(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/75
• chore(deps-dev): bump eslint-plugin-jest from 29.15.1 to 29.15.2 in the eslint-plugins group by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/73
• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/76
• chore: update copilot-instructions.md by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/79
• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/78
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/77
• chore(deps-dev): bump prettier from 3.8.2 to 3.8.3 by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/81
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/82
• chore: update browserslist to fix baseline-browser-mapping warning by @joshjohanning in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/83
• chore(deps): bump @actions/core from 3.0.0 to 3.0.1 in the github group by @dependabot[bot] in https://github.com/joshjohanning/bulk-github-repo-sync-action/pull/84

Full Changelog: https://github.com/joshjohanning/bulk-github-repo-sync-action/compare/v2.0.0...v2.0.1

• This action is used across all versions by 2 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action serves as a starter template for creating custom Node.js-based GitHub Actions. It provides pre-configured functionality such as action boilerplate with inputs/outputs, code quality tools (ESLint, Prettier), automated testing (Jest), CI/CD workflows, GitHub REST API integration, and repository statistics fetching. The template streamlines the development and deployment process by automating setup, testing, bundling, and publishing tasks, allowing developers to focus on implementing custom logic for their actions.

What’s Changed

What’s Changed

• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/78
• chore: update copilot-instructions.md by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/81
• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/80
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/79
• chore(deps-dev): bump prettier from 3.8.2 to 3.8.3 by @dependabot[bot] in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/83
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/84
• chore: update browserslist to fix baseline-browser-mapping warning by @joshjohanning in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/85
• chore(deps): bump the github group with 2 updates by @dependabot[bot] in https://github.com/joshjohanning/nodejs-actions-starter-template/pull/86

Full Changelog: https://github.com/joshjohanning/nodejs-actions-starter-template/compare/v2.0.2...v2.0.3

• This action is used across all versions by 39 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The npm-version-check-action GitHub Action ensures proper semantic versioning in Node.js projects by validating that package.json versions are incremented appropriately in pull requests. It automates tasks such as detecting relevant file changes, verifying version consistency between package.json and package-lock.json, and ensuring new versions are higher than the previous release. This action helps prevent issues caused by missing version updates during code changes and provides robust features like intelligent dependency checks, configurable settings, and support for GitHub API-based workflows.

What’s Changed

What’s Changed

• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/npm-version-check-action/pull/102
• chore: update copilot-instructions.md by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/npm-version-check-action/pull/105
• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/npm-version-check-action/pull/104
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/npm-version-check-action/pull/103
• chore(deps-dev): bump prettier from 3.8.2 to 3.8.3 by @dependabot[bot] in https://github.com/joshjohanning/npm-version-check-action/pull/107
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/npm-version-check-action/pull/108
• chore: update browserslist to fix baseline-browser-mapping warning by @joshjohanning in https://github.com/joshjohanning/npm-version-check-action/pull/109
• chore(deps): bump the github group with 2 updates by @dependabot[bot] in https://github.com/joshjohanning/npm-version-check-action/pull/110

Full Changelog: https://github.com/joshjohanning/npm-version-check-action/compare/v2.1.2...v2.1.3

• This action is used across all versions by 7 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The organization-readme-badge-generator GitHub Action automates the creation of dynamic markdown badges for a GitHub organization’s README file using data from shields.io. It helps organizations visually display key metrics, such as total repositories and recent pull request activity, in their README files. This action streamlines updates by generating and inserting badges into the README automatically, reducing manual effort and ensuring up-to-date information.

What’s Changed

What’s Changed

• docs: add immutable releases badge by @joshjohanning in https://github.com/joshjohanning/organization-readme-badge-generator/pull/84
• chore(deps-dev): bump prettier from 3.8.1 to 3.8.2 by @dependabot[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/87
• chore(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/86
• chore(deps-dev): bump eslint-plugin-jest from 29.15.1 to 29.15.2 in the eslint-plugins group by @dependabot[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/85
• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/88
• chore: update copilot-instructions.md by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/91
• chore: sync workflow configuration by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/90
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/89
• chore(deps-dev): bump prettier from 3.8.2 to 3.8.3 by @dependabot[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/92
• chore: update dependabot.yml by @joshjohanning-repo-settings-sync[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/94
• chore: update browserslist to fix baseline-browser-mapping warning by @joshjohanning in https://github.com/joshjohanning/organization-readme-badge-generator/pull/95
• chore(deps): bump @actions/core from 3.0.0 to 3.0.1 in the github group by @dependabot[bot] in https://github.com/joshjohanning/organization-readme-badge-generator/pull/96

Full Changelog: https://github.com/joshjohanning/organization-readme-badge-generator/compare/v2.0.1...v2.0.2

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Setup Kyma CLI GitHub Action automates the installation and caching of the Kyma Command Line Interface (CLI) in GitHub Actions workflows. It simplifies the process of provisioning the Kyma CLI by downloading the specified version (or the latest by default) and ensuring it is readily available for use. This action streamlines tasks involving Kyma CLI, reducing manual setup effort and supporting efficient CI/CD pipelines.

What’s Changed

What’s Changed

• Added option to append custom path to the output (#36)
• Added new flag support in app push (#35, #34)
• Authentication improvements: challenge GITHUB_TOKEN before use (#30, #31, #32)
• Dependency updates: bump actions/cache from 4 to 5 (#27)

Usage

- uses: kyma-project/setup-kyma-cli@v1.1.0

Full Changelog: https://github.com/kyma-project/setup-kyma-cli/compare/v1.0.0...v1.1.0

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 19 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The @linear/release-action GitHub Action integrates your CI/CD pipeline with Linear’s release management system. It automates the process of linking deployments to Linear releases by scanning commits for Linear issue identifiers, detecting pull request references, and creating or updating releases in Linear. This action streamlines release tracking and coordination, reducing manual effort and improving alignment between development and project management workflows.

What’s Changed

What’s Changed

• Remove beta notice from README by @axelniklasson in https://github.com/linear/linear-release-action/pull/16
• Update README by @axelniklasson in https://github.com/linear/linear-release-action/pull/17
• Update README by @axelniklasson in https://github.com/linear/linear-release-action/pull/18
• Bump default CLI version to 0.7.1 by @RomainCscn in https://github.com/linear/linear-release-action/pull/19

Full Changelog: https://github.com/linear/linear-release-action/compare/v0...v0.7.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Records FHIR Validator GitHub Action is designed to validate FHIR (Fast Healthcare Interoperability Resources) JSON resources in CI/CD pipelines or standalone Node.js applications. It automates the verification of FHIR resource compliance with specified versions (e.g., R4, R5) and optional custom profiles, helping developers ensure their healthcare data conforms to FHIR standards before deployment. Key capabilities include support for multiple FHIR versions, validation against custom profiles, and integration into CI workflows for streamlined resource validation.

What’s Changed

GitHub Action release for the Records FHIR Validator.

Use in workflows:

- uses: medvertical/records-fhir-validator@v0.1.0
  with:
    paths: resources/**/*.json
    fhir-version: R4

This action installs @records-fhir/validator from npm and validates FHIR JSON resources for R4, R4B, R5, and R6. The npm package release is also tagged as validator-v0.1.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
The mipiti-verify GitHub Action automates the verification of threat model assertions for ensuring the alignment of security controls with defined models. It streamlines tasks such as running local or API-based checks, detecting drifts in security controls, and validating signed reports for integrity and provenance. This tool helps organizations maintain compliance and reduce the risk of security gaps in their systems by integrating automated checks into CI pipelines.

What’s Changed

Docker Image

Pre-built image for faster CI (pulls cached image instead of building from source):

- uses: docker://ghcr.io/mipiti/mipiti-verify:v0.35.1@sha256:03ca7c3f1207eae994d2794021c903ada0f6f5d19704af1aaf71dd5795c5ee93

Image: ghcr.io/mipiti/mipiti-verify:v0.35.1 Digest: sha256:03ca7c3f1207eae994d2794021c903ada0f6f5d19704af1aaf71dd5795c5ee93

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Totem is a CLI tool that provides a persistent memory and enforcement layer for AI coding agents to address their tendency to forget project-specific context, repeat architectural mistakes, and reinvent existing solutions. It automates the process of converting plain-English lessons from past mistakes into enforceable linting rules, which are applied deterministically and offline to catch violations before code is pushed. By serving as a “tripwire” system, Totem maintains architectural integrity and reduces repetitive review cycles without disrupting the coding workflow.

What’s Changed

Minor Changes

• bd3fd71: totem sync Phase A / Phase B architectural separation (mmnto-ai/totem#1811, ADR-101).

  totem sync decomposes into two independently-runnable phases:

  • Phase A — deterministic pack-resolution + installed-packs.json write (no API key required, runs in CI).
  • Phase B — vector-store embedding sync (still requires the embedding key; unchanged).

  New mutually-exclusive flags on totem sync:

  • --packs-only (Lite tier): write the pack manifest only; skip embedding sync, prune, the global registry update, and the review-extensions.txt write. Designed for CI environments without API keys after a @mmnto/totem cohort bump where pack-resolution alone needs to run before totem lint recognizes newly registered Tree-sitter languages.
  • --index-only (Standard tier): run only the embedding sync; skip pack-resolution. Use when installed-packs.json is already current and only the vector store needs to re-embed.

