<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Spawnlab-Dev on GitHub Actions Marketplace News</title><link>https://devops-actions.github.io/github-actions-marketplace-news/tags/spawnlab-dev/</link><description>Recent content in Spawnlab-Dev on GitHub Actions Marketplace News</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Sat, 04 Jul 2026 06:15:45 +0000</lastBuildDate><atom:link href="https://devops-actions.github.io/github-actions-marketplace-news/tags/spawnlab-dev/index.xml" rel="self" type="application/rss+xml"/><item><title>Send Email with MailKite</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/send-email-with-mailkite/</link><pubDate>Sat, 04 Jul 2026 06:24:30 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/send-email-with-mailkite/</guid><description>Version updated for https://github.com/mailkite/send-email-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Send email with MailKite from any workflow. See README for inputs + the inbound→repository_dispatch recipe.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mailkite/send-email-action">https://github.com/mailkite/send-email-action</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/send-email-with-mailkite">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Send email with MailKite from any workflow. See README for inputs + the inbound→repository_dispatch recipe.</p>
]]></content:encoded></item><item><title>Quorum consensus security scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/quorum-consensus-security-scan/</link><pubDate>Sat, 04 Jul 2026 06:23:57 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/quorum-consensus-security-scan/</guid><description>Version updated for https://github.com/Martinez1991/quorum-sec-scan to version v0.8.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog bf624853a310007127d7223e7f1c1952186b028f: Merge pull request #60 from Martinez1991/feat/action-advice-inputs (@Martinez1991) 1723f878b86eaab1925a57820f79ce9160b8ee96: feat(action): expose the advisory layer (–advice / AI / –fix) as inputs (@Martinez1991)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Martinez1991/quorum-sec-scan">https://github.com/Martinez1991/quorum-sec-scan</a></strong> to version <strong>v0.8.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/quorum-consensus-security-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="changelog">Changelog</h2>
<ul>
<li>bf624853a310007127d7223e7f1c1952186b028f: Merge pull request #60 from Martinez1991/feat/action-advice-inputs (@Martinez1991)</li>
<li>1723f878b86eaab1925a57820f79ce9160b8ee96: feat(action): expose the advisory layer (&ndash;advice / AI / &ndash;fix) as inputs (@Martinez1991)</li>
</ul>
]]></content:encoded></item><item><title>Docker Swarm Deployment Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/docker-swarm-deployment-action/</link><pubDate>Sat, 04 Jul 2026 06:23:25 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/docker-swarm-deployment-action/</guid><description>Version updated for https://github.com/matchory/docker-swarm-deployment-action to version v1.2.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix: re-enable YAML merge keys dropped by js-yaml v5 by @Radiergummi in https://github.com/matchory/docker-swarm-deployment-action/pull/152 feat: active Compose → Swarm reconciliation by @Radiergummi in https://github.com/matchory/docker-swarm-deployment-action/pull/153 Full Changelog: https://github.com/matchory/docker-swarm-deployment-action/compare/v1.1...v1.2.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/matchory/docker-swarm-deployment-action">https://github.com/matchory/docker-swarm-deployment-action</a></strong> to version <strong>v1.2.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/docker-swarm-deployment-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>fix: re-enable YAML merge keys dropped by js-yaml v5 by @Radiergummi in <a href="https://github.com/matchory/docker-swarm-deployment-action/pull/152">https://github.com/matchory/docker-swarm-deployment-action/pull/152</a></li>
<li>feat: active Compose → Swarm reconciliation by @Radiergummi in <a href="https://github.com/matchory/docker-swarm-deployment-action/pull/153">https://github.com/matchory/docker-swarm-deployment-action/pull/153</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/matchory/docker-swarm-deployment-action/compare/v1.1...v1.2.0">https://github.com/matchory/docker-swarm-deployment-action/compare/v1.1...v1.2.0</a></p>
]]></content:encoded></item><item><title>ansede-static</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/ansede-static/</link><pubDate>Sat, 04 Jul 2026 06:22:51 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/ansede-static/</guid><description>Version updated for https://github.com/mattybellx/Ansede to version v5.5.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed [5.5.0] — 2026-07-03 Added Runtime framework-root detection (_detect_framework_root) — auto-detects framework/library repos from package metadata, enabling noise suppression on arbitrary cloned repos (not just known benchmark paths) Test-file noise policy (_is_test_file, _TEST_FILE_NOISE_RULES) — suppresses CWE-798/327/338 findings in test fixtures, examples, and demos Expanded framework-internal path markers — 60+ new patterns covering cloned campaign repos (py-flask/, js-express/, etc.) and installed packages Confidence downgrading for non-exempt framework-internal findings (0.5 cap) and test-file findings (0.6 cap) Changed rich moved to production dependencies — declared explicitly in pyproject.toml; guardrails updated to 10MB limit with rich allowlist CWE-617 severity: high → medium (error-handling, not direct exploit) CWE-532 severity: high → medium (information leak) README precision claims — replaced “0.4% FP rate” with honest “36-58% precision on web apps” Test count badge: 1,207 → 1,234 Fixed Framework noise suppression now works on cloned repos — previously only matched specific benchmark directory names; now catches py-flask/, js-express/, and 30+ common clone patterns FrameworkFingerprint made mutable — inspect_ast_node() and verify_endpoint_protection() can now set detected_framework at runtime verify_endpoint_protection checks default values — FastAPI = Depends(...) pattern (default value, not annotation) now detected Engineering Spec Compliance Phase 1.3: Dependency declaration (rich as prod dep) Phase 1.4: mypy --strict added to CI Phase 2.2: register_symbol, resolve_call, propagate_taint_cross_file in interprocedural.py Phase 2.3: FrameworkFingerprint.inspect_ast_node + verify_endpoint_protection Phase 2.4: Rule severity recalibration Phase 3.1: generate_remediation_snippet with 6 code-fix templates Phase 3.4: ProcessPoolExecutor parallel analysis Phase 3.5: safe_parse_target with 3-encoding fallback Phase 4.1: docs/rules/index.md rule catalog Phase 4.2: rules/custom_checks.yaml blueprint Phase 4.3: filter_findings_by_git_diff PR isolation</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mattybellx/Ansede">https://github.com/mattybellx/Ansede</a></strong> to version <strong>v5.5.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ansede-static">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="550--2026-07-03">[5.5.0] — 2026-07-03</h2>
<h3 id="added">Added</h3>
<ul>
<li><strong>Runtime framework-root detection</strong> (<code>_detect_framework_root</code>) — auto-detects framework/library repos from package metadata, enabling noise suppression on arbitrary cloned repos (not just known benchmark paths)</li>
<li><strong>Test-file noise policy</strong> (<code>_is_test_file</code>, <code>_TEST_FILE_NOISE_RULES</code>) — suppresses CWE-798/327/338 findings in test fixtures, examples, and demos</li>
<li><strong>Expanded framework-internal path markers</strong> — 60+ new patterns covering cloned campaign repos (<code>py-flask/</code>, <code>js-express/</code>, etc.) and installed packages</li>
<li><strong>Confidence downgrading</strong> for non-exempt framework-internal findings (0.5 cap) and test-file findings (0.6 cap)</li>
</ul>
<h3 id="changed">Changed</h3>
<ul>
<li><strong><code>rich</code> moved to production dependencies</strong> — declared explicitly in <code>pyproject.toml</code>; guardrails updated to 10MB limit with <code>rich</code> allowlist</li>
<li><strong>CWE-617 severity</strong>: <code>high</code> → <code>medium</code> (error-handling, not direct exploit)</li>
<li><strong>CWE-532 severity</strong>: <code>high</code> → <code>medium</code> (information leak)</li>
<li><strong>README precision claims</strong> — replaced &ldquo;0.4% FP rate&rdquo; with honest &ldquo;36-58% precision on web apps&rdquo;</li>
<li><strong>Test count badge</strong>: 1,207 → 1,234</li>
</ul>
<h3 id="fixed">Fixed</h3>
<ul>
<li><strong>Framework noise suppression now works on cloned repos</strong> — previously only matched specific benchmark directory names; now catches <code>py-flask/</code>, <code>js-express/</code>, and 30+ common clone patterns</li>
<li><strong><code>FrameworkFingerprint</code> made mutable</strong> — <code>inspect_ast_node()</code> and <code>verify_endpoint_protection()</code> can now set <code>detected_framework</code> at runtime</li>
<li><strong><code>verify_endpoint_protection</code> checks default values</strong> — FastAPI <code>= Depends(...)</code> pattern (default value, not annotation) now detected</li>
</ul>
<h3 id="engineering-spec-compliance">Engineering Spec Compliance</h3>
<ul>
<li>Phase 1.3: Dependency declaration (rich as prod dep)</li>
<li>Phase 1.4: <code>mypy --strict</code> added to CI</li>
<li>Phase 2.2: <code>register_symbol</code>, <code>resolve_call</code>, <code>propagate_taint_cross_file</code> in interprocedural.py</li>
<li>Phase 2.3: <code>FrameworkFingerprint.inspect_ast_node</code> + <code>verify_endpoint_protection</code></li>
<li>Phase 2.4: Rule severity recalibration</li>
<li>Phase 3.1: <code>generate_remediation_snippet</code> with 6 code-fix templates</li>
<li>Phase 3.4: <code>ProcessPoolExecutor</code> parallel analysis</li>
<li>Phase 3.5: <code>safe_parse_target</code> with 3-encoding fallback</li>
<li>Phase 4.1: <code>docs/rules/index.md</code> rule catalog</li>
<li>Phase 4.2: <code>rules/custom_checks.yaml</code> blueprint</li>
<li>Phase 4.3: <code>filter_findings_by_git_diff</code> PR isolation</li>
</ul>
]]></content:encoded></item><item><title>Synaptic PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/synaptic-pr-review/</link><pubDate>Sat, 04 Jul 2026 06:22:18 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/synaptic-pr-review/</guid><description>Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.2.7.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.2.7 Fix: summary comment now updates in-place on re-review instead of duplicating (post_inline.py) Fix: new delete_issue_comment() helper for cleaning up stale OpenCode-created comments ( eview_context.py)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/minhphu102003/ai-pr-review-action">https://github.com/minhphu102003/ai-pr-review-action</a></strong> to version <strong>v0.2.7</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/synaptic-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="v027">v0.2.7</h2>
<ul>
<li>Fix: summary comment now updates in-place on re-review instead of duplicating (<code>post_inline.py</code>)</li>
<li>Fix: new <code>delete_issue_comment()</code> helper for cleaning up stale OpenCode-created comments (<code> eview_context.py</code>)</li>
</ul>
]]></content:encoded></item><item><title>ModelBound Skill Check</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/modelbound-skill-check/</link><pubDate>Sat, 04 Jul 2026 06:21:45 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/modelbound-skill-check/</guid><description>Version updated for https://github.com/ModelBound/skill-check-action to version v1.1.4.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed GitHub Action that lints, trust-scores, and estimates token savings for agent skill files on every pull request via ModelBound.co context management tools.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/ModelBound/skill-check-action">https://github.com/ModelBound/skill-check-action</a></strong> to version <strong>v1.1.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/modelbound-skill-check">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>GitHub Action that lints, trust-scores, and estimates token savings for agent skill files on every pull request via ModelBound.co context management tools.</p>
]]></content:encoded></item><item><title>Run AER Tests</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/run-aer-tests/</link><pubDate>Sat, 04 Jul 2026 06:21:12 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/run-aer-tests/</guid><description>Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.7.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.7
Fix Resolving Class Names Shadowed By Local Variables</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/octoberswimmer/aer-dist">https://github.com/octoberswimmer/aer-dist</a></strong> to version <strong>v1.2.7</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>0</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/run-aer-tests">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Version v1.2.7</p>
<ul>
<li>Fix Resolving Class Names Shadowed By Local Variables</li>
</ul>
]]></content:encoded></item><item><title>PatchFlow Security Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/patchflow-security-scan/</link><pubDate>Sat, 04 Jul 2026 06:20:39 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/patchflow-security-scan/</guid><description>Version updated for https://github.com/Patchflow-security/patchflow-cli to version v0.1.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed PatchFlow CLI v0.1.3 Benchmark Results (v1.0) 18 intentionally vulnerable repos: 100% recall, 918K LOC, 19 CWE categories 5 historical CVE repos: 100% recall, 387K LOC 10 clean repos: 0.094 HC/KLOC, 720K LOC See Benchmark Report v1.0 for details.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Patchflow-security/patchflow-cli">https://github.com/Patchflow-security/patchflow-cli</a></strong> to version <strong>v0.1.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/patchflow-security-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="patchflow-cli-v013">PatchFlow CLI v0.1.3</h2>
<h3 id="benchmark-results-v10">Benchmark Results (v1.0)</h3>
<ul>
<li>18 intentionally vulnerable repos: 100% recall, 918K LOC, 19 CWE categories</li>
<li>5 historical CVE repos: 100% recall, 387K LOC</li>
<li>10 clean repos: 0.094 HC/KLOC, 720K LOC</li>
</ul>
<p>See <a href="https://github.com/Patchflow-security/patchflow-benchmarks/blob/main/reports/BENCHMARK_REPORT_v1.0.md">Benchmark Report v1.0</a> for details.</p>
<h2 id="changelog">Changelog</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>6d6dcca8ab3e82afd29d15f6ec26254e80423fc1: fix(install): resolve PATH issues and add containerized install test matrix (Ghertil Abdelmalek <a href="mailto:ghertilabdelmalek@outlook.fr">ghertilabdelmalek@outlook.fr</a>)</li>
</ul>
<h3 id="other-changes">Other Changes</h3>
<ul>
<li>3fd6e36d76c27da5feb9148450e9d887c80c7350: PatchFlow CLI v0.1.2 — local-first security scanner with framework-aware SAST (Ghertil Abdelmalek <a href="mailto:ghertilabdelmalek@outlook.fr">ghertilabdelmalek@outlook.fr</a>)</li>
</ul>
]]></content:encoded></item><item><title>Setup xdrun</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/setup-xdrun/</link><pubDate>Sat, 04 Jul 2026 06:20:06 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/setup-xdrun/</guid><description>Version updated for https://github.com/phillarmonic/setup-drun to version v2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Drun v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/phillarmonic/setup-drun">https://github.com/phillarmonic/setup-drun</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-xdrun">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Drun v2</p>
]]></content:encoded></item><item><title>Polygraph MCP gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/polygraph-mcp-gate/</link><pubDate>Sat, 04 Jul 2026 06:19:33 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/polygraph-mcp-gate/</guid><description>Version updated for https://github.com/polygraphso/litmus to version litmus-v0.26.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The lookup tools now attribute the calling agent — and the release pipeline publishes the MCP-registry listing automatically.
Client identity on lookups (#91): check_server, list_servers, and request_grade send the connected client’s handshake identity (name/version plus declared title, website, description, and capability keys such as sampling/roots) to polygraph.so’s aggregate per-agent usage counters. Software metadata only — nothing about the user is read or sent; all fields are optional server-side. Official MCP Registry auto-publish (#93): pushing a litmus-v* tag now also publishes server.json to registry.modelcontextprotocol.io via GitHub OIDC, with a fail-fast version-drift check. polygraph plugin 0.6.0: spawn pinned to this release (#92). No grading-semantics changes: litmus-v12 / litmus-skill-v2 unchanged.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/polygraphso/litmus">https://github.com/polygraphso/litmus</a></strong> to version <strong>litmus-v0.26.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/polygraph-mcp-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>The lookup tools now attribute the calling agent — and the release pipeline publishes the MCP-registry listing automatically.</p>
<ul>
<li><strong>Client identity on lookups</strong> (#91): <code>check_server</code>, <code>list_servers</code>, and <code>request_grade</code> send the connected client&rsquo;s handshake identity (name/version plus declared title, website, description, and capability keys such as <code>sampling</code>/<code>roots</code>) to polygraph.so&rsquo;s aggregate per-agent usage counters. Software metadata only — nothing about the user is read or sent; all fields are optional server-side.</li>
<li><strong>Official MCP Registry auto-publish</strong> (#93): pushing a <code>litmus-v*</code> tag now also publishes <code>server.json</code> to registry.modelcontextprotocol.io via GitHub OIDC, with a fail-fast version-drift check.</li>
<li>polygraph plugin 0.6.0: spawn pinned to this release (#92).</li>
</ul>
<p>No grading-semantics changes: <code>litmus-v12</code> / <code>litmus-skill-v2</code> unchanged.</p>
]]></content:encoded></item><item><title>Generate Roq Site</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/generate-roq-site/</link><pubDate>Sat, 04 Jul 2026 06:19:00 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/generate-roq-site/</guid><description>Version updated for https://github.com/quarkiverse/quarkus-roq to version 2.1.5.
This action is used across all versions by 75 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Enhance Liquid-to-Qute converter for full Jekyll migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/978 Fix capture blocks in Jekyll converter blocks by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/982 Expand on how to use bundled sass output by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/984 Fix aliases to work with and without trailing slash by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/995 No co-authored by any LLM in commits. by @jtama in https://github.com/quarkiverse/quarkus-roq/pull/1000 Fix svg diagram rendering by @jtama in https://github.com/quarkiverse/quarkus-roq/pull/997 added code block menu language dropdown by @edewit in https://github.com/quarkiverse/quarkus-roq/pull/994 improved navigation by @edewit in https://github.com/quarkiverse/quarkus-roq/pull/990 Add tips on sanisation for Jekyll migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/983 Add utilities for converting Jekyll frontmatter to Roq equivalents by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/998 Hook migration into top-level build and parent by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1004 Bump info.picocli:picocli from 4.7.5 to 4.7.7 by @dependabot[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1010 Trivial formatting - tidy missing line break in root pom by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1012 docs: custom search trigger section to Lunr Search documentation by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1016 ci: Update action versions for Java setup and GitHub Pages configuration by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1015 Add tests specifically checking slug overrides are honoured by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1008 Add minimum Quarkus version requirement to release notes by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1014 Bump org.mvnpm.at.fortawesome:fontawesome-free from 7.2.0 to 7.3.0 by @dependabot[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1017 fix: Enhance image handling for absolute paths in Page model by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1024 fix: handle null collections in getPosts method by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1023 Allow link defaults to be configured globally by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1020 Support deeply nested data directories as grouped CDI beans by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1011 Add list:whereExp filter for Jekyll where_exp migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1021 Evaluate (sort of) conditional directives in asciidoc before yupiik header parsing by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1003 docs: enhance SEO documentation with per-page meta tag configuration by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1025 Honour slug in frontmatter with sneaky path conditional by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1028 docs: add holly-cummins as a contributor for code by @allcontributors[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1032 docs: add myfear as a contributor for code by @allcontributors[bot] in https://github.com/quarkiverse/quarkus-roq/pull/1031 Add :dir placeholder to support slug overrides and nested paths by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1013 Add dir segment placeholders by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1027 Add quarkus-roq-plugin-og-image extension by @myfear in https://github.com/quarkiverse/quarkus-roq/pull/1007 Update Jekyll frontmatter converter for pagination and permalink migration by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/1039 Add linktree theme by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1043 Consistency em FlatMap in review jerome by @matheusandre1 in https://github.com/quarkiverse/quarkus-roq/pull/1038 Revert og-card plugin to unblock release by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1046 Fix theme:base codestart using default theme content by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1047 Jekyll migration: Add converter to transform _config.yml by @holly-cummins in https://github.com/quarkiverse/quarkus-roq/pull/991 Add medium-zoom for image zoom support by @mcruzdev in https://github.com/quarkiverse/quarkus-roq/pull/910 Introduce hybrid mode as a plugin by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1019 Add qute: false alias, CLI –version, alert styling, and collapsible sections by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1048 Bump current version to 2.1.5 by @ia3andy in https://github.com/quarkiverse/quarkus-roq/pull/1049 New Contributors @myfear made their first contribution in https://github.com/quarkiverse/quarkus-roq/pull/1007 Full Changelog: https://github.com/quarkiverse/quarkus-roq/compare/2.1.4...2.1.5</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/quarkiverse/quarkus-roq">https://github.com/quarkiverse/quarkus-roq</a></strong> to version <strong>2.1.5</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>75</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/generate-roq-site">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Enhance Liquid-to-Qute converter for full Jekyll migration by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/978">https://github.com/quarkiverse/quarkus-roq/pull/978</a></li>