  --packs-only hard-errors when combined with --index-only, --full, or --prune — Phase B is skipped under --packs-only, so those flags would silently no-op. --index-only composes with --full and --prune since all three modify Phase B.

  The CLI orchestrator now writes installed-packs.json BEFORE invoking runSync so --packs-only can short-circuit cleanly. The default flag-less behavior is observably equivalent to prior releases.

  UX nudge for stale manifests: when a rule expects a Tree-sitter language that isn’t registered, the rule-engine now consults installed-packs.json’s cohort field and surfaces a structured STALE_MANIFEST TotemError pointing at totem sync --packs-only whenever the manifest is missing, pre-1.27.0, or written by an engine whose major.minor differs from the running version. Patch-level cohort drift passes (caret-range pack semver tolerance). Cohort-match falls through to the original “install the pack” TotemParseError.

  Schema: InstalledPacksManifestSchema gains an optional cohort: string field (semver). Pre-1.27.0 manifests without the field continue to parse cleanly. Stamped at write time by writeInstalledPacksManifest() from resolveEngineVersion(); tests can pre-populate the field to override the stamp.

  New public surfaces (additive):

  • resolveEngineVersion(): string
  • detectStaleManifest(opts): StaleManifestDetection | null
  • staleManifestError(detection, context): TotemError
  • TotemErrorCode adds 'STALE_MANIFEST' and 'FLAG_CONFLICT'.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Customer Management Platform is a full-stack solution designed to streamline customer data management through microservices architecture and a modern React-based UI. It automates tasks like customer CRUD operations, address and family member relationship tracking, and bulk data imports via Excel files, enabling efficient handling of large datasets. Key capabilities include scalable import processing, a professional dark-themed frontend for customer management, and a robust API for integration.

What’s Changed

Composite action to run core backend and frontend checks for this repository

What’s Changed

• replaced verify action metadata field and added inline ruby and guard… by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/100
• fixed some issues that occurred in the GitHub actions workflow by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/101
• changed to github hosted runner by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/102
• few syntax issues fixed by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/103
• redesigned the UI layout to be clean and organized by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/104
• redesigned the UI layout to be clean and organized by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/105
• redesigned the UI layout to be clean and organized by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/106
• redesigned the UI layout to be clean and organized by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/107
• Develop by @NadeeshaMedagama in https://github.com/NadeeshaMedagama/customer_management_platform/pull/108

Full Changelog: https://github.com/NadeeshaMedagama/customer_management_platform/compare/v0.0.1...v0.0.2

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Mehen GitHub Action is a tool for analyzing source code metrics such as complexity, maintainability, and lines of code across large codebases. It automates tasks like tracking code quality trends, providing pre-PR quality feedback, and enriching pull request templates with metric changes. Its key capabilities include support for multiple programming languages, polyglot monorepos, customizable thresholds for metric deltas, and machine-readable reporting formats (JSON, YAML, etc.), enabling teams to efficiently monitor and manage code complexity.

What’s Changed

What’s Changed

• feat(metrics): add PowerShell language support by @tinovyatkin in https://github.com/ophidiarium/mehen/pull/69

Full Changelog: https://github.com/ophidiarium/mehen/compare/v0.3.0...v0

• This action is used across all versions by 5 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Pompelmi is a Node.js library that integrates ClamAV antivirus scanning capabilities. It automates the detection of malicious files or threats in applications with a clean, type-safe implementation and no external dependencies. This solution simplifies antivirus integration for developers, ensuring security without compromising performance or maintainability.

What’s Changed

Added

• @pompelmi/nestjs — NestJS module with PompelmiModule.forRoot() / .forRootAsync(), injectable PompelmiService (scan / scanBuffer / isMalware), PompelmiGuard (blocks malicious uploads via CanActivate), and PompelmiInterceptor (throws BadRequestException on infection). Full TypeScript declarations included.
• @pompelmi/fastify — Fastify plugin that decorates the instance with fastify.pompelmi (scan / scanBuffer / scanStream / preHandler). The preHandler() helper returns a route-level hook that scans uploaded files before the route handler runs. Supports custom onMalicious callbacks and full TypeScript declarations.
• Framework Integrations section in README.md — table of official packages with usage snippets for NestJS and Fastify.

• This action is used across all versions by 0 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action is designed to support the “magic caching” feature of RunsOn and provides additional functionalities such as displaying workflow job costs, environmental debugging, and collecting system metrics (e.g., CPU, memory, and disk usage). It automates resource cost analysis, facilitates performance monitoring, and enables enhanced visibility into workflow execution. This action is particularly useful for optimizing cloud resource usage and debugging job environments efficiently.

What’s Changed

What’s Changed

• Upgrade go, deps, and sanitize values better by @crohr in https://github.com/runs-on/action/pull/30
• Propagate actions runtime token by @crohr in https://github.com/runs-on/action/pull/34

Full Changelog: https://github.com/runs-on/action/compare/v2.1.0...v2.1.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

“Find the Gaps” is a CLI tool designed to analyze a codebase and its corresponding documentation to identify outdated, missing, or mismatched documentation. It automates the process of detecting issues such as undocumented APIs or discrepancies between code and documentation, which are often overlooked by traditional link or spell checkers. By leveraging language parsing and documentation analysis, it provides detailed reports to help maintainers ensure their documentation stays accurate and up-to-date.

What’s Changed

What’s Changed

• fix(analyzer): fail-open on per-batch image download errors in relevance pass by @britt in https://github.com/sandgardenhq/find-the-gaps/pull/58

Full Changelog: https://github.com/sandgardenhq/find-the-gaps/compare/v0.4.0...v0.4.1

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

DockDesk is a local-first semantic documentation auditor that ensures code and documentation remain synchronized by analyzing code logic and comparing it with documentation claims. It addresses issues such as documentation drift, privacy risks, and infrastructure costs by running entirely on local hardware using efficient semantic language models, eliminating the need for cloud-based APIs. Key features include discrepancy detection, auto-generation of documentation fixes, natural-language CLI, custom rule integration, and export options for various formats.

What’s Changed

Full Changelog: https://github.com/srivatsa-source/dockdesk/compare/v2.4.1...v3.0.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
The vibe-hardening GitHub Action is a security scanner designed for AI-generated codebases, particularly those built with popular AI coding tools. It automates the detection of vulnerabilities such as hardcoded secrets, injection risks, insecure authentication, and supply chain issues across multiple languages (JavaScript, TypeScript, Python, Go, Rust). By providing rule-based analysis and tailored outputs, it helps developers identify and mitigate security risks efficiently, ensuring safer and more reliable code.

What’s Changed

vibe-hardening 0.4.0 — new agent scan subcommand for AI agent skill files.

npx vibe-hardening agent scan

Why now

Speed is the only moat in indie security tooling. The first OpenClaw / Hermes / Cursor skill compromise that hits HN front page will trigger Google searches for “agent skill scanner” — and the tool that’s already shipped, ranked, and starred wins that traffic. Built before the first skill compromise hits the news.

What it does

Statically scans local AI agent skill files for security issues. Auto-detects 10 platforms by filesystem stat:

Plus generic ~/.<agent>/skills/ pattern for the long tail.

5 rule packs / 65 detection rules

• A — Hardcoded secrets in SKILL.md / configs / .env. Reuses v1’s 27 SECRET_RULES verbatim. Hermes specifically stores all secrets in ~/.hermes/.env (not config.yaml) — that file is now scanned.
• B — Prompt injection patterns (11 rules): “ignore previous instructions”, role overrides, ChatML control tokens, Llama instruction tags, zero-width hidden characters.
• C — Dangerous shell commands (14 rules) in body and scripts/ files: rm -rf /, curl | sh, eval/exec on user variables, persistence into .bashrc / authorized_keys, fork bombs.
• D — Skill schema / body integrity (5 active sub-rules): missing required fields, hidden scripts/ directory, sensitive path + nearby exfil verb, env-dump pattern, folder name typosquatting popular skills.
• G — MCP server config issues (6 rules): http:// (non-TLS), localhost residue, secrets in env block, server name typosquatting (Levenshtein ≤ 2), > 20 servers, npx -y of unverified packages.

CLI flags

vh agent scan                            # all detected platforms
vh agent scan --target cursor            # filter to one platform
vh agent scan --rule b,c                 # only rule packs B + C
vh agent scan --exclude secret           # skip secret rules
vh agent scan --severity high            # CI-friendly threshold
vh agent scan --format json -o r.json    # machine-readable
vh agent scan --no-telemetry             # one-shot opt-out

Telemetry

Sends a separate event_type: 'agent_scan' event with an agents_detected presence vector across known platforms. Reuses the same opt-in config as v1 (default off, never re-prompts). Zero PII.

Stats

• 65 new agent-scan rules
• 74 existing code-scan rules
• 406 tests
• 192 KB tarball, 268 files
• MIT, free forever

Install

npx vibe-hardening agent scan         # one-shot
npm install -g vibe-hardening         # global

Full changelog: CHANGELOG.md.

• This action is used across all versions by 5 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Container Build Flow Action automates intelligent Docker/Container image builds and tagging based on GitHub workflow contexts, eliminating repetitive manual configurations. It detects branch types (e.g., PRs, development, hotfixes) and applies branch-aware tagging strategies while supporting multi-platform builds, security scanning, and registry integration for Docker Hub and GitHub Container Registry. This action streamlines container workflows, saving development time and reducing errors in multi-branch environments.