<li>Fix capture blocks in Jekyll converter blocks by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/982">https://github.com/quarkiverse/quarkus-roq/pull/982</a></li>
<li>Expand on how to use bundled sass output by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/984">https://github.com/quarkiverse/quarkus-roq/pull/984</a></li>
<li>Fix aliases to work with and without trailing slash by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/995">https://github.com/quarkiverse/quarkus-roq/pull/995</a></li>
<li>No <code>co-authored by</code> any LLM in commits. by @jtama in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1000">https://github.com/quarkiverse/quarkus-roq/pull/1000</a></li>
<li>Fix svg diagram rendering by @jtama in <a href="https://github.com/quarkiverse/quarkus-roq/pull/997">https://github.com/quarkiverse/quarkus-roq/pull/997</a></li>
<li>added code block menu language dropdown by @edewit in <a href="https://github.com/quarkiverse/quarkus-roq/pull/994">https://github.com/quarkiverse/quarkus-roq/pull/994</a></li>
<li>improved navigation by @edewit in <a href="https://github.com/quarkiverse/quarkus-roq/pull/990">https://github.com/quarkiverse/quarkus-roq/pull/990</a></li>
<li>Add tips on sanisation for Jekyll migration by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/983">https://github.com/quarkiverse/quarkus-roq/pull/983</a></li>
<li>Add utilities for converting Jekyll frontmatter to Roq equivalents by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/998">https://github.com/quarkiverse/quarkus-roq/pull/998</a></li>
<li>Hook migration into top-level build and parent by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1004">https://github.com/quarkiverse/quarkus-roq/pull/1004</a></li>
<li>Bump info.picocli:picocli from 4.7.5 to 4.7.7 by @dependabot[bot] in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1010">https://github.com/quarkiverse/quarkus-roq/pull/1010</a></li>
<li>Trivial formatting - tidy missing line break in root pom by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1012">https://github.com/quarkiverse/quarkus-roq/pull/1012</a></li>
<li>docs: custom search trigger section to Lunr Search documentation by @matheusandre1 in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1016">https://github.com/quarkiverse/quarkus-roq/pull/1016</a></li>
<li>ci: Update action versions for Java setup and GitHub Pages configuration by @matheusandre1 in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1015">https://github.com/quarkiverse/quarkus-roq/pull/1015</a></li>
<li>Add tests specifically checking slug overrides are honoured by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1008">https://github.com/quarkiverse/quarkus-roq/pull/1008</a></li>
<li>Add minimum Quarkus version requirement to release notes by @matheusandre1 in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1014">https://github.com/quarkiverse/quarkus-roq/pull/1014</a></li>
<li>Bump org.mvnpm.at.fortawesome:fontawesome-free from 7.2.0 to 7.3.0 by @dependabot[bot] in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1017">https://github.com/quarkiverse/quarkus-roq/pull/1017</a></li>
<li>fix: Enhance image handling for absolute paths in Page model by @matheusandre1 in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1024">https://github.com/quarkiverse/quarkus-roq/pull/1024</a></li>
<li>fix: handle null collections in getPosts method by @matheusandre1 in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1023">https://github.com/quarkiverse/quarkus-roq/pull/1023</a></li>
<li>Allow link defaults to be configured globally by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1020">https://github.com/quarkiverse/quarkus-roq/pull/1020</a></li>
<li>Support deeply nested data directories as grouped CDI beans by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1011">https://github.com/quarkiverse/quarkus-roq/pull/1011</a></li>
<li>Add list:whereExp filter for Jekyll where_exp migration by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1021">https://github.com/quarkiverse/quarkus-roq/pull/1021</a></li>
<li>Evaluate (sort of) conditional directives in asciidoc before yupiik header parsing by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1003">https://github.com/quarkiverse/quarkus-roq/pull/1003</a></li>
<li>docs: enhance SEO documentation with per-page meta tag configuration by @matheusandre1 in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1025">https://github.com/quarkiverse/quarkus-roq/pull/1025</a></li>
<li>Honour slug in frontmatter with sneaky path conditional by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1028">https://github.com/quarkiverse/quarkus-roq/pull/1028</a></li>
<li>docs: add holly-cummins as a contributor for code by @allcontributors[bot] in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1032">https://github.com/quarkiverse/quarkus-roq/pull/1032</a></li>
<li>docs: add myfear as a contributor for code by @allcontributors[bot] in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1031">https://github.com/quarkiverse/quarkus-roq/pull/1031</a></li>
<li>Add :dir placeholder to support slug overrides and nested paths by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1013">https://github.com/quarkiverse/quarkus-roq/pull/1013</a></li>
<li>Add dir segment placeholders by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1027">https://github.com/quarkiverse/quarkus-roq/pull/1027</a></li>
<li>Add quarkus-roq-plugin-og-image extension by @myfear in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1007">https://github.com/quarkiverse/quarkus-roq/pull/1007</a></li>
<li>Update Jekyll frontmatter converter for pagination and permalink migration by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1039">https://github.com/quarkiverse/quarkus-roq/pull/1039</a></li>
<li>Add linktree theme by @ia3andy in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1043">https://github.com/quarkiverse/quarkus-roq/pull/1043</a></li>
<li>Consistency em FlatMap in review jerome by @matheusandre1 in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1038">https://github.com/quarkiverse/quarkus-roq/pull/1038</a></li>
<li>Revert og-card plugin to unblock release by @ia3andy in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1046">https://github.com/quarkiverse/quarkus-roq/pull/1046</a></li>
<li>Fix theme:base codestart using default theme content by @ia3andy in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1047">https://github.com/quarkiverse/quarkus-roq/pull/1047</a></li>
<li>Jekyll migration: Add converter to transform _config.yml  by @holly-cummins in <a href="https://github.com/quarkiverse/quarkus-roq/pull/991">https://github.com/quarkiverse/quarkus-roq/pull/991</a></li>
<li>Add medium-zoom for image zoom support by @mcruzdev in <a href="https://github.com/quarkiverse/quarkus-roq/pull/910">https://github.com/quarkiverse/quarkus-roq/pull/910</a></li>
<li>Introduce hybrid mode as a plugin by @ia3andy in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1019">https://github.com/quarkiverse/quarkus-roq/pull/1019</a></li>
<li>Add qute: false alias, CLI &ndash;version, alert styling, and collapsible sections by @ia3andy in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1048">https://github.com/quarkiverse/quarkus-roq/pull/1048</a></li>
<li>Bump current version to 2.1.5 by @ia3andy in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1049">https://github.com/quarkiverse/quarkus-roq/pull/1049</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@myfear made their first contribution in <a href="https://github.com/quarkiverse/quarkus-roq/pull/1007">https://github.com/quarkiverse/quarkus-roq/pull/1007</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/quarkiverse/quarkus-roq/compare/2.1.4...2.1.5">https://github.com/quarkiverse/quarkus-roq/compare/2.1.4...2.1.5</a></p>
]]></content:encoded></item><item><title>PR Explainer AI</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/pr-explainer-ai/</link><pubDate>Sat, 04 Jul 2026 06:17:56 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/pr-explainer-ai/</guid><description>Version updated for https://github.com/rafaeltorresng/pr-explainer-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Understanding is the new bottleneck Generates architectural background and change intuition from the PR diff Builds HTML flow diagrams and a code walkthrough Includes a 5-question interactive quiz for review comprehension Supports OpenRouter with configurable model selection Defaults to deepseek/deepseek-v4-flash How it works:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/rafaeltorresng/pr-explainer-action">https://github.com/rafaeltorresng/pr-explainer-action</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/pr-explainer-ai">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="understanding-is-the-new-bottleneck">Understanding is the new bottleneck</h2>
<ul>
<li>Generates architectural background and change intuition from the PR diff</li>
<li>Builds HTML flow diagrams and a code walkthrough</li>
<li>Includes a 5-question interactive quiz for review comprehension</li>
<li>Supports OpenRouter with configurable model selection</li>
<li>Defaults to <code>deepseek/deepseek-v4-flash</code></li>
</ul>
<p>How it works:</p>
<ol>
<li>Computes the diff against the PR base branch</li>
<li>Skips oversized patches based on a configurable line threshold</li>
<li>Sends the diff to an OpenRouter model</li>
<li>Renders a standalone HTML artifact</li>
<li>Uploads the result to the workflow run and can comment on the PR</li>
</ol>
<p>Recommended usage:</p>
<ul>
<li><code>actions/checkout@v4</code> with <code>fetch-depth: 0</code></li>
<li><code>pull-requests: write</code> permission if PR comments are enabled</li>
<li><code>OPENROUTER_API_KEY</code> stored as a repository secret</li>
</ul>
]]></content:encoded></item><item><title>dotenv Seeder</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/dotenv-seeder/</link><pubDate>Sat, 04 Jul 2026 06:17:23 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/dotenv-seeder/</guid><description>Version updated for https://github.com/scrlkx/dotenv-seeder to version v2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/scrlkx/dotenv-seeder/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/scrlkx/dotenv-seeder">https://github.com/scrlkx/dotenv-seeder</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/dotenv-seeder">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/scrlkx/dotenv-seeder/compare/v1...v2">https://github.com/scrlkx/dotenv-seeder/compare/v1...v2</a></p>
]]></content:encoded></item><item><title>ShipGate-ai</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/shipgate-ai/</link><pubDate>Sat, 04 Jul 2026 06:16:50 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/shipgate-ai/</guid><description>Version updated for https://github.com/ShipGate-ai/ShipGate to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed a bug which restricted allowlisted repos to be not processed as well.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/ShipGate-ai/ShipGate">https://github.com/ShipGate-ai/ShipGate</a></strong> to version <strong>v1.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/shipgate-ai">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Fixed a bug which restricted allowlisted repos to be not processed as well.</p>
]]></content:encoded></item><item><title>Bernstein — Multi-Agent Orchestration</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/bernstein-multi-agent-orchestration/</link><pubDate>Sat, 04 Jul 2026 06:16:17 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/bernstein-multi-agent-orchestration/</guid><description>Version updated for https://github.com/sipyourdrink-ltd/bernstein to version v2.14.0.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.14.0 Released 2026-07-04.
Multi-provider orchestration hardening. A large batch of correctness and run-safety fixes for real-codebase runs across mixed providers (Claude, OpenAI, OpenRouter, DeepSeek, MiniMax, Qwen, Gemini), contributed by @shanemmattner and finished to green.