What’s Changed

[1.8.1] - 2026-05-05

Changed

• fix validation order and disabled-state outputs
• fix bot-detection false skips on human-authored PRs (#43)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The @zeropress/build-pages GitHub Action automates the process of converting a directory of Markdown files and public assets into deployable static files optimized for modern hosting platforms like GitHub Pages, Netlify, or Vercel. It simplifies the generation of static websites by discovering Markdown content, converting it to structured preview data, staging public assets, and creating easily deployable output. This action helps streamline static site generation workflows, saving time and reducing manual effort.

What’s Changed

• chore: add icon for GitHub Marketplace. (6eba1b7)
• Build ZeroPress static output for modern hosting platforms. (d9140c6)
• chore: github action build script. (bba4c50)
• feat: add default theme. (docs) (ce65ee1)
• init metadata. (f6a92d3)
• Add MIT License to the project (f34e0f6)

• This action is used across all versions by 65 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The aimock GitHub Action provides a comprehensive mocking framework for testing AI applications by simulating interactions with various APIs and services, including LLMs, image and audio generation, transcription, vector databases, and more. It eliminates the need for real API calls during development and testing, preventing unexpected costs and enabling deterministic testing with features like record/replay and multi-turn conversation simulations. This action supports multiple AI providers and tools, offering a unified, dependency-free testing solution on a single port.

What’s Changed

What’s Changed

• feat: Gemini Interactions API record/replay (issue #136) by @jpr5 in https://github.com/CopilotKit/aimock/pull/139
• feat: AG-UI spec alignment + drift auto-remediation by @jpr5 in https://github.com/CopilotKit/aimock/pull/149
• fix: harden AG-UI recorder, mock, and handler error handling by @jpr5 in https://github.com/CopilotKit/aimock/pull/150
• fix: make Gemini Interactions drift tests resilient to API unavailability by @jpr5 in https://github.com/CopilotKit/aimock/pull/151
• feat: mock non-speech audio generation (ElevenLabs, fal.ai, Gemini) by @jpr5 in https://github.com/CopilotKit/aimock/pull/140

Full Changelog: https://github.com/CopilotKit/aimock/compare/v1.16.4...v1.17.0

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Recul is a GitHub Action and CLI tool designed to help teams manage their npm dependencies by staying a specified number of versions behind the latest published release. It aims to reduce the risk of supply chain attacks by introducing a buffer period, allowing time to detect and address potential issues in newly released versions. Recul automates dependency versioning in CI pipelines, enforces an auditable policy, and provides configurable options for managing lag, pre-release filtering, and package-specific behaviors.

What’s Changed

Fix catalog: singular shorthand not being recognised. Projects using the top-level catalog: key (instead of catalogs.default:) now correctly get catalog edit suggestions and --fix support.

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

MUAD’DIB is a security scanning tool designed to detect and analyze threats in npm and PyPI packages, addressing the growing issue of supply chain attacks. It combines multiple detection methods, including 14 parallel scanners, machine learning classifiers, deobfuscation, and sandboxing, to identify known threats (225,000+ IOCs) and suspicious behavioral patterns. The action automates threat detection, risk scoring, and pre-installation package scanning, providing developers with a robust first line of defense against malicious dependencies.

What’s Changed

+10 IOCs, +2 compounds, hasSelfDelete inference. csec 19→75+, chai-extensions 10→23+.

• This action is used across all versions by 22 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

eslint-config-fk provides a shareable ESLint configuration tailored for Försäkringskassan projects, streamlining code linting and ensuring consistent coding standards across various environments, including CI/CD pipelines. It automates the setup of ESLint rules, supports multiple configurations for specific frameworks (e.g., TypeScript, Vue, Jest, etc.), and allows for customization of rules and file matching. This action simplifies the integration of ESLint into development workflows, especially within monorepo setups.

What’s Changed

14.1.19 (2026-05-02)

Bug Fixes

• deps: update dependency eslint-plugin-cypress to v6.4.0 10a69f5

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action by OtterWise automates the process of uploading and managing code coverage, mutation testing results, and type coverage reports to an external service or API. It simplifies workflows for tracking code quality metrics and integrates seamlessly with repositories, supporting advanced use cases like multi-part coverage uploads and monorepo component tagging. By streamlining these tasks, it helps teams maintain oversight of testing and type safety across their projects.

What’s Changed

What’s Changed

• Add part and part-total options to README by @LasseRafn in https://github.com/getOtterWise/github-action/pull/4

Full Changelog: https://github.com/getOtterWise/github-action/compare/v1...v1.0.2

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The ghcr-manager GitHub Action simplifies the inspection, analysis, and management of GitHub Container Registry (GHCR) packages, focusing on correctness and handling of complex artifacts like multi-arch images and attestations. It automates tasks such as metadata extraction, consistency checks, and safe cleanup of container images, solving challenges in managing large-scale registry packages. Key capabilities include database export for local analysis, optimized data lookups, and configurable cleanup operations with a dry-run option for safe artifact deletion.

What’s Changed

Full Changelog: https://github.com/gh-workflow/ghcr-manager/compare/0.0.5...0.0.6

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action provides reusable workflows and tools for automating tasks in CI pipelines, primarily used by the go-openapi project. It simplifies the installation and version management of Go-based tools (e.g., gotestsum, go-junit-report) by using pre-released binaries, ensuring consistent and vetted dependencies. Additionally, it includes specialized actions like waiting for all jobs to complete before merging a PR, addressing timing issues in multi-job workflows.

What’s Changed

1.4.13 - 2026-05-04

Full Changelog: https://github.com/go-openapi/gh-actions/compare/v1.4.12...v1.4.13

1 commits in this release.

Documentation

• doc: fixup README by @fredbi …

People who contributed to this release

• @fredbi

gh-actions license terms

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

ReleaseKit is a versatile tool for automating versioning, changelog generation, and package publishing for JavaScript and Rust projects, including mixed monorepos. It simplifies release management by leveraging Conventional Commits to derive semantic versioning, generating enhanced release notes, and automating the publishing process to platforms like npm and crates.io. Designed for CI/CD workflows, it offers a unified or modular command-line interface and integrates seamlessly with GitHub Actions for streamlined automation.