Fixes Stalled-manager watchdog no longer misdiagnoses a healthy manager as an auth failure: a manager doing real root-cause investigation before it POSTs its first child task is no longer killed at a hardcoded deadline, the config override is honored, and the failure record names the real cause. (#2179) Failure classifier stops false-positive-killing healthy workers: bare-substring patterns (413, 429, 401, max_tokens, context window) no longer match structured tool-call log data; detection is anchored to real error shapes. (#2183) Janitor acceptance checks tolerate idiomatic worker paths: path_exists honors explicit globs and an opt-in fuzzy basename fallback, so a run where workers placed correct output at repo-idiomatic paths is not cascaded to a false sev1. (#2186) Injected .claude/skills/bernstein-*.md files are excluded from work-branch commits, so they stop causing a merge conflict on every worker merge. (#2187) Per-call token usage is priced and surfaced on the openai_agents provider path, so budget guards are no longer inert on non-Claude runs. Model pricing matches the most specific key first, so mini and flash variants price at their own rate instead of the parent model rate. strict_json_schema is disabled for non-OpenAI models that reject it, with diagnostic logging. Plus the rest of the 22-fix batch across adapters, tasks, cost, routing, quality, and observability. Features Tunable agent run-length limits: max_turns, an error-budget floor, and max_agent_runtime_s, configurable per run. Internal Pricing table extracted into a dependency-free cost.model_prices leaf so adapters can price a call without reaching scheduler internals; public create_pr API preserved; a diagnostic pre-call log that dumped request headers/body verbatim is now redacted.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/sipyourdrink-ltd/bernstein">https://github.com/sipyourdrink-ltd/bernstein</a></strong> to version <strong>v2.14.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>5</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/bernstein-multi-agent-orchestration">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="v2140">v2.14.0</h1>
<p>Released 2026-07-04.</p>
<p>Multi-provider orchestration hardening. A large batch of correctness and run-safety fixes for real-codebase runs across mixed providers (Claude, OpenAI, OpenRouter, DeepSeek, MiniMax, Qwen, Gemini), contributed by @shanemmattner and finished to green.</p>
<h2 id="fixes">Fixes</h2>
<ul>
<li>Stalled-manager watchdog no longer misdiagnoses a healthy manager as an auth failure: a manager doing real root-cause investigation before it POSTs its first child task is no longer killed at a hardcoded deadline, the config override is honored, and the failure record names the real cause. (#2179)</li>
<li>Failure classifier stops false-positive-killing healthy workers: bare-substring patterns (413, 429, 401, max_tokens, context window) no longer match structured tool-call log data; detection is anchored to real error shapes. (#2183)</li>
<li>Janitor acceptance checks tolerate idiomatic worker paths: path_exists honors explicit globs and an opt-in fuzzy basename fallback, so a run where workers placed correct output at repo-idiomatic paths is not cascaded to a false sev1. (#2186)</li>
<li>Injected .claude/skills/bernstein-*.md files are excluded from work-branch commits, so they stop causing a merge conflict on every worker merge. (#2187)</li>
<li>Per-call token usage is priced and surfaced on the openai_agents provider path, so budget guards are no longer inert on non-Claude runs. Model pricing matches the most specific key first, so mini and flash variants price at their own rate instead of the parent model rate.</li>
<li>strict_json_schema is disabled for non-OpenAI models that reject it, with diagnostic logging.</li>
<li>Plus the rest of the 22-fix batch across adapters, tasks, cost, routing, quality, and observability.</li>
</ul>
<h2 id="features">Features</h2>
<ul>
<li>Tunable agent run-length limits: max_turns, an error-budget floor, and max_agent_runtime_s, configurable per run.</li>
</ul>
<h2 id="internal">Internal</h2>
<ul>
<li>Pricing table extracted into a dependency-free cost.model_prices leaf so adapters can price a call without reaching scheduler internals; public create_pr API preserved; a diagnostic pre-call log that dumped request headers/body verbatim is now redacted.</li>
</ul>
]]></content:encoded></item><item><title>Docker swarm stack deploy</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/docker-swarm-stack-deploy/</link><pubDate>Sat, 04 Jul 2026 06:15:45 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/docker-swarm-stack-deploy/</guid><description>Version updated for https://github.com/spawnlab-dev/stack-deploy-action to version v1.0.2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed hotfix: deps update and CVE fixes by @pradeepbbl in https://github.com/spawnlab-dev/stack-deploy-action/pull/27 Full Changelog: https://github.com/spawnlab-dev/stack-deploy-action/compare/v1...v1.0.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/spawnlab-dev/stack-deploy-action">https://github.com/spawnlab-dev/stack-deploy-action</a></strong> to version <strong>v1.0.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/docker-swarm-stack-deploy">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>hotfix: deps update and CVE fixes by @pradeepbbl in <a href="https://github.com/spawnlab-dev/stack-deploy-action/pull/27">https://github.com/spawnlab-dev/stack-deploy-action/pull/27</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/spawnlab-dev/stack-deploy-action/compare/v1...v1.0.2">https://github.com/spawnlab-dev/stack-deploy-action/compare/v1...v1.0.2</a></p>
]]></content:encoded></item><item><title>MS Teams Notification (Adaptive Card)</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/ms-teams-notification-adaptive-card/</link><pubDate>Sat, 04 Jul 2026 06:15:11 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/ms-teams-notification-adaptive-card/</guid><description>Version updated for https://github.com/stackdone/ms-teams-notification to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed update (#1) (c033c3d) . (75037b1) fix (ab3960a) add . (2a8c9d9) Initial commit (15c66f4)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/stackdone/ms-teams-notification">https://github.com/stackdone/ms-teams-notification</a></strong> to version <strong>v1.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ms-teams-notification-adaptive-card">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>update (#1) (c033c3d)</li>
<li>. (75037b1)</li>
<li>fix (ab3960a)</li>
<li>add . (2a8c9d9)</li>
<li>Initial commit (15c66f4)</li>
</ul>
]]></content:encoded></item><item><title>overllm</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/overllm/</link><pubDate>Sat, 04 Jul 2026 06:14:38 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/overllm/</guid><description>Version updated for https://github.com/theadamdanielsson/overllm to version v0.4.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Two deterministic model-hygiene rules.
deprecated-model: flags a model id that’s retired (the call 404s) or deprecated and scheduled for removal, and names the current model to switch to. Exact-match against a known list, so a live model or alias is never flagged. unsupported-params: flags temperature/top_p/top_k set on a model that rejects them — the OpenAI o-series and the newest Anthropic models, where the parameter is a no-op or a 400. Both stay silent when the model isn’t a plain string literal.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/theadamdanielsson/overllm">https://github.com/theadamdanielsson/overllm</a></strong> to version <strong>v0.4.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/overllm">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Two deterministic model-hygiene rules.</p>
<ul>
<li><code>deprecated-model</code>: flags a <code>model</code> id that&rsquo;s retired (the call 404s) or deprecated and scheduled for removal, and names the current model to switch to. Exact-match against a known list, so a live model or alias is never flagged.</li>
<li><code>unsupported-params</code>: flags <code>temperature</code>/<code>top_p</code>/<code>top_k</code> set on a model that rejects them — the OpenAI o-series and the newest Anthropic models, where the parameter is a no-op or a 400.</li>
</ul>
<p>Both stay silent when the model isn&rsquo;t a plain string literal.</p>
]]></content:encoded></item><item><title>Expand AWS IAM Wildcards</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/expand-aws-iam-wildcards/</link><pubDate>Sat, 04 Jul 2026 06:14:05 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/expand-aws-iam-wildcards/</guid><description>Version updated for https://github.com/thekbb/expand-aws-iam-wildcards to version v1.2.7.
This action is used across all versions by 1 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/95 deps: bump the npm-dependencies group with 2 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/94 check in codeQL config and workflow by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/98 deps: bump the npm-dependencies group with 6 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/97 ci: bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/96 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/99 deps: bump the npm-dependencies group with 5 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/101 ci: bump codecov/codecov-action from 6.0.0 to 6.0.1 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/100 ci: bump github/codeql-action from 4.35.3 to 4.36.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/102 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/103 deps: bump the npm-dependencies group with 2 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/104 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/105 deps: bump the npm-dependencies group with 5 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/108 ci: bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/107 ci: bump github/codeql-action from 4.36.0 to 4.36.2 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/109 ci: bump codecov/codecov-action from 6.0.1 to 7.0.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/106 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/110 deps: bump the npm-dependencies group with 4 updates by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/111 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/112 fix release workflow sequencing by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/113 ci: bump actions/checkout from 6.0.3 to 7.0.0 by @dependabot[bot] in https://github.com/thekbb/expand-aws-iam-wildcards/pull/114 Update IAM action data by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/115 make release orchestration deterministic by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/116 Document release preflight checks by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/117 add 0th cut of release shell script by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/118 prep for v1.2.7 by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/119 reset versions to re-test release script by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/120 Prepare v1.2.7 release by @thekbb in https://github.com/thekbb/expand-aws-iam-wildcards/pull/121 Full Changelog: https://github.com/thekbb/expand-aws-iam-wildcards/compare/v1...v1.2.7</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/thekbb/expand-aws-iam-wildcards">https://github.com/thekbb/expand-aws-iam-wildcards</a></strong> to version <strong>v1.2.7</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/expand-aws-iam-wildcards">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Update IAM action data by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/95">https://github.com/thekbb/expand-aws-iam-wildcards/pull/95</a></li>
<li>deps: bump the npm-dependencies group with 2 updates by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/94">https://github.com/thekbb/expand-aws-iam-wildcards/pull/94</a></li>
<li>check in codeQL config and workflow by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/98">https://github.com/thekbb/expand-aws-iam-wildcards/pull/98</a></li>
<li>deps: bump the npm-dependencies group with 6 updates by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/97">https://github.com/thekbb/expand-aws-iam-wildcards/pull/97</a></li>
<li>ci: bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/96">https://github.com/thekbb/expand-aws-iam-wildcards/pull/96</a></li>
<li>Update IAM action data by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/99">https://github.com/thekbb/expand-aws-iam-wildcards/pull/99</a></li>
<li>deps: bump the npm-dependencies group with 5 updates by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/101">https://github.com/thekbb/expand-aws-iam-wildcards/pull/101</a></li>
<li>ci: bump codecov/codecov-action from 6.0.0 to 6.0.1 by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/100">https://github.com/thekbb/expand-aws-iam-wildcards/pull/100</a></li>
<li>ci: bump github/codeql-action from 4.35.3 to 4.36.0 by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/102">https://github.com/thekbb/expand-aws-iam-wildcards/pull/102</a></li>
<li>Update IAM action data by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/103">https://github.com/thekbb/expand-aws-iam-wildcards/pull/103</a></li>
<li>deps: bump the npm-dependencies group with 2 updates by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/104">https://github.com/thekbb/expand-aws-iam-wildcards/pull/104</a></li>
<li>Update IAM action data by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/105">https://github.com/thekbb/expand-aws-iam-wildcards/pull/105</a></li>
<li>deps: bump the npm-dependencies group with 5 updates by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/108">https://github.com/thekbb/expand-aws-iam-wildcards/pull/108</a></li>
<li>ci: bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/107">https://github.com/thekbb/expand-aws-iam-wildcards/pull/107</a></li>
<li>ci: bump github/codeql-action from 4.36.0 to 4.36.2 by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/109">https://github.com/thekbb/expand-aws-iam-wildcards/pull/109</a></li>
<li>ci: bump codecov/codecov-action from 6.0.1 to 7.0.0 by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/106">https://github.com/thekbb/expand-aws-iam-wildcards/pull/106</a></li>
<li>Update IAM action data by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/110">https://github.com/thekbb/expand-aws-iam-wildcards/pull/110</a></li>
<li>deps: bump the npm-dependencies group with 4 updates by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/111">https://github.com/thekbb/expand-aws-iam-wildcards/pull/111</a></li>
<li>Update IAM action data by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/112">https://github.com/thekbb/expand-aws-iam-wildcards/pull/112</a></li>
<li>fix release workflow sequencing by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/113">https://github.com/thekbb/expand-aws-iam-wildcards/pull/113</a></li>
<li>ci: bump actions/checkout from 6.0.3 to 7.0.0 by @dependabot[bot] in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/114">https://github.com/thekbb/expand-aws-iam-wildcards/pull/114</a></li>
<li>Update IAM action data by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/115">https://github.com/thekbb/expand-aws-iam-wildcards/pull/115</a></li>
<li>make release orchestration deterministic by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/116">https://github.com/thekbb/expand-aws-iam-wildcards/pull/116</a></li>
<li>Document release preflight checks by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/117">https://github.com/thekbb/expand-aws-iam-wildcards/pull/117</a></li>
<li>add 0th cut of release shell script by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/118">https://github.com/thekbb/expand-aws-iam-wildcards/pull/118</a></li>
<li>prep for v1.2.7 by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/119">https://github.com/thekbb/expand-aws-iam-wildcards/pull/119</a></li>
<li>reset versions to re-test release script by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/120">https://github.com/thekbb/expand-aws-iam-wildcards/pull/120</a></li>
<li>Prepare v1.2.7 release by @thekbb in <a href="https://github.com/thekbb/expand-aws-iam-wildcards/pull/121">https://github.com/thekbb/expand-aws-iam-wildcards/pull/121</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/thekbb/expand-aws-iam-wildcards/compare/v1...v1.2.7">https://github.com/thekbb/expand-aws-iam-wildcards/compare/v1...v1.2.7</a></p>
]]></content:encoded></item><item><title>MIU PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/miu-pr-review/</link><pubDate>Sat, 04 Jul 2026 06:13:32 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/miu-pr-review/</guid><description>Version updated for https://github.com/vanducng/miu-cr to version v0.85.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.85.1 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.85.1 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.85.1 GitHub Action:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/vanducng/miu-cr">https://github.com/vanducng/miu-cr</a></strong> to version <strong>v0.85.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/miu-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="miu-cr-v0851">miu-cr v0.85.1</h2>
<p>AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.</p>
<h3 id="install">Install</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.85.1
</span></span><span style="display:flex;"><span>brew install vanducng/tap/miucr
</span></span><span style="display:flex;"><span>go install github.com/vanducng/miu-cr/cmd/miucr@v0.85.1
</span></span></code></pre></div><p>GitHub Action:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">permissions</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">pull-requests</span>: <span style="color:#ae81ff">write</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">steps</span>:
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v6</span>
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">vanducng/miu-cr@v0.85.1</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">api-key</span>: <span style="color:#ae81ff">${{ secrets.ANTHROPIC_API_KEY }}</span>
</span></span></code></pre></div><h3 id="common-commands">Common commands</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>miucr login --provider openai
</span></span><span style="display:flex;"><span>miucr review --staged
</span></span><span style="display:flex;"><span>miucr review --from main --to HEAD --gate high
</span></span><span style="display:flex;"><span>miucr review --pr owner/repo#123 --post
</span></span><span style="display:flex;"><span>miucr upgrade
</span></span></code></pre></div><p>Docs: <a href="https://cr.miu.sh">https://cr.miu.sh</a></p>
]]></content:encoded></item><item><title>install spaces</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/install-spaces/</link><pubDate>Sat, 04 Jul 2026 06:12:59 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/install-spaces/</guid><description>Version updated for https://github.com/work-spaces/install-spaces to version v0.17.2.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.2 by @tyler-gilbert in https://github.com/work-spaces/install-spaces/pull/33 Full Changelog: https://github.com/work-spaces/install-spaces/compare/v0.17.1...v0.17.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/work-spaces/install-spaces">https://github.com/work-spaces/install-spaces</a></strong> to version <strong>v0.17.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>5</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/install-spaces">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Bump version to v0.17.2 by @tyler-gilbert in <a href="https://github.com/work-spaces/install-spaces/pull/33">https://github.com/work-spaces/install-spaces/pull/33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/work-spaces/install-spaces/compare/v0.17.1...v0.17.2">https://github.com/work-spaces/install-spaces/compare/v0.17.1...v0.17.2</a></p>
]]></content:encoded></item><item><title>spaces checkout run</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/spaces-checkout-run/</link><pubDate>Sat, 04 Jul 2026 06:12:25 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/spaces-checkout-run/</guid><description>Version updated for https://github.com/work-spaces/spaces-checkout-run to version v0.17.2.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.2 by @tyler-gilbert in https://github.com/work-spaces/spaces-checkout-run/pull/27 Full Changelog: https://github.com/work-spaces/spaces-checkout-run/compare/v0.17.1...v0.17.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/work-spaces/spaces-checkout-run">https://github.com/work-spaces/spaces-checkout-run</a></strong> to version <strong>v0.17.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/spaces-checkout-run">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Bump version to v0.17.2 by @tyler-gilbert in <a href="https://github.com/work-spaces/spaces-checkout-run/pull/27">https://github.com/work-spaces/spaces-checkout-run/pull/27</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/work-spaces/spaces-checkout-run/compare/v0.17.1...v0.17.2">https://github.com/work-spaces/spaces-checkout-run/compare/v0.17.1...v0.17.2</a></p>
]]></content:encoded></item><item><title>Move Closed Issue to Top of Project Column</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/move-closed-issue-to-top-of-project-column/</link><pubDate>Sat, 04 Jul 2026 06:11:52 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/move-closed-issue-to-top-of-project-column/</guid><description>Version updated for https://github.com/wozaki/project-closed-issue-move-to-top-action to version v1.19.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed uses: wozaki/project-closed-issue-move-to-top-action@0636114292c9298d48a87622a2e25e5636ebe6d5 # v1.19.0 What’s Changed chore(deps): update int128/release-typescript-action action to v1.74.0 by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/147 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/148 Full Changelog: https://github.com/wozaki/project-closed-issue-move-to-top-action/compare/v1.18.0...v1.19.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/wozaki/project-closed-issue-move-to-top-action">https://github.com/wozaki/project-closed-issue-move-to-top-action</a></strong> to version <strong>v1.19.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/move-closed-issue-to-top-of-project-column">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">uses</span>: <span style="color:#ae81ff">wozaki/project-closed-issue-move-to-top-action@0636114292c9298d48a87622a2e25e5636ebe6d5</span> <span style="color:#75715e"># v1.19.0</span>
</span></span></code></pre></div><h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps): update int128/release-typescript-action action to v1.74.0 by @renovate[bot] in <a href="https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/147">https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/147</a></li>
<li>chore(deps): lock file maintenance by @renovate[bot] in <a href="https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/148">https://github.com/wozaki/project-closed-issue-move-to-top-action/pull/148</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/wozaki/project-closed-issue-move-to-top-action/compare/v1.18.0...v1.19.0">https://github.com/wozaki/project-closed-issue-move-to-top-action/compare/v1.18.0...v1.19.0</a></p>
]]></content:encoded></item><item><title>Setup Modern C++ Development Environment</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/setup-modern-c-development-environment/</link><pubDate>Sat, 04 Jul 2026 06:11:19 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/setup-modern-c-development-environment/</guid><description>Version updated for https://github.com/wx257osn2/cxx_environment to version v3.5.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed fix fatal error</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/wx257osn2/cxx_environment">https://github.com/wx257osn2/cxx_environment</a></strong> to version <strong>v3.5.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-modern-c-development-environment">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>fix fatal error</p>