What’s Changed

What’s Changed

• chore(deps): bump actions/checkout from 4 to 6 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/4
• chore(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/3
• chore(deps): bump actions/checkout from 4 to 6 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/12
• chore(deps): bump actions/download-artifact from 4 to 8 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/11
• chore(deps): bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/10
• chore(deps): bump amannn/action-semantic-pull-request from 5 to 6 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/2
• chore(notes): update zod and other package versions by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/17
• fix: codeQL alert no. 9 - Useless regular-expression character escape by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/19
• feat: scope & prompt configurations for LLM tasks by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/22
• chore(deps): bump liquidjs from 10.24.0 to 10.25.0 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/25
• chore(deps-dev): bump the development-dependencies group with 2 updates by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/23
• chore(deps): bump the production-dependencies group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/27
• feat: token support by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/26
• test: package testing and CI updates by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/36
• chore(deps): bump dorny/paths-filter from 3 to 4 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/33
• feat: rework CLI structure, add dispatcher by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/52
• feat: add release pipeline automation configuration by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/51
• feat(release): add --branch option to specify push branch by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/46
• feat(release): add release preview functionality by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/43
• chore: update release workflow to use releasekit from npm by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/42
• fix(release): implement shared entry deduplication in release previews by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/53
• feat: push-triggered release workflow by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/50
• chore: skip dependabot devdep commits by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/55
• chore(deps): bump smol-toml from 1.6.0 to 1.6.1 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/54
• feat(publish): add title extraction from tags for GitHub releases by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/57
• refactor(release): update note formatting in release previews by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/67
• fix(ci): add PUBLISH and RELEASE conditions to CI detection logic by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/68
• feat: display release notes in release workflow summary by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/66
• feat(ci): add sync option to release workflows by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/64
• feat(publish): add publishSucceeded flag to output and update pipeline logic by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/63
• feat(templates): add version header & separators to release notes template by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/69
• feat(ci): add label checking step to release-on-push workflow by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/70
• feat(release): add npm_auth input for authentication method in workflows by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/65
• chore(deps): bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/71
• feat(version): sanitize package names in formatTag function by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/72
• feat(version): sanitize package names in formatTag function by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/73
• refactor(notes): improve error handling for API key validation by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/75
• chore(deps): bump actions/deploy-pages from 4 to 5 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/78
• chore(deps): bump actions/upload-pages-artifact from 3 to 4 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/77
• refactor: rework configuration by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/76
• chore(schema): add missing ci property by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/81
• docs: improve documentation by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/80
• feat: init command by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/83
• fix: address autorelease publish failures by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/85
• chore: remove npmrc munging by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/87
• fix(publish): only create GitHub release when tag was pushed by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/88
• fix(version): create per-package tags in multi-package sync mode by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/90
• fix: correct changelog data and tag matching for per-package sync releases by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/91
• fix: version default regression by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/92
• fix(notes): populate releaseNotes output and simplify GitHub release body fallback by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/93
• fix(version): count commits from repo root in sync mode by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/94
• fix(notes): suppress heading and add compare URL in per-package release notes by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/95
• feat(release): add preview command to dispatcher by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/96
• feat: introduce Github Action with release and preview modes by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/97
• fix: update action-release workflow to use new tag format and improve version extraction logic by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/99
• chore(deps-dev): bump the development-dependencies group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/38
• chore(deps): bump the production-dependencies group across 1 directory with 7 updates by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/79
• refactor: move command factories to new modules with no isMain guard by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/100
• chore: change default mode to preview in action.yml and update command order in CLI and dispatcher by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/101
• feat: add support for scope labels by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/102
• feat(release): improve label handling by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/103
• test(release): standardise test descriptions for clarity by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/104
• refactor: update label handling from ‘release’ to ‘bump’ for consistency by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/105
• feat: enhance label extraction to support ‘bump’ labels by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/106
• fix(version): hook up package filtering with wildcard support by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/107
• refactor(ci): enhance label handling for bump and release scenarios by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/108
• fix(release): implement effective target handling for scope labels by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/109
• fix(release): implement effective target handling for scope labels by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/110
• fix: refine prerelease handling in version calculation by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/113
• refactor: improve modularity by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/114
• chore(deps-dev): bump the development-dependencies group with 2 updates by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/112
• feat: workflow boilerplate reduction by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/117
• refactor(action): migrate SSH key input to secrets in action.yml by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/119
• chore(deps): bump liquidjs from 10.25.2 to 10.25.5 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/118
• chore(deps): bump the production-dependencies group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/120
• feat: resolve packages in gate by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/121
• feat: add stable option to release & version commands for prerelease graduation by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/125
• feat(action): add stable input option for prerelease graduation by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/126
• feat(ci): add lockfile validation step to CI workflow by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/127
• fix: apply bump for first release when no previous tag exists by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/128
• fix: enhance first release handling in version calculation by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/130
• fix(version): refine first release condition to respect stableOnly flag by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/131
• fix(version): improve first release handling to ensure correct version bumping by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/132
• fix(version): simplify first release handling to return current version directly by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/133
• refactor: remove defaultScope handling and enforce target specification by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/134
• fix(version): implement dynamic tag stripping based on template configuration by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/135
• fix(publish): ensure reliable publishing from package directory by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/136
• chore: add publish debug by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/137
• fix(core): add conditional debug logging based on DEBUG environment var by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/138
• feat: add skip-checkout option to ReleaseKit action by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/139
• fix(release): allow manual release without target when no PRs are found by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/140
• feat: enhance error handling and verbose output in action script by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/141
• fix(action): exclude userPnpmStore from NODE_PATH to prevent E2BIG errors by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/142
• feat(action): add support for fetching and syncing remote changes with optional skip-checkout by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/143
• fix(action): disable Git hooks during sync process by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/144
• feat: update bump option to include ‘prerelease’ type by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/145
• feat(publish): add support for publishing with uncommitted changes by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/146
• feat(version): improve support for pure Rust packages by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/148
• feat: add stable graduation output and logic for release stability by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/152
• chore(deps): bump pnpm/action-setup from 5 to 6 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/122
• chore(deps): bump actions/upload-pages-artifact from 4 to 5 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/149
• chore(deps-dev): bump the development-dependencies group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/150
• test(e2e): add new fixtures and tests for scoped releases and prerelease handling by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/153
• fix(release): update PR fetching logic to find merged PRs since last release by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/154
• feat: per-package push in non-sync mode by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/155
• feat: add standing PR functionality by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/156
• feat(release): add standing PR commit status checks by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/158
• feat: add runStandingPRMerge functionality and update command by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/157
• feat(release): batch accumulation controls for standing PR strategy by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/161
• feat: release notes editing in standing PR by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/160
• chore(deps): bump liquidjs from 10.25.5 to 10.25.7 by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/162
• chore: add claude code github workflows by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/165
• feat(release): implement per-PR evaluation and notification for release gate by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/163
• chore(deps-dev): bump @typescript-eslint/parser from 8.58.2 to 8.59.0 in the development-dependencies group by @dependabot[bot] in https://github.com/goosewobbler/releasekit/pull/164
• fix: pure rust publishing without a package.json by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/171
• feat: add githubRelease.skipPackages to suppress GitHub releases by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/172
• fix: correct manual release version calculation when using scope-based package targeting by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/173
• docs: rework README by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/174
• refactor(action): convert runAction to async and use spawn for child process execution by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/175
• feat(publish): add User-Agent header to crates.io API requests and enhance error handling by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/176
• feat(publish): idempotent publish behaviour by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/177
• refactor(notes): update LLM provider interfaces and enhance message handling by @goosewobbler in https://github.com/goosewobbler/releasekit/pull/178

New Contributors

• @dependabot[bot] made their first contribution in https://github.com/goosewobbler/releasekit/pull/4

Full Changelog: https://github.com/goosewobbler/releasekit/commits/v0.20.0

• This action is used across all versions by 9 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Hwaro is a lightweight and fast static site generator written in Crystal that automates the process of building high-performance websites from Markdown content with front matter and Jinja2-compatible templates. It solves challenges like managing complex content structures, optimizing site performance, and streamlining deployment by offering features such as parallel builds, live-reloading dev server, SEO tools, image processing, and multilingual support. Its robust capabilities include advanced templating, content management, and platform-specific deployment configurations, making it a versatile tool for developers creating modern static websites.

What’s Changed

v0.13.1

Fixed

• Homebrew tap name in install docs (#517)
• Ruby interpolation in published formula’s test block (#518)

Big thanks to @cena for the small-but-critical reports, docs and the Homebrew publish workflow are both fixed here. Re-tap and reinstall, and ping me if anything still misbehaves. Thanks again!

Full Changelog: https://github.com/hahwul/hwaro/compare/v0.13.0...v0.13.1

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Versionary is a software-agnostic GitHub Action designed to automate semantic versioning, changelog generation, and release workflows while supporting both direct releases and release PR reviews. It simplifies release management by centralizing version planning, tagging, and source control metadata, and ensures compatibility across various repository types (e.g., Node, Rust, docs). By focusing on extensibility and leaving artifact publishing to CI/CD workflows, it provides a streamlined, adaptable solution for managing software releases.

What’s Changed

Features

• add manual release notes through NEXT_RELEASE.md (d976edd)
• allow @ in json path (b7b1eef)

• This action is used across all versions by 9 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

NeuroLink is an AI integration platform that unifies multiple major AI providers and models under a single, consistent API, enabling seamless interaction with diverse AI services. It simplifies provider switching, automates cost optimization, and supports advanced features like multi-provider failover, memory persistence, and intelligent tool routing. Designed for enterprise-scale applications, NeuroLink streamlines the integration, execution, and management of AI workflows across various systems and architectures.

What’s Changed

9.61.1 (2026-05-04)

Bug Fixes

• (memory): fix null tool result storage by reading AI SDK output field (1e6dbf8)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Lineaje Scan Action is a GitHub Action designed to automatically scan container images and source code for vulnerabilities using the Lineaje platform. It provides a summary of detected vulnerabilities and, optionally, generates a fix plan by creating patched artifacts such as updated Dockerfiles or dependency manifests (e.g., pom.xml, requirements.txt). This action streamlines vulnerability detection and remediation, enabling developers to automate security scans and integrate fixes directly into their CI/CD workflows.

What’s Changed

Full Changelog: https://github.com/lineaje-actions/lineaje-actions/compare/v1.2.0...v1.2.1

• This action is used across all versions by 34 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The swift-format-action GitHub Action automates the process of running Apple’s swift-format tool for Swift code linting and formatting within CI/CD workflows. It helps developers ensure consistent code style and adherence to formatting standards by either detecting issues (linting) or automatically correcting them. This action streamlines code quality checks, reducing manual effort and improving collaboration on Swift projects.

What’s Changed

Full Changelog: https://github.com/mtgto/swift-format-action/commits/v1.0.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The claude-hooks-check GitHub Action is a Python-based linter designed to validate and ensure the correctness of the hooks configuration in Claude Code’s settings.json or standalone hooks JSON files. It automates the detection of common errors, such as typos in event names, malformed matcher blocks, missing or invalid hook properties, dangerous command patterns, and hardcoded secrets, helping prevent potentially harmful or misconfigured commands from being executed. This tool provides a robust solution for improving the safety and reliability of Claude Code integrations by identifying issues before they cause runtime errors or security risks.

What’s Changed

Full Changelog: https://github.com/MukundaKatta/claude-hooks-check/commits/v0.1.0

• This action is used across all versions by 5 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “pompelmi” GitHub Action provides ClamAV antivirus scanning specifically for Node.js environments. It automates the detection of malicious files, ensuring security by integrating a lightweight and dependency-free solution with built-in TypeScript support. This action helps developers maintain clean and secure codebases by streamlining the antivirus scanning process.

What’s Changed

Added

• Webhook notifications — notify(webhookUrl, scanResult, options) sends a POST request when a virus is detected. Payload includes file, verdict, viruses, timestamp, and hostname. Supports HMAC-SHA256 request signing via X-Pompelmi-Signature header when a secret is provided. Ships with onlyOnMalicious: true default so noise-free by default. Uses Node.js built-in https/http — zero extra dependencies.
• EventEmitter scanner — createScanner(options) returns an EventEmitter-based scanner with scan(filePath) and scanDirectory(dirPath) methods. Emits 'clean', 'malicious', 'scanError', and 'error' events per file — ideal for streaming pipelines and upload processing loops.
• Automated GitHub Release notes — release workflow now extracts the matching changelog section from CHANGELOG.md and uses it as the release body, with a one-line summary in the release title (vX.Y.Z — <summary>). No more static template.
• .mailmap — maps any historical claude/Claude authorship entries to the project author so they are excluded from GitHub’s contributor list.