]]></content:encoded></item><item><title>Powderworks Housekeeping</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/powderworks-housekeeping/</link><pubDate>Sat, 04 Jul 2026 06:10:46 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/04/powderworks-housekeeping/</guid><description>Version updated for https://github.com/zmaril/housekeeping to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Marketplace-valid action metadata: display name “Powderworks Housekeeping”, description under 125 characters. The uses: zmaril/housekeeping@v1 interface is unchanged.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/zmaril/housekeeping">https://github.com/zmaril/housekeeping</a></strong> to version <strong>v1.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/powderworks-housekeeping">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Marketplace-valid action metadata: display name &ldquo;Powderworks Housekeeping&rdquo;, description under 125 characters. The <code>uses: zmaril/housekeeping@v1</code> interface is unchanged.</p>
]]></content:encoded></item><item><title>Setup Smurf</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-smurf/</link><pubDate>Fri, 03 Jul 2026 22:16:13 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-smurf/</guid><description>Version updated for https://github.com/clouddrove/smurf to version v1.1.5.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v1.1.5 (2026-07-03) Build deps: bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml deps: bump helm.sh/helm/v3 from 3.21.1 to 3.21.2 (#432) deps: bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml deps: bump actions/cache from 5 to 6 deps: bump msgpack deps: bump github.com/containerd/containerd deps: bump actions/checkout from 6 to 7 deps: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity deps: bump k8s.io/apimachinery from 0.36.1 to 0.36.2 deps: bump the pip group across 1 directory with 2 updates deps: bump helm.sh/helm/v3 from 3.21.0 to 3.21.1 (#426) Fix add pod logs before pod down fix deployment validation for completed Kubernetes Job pods (#430) selm: update smurf selm log structure for failure pod Pull Requests Merge pull request #438 from clouddrove/fix/selm-logs Merge pull request #437 from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-f6ef7e54f3a1f4e2a05a66ed1a8702c07ae94346 Merge pull request #436 from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-5a15692ae38a05cc3aa3b7ab6744add91e9b8591 Merge pull request #433 from clouddrove/dependabot/go_modules/go_modules-6e0011ac6e Merge pull request #434 from clouddrove/dependabot/pip/docs/sm/docs/pip-b15cf8365f Merge pull request #435 from clouddrove/dependabot/github_actions/actions/cache-6 Merge pull request #431 from clouddrove/dependabot/github_actions/actions/checkout-7 Merge pull request #428 from clouddrove/dependabot/go_modules/k8s.io/apimachinery-0.36.2 Merge pull request #429 from clouddrove/dependabot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.14.0 Merge pull request #427 from clouddrove/dependabot/pip/docs/sm/docs/pip-cdb1555457</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/clouddrove/smurf">https://github.com/clouddrove/smurf</a></strong> to version <strong>v1.1.5</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>5</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-smurf">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><a name="v1.1.5"></a></p>
<h2 id="v115-2026-07-03"><a href="https://github.com/clouddrove/smurf/compare/v1.1.4...v1.1.5">v1.1.5</a> (2026-07-03)</h2>
<h3 id="build">Build</h3>
<ul>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.21.1 to 3.21.2 (<a href="https://github.com/clouddrove/smurf/issues/432">#432</a>)</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
<li><strong>deps:</strong> bump actions/cache from 5 to 6</li>
<li><strong>deps:</strong> bump msgpack</li>
<li><strong>deps:</strong> bump github.com/containerd/containerd</li>
<li><strong>deps:</strong> bump actions/checkout from 6 to 7</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.36.1 to 0.36.2</li>
<li><strong>deps:</strong> bump the pip group across 1 directory with 2 updates</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.21.0 to 3.21.1 (<a href="https://github.com/clouddrove/smurf/issues/426">#426</a>)</li>
</ul>
<h3 id="fix">Fix</h3>
<ul>
<li>add pod logs before pod down</li>
<li>fix deployment validation for completed Kubernetes Job pods (<a href="https://github.com/clouddrove/smurf/issues/430">#430</a>)</li>
<li><strong>selm:</strong> update smurf selm log structure for failure pod</li>
</ul>
<h3 id="pull-requests">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/438">#438</a> from clouddrove/fix/selm-logs</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/437">#437</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-f6ef7e54f3a1f4e2a05a66ed1a8702c07ae94346</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/436">#436</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-5a15692ae38a05cc3aa3b7ab6744add91e9b8591</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/433">#433</a> from clouddrove/dependabot/go_modules/go_modules-6e0011ac6e</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/434">#434</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-b15cf8365f</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/435">#435</a> from clouddrove/dependabot/github_actions/actions/cache-6</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/431">#431</a> from clouddrove/dependabot/github_actions/actions/checkout-7</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/428">#428</a> from clouddrove/dependabot/go_modules/k8s.io/apimachinery-0.36.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/429">#429</a> from clouddrove/dependabot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.14.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/427">#427</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-cdb1555457</li>
</ul>
<p><a name="v1.1.4"></a></p>
<h2 id="v114-2026-05-27"><a href="https://github.com/clouddrove/smurf/compare/v1.1.3...v1.1.4">v1.1.4</a> (2026-05-27)</h2>
<h3 id="build-1">Build</h3>
<ul>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.35.4 to 0.36.1 (<a href="https://github.com/clouddrove/smurf/issues/412">#412</a>)</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/release-tag.yml (<a href="https://github.com/clouddrove/smurf/issues/413">#413</a>)</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml (<a href="https://github.com/clouddrove/smurf/issues/414">#414</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.20.2 to 3.21.0 (<a href="https://github.com/clouddrove/smurf/issues/415">#415</a>)</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/release-tag.yml</li>
<li><strong>deps:</strong> bump urllib3</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/release-tag.yml</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
</ul>
<h3 id="fix-1">Fix</h3>
<ul>
<li>Upgrade Go Version and Remove Auto Release Tag Creation from Workflows (<a href="https://github.com/clouddrove/smurf/issues/419">#419</a>)</li>
</ul>
<h3 id="pull-requests-1">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/423">#423</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-ca8d61c90f059d7ed8c3fc608877d19cc5d965f5</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/410">#410</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/release-tag.yml-4b2ff708285026c1211445c4acb213af1c6ff3ba</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/411">#411</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-4b2ff708285026c1211445c4acb213af1c6ff3ba</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/409">#409</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-c30c77f42d</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/407">#407</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-c165f939ce9ad3de94da8fc50b3368565bea4fda</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/408">#408</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/release-tag.yml-c165f939ce9ad3de94da8fc50b3368565bea4fda</li>
</ul>
<p><a name="v1.1.3"></a></p>
<h2 id="v113-2026-05-05"><a href="https://github.com/clouddrove/smurf/compare/v1.1.2...v1.1.3">v1.1.3</a> (2026-05-05)</h2>
<h3 id="build-2">Build</h3>
<ul>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/release-tag.yml</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
</ul>
<h3 id="docs">Docs</h3>
<ul>
<li>update CHANGELOG.md for v1.1.2</li>
</ul>
<h3 id="fix-2">Fix</h3>
<ul>
<li><strong>provisionGHCR:</strong> add warning for get environment variable (<a href="https://github.com/clouddrove/smurf/issues/403">#403</a>)</li>
</ul>
<h3 id="pull-requests-2">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/405">#405</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-c0dc8f22e1836ac0a76ee7a7d9f4c2e30e5293e8</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/406">#406</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/release-tag.yml-c0dc8f22e1836ac0a76ee7a7d9f4c2e30e5293e8</li>
</ul>
<p><a name="v1.1.2"></a></p>
<h2 id="v112-2026-04-30"><a href="https://github.com/clouddrove/smurf/compare/v1.1.1...v1.1.2">v1.1.2</a> (2026-04-30)</h2>
<h3 id="build-3">Build</h3>
<ul>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-exec</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/release-tag.yml</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
<li><strong>deps:</strong> bump go.opentelemetry.io/otel</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/release-tag.yml</li>
</ul>
<h3 id="fix-3">Fix</h3>
<ul>
<li>replace ANSI escape sequences with pterm for safe, consistent show command output (<a href="https://github.com/clouddrove/smurf/issues/397">#397</a>)</li>
<li>update go version 1.25.5 to 1.25.8 (<a href="https://github.com/clouddrove/smurf/issues/396">#396</a>)</li>
</ul>
<h3 id="pull-requests-3">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/404">#404</a> from clouddrove/dependabot/go_modules/github.com/hashicorp/terraform-exec-0.25.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/401">#401</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-0d9fa74b29d820d7ffe031704ec53bf7653c97c3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/402">#402</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/release-tag.yml-0d9fa74b29d820d7ffe031704ec53bf7653c97c3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/400">#400</a> from clouddrove/dependabot/go_modules/go_modules-c9a791322e</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/392">#392</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/release-tag.yml-21cd5a8d11a5f01560103ac3fcae05835e9e3699</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/393">#393</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-21cd5a8d11a5f01560103ac3fcae05835e9e3699</li>
</ul>
<p><a name="v1.1.1"></a></p>
<h2 id="v111-2026-04-23"><a href="https://github.com/clouddrove/smurf/compare/v1.1.1-beta...v1.1.1">v1.1.1</a> (2026-04-23)</h2>
<h3 id="fix-4">Fix</h3>
<ul>
<li>replace ANSI escape sequences with pterm for safe, consistent show command output</li>
</ul>
<p><a name="v1.1.1-beta"></a></p>
<h2 id="v111-beta-2026-04-23"><a href="https://github.com/clouddrove/smurf/compare/v1.0.11...v1.1.1-beta">v1.1.1-beta</a> (2026-04-23)</h2>
<h3 id="build-4">Build</h3>
<ul>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml</li>
<li><strong>deps:</strong> bump clouddrove/github-shared-workflows/.github/workflows/release-tag.yml</li>
</ul>
<h3 id="feat">Feat</h3>
<ul>
<li>add smurf stf show command and fixed issue raised by clouddrove ci (<a href="https://github.com/clouddrove/smurf/issues/388">#388</a>)</li>
</ul>
<h3 id="pull-requests-4">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/392">#392</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/release-tag.yml-21cd5a8d11a5f01560103ac3fcae05835e9e3699</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/393">#393</a> from clouddrove/dependabot/github_actions/clouddrove/github-shared-workflows/dot-github/workflows/pr-checks.yml-21cd5a8d11a5f01560103ac3fcae05835e9e3699</li>
</ul>
<p><a name="v1.0.11"></a></p>
<h2 id="v1011-2026-04-17"><a href="https://github.com/clouddrove/smurf/compare/v1.1.0...v1.0.11">v1.0.11</a> (2026-04-17)</h2>
<p><a name="v1.1.0"></a></p>
<h2 id="v110-2026-04-17"><a href="https://github.com/clouddrove/smurf/compare/v1.0.10...v1.1.0">v1.1.0</a> (2026-04-17)</h2>
<h3 id="build-5">Build</h3>
<ul>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.35.3 to 0.35.4</li>
</ul>
<h3 id="pull-requests-5">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/367">#367</a> from clouddrove/dependabot/go_modules/k8s.io/client-go-0.35.4</li>