Changed

• src/index.js — exports notify and createScanner alongside existing API.
• types/index.d.ts — full TypeScript declarations for notify, NotifyOptions, WebhookPayload, ScanResultInput, createScanner, and ScanEmitter (including typed event overloads).

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The setup-probitas GitHub Action automates the setup of the Probitas scenario-based testing framework in CI workflows. It installs the required Deno runtime, sets up the Probitas CLI at a specific or default version, and optionally leverages caching for dependencies to improve performance. This action simplifies the process of configuring Probitas for automated testing, enabling developers to efficiently integrate and run tests across different environments and configurations.

What’s Changed

Full Changelog: https://github.com/probitas-test/setup-probitas/compare/v1...v1.4.0

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The pr-code-coverage-visualizer GitHub Action automates the visualization of test coverage in pull requests by analyzing code coverage data from one or more cobertura.xml files. It provides a detailed summary of overall and per-file coverage, highlighting covered, uncovered, and partially covered code lines within the context of the PR. This action solves the problem of manually assessing test coverage changes, enabling developers to quickly identify gaps and ensure code quality.

What’s Changed

2.2.1 (2026-05-03)

Bug Fixes

• Catch errors when adding a github comment and write to the step summary instead (#15) (b0681fe)

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The GitHub Logs Analyzer is an AI-powered action designed to automatically analyze failed CI workflow logs, identify the root cause, and provide actionable fix suggestions. It automates the debugging process by posting detailed diagnostic comments on pull requests and updating the job summary with key failure insights. This action streamlines troubleshooting, saving time and effort for developers by delivering clear, AI-generated solutions for build and test failures.

What’s Changed

What it does

Automatically analyzes GitHub Actions failures and posts a detailed AI-generated report as a PR comment — including root cause, failed steps, and a concrete fix suggestion.

Supported AI Providers

• Anthropic Claude (claude-sonnet-4-6)
• Google Gemini (gemini-2.5-flash)
• OpenAI (gpt-4o-mini)
• Groq / Llama (llama-3.3-70b-versatile)

Usage

- uses: Rutvik2598/github-logs-analyzer@v1.0.0
  with:
    provider: gemini
    gemini-api-key: ${{ secrets.GEMINI_API_KEY }}

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action automates the process of downloading and installing provisioning profiles for iOS applications by integrating with App Store Connect. It simplifies the management of provisioning profiles, eliminating manual steps and ensuring compatibility with specified bundle IDs and profile types. The action outputs profile data in JSON format for further use in workflows, streamlining app development and deployment pipelines.

What’s Changed

• 🐛 fix build version issue (f7a65bb)
• 🐛 fix build issue (4ac0fad)
• ✨ release new version(v4) (eedc206)
• 🐛 fix invalid build number (eab6317)
• 🐛 fix build number replace (931d88b)
• 🐛 fix dist index.js (223ca0d)
• ✨ add tf version fetcher (5a34030)

• This action is used across all versions by 2 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Pi Coding Agent Action integrates the Pi coding agent with CI/CD workflows on platforms like GitHub, Codeberg, and Forgejo. It automates tasks such as issue analysis, generating reports, creating or updating pull requests, and conducting automated code reviews. This action simplifies the integration of Pi into workflows by offering user-friendly features like log formatting, auto-replies, and efficient interaction with GitHub-compatible APIs, streamlining code review and issue resolution processes.

What’s Changed

2.15.3 - 2026-05-04

Changed

• default to openai for examples
• split context.ts into cohesive modules and create tools subpackage (#170)
• update readme about optional token input

Fixed

• catch Pi agent session errors and fail the workflow (#168)

• This action is used across all versions by 4 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, Bernstein, is an AI orchestration tool designed to automate software development tasks by coordinating multiple AI coding agents. It decomposes a high-level project goal into smaller tasks, distributes them across various AI agents, runs tests, and merges successful code changes, delivering working code efficiently. Bernstein eliminates non-deterministic task allocation and enables reproducible, parallelized workflows, offering flexibility to use any AI model or provider without vendor lock-in.

What’s Changed

v1.9.4

Documentation

• mkdocs: switch from horizontal top tabs to vertical sidebar nav
• complete docs overhaul wave 2 + URL-org migration
• comprehensive overhaul (10-agent audit + 6-agent implementation)
• i18n: add README translations in 11 languages

CI / Infrastructure

• typos: exclude docs/i18n/** from spell-check

Full changelog: https://github.com/sipyourdrink-ltd/bernstein/compare/v1.9.3...v1.9.4

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The RsMetaCheck GitHub Action automates the detection of metadata issues (pitfalls and warnings) in software repositories using the RsMetaCheck tool and SoMEF. It simplifies the process of identifying and reporting metadata problems by analyzing repository URLs or pre-existing SoMEF output and generates detailed reports, annotations, and summary tables directly in the GitHub Actions UI. This action is particularly useful for ensuring high-quality metadata, highlighting areas for improvement, and enforcing metadata standards in repositories.

What’s Changed

• Adding markdown feedback of the report and improvements of visual feedback overall. (304796a)
• Adding test file (ce98d94)
• Adding RsMetaCheck GitHub Action with Docker container and entrypoint script (0969733)
• Initial commit (e8d87a4)

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The dotnet-package-smoke GitHub Action helps .NET package authors validate their NuGet packages by simulating real-world consumer usage. It automates the creation of a local NuGet feed, packaging projects, and testing the packages for installation, restoration, and compatibility with generated or predefined consumer projects. This action ensures packages are free from common consumption issues like restore failures, missing dependencies, or improper layouts before release.

What’s Changed

[1.2.0] - 2026-05-04

Added

• Add smoke-restore-arguments for passing extra arguments to dotnet restore for smoke projects.
• Add smoke-test-arguments for passing extra arguments to dotnet test for smoke projects.

Changed

• Remove the planned generic smoke-arguments wording in favour of explicit restore and test argument inputs.

Fixed

• None.

• This action is used across all versions by 3 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Task Setup Action is a GitHub Action designed to streamline the installation and configuration of the Task runner (go-task/task) within GitHub workflows. It automates the setup of specific Task versions, supports customization through variables and caching, and simplifies dependency management for build and automation processes. This action eliminates the need for manual installation, making it easier to integrate Task into CI/CD pipelines.

What’s Changed

Installation

- uses: tenthirtyam/setup-task@v1.0.4

Refer to the README.md for detailed usage information.

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Expand AWS IAM Wildcards” GitHub Action automates the process of identifying and expanding wildcard actions in AWS IAM policies within pull request (PR) diffs. It posts inline comments on PRs, detailing the specific IAM actions that each wildcard matches, with links to AWS documentation. This action simplifies security reviews by making changes to IAM policies more transparent and easier to understand, reducing the risk of unintentional over-permissions.

What’s Changed

What’s Changed

• ci: bump reviewdog/action-actionlint from 1.68.0 to 1.72.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/80
• deps: bump the npm-dependencies group with 3 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/81
• Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/82
• ci: bump actions/setup-node from 6.3.0 to 6.4.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/83
• deps: bump the npm-dependencies group with 5 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/84
• Add an integration test for review comment creation and reuse, using fake PR by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/85
• Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/86
• Prepare v1.2.5 release by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/87

Full Changelog: https://github.com/thekbb/expand-aws-iam-wildcards/compare/v1.2.4...v1.2.5

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

cargo-chronoscope is a tool for monitoring and analyzing Rust build performance by consuming Cargo’s build event stream and storing the data in a SQLite database. It automates the tasks of live build observation, historical build tracking, performance comparison between builds, and anomaly detection to identify crates compiling slower or faster than usual. Key features include a real-time TUI dashboard, build history listing, build diffing, and baseline-aware anomaly classification, making it a valuable resource for improving and understanding Rust project build efficiency.

What’s Changed

What’s Changed

• docs(readme): refresh Status section with current platform coverage by @fatima836 in https://github.com/ymw0407/cargo-chronoscope/pull/52
• [Chore] Fix .gitignore typo (.cargo-chrono -> .cargo-chronoscope) by @q404365631 in https://github.com/ymw0407/cargo-chronoscope/pull/53
• chore(ci): bump action default version by @txhno in https://github.com/ymw0407/cargo-chronoscope/pull/54
• fix(ci): post perf sticky comment on fork PRs via workflow_run by @ymw0407 in https://github.com/ymw0407/cargo-chronoscope/pull/59
• refactor: drop skeleton-phase #![allow(dead_code)] and unused items by @ymw0407 in https://github.com/ymw0407/cargo-chronoscope/pull/61
• docs(readme): embed watch dashboard demo GIF by @ymw0407 in https://github.com/ymw0407/cargo-chronoscope/pull/62
• chore(release): add Windows target and cross-compile macOS Intel by @ymw0407 in https://github.com/ymw0407/cargo-chronoscope/pull/64

New Contributors

• @fatima836 made their first contribution in https://github.com/ymw0407/cargo-chronoscope/pull/52
• @q404365631 made their first contribution in https://github.com/ymw0407/cargo-chronoscope/pull/53
• @txhno made their first contribution in https://github.com/ymw0407/cargo-chronoscope/pull/54

Full Changelog: https://github.com/ymw0407/cargo-chronoscope/compare/v0.1.6...v0.1.7

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Maconomy Java Check GitHub Action automates the compilation of Java 8 source files against a predefined set of libraries and reports any issues as annotations directly on pull request lines. It simplifies the process of identifying and addressing compilation errors or warnings during code reviews, improving developer efficiency and collaboration. Key capabilities include severity-based failure thresholds and metrics on findings for enhanced code quality analysis.