</ul>
<p><a name="v1.0.10"></a></p>
<h2 id="v1010-2026-04-17"><a href="https://github.com/clouddrove/smurf/compare/v1.0.9...v1.0.10">v1.0.10</a> (2026-04-17)</h2>
<h3 id="build-6">Build</h3>
<ul>
<li><strong>deps:</strong> bump k8s.io/api from 0.35.3 to 0.35.4</li>
</ul>
<h3 id="pull-requests-6">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/368">#368</a> from clouddrove/dependabot/go_modules/k8s.io/api-0.35.4</li>
</ul>
<p><a name="v1.0.9"></a></p>
<h2 id="v109-2026-04-17"><a href="https://github.com/clouddrove/smurf/compare/v1.0.8...v1.0.9">v1.0.9</a> (2026-04-17)</h2>
<h3 id="build-7">Build</h3>
<ul>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.35.3 to 0.35.4</li>
</ul>
<h3 id="pull-requests-7">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/369">#369</a> from clouddrove/dependabot/go_modules/k8s.io/apimachinery-0.35.4</li>
</ul>
<p><a name="v1.0.8"></a></p>
<h2 id="v108-2026-04-15"><a href="https://github.com/clouddrove/smurf/compare/v1.0.7...v1.0.8">v1.0.8</a> (2026-04-15)</h2>
<h3 id="build-8">Build</h3>
<ul>
<li><strong>deps:</strong> bump actions/upload-pages-artifact from 4 to 5</li>
<li><strong>deps:</strong> bump pillow</li>
<li><strong>deps:</strong> bump softprops/action-gh-release from 2 to 3</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.20.1 to 3.20.2</li>
</ul>
<h3 id="feat-1">Feat</h3>
<ul>
<li>enhance smurf stf init with complete Terraform flags and implement GitHub shared workflows (<a href="https://github.com/clouddrove/smurf/issues/366">#366</a>)</li>
</ul>
<h3 id="pull-requests-8">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/365">#365</a> from clouddrove/dependabot/github_actions/actions/upload-pages-artifact-5</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/364">#364</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-489ca64b8d</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/363">#363</a> from clouddrove/dependabot/github_actions/softprops/action-gh-release-3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/362">#362</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.20.2</li>
</ul>
<p><a name="v1.0.7"></a></p>
<h2 id="v107-2026-04-08"><a href="https://github.com/clouddrove/smurf/compare/v1.0.6...v1.0.7">v1.0.7</a> (2026-04-08)</h2>
<h3 id="feat-2">Feat</h3>
<ul>
<li>add github shared workflows and add smurf stf init flags</li>
</ul>
<p><a name="v1.0.6"></a></p>
<h2 id="v106-2026-04-06"><a href="https://github.com/clouddrove/smurf/compare/v1.0.5...v1.0.6">v1.0.6</a> (2026-04-06)</h2>
<h3 id="fix-5">Fix</h3>
<ul>
<li><strong>plan:</strong> Update terraform plan logs structure remove repeated lines</li>
<li><strong>plan:</strong> Update terraform plan logs structure</li>
</ul>
<p><a name="v1.0.5"></a></p>
<h2 id="v105-2026-04-06"><a href="https://github.com/clouddrove/smurf/compare/v1.0.4...v1.0.5">v1.0.5</a> (2026-04-06)</h2>
<h3 id="fix-6">Fix</h3>
<ul>
<li><strong>plan:</strong> Update terraform plan logs structure</li>
</ul>
<p><a name="v1.0.4"></a></p>
<h2 id="v104-2026-04-03"><a href="https://github.com/clouddrove/smurf/compare/v1.0.3...v1.0.4">v1.0.4</a> (2026-04-03)</h2>
<h3 id="fix-7">Fix</h3>
<ul>
<li>Add support for applying Terraform plan file (tfplan) without manual approval in smurf stf (<a href="https://github.com/clouddrove/smurf/issues/359">#359</a>)</li>
</ul>
<p><a name="v1.0.3"></a></p>
<h2 id="v103-2026-04-02"><a href="https://github.com/clouddrove/smurf/compare/v1.0.2...v1.0.3">v1.0.3</a> (2026-04-02)</h2>
<h3 id="fix-8">Fix</h3>
<ul>
<li>fix go vet</li>
<li>resolve sonar qube issue</li>
</ul>
<p><a name="v1.0.2"></a></p>
<h2 id="v102-2026-04-01"><a href="https://github.com/clouddrove/smurf/compare/v1.0.1...v1.0.2">v1.0.2</a> (2026-04-01)</h2>
<h3 id="fix-9">Fix</h3>
<ul>
<li>resolve smurf stf plan and  apply auto approve issue</li>
</ul>
<p><a name="v1.0.1"></a></p>
<h2 id="v101-2026-04-01"><a href="https://github.com/clouddrove/smurf/compare/v1.0.1-beta...v1.0.1">v1.0.1</a> (2026-04-01)</h2>
<p><a name="v1.0.1-beta"></a></p>
<h2 id="v101-beta-2026-04-01"><a href="https://github.com/clouddrove/smurf/compare/v1.0.0...v1.0.1-beta">v1.0.1-beta</a> (2026-04-01)</h2>
<h3 id="build-9">Build</h3>
<ul>
<li><strong>deps:</strong> bump requests</li>
<li><strong>deps:</strong> bump actions/deploy-pages from 4 to 5</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.35.2 to 0.35.3</li>
<li><strong>deps:</strong> bump github.com/fatih/color from 1.18.0 to 1.19.0</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.35.2 to 0.35.3</li>
<li><strong>deps:</strong> bump google.golang.org/grpc</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.20.0 to 3.20.1</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.35.0 to 0.36.0</li>
<li><strong>deps:</strong> bump docker/setup-qemu-action from 3 to 4</li>
<li><strong>deps:</strong> bump docker/login-action from 3 to 4</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.35.1 to 0.35.2</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.35.1 to 0.35.2</li>
<li><strong>deps:</strong> bump actions/upload-artifact from 6 to 7</li>
<li><strong>deps:</strong> bump actions/download-artifact from 7 to 8</li>
<li><strong>deps:</strong> bump github.com/pterm/pterm from 0.12.82 to 0.12.83</li>
<li><strong>deps:</strong> bump hashicorp/setup-terraform from 3 to 4</li>
</ul>
<h3 id="fix-10">Fix</h3>
<ul>
<li>resolve smurf apply auto approve issue</li>
<li>update CHANGELOG.md file</li>
</ul>
<h3 id="pull-requests-9">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/357">#357</a> from clouddrove/dependabot/github_actions/actions/deploy-pages-5</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/358">#358</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-aa7cb66ac2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/354">#354</a> from clouddrove/dependabot/go_modules/k8s.io/client-go-0.35.3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/352">#352</a> from clouddrove/dependabot/go_modules/go_modules-9c5197dcb8</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/355">#355</a> from clouddrove/dependabot/go_modules/k8s.io/api-0.35.3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/356">#356</a> from clouddrove/dependabot/go_modules/github.com/fatih/color-1.19.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/340">#340</a> from clouddrove/fix/changelog</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/351">#351</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.20.1</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/350">#350</a> from clouddrove/dependabot/go_modules/golang.org/x/oauth2-0.36.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/348">#348</a> from clouddrove/dependabot/github_actions/docker/login-action-4</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/349">#349</a> from clouddrove/dependabot/github_actions/docker/setup-qemu-action-4</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/343">#343</a> from clouddrove/dependabot/github_actions/actions/download-artifact-8</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/344">#344</a> from clouddrove/dependabot/github_actions/actions/upload-artifact-7</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/345">#345</a> from clouddrove/dependabot/go_modules/k8s.io/client-go-0.35.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/347">#347</a> from clouddrove/dependabot/go_modules/k8s.io/api-0.35.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/342">#342</a> from clouddrove/dependabot/go_modules/github.com/pterm/pterm-0.12.83</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/341">#341</a> from clouddrove/dependabot/github_actions/hashicorp/setup-terraform-4</li>
</ul>
<p><a name="v1.0.0"></a></p>
<h2 id="v100-2026-02-24"><a href="https://github.com/clouddrove/smurf/compare/v0.1.7-Beta...v1.0.0">v1.0.0</a> (2026-02-24)</h2>
<h3 id="build-10">Build</h3>
<ul>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-exec</li>
<li><strong>deps:</strong> bump pillow (<a href="https://github.com/clouddrove/smurf/issues/337">#337</a>)</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.35.0 to 0.35.1</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.35.0 to 0.35.1</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.34.0 to 0.35.0</li>
</ul>
<h3 id="pull-requests-10">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/338">#338</a> from clouddrove/dependabot/go_modules/github.com/hashicorp/terraform-exec-0.25.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/335">#335</a> from clouddrove/dependabot/go_modules/k8s.io/client-go-0.35.1</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/336">#336</a> from clouddrove/dependabot/go_modules/k8s.io/api-0.35.1</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/333">#333</a> from clouddrove/dependabot/go_modules/golang.org/x/oauth2-0.35.0</li>
</ul>
<p><a name="v0.1.7-Beta"></a></p>
<h2 id="v017-beta-2026-02-20"><a href="https://github.com/clouddrove/smurf/compare/v0.1.6-Beta...v0.1.7-Beta">v0.1.7-Beta</a> (2026-02-20)</h2>
<h3 id="fix-11">Fix</h3>
<ul>
<li>Update deploy command</li>
</ul>
<p><a name="v0.1.6-Beta"></a></p>
<h2 id="v016-beta-2026-02-18"><a href="https://github.com/clouddrove/smurf/compare/v0.1.5-Beta...v0.1.6-Beta">v0.1.6-Beta</a> (2026-02-18)</h2>
<h3 id="fix-12">Fix</h3>
<ul>
<li>smurf selm command update</li>
<li>scan and helm install command update</li>
</ul>
<p><a name="v0.1.5-Beta"></a></p>
<h2 id="v015-beta-2026-02-18"><a href="https://github.com/clouddrove/smurf/compare/v0.1.4-Beta...v0.1.5-Beta">v0.1.5-Beta</a> (2026-02-18)</h2>
<h3 id="feat-3">Feat</h3>
<ul>
<li>update plan commands</li>
<li>add states command</li>
<li>handle empty env variable</li>
</ul>
<h3 id="fix-13">Fix</h3>
<ul>
<li>scan and helm install command update</li>
<li>add parameter for release test</li>
<li>remove unused parameter</li>
<li>increase time out helm upgrade</li>
<li>update kubernetes function for error handling</li>
</ul>
<p><a name="v0.1.4-Beta"></a></p>
<h2 id="v014-beta-2026-01-27"><a href="https://github.com/clouddrove/smurf/compare/v0.1.3...v0.1.4-Beta">v0.1.4-Beta</a> (2026-01-27)</h2>
<h3 id="build-11">Build</h3>
<ul>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.19.5 to 3.20.0</li>
</ul>
<h3 id="pull-requests-11">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/331">#331</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.20.0</li>
</ul>
<p><a name="v0.1.3"></a></p>
<h2 id="v013-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.1.3-Beta...v0.1.3">v0.1.3</a> (2026-01-20)</h2>
<h3 id="pull-requests-12">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/330">#330</a> from clouddrove/fix/smurf-stf</li>
</ul>
<p><a name="v0.1.3-Beta"></a></p>
<h2 id="v013-beta-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.1.2-Beta...v0.1.3-Beta">v0.1.3-Beta</a> (2026-01-20)</h2>
<p><a name="v0.1.2-Beta"></a></p>
<h2 id="v012-beta-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.1.2...v0.1.2-Beta">v0.1.2-Beta</a> (2026-01-20)</h2>
<p><a name="v0.1.2"></a></p>
<h2 id="v012-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.0.5-Beta...v0.1.2">v0.1.2</a> (2026-01-20)</h2>
<h3 id="build-12">Build</h3>
<ul>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.19.4 to 3.19.5</li>
<li><strong>deps:</strong> bump filelock</li>
<li><strong>deps:</strong> bump urllib3</li>
</ul>
<h3 id="pull-requests-13">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/329">#329</a> from clouddrove/feat/OCI-chart</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/326">#326</a> from clouddrove/feat/multi-threading</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/328">#328</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.19.5</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/327">#327</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-81c3d069c8</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/325">#325</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-8177a8837a</li>
</ul>
<p><a name="v0.0.5-Beta"></a></p>
<h2 id="v005-beta-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.0.4-Beta...v0.0.5-Beta">v0.0.5-Beta</a> (2026-01-20)</h2>
<p><a name="v0.0.4-Beta"></a></p>
<h2 id="v004-beta-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.0.2-Beta...v0.0.4-Beta">v0.0.4-Beta</a> (2026-01-20)</h2>
<p><a name="v0.0.2-Beta"></a></p>
<h2 id="v002-beta-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.0.3-Beta...v0.0.2-Beta">v0.0.2-Beta</a> (2026-01-20)</h2>