What’s Changed

v4

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Dokkimi GitHub Action automates the execution of integration, end-to-end (E2E), and visual regression tests in a Kubernetes environment within GitHub Actions workflows. It sets up a single-node Kubernetes cluster, runs tests using the Dokkimi CLI, and manages the entire lifecycle, including cleanup, without requiring prior infrastructure expertise. This action simplifies complex testing workflows by handling test orchestration, resource management, and environment setup, reducing manual effort and accelerating CI/CD pipelines.

What’s Changed

Removed unnecessary dokkimi clean from cleanup step for better performance

• This action is used across all versions by 5 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Geni is a high-performance, Rust-based database migration tool designed to streamline collaboration among developers and ensure databases remain synchronized with application code. It automates tasks like creating, applying, rolling back, and managing timestamp-based migrations across multiple databases, including Postgres, MySQL, MariaDB, SQLite, and LibSQL. Geni solves the challenges of managing migrations in a collaborative environment and integrates seamlessly into CI/CD pipelines for efficient database version control.

What’s Changed

[v1.3.2] - 2026-05-04

• Improved schema dump for PostgreSQL, MariaDB, and MySQL databases. (#301)

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The getbao Deploy Action automates the deployment of the getbao authentication service to Cloudflare Workers directly from GitHub workflows. It handles tasks such as downloading versioned release assets, provisioning Cloudflare infrastructure (e.g., D1 database, KV namespace), applying database migrations, deploying authentication-related workers, and securely bootstrapping encryption keys. This action simplifies and streamlines the deployment process, reducing manual effort while ensuring consistent and secure deployments.

What’s Changed

• release: v1.0.0-alpha.11 (c4a4919)
• release: v1.0.0-alpha.10 (aa1ffa1)
• release: v1.0.0-alpha.8 (ac986e1)
• release: v1.0.0-alpha.7 (1cf3a90)
• release: v1.0.0-alpha.6 (bb13c08)
• release: v0.0.0 (b9ba3a6)
• release: v0.0.0-alpha.2 (ffbbb09)
• release: v0.0.0-alpha.1 (eda7693)
• release: v0.0.0-alpha (b1fbed7)

• This action is used across all versions by 2 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

GitHub JSON Bourne is a GitHub Action designed to automate the generation of a structured JSON file (github.json) containing comprehensive data about a user’s GitHub profile, including contributions, activity, repositories, and derived statistics such as streaks and commit counts. It simplifies the process of fetching and consolidating data from GitHub’s APIs, ensuring reliable output even if some sources fail, and is ideal for powering dashboards, reports, or external integrations without manual data collation.

What’s Changed

What’s Changed

• chore(deps): bump actions/setup-node from 4.4.0 to 6.3.0 by @dependabot[bot] in https://github.com/ggfevans/github-json-bourne/pull/2
• fix(deps): bump @actions/core to v3 to resolve undici security alerts by @ggfevans in https://github.com/ggfevans/github-json-bourne/pull/3
• chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 by @dependabot[bot] in https://github.com/ggfevans/github-json-bourne/pull/6
• fix(action): declare node24 runtime instead of unsupported node25 by @ggfevans in https://github.com/ggfevans/github-json-bourne/pull/7
• Bump version from 1.0.0 to 1.1.0 by @ggfevans in https://github.com/ggfevans/github-json-bourne/pull/8

New Contributors

• @dependabot[bot] made their first contribution in https://github.com/ggfevans/github-json-bourne/pull/2

Full Changelog: https://github.com/ggfevans/github-json-bourne/compare/v1.0.0...v1.1.0

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 570 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The GitGuardian Shield GitHub Action is a security tool designed to automatically scan code repositories for exposed credentials, secrets, and over 400 types of potential security vulnerabilities during CI workflows. By integrating with GitHub Actions, it helps developers prevent sensitive data leaks and enforce security policies efficiently. The action leverages GitGuardian’s API to perform stateless scans without storing scanned files or detected secrets.

What’s Changed

Changelog

Updated to ggshield 1.50.3.

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

delstack is a CLI tool and GitHub Action designed to automate the deletion of AWS CloudFormation stacks, including those with resources that are typically difficult to remove. It ensures complete cleanup by force-deleting undeletable resources (e.g., non-empty S3 buckets) and resolving inter-stack dependencies, preventing orphaned resources. Key features include parallel deletion, interactive stack selection, handling of deletion protections, and integration with popular IaC tools like AWS CDK, AWS SAM, and Serverless Framework.

What’s Changed

What’s Changed

• docs: add mise installation method by @go-to-k in https://github.com/go-to-k/delstack/pull/635
• chore: add CLAUDE.md by @go-to-k in https://github.com/go-to-k/delstack/pull/638
• ci: Add Claude Code GitHub Workflow by @go-to-k in https://github.com/go-to-k/delstack/pull/640
• docs: add Claude Code skills for adding operators/preprocessors by @go-to-k in https://github.com/go-to-k/delstack/pull/642
• feat: force-delete Subnet/SG blocked by orphan Lambda VPC ENIs by @go-to-k in https://github.com/go-to-k/delstack/pull/643

Full Changelog: https://github.com/go-to-k/delstack/compare/v2.10.0...v2.11.0

• This action is used across all versions by 3 repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Version Tagger GitHub Action automates the management of version tags in repositories, supporting both production and development environments. It simplifies version control by generating and updating tags based on semantic versioning (SemVer) and predefined workflows. This action is particularly useful for maintaining consistent versioning practices and reducing manual effort in version tracking.

What’s Changed

EN

Changed

• Updated project dependencies, including @actions/core, @actions/github, TypeScript, ESLint, Jest-related tooling, and GitHub Actions.
• Tests adapted to the latest ESM-only versions of @actions/core and @actions/github.
• Updated Jest and TypeScript configs to ensure tests and types work correctly in VSCode.
• Updated GitHub Actions workflows, Dependabot configuration, and linting settings.
• Updated the build file dist/index.js.
• Updated documentation and coverage badge.
• Added project-specific .codex rules.

Fixed

• Fixed test compatibility with new versions of the GitHub Actions SDK
• Fixed Octokit client type in Github via ReturnType<typeof getOctokit>

RU

Изменено

• Обновлены зависимости проекта, включая @actions/core, @actions/github, TypeScript, ESLint, Jest-related tooling и GitHub Actions.
• Тесты адаптированы под актуальные ESM-only версии @actions/core и @actions/github.
• Обновлены Jest и TypeScript конфиги для корректной работы тестов и типов в VSCode.
• Обновлены GitHub Actions workflows, Dependabot-конфигурация и настройки линтинга.
• Обновлена сборка dist/index.js.
• Обновлена документация и coverage badge.
• Добавлены локальные .codex правила проекта.

Исправлено

• Исправлена совместимость тестов с новыми версиями GitHub Actions SDK.
• Исправлен тип Octokit-клиента в Github через ReturnType<typeof getOctokit>.

What’s Changed

• Bump the development group with 2 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/74
• Bump @types/node from 22.7.5 to 22.7.7 in the development group by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/75
• Bump the development group with 2 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/76
• Bump @types/node from 22.8.1 to 22.8.7 in the development group by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/77
• Bump the development group with 3 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/78
• from varcel to tsup, up lib, dependabot interval from weekly to monthly by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/80
• Bump the development group with 4 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/81
• Bump super-linter/super-linter from 7.1.0 to 7.2.0 in the actions-minor group by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/82
• Bump the development group with 5 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/83
• change setup-node node version file by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/84
• migrate to ESLint 9 by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/85
• Bump the development group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/87
• Bump super-linter/super-linter from 7.2.0 to 7.2.1 in the actions-minor group by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/88
• Bump the development group with 4 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/89
• Bump the development group with 4 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/90
• Bump the development group with 2 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/91
• pnpm up 9 to 10, libs up. ts fixed viersion 5.7.3 by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/103
• lib up by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/116
• Bump super-linter/super-linter from 7.3.0 to 7.4.0 in the actions-minor group by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/112
• Bump the development group with 2 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/117
• Bump actions/checkout from 4 to 5 by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/120
• Up lib 20251229 by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/136
• Bump the development group with 2 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/137
• Bump globals from 16.5.0 to 17.0.0 by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/138
• lib up 11.01.2026 by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/141
• Bump the development group with 5 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/142
• Bump the development group with 4 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/143
• Bump the development group with 4 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/144
• Bump the development group with 7 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/148
• Bump @eslint/js from 9.39.2 to 9.39.3 by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/150
• Bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/152
• Bump the development group with 9 updates by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/160
• Bump typescript-eslint from 8.58.2 to 8.59.0 in the development group by @dependabot[bot] in https://github.com/GregoryGost/version-tagger/pull/164
• Обновлены зависимости и тесты для актуальных Actions SDK by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/168
• Обновление зависимостей и адаптация тестов под актуальные Actions SDK by @GregoryGost in https://github.com/GregoryGost/version-tagger/pull/169

Full Changelog: https://github.com/GregoryGost/version-tagger/compare/v1.0.5...v1.1.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

tokentoll is a CLI tool and GitHub Action designed to analyze code for Large Language Model (LLM) API calls, estimate their associated costs, and highlight cost impacts of code changes directly in pull requests or the terminal. It helps developers identify potential cost implications, such as increased API expenses due to model changes or new calls, during the code review process. Key features include static analysis of various LLM SDKs, cost estimation, and detailed cost comparisons between commits or branches.

What’s Changed

Summary

Reverts the v0.6.0 special-case that skipped AzureChatOpenAI(deployment_name=...) calls. The skip was inconsistent: every other dynamic model gets a per-SDK default with a (default) label, only Azure was being silently dropped. v0.6.1 restores symmetry and adds an opt-in for users who want stricter behavior.

Changes

New: skip_dynamic_models config option

Set in .tokentoll.yml to suppress cost estimates for any call whose model name cannot be resolved statically:

skip_dynamic_models: true

Also supported as a per-path override:

overrides:
  - path: src/azure/
    skip_dynamic_models: true

When enabled, dynamic-model calls are still detected and listed but reported with no cost rather than priced against a default.

LangChain detector

AzureChatOpenAI(deployment_name=...) and AzureChatOpenAI(azure_deployment=...) calls without an explicit model= argument now flow through the standard dynamic-default path (priced as gpt-4o (default) unless overridden). Use the new skip_dynamic_models option to suppress these.

Upgrade

- uses: Jwrede/tokentoll@v0.6.1

pip install --upgrade tokentoll

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The js-action-pr-giphy-commit GitHub Action automates the process of adding GIFs to pull request comments, enhancing collaboration and engagement in code reviews. It streamlines the task of embedding relevant GIFs based on commit messages or predefined inputs, saving time and adding visual context to PR discussions. Key capabilities include GIF selection, automated commenting, and seamless integration into CI/CD workflows.

What’s Changed

it uses javascript to get pull random thank you images from giphy eveytime a pull request is made.

• This action is used across all versions by 1 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

SecondBrain is a CLI tool that connects to various external data sources (e.g., Salesforce, Slack, GitHub, YouTube) to retrieve and filter relevant information, which it then analyzes using a Large Language Model (LLM) via Retrieval Augmented Generation (RAG) techniques. It automates tasks such as generating insights, summaries, and reports from diverse and disconnected data sources, enabling efficient data aggregation and analysis. Key capabilities include querying filtered data, analyzing file directories, summarizing GitHub repository changes, and extracting insights from YouTube transcripts.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The cloudflare-tunnel-ssh-action GitHub Action simplifies secure SSH access to remote servers through a Cloudflare Tunnel, using a service token for zero-trust authentication without exposing port 22 to the internet. It automates the setup of cloudflared and SSH configuration, enabling seamless use of SSH-based commands (e.g., ssh, scp, rsync) in subsequent CI/CD workflow steps. This action addresses security and accessibility concerns by eliminating the need for public-facing SSH ports while maintaining ease of use and compatibility.

What’s Changed

Added

• Initial release — part of the NXTools Collection by NX1X (https://nx1xlab.dev/nxtools)
• Install cloudflared from GitHub releases (latest or pinned version)
• Write SSH private key with correct permissions (chmod 600)
• Create wrapper script embedding TUNNEL_SERVICE_TOKEN_ID / TUNNEL_SERVICE_TOKEN_SECRET at write-time (bypasses ProxyCommand subprocess env var propagation issue)
• Configure ~/.ssh/config with ProxyCommand, IdentityFile, timeouts, and keep-alive settings
• Verify step: print cloudflared version, key fingerprint, redacted wrapper script, SSH config entry
• Optional connection test (test-connection: true by default)
• Inputs: cf-access-client-id, cf-access-client-secret, ssh-private-key, ssh-host, ssh-user, cloudflared-version, ssh-key-path, connect-timeout, server-alive-interval, test-connection
• Manual release workflow (workflow_dispatch) with version validation, duplicate tag check, and floating major version tag
• CI workflow with pinned actionlint (v1.7.7) and shellcheck
• Dependabot for GitHub Actions version updates

Security

• All ${{ inputs.* }} and ${{ steps.*.outputs.* }} expressions in shell scripts routed through env: blocks to prevent script injection
• Input validation for cloudflared-version — rejects values that don’t match latest or X.Y.Z format
• softprops/action-gh-release pinned to commit SHA to prevent supply chain attacks
• Explicit permissions blocks on all workflows (least-privilege contents: read)
• Credentials redacted in verify step output via sed
• Documentation examples use env: blocks instead of direct ${{ secrets.* }} in run: blocks

• This action is used across all versions by 5 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, “pompelmi,” provides ClamAV antivirus scanning functionality for Node.js applications. It automates the detection of malware or viruses in files using the ClamAV engine, offering a clean, typed implementation with no external dependencies. Its key capabilities include reliable virus scanning and seamless integration into Node.js projects, helping developers secure their applications efficiently.

What’s Changed

What’s New

AWS S3 Integration

Scan S3 objects directly without downloading to disk:

const { scanS3 } = require('pompelmi')

const result = await scanS3({
  bucket: 'my-bucket',
  key: 'uploads/file.pdf',
  region: 'us-east-1'
})

Streams the object directly from S3 to clamd via the INSTREAM protocol — zero disk I/O.

Connection Pooling

Maintain persistent connections to clamd for high-throughput applications:

const { createPool } = require('pompelmi')

const pool = createPool({ host: 'localhost', port: 3310, size: 5 })
const result = await pool.scan('file.pdf')
await pool.destroy()

👀 Watch Mode

Monitor a directory and auto-scan every new or modified file:

const { watch } = require('pompelmi')

watch('/uploads', { socket: '/var/run/clamav/clamd.sock' }, {
  onClean:     (file) => console.log('Clean:', file),
  onMalicious: (file) => fs.unlinkSync(file),
  onError:     (err)  => console.error(err)
})

Automatic Retry

Reconnect automatically if clamd is temporarily unreachable:

const result = await scan('file.pdf', {
  host: 'localhost',
  port: 3310,
  retries: 3,
  retryDelay: 1000
})

Changes

• src/S3Scanner.js — S3 streaming integration via @aws-sdk/client-s3
• src/ClamdPool.js — queue-based persistent connection pool
• src/Watcher.js — fs.watch wrapper with debounce and auto-scan
• src/ClamdScanner.js, BufferScanner.js, StreamScanner.js — retry logic
• src/index.js — exports scanS3, createPool, watch
• types/index.d.ts — updated type declarations
• docs/s3.md — new S3 integration guide
• docs/api.md — updated with all new functions
• README.md — updated Features list and API table

Full Changelog

https://github.com/pompelmi/pompelmi/compare/v1.9.0...v1.10.0

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

TriagePod is a GitHub Action designed to streamline issue triage by analyzing newly opened issues and providing configurable intake guidance. It automates tasks such as detecting duplicates, verifying required information, classifying issues, suggesting or applying labels, and recommending discussion routing. By integrating these capabilities, TriagePod helps maintainers efficiently manage issues, ensure completeness, and improve the organization of repository workflows.

What’s Changed

TriagePod is a GitHub-native issue triage assistant for repositories that want faster, cleaner, and more consistent issue intake.

What this release includes

This initial Marketplace release ships TriagePod as a Docker-based GitHub Action built with Python 3.12 and uv.

Core capabilities in this version:

• Duplicate suggestion detection against open issues
• Missing-information checks using repository-local YAML configuration
• Rules-first classification for bug, feature, docs, support, and other
• Label suggestions with optional auto-apply support
• Discussions routing suggestions when enabled
• Dry-run mode for safe rollout and testing
• Professional triage comment rendering
• Optional AI extension points with deterministic fallback behavior

Repository and packaging

This release includes:

• Root action.yml metadata for GitHub Actions and Marketplace
• Docker-based action packaging
• Marketplace branding metadata
• README installation and usage guidance
• Example triagepod.yml configurations for different repository styles

Configuration

TriagePod is configured per repository using:

.github/triagepod.yml

The action supports configuration for:

• feature flags
• required fields
• duplicate detection behavior
• discussion routing
• comments
• automation
• label mapping
• optional AI settings

Recommended first rollout

For first-time adoption, use dry-run mode:

- uses: rampodhq/traige-pod@v0.1.2
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    config_path: .github/triagepod.yml
    dry_run: "true"

This allows teams to validate classification, missing-info checks, and duplicate suggestions before enabling live issue mutations.

Notes

• This release targets issues.opened events for V1
• Auto-labeling is available but should be enabled conservatively
• AI is optional and not required for core functionality

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Nimbus GitHub Action automates the deployment of projects to self-hosted servers using the Nimbus service. It simplifies the deployment process by integrating with GitHub workflows to push updates based on a specified configuration file. This action is particularly useful for streamlining deployments and managing server configurations directly from a CI/CD pipeline.

What’s Changed

What’s Changed

• fix: preserve full branch name instead of sanitizing slashes by @prayujt in https://github.com/rayman-tech/nimbus-action/pull/6

Full Changelog: https://github.com/rayman-tech/nimbus-action/compare/v1.0.1...v1.1

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

gomarklint is a high-performance Markdown linter built in Go, designed to analyze and validate large Markdown files quickly and efficiently. It automates tasks like detecting broken links, enforcing consistent heading structures, and validating predictable document formatting, making it ideal for documentation quality assurance. The tool is optimized for speed, supports integration with CI/CD pipelines (e.g., GitHub Actions), and provides outputs suitable for both human and machine readability.

What’s Changed

Changelog

Bug Fixes 🐛

• 9425259b181f188e57a845e3647b0f047f3c66f3: fix(ci): restrict goreleaser trigger to semver tags only (#239) (@shinagawa-web)

• This action is used across all versions by ? repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The gomarklint-action is a GitHub Action designed to automate the process of linting Markdown files within a repository, ensuring they adhere to defined style and formatting guidelines. It helps developers maintain consistent documentation standards by identifying and reporting issues in Markdown files during CI workflows. This action has been migrated to the shinagawa-web/gomarklint repository for continued updates and support.

What’s Changed

v1.2.0

First release published to GitHub Marketplace.

What’s new since v1.1.0

• Go 1.25 support — upgraded builder base image to golang:1.25-alpine to support gomarklint v2.15.0+

What’s new since v1.0.0

• PR comment — post lint results as a pull request comment; the comment is updated on each subsequent run, avoiding duplicates (comment-on-pr: true, github-token inputs)

Features

• Lint Markdown files using your .gomarklint.json config
• Fails the build when issues are detected
• Optional PR comment with lint results
• Supports all gomarklint rules: formatting, external links, internal fragment links

• This action is used across all versions by 2 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The helm-chart-release-action is a GitHub Action designed to automate the packaging, publishing, and distribution of Helm charts. It streamlines the release process by combining tasks such as creating Helm chart packages, updating and publishing them to a Helm repository on a gh-pages branch, and optionally pushing them to an OCI (Open Container Initiative) registry. This action simplifies Helm chart lifecycle management, supports both single and multi-chart workflows, and offers flexible configurations like dry-run mode, dependency updates, and version control.

What’s Changed

Bug Fixes

• Gate appVersion override by GITHUB_REF_TYPE to skip non-tag triggers (a8b91fc)

Documentation

• Update changelog (fae8c13)

Miscellaneous

• Set CODEOWNERS to @somaz94 (b66a14d)
• Drop unused docker dependabot ecosystem (composite action, no Dockerfile) (c77df68)

Full Changelog: https://github.com/somaz94/helm-chart-release-action/compare/v1.0.2...v1.0.3

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Actions Optimizer” GitHub Action analyzes your workflows and provides actionable recommendations to improve efficiency, reduce costs, and enhance performance. It identifies optimization opportunities such as adding caching, enabling parallelization, implementing skip logic, reducing redundancy, and optimizing resource usage. This action helps automate workflow analysis, enabling developers to streamline CI/CD processes and save time and resources.

What’s Changed

Analyzes your GitHub Actions workflows and recommends concrete optimizations.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Migration Guard is a GitHub Action designed to analyze database migrations and identify potentially dangerous SQL operations, such as data loss, long table locks, or backward-incompatible changes, before they are deployed to production. It supports multiple databases (PostgreSQL, MySQL, SQLite) and works with various migration formats, ensuring a broader coverage beyond dbt-specific tools. By automating the detection of risky SQL patterns, it enhances database safety and prevents production issues caused by problematic migrations.

What’s Changed

Database migration safety checker for GitHub Actions.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action evaluates the complexity of pull requests to enhance reviewability by scoring them on factors like cognitive complexity, cross-cutting concerns, and directory spread. It automates the identification of oversized or overly complex PRs and provides actionable suggestions for splitting them into more manageable parts. This helps streamline code reviews and improve collaboration efficiency.

What’s Changed

Scores pull requests on reviewability and suggests splits for oversized PRs.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

VibeStats is a GitHub Action that tracks and aggregates usage statistics from Claude Code and Codex sessions, preserving historical data beyond the default 30-day retention period. It automates the synchronization of daily usage metrics (e.g., tokens, sessions, and model breakdowns) to a private GitHub repository, enabling long-term analytics and insights via a personalized heatmap and dashboard. This action addresses data retention limitations, ensures privacy by default, and provides comprehensive usage visualization across machines.

What’s Changed

• Polish for Reddit launch: dashboard updates + README screenshots (#111) (256a96a)
• refactor: harness trait + registry (#110) (9dcbb95)
• docs: highlight long-term retention as a vibestats feature (b812af7)
• fix usage parity and bump 2.1.0 (#109) (cd18769)
• chore: align package version with v2 release (#108) (5db6234)
• feat: add codex usage syncing (#107) (b16a695)
• fix(site): target correct overflow element for heatmap auto-scroll (#106) (62ae1b4)
• fix(site): scroll heatmap to most-recent months on narrow viewports (#105) (5b8289d)
• feat(site): show GitHub profile picture in dashboard header (#104) (223c72a)
• fix(site): landing page heatmap theme-aware empty cells, random data (8c89db4)

• This action is used across all versions by 1 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Issues Translate Action is a GitHub Action designed to automatically translate non-English issue descriptions, pull request (PR) conversations, and review comments into English. It streamlines collaboration on multilingual projects by eliminating language barriers and ensuring that all team members can understand and engage with content in a common language. The action can post translations directly in issue threads or PR review comments, and it supports the use of custom bot accounts for added flexibility.

What’s Changed

What’s Changed

• Fix missing bundled runtime dependencies in the published action by @Copilot in https://github.com/tisfeng/issues-translate-action/pull/2

Full Changelog: https://github.com/tisfeng/issues-translate-action/compare/v2.8...v2.8.1

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action facilitates the management of Terraform state files (.tfstate) by using MongoDB as a backend. It automates the process of fetching the latest state before a Terraform run and saving the updated state after execution, while also maintaining only the two most recent snapshots to minimize storage usage. Its key capabilities include seamless state file versioning, storage optimization, and integration with MongoDB for reliable state management.

What’s Changed

What’s Changed

• Support cli by @tsuji-riya in https://github.com/tsuji-riya/tfstate-loves-mongo/pull/1

New Contributors

• @tsuji-riya made their first contribution in https://github.com/tsuji-riya/tfstate-loves-mongo/pull/1

Full Changelog: https://github.com/tsuji-riya/tfstate-loves-mongo/compare/v1.1...v1.2.0

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The AI VPS Reviewer GitHub Action automates code reviews using Google Gemini AI, running securely on a user’s private VPS. It eliminates the need for installing dependencies on GitHub Runners, ensures data privacy by keeping API keys and secrets on the VPS, and provides context-aware reviews by maintaining conversation history for pull requests. This action is resource-efficient, supports small VPS instances, and is designed with a security-first approach to protect sensitive data.

What’s Changed

Full Changelog: https://github.com/Val-d-emar/ai-vps-reviewer/compare/v2...v2.0.2

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

mcp-audit is a privacy-first security scanner that detects vulnerabilities in MCP (Model Context Protocol) server configurations, commonly used by AI coding clients. It automates the discovery of misconfigurations, credential exposure, tool poisoning, and cross-server attack paths, while also performing live server analysis and static code analysis (SAST). The tool provides comprehensive security auditing features, including an interactive attack graph dashboard, OWASP MCP Top 10 mapping, and continuous monitoring, to safeguard development environments against malicious activity and configuration errors.

What’s Changed

mcp-audit v0.8.1 — Bug fix patch Three fixes, all found during a manual test matrix audit. shadow, pin, and sbom — accurate empty-state messages. If you have an MCP config file on disk but no servers defined in it, these three commands previously printed a misleading “No MCP servers found” — identical to the message shown when no config files exist at all. They now distinguish the two cases correctly. snapshot –path — fixed crash on stale keyword argument. mcp-audit snapshot –path

- name: Run Code-Shamer
        uses: cs-2526-grupo-1/code-shamer@v2.0
        with:
          telegram_token: ${{ secrets.TELEGRAM_TOKEN }}
          telegram_chat_id: ${{ secrets.TELEGRAM_CHAT_ID }}

uses: LautaroOrellano/ai-triage@v1
with:
  github-token: ${{ secrets.GITHUB_TOKEN }}
  ai-api-key: ${{ secrets.AI_API_KEY }}
  auto-close-stale: 'true' # Optional: set to true for monthly cleanup runs

mcp-audit shadow
mcp-audit shadow --allowlist .mcp-audit-allowlist.yml --continuous
mcp-audit shadow --format json | jq

mcp-audit killchain
mcp-audit killchain --top 5 --format json
mcp-audit killchain --patch yaml --output-file remediation.yml

mcp-audit diff main feature-branch
mcp-audit diff scan-before.json scan-after.json --format pr-comment

mcp-audit snapshot --output snapshot.json
mcp-audit snapshot --sign --output snapshot.json
mcp-audit snapshot --rehydrate old-snapshot.json
mcp-audit snapshot --stream | curl -H "Authorization: Splunk $TOKEN" ...

cssnr/mozilla-addon-update-action@latest
cssnr/mozilla-addon-update-action@v1
cssnr/mozilla-addon-update-action@v1.1
cssnr/mozilla-addon-update-action@v1.1.0
cssnr/mozilla-addon-update-action@56123349065253e7d8ab56dea29e81b8891babc8 # v1.1.0