<p><a name="v0.0.3-Beta"></a></p>
<h2 id="v003-beta-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.0.2-beta...v0.0.3-Beta">v0.0.3-Beta</a> (2026-01-20)</h2>
<p><a name="v0.0.2-beta"></a></p>
<h2 id="v002-beta-2026-01-20-1"><a href="https://github.com/clouddrove/smurf/compare/v0.0.4-beta...v0.0.2-beta">v0.0.2-beta</a> (2026-01-20)</h2>
<p><a name="v0.0.4-beta"></a></p>
<h2 id="v004-beta-2026-01-20-1"><a href="https://github.com/clouddrove/smurf/compare/v0.0.3-beta...v0.0.4-beta">v0.0.4-beta</a> (2026-01-20)</h2>
<p><a name="v0.0.3-beta"></a></p>
<h2 id="v003-beta-2026-01-20-1"><a href="https://github.com/clouddrove/smurf/compare/v0.1.1-beta...v0.0.3-beta">v0.0.3-beta</a> (2026-01-20)</h2>
<p><a name="v0.1.1-beta"></a></p>
<h2 id="v011-beta-2026-01-20"><a href="https://github.com/clouddrove/smurf/compare/v0.1.0...v0.1.1-beta">v0.1.1-beta</a> (2026-01-20)</h2>
<h3 id="build-13">Build</h3>
<ul>
<li><strong>deps:</strong> bump douglascamata/setup-docker-macos-action</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.34.3 to 0.35.0 (<a href="https://github.com/clouddrove/smurf/issues/319">#319</a>)</li>
<li><strong>deps:</strong> bump filelock</li>
<li><strong>deps:</strong> bump pymdown-extensions</li>
</ul>
<h3 id="pull-requests-14">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/322">#322</a> from clouddrove/dependabot/github_actions/douglascamata/setup-docker-macos-action-1.1.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/318">#318</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-c4ff2e68b4</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/317">#317</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-d9bbda99d0</li>
</ul>
<p><a name="v0.1.0"></a></p>
<h2 id="v010-2025-12-15"><a href="https://github.com/clouddrove/smurf/compare/v0.2.5-beta...v0.1.0">v0.1.0</a> (2025-12-15)</h2>
<h3 id="build-14">Build</h3>
<ul>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.19.3 to 3.19.4</li>
<li><strong>deps:</strong> bump actions/upload-artifact from 5 to 6</li>
<li><strong>deps:</strong> bump actions/download-artifact from 6 to 7</li>
<li><strong>deps:</strong> bump actions/cache from 4 to 5</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.19.2 to 3.19.3</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.34.2 to 0.34.3</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.34.2 to 0.34.3</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.34.2 to 0.34.3</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.33.0 to 0.34.0</li>
<li><strong>deps:</strong> bump urllib3</li>
<li><strong>deps:</strong> bump github.com/spf13/cobra from 1.10.1 to 1.10.2</li>
</ul>
<h3 id="pull-requests-15">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/315">#315</a> from clouddrove/dependabot/github_actions/actions/upload-artifact-6</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/314">#314</a> from clouddrove/dependabot/github_actions/actions/download-artifact-7</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/316">#316</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.19.4</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/312">#312</a> from clouddrove/dependabot/github_actions/actions/cache-5</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/310">#310</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.19.3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/306">#306</a> from clouddrove/dependabot/go_modules/k8s.io/api-0.34.3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/307">#307</a> from clouddrove/dependabot/go_modules/k8s.io/client-go-0.34.3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/308">#308</a> from clouddrove/dependabot/go_modules/k8s.io/apimachinery-0.34.3</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/305">#305</a> from clouddrove/dependabot/go_modules/golang.org/x/oauth2-0.34.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/304">#304</a> from clouddrove/dependabot/pip/docs/sm/docs/pip-a6aa50acab</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/302">#302</a> from clouddrove/dependabot/go_modules/github.com/spf13/cobra-1.10.2</li>
</ul>
<p><a name="v0.2.5-beta"></a></p>
<h2 id="v025-beta-2025-12-12"><a href="https://github.com/clouddrove/smurf/compare/v0.2.4-beta...v0.2.5-beta">v0.2.5-beta</a> (2025-12-12)</h2>
<p><a name="v0.2.4-beta"></a></p>
<h2 id="v024-beta-2025-12-11"><a href="https://github.com/clouddrove/smurf/compare/v0.2.3-beta...v0.2.4-beta">v0.2.4-beta</a> (2025-12-11)</h2>
<h3 id="fix-14">Fix</h3>
<ul>
<li>update smurf terraform provision command</li>
<li>smurf stf plan &ndash;out flag update</li>
</ul>
<p><a name="v0.2.3-beta"></a></p>
<h2 id="v023-beta-2025-12-11"><a href="https://github.com/clouddrove/smurf/compare/v0.2.2-beta...v0.2.3-beta">v0.2.3-beta</a> (2025-12-11)</h2>
<h3 id="fix-15">Fix</h3>
<ul>
<li>smurf stf apply logs</li>
</ul>
<h3 id="reverts">Reverts</h3>
<ul>
<li>added context in ai</li>
</ul>
<p><a name="v0.2.2-beta"></a></p>
<h2 id="v022-beta-2025-12-03"><a href="https://github.com/clouddrove/smurf/compare/v0.0.9...v0.2.2-beta">v0.2.2-beta</a> (2025-12-03)</h2>
<h3 id="fix-16">Fix</h3>
<ul>
<li>smurf terraform plan support -out</li>
</ul>
<p><a name="v0.0.9"></a></p>
<h2 id="v009-2025-11-26"><a href="https://github.com/clouddrove/smurf/compare/v0.2.1-beta...v0.0.9">v0.0.9</a> (2025-11-26)</h2>
<p><a name="v0.2.1-beta"></a></p>
<h2 id="v021-beta-2025-11-24"><a href="https://github.com/clouddrove/smurf/compare/v0.2.0-beat...v0.2.1-beta">v0.2.1-beta</a> (2025-11-24)</h2>
<h3 id="build-15">Build</h3>
<ul>
<li><strong>deps:</strong> bump actions/checkout from 5 to 6</li>
<li><strong>deps:</strong> bump golang.org/x/crypto</li>
</ul>
<h3 id="feat-4">Feat</h3>
<ul>
<li>add smurf sdkr for google cloud platform(GCP)</li>
</ul>
<h3 id="pull-requests-16">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/299">#299</a> from clouddrove/dependabot/github_actions/actions/checkout-6</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/298">#298</a> from clouddrove/dependabot/go_modules/go_modules-dd7da38a6b</li>
</ul>
<p><a name="v0.2.0-beat"></a></p>
<h2 id="v020-beat-2025-11-19"><a href="https://github.com/clouddrove/smurf/compare/v0.0.8...v0.2.0-beat">v0.2.0-beat</a> (2025-11-19)</h2>
<h3 id="build-16">Build</h3>
<ul>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.19.1 to 3.19.2</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.34.1 to 0.34.2</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.34.1 to 0.34.2</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.34.1 to 0.34.2</li>
</ul>
<h3 id="feat-5">Feat</h3>
<ul>
<li>add history max flag for smurf selm</li>
</ul>
<h3 id="pull-requests-17">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/293">#293</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.19.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/294">#294</a> from clouddrove/dependabot/go_modules/k8s.io/client-go-0.34.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/295">#295</a> from clouddrove/dependabot/go_modules/k8s.io/apimachinery-0.34.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/296">#296</a> from clouddrove/dependabot/go_modules/k8s.io/api-0.34.2</li>
</ul>
<p><a name="v0.0.8"></a></p>
<h2 id="v008-2025-11-11"><a href="https://github.com/clouddrove/smurf/compare/v0.1.9-beta...v0.0.8">v0.0.8</a> (2025-11-11)</h2>
<h3 id="build-17">Build</h3>
<ul>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.19.0 to 3.19.1</li>
<li><strong>deps:</strong> bump douglascamata/setup-docker-macos-action</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.32.0 to 0.33.0</li>
<li><strong>deps:</strong> bump github.com/containerd/containerd</li>
<li><strong>deps:</strong> bump github.com/docker/docker</li>
</ul>
<h3 id="pull-requests-18">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/290">#290</a> from clouddrove/dependabot/github_actions/douglascamata/setup-docker-macos-action-1.0.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/291">#291</a> from clouddrove/dependabot/go_modules/helm.sh/helm/v3-3.19.1</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/292">#292</a> from clouddrove/dependabot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.13.1</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/288">#288</a> from clouddrove/dependabot/go_modules/golang.org/x/oauth2-0.33.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/285">#285</a> from clouddrove/dependabot/go_modules/github.com/docker/docker-28.5.2incompatible</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/286">#286</a> from clouddrove/dependabot/go_modules/go_modules-6b61ce4306</li>
</ul>
<p><a name="v0.1.9-beta"></a></p>
<h2 id="v019-beta-2025-11-10"><a href="https://github.com/clouddrove/smurf/compare/v0.1.8-beta...v0.1.9-beta">v0.1.9-beta</a> (2025-11-10)</h2>
<h3 id="feat-6">Feat</h3>
<ul>
<li>change logs and update format command</li>
<li>Add smurf terraform</li>
</ul>
<p><a name="v0.1.8-beta"></a></p>
<h2 id="v018-beta-2025-11-07"><a href="https://github.com/clouddrove/smurf/compare/v0.0.7...v0.1.8-beta">v0.1.8-beta</a> (2025-11-07)</h2>
<h3 id="feat-7">Feat</h3>
<ul>
<li>Add smurf terraform</li>
<li>update docs with latest changes</li>
</ul>
<p><a name="v0.0.7"></a></p>
<h2 id="v007-2025-11-04"><a href="https://github.com/clouddrove/smurf/compare/v0.1.7-beta...v0.0.7">v0.0.7</a> (2025-11-04)</h2>
<h3 id="build-18">Build</h3>
<ul>
<li><strong>deps:</strong> bump actions/download-artifact from 5 to 6</li>
<li><strong>deps:</strong> bump actions/upload-artifact from 4 to 5</li>
</ul>
<h3 id="pull-requests-19">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/280">#280</a> from clouddrove/dependabot/github_actions/actions/upload-artifact-5</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/281">#281</a> from clouddrove/dependabot/github_actions/actions/download-artifact-6</li>
</ul>
<p><a name="v0.1.7-beta"></a></p>
<h2 id="v017-beta-2025-11-04"><a href="https://github.com/clouddrove/smurf/compare/v0.1.6-beta...v0.1.7-beta">v0.1.7-beta</a> (2025-11-04)</h2>
<h3 id="feat-8">Feat</h3>
<ul>
<li>improve code suggested by Gemini AI</li>
</ul>
<p><a name="v0.1.6-beta"></a></p>
<h2 id="v016-beta-2025-11-03"><a href="https://github.com/clouddrove/smurf/compare/v0.1.5-beta...v0.1.6-beta">v0.1.6-beta</a> (2025-11-03)</h2>
<h3 id="feat-9">Feat</h3>
<ul>
<li>improve code suggested by Gemini AI</li>
<li>improve code suggested by Gemini AI</li>
<li>improve code suggested by Gemini AI</li>
<li>improve code suggested by Gemini AI</li>
<li>improve code suggested by Gemini AI</li>
</ul>
<p><a name="v0.1.5-beta"></a></p>
<h2 id="v015-beta-2025-10-31"><a href="https://github.com/clouddrove/smurf/compare/v0.1.4-beta...v0.1.5-beta">v0.1.5-beta</a> (2025-10-31)</h2>
<h3 id="feat-10">Feat</h3>
<ul>
<li>Update the code as suggested by Gemini AI.</li>
</ul>
<p><a name="v0.1.4-beta"></a></p>
<h2 id="v014-beta-2025-10-31"><a href="https://github.com/clouddrove/smurf/compare/v0.1.3-beta...v0.1.4-beta">v0.1.4-beta</a> (2025-10-31)</h2>
<h3 id="feat-11">Feat</h3>
<ul>
<li>update smurf provision GHCR logs</li>
</ul>
<p><a name="v0.1.3-beta"></a></p>
<h2 id="v013-beta-2025-10-31"><a href="https://github.com/clouddrove/smurf/compare/v0.1.2-beta...v0.1.3-beta">v0.1.3-beta</a> (2025-10-31)</h2>
<h3 id="feat-12">Feat</h3>
<ul>
<li>Add GHCR repo feature</li>
</ul>
<p><a name="v0.1.2-beta"></a></p>
<h2 id="v012-beta-2025-10-31"><a href="https://github.com/clouddrove/smurf/compare/v0.1.1...v0.1.2-beta">v0.1.2-beta</a> (2025-10-31)</h2>
<h3 id="feat-13">Feat</h3>
<ul>
<li>Add GHCR repo feature</li>
</ul>
<p><a name="v0.1.1"></a></p>
<h2 id="v011-2025-10-30"><a href="https://github.com/clouddrove/smurf/compare/v0.1.0-beta...v0.1.1">v0.1.1</a> (2025-10-30)</h2>
<h3 id="feat-14">Feat</h3>
<ul>
<li>add smurf deploy command</li>
</ul>
<p><a name="v0.1.0-beta"></a></p>
<h2 id="v010-beta-2025-10-27"><a href="https://github.com/clouddrove/smurf/compare/v0.0.6...v0.1.0-beta">v0.1.0-beta</a> (2025-10-27)</h2>
<h3 id="build-19">Build</h3>
<ul>
<li><strong>deps:</strong> bump github.com/pterm/pterm from 0.12.81 to 0.12.82 (<a href="https://github.com/clouddrove/smurf/issues/279">#279</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.31.0 to 0.32.0 (<a href="https://github.com/clouddrove/smurf/issues/277">#277</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/276">#276</a>)</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (<a href="https://github.com/clouddrove/smurf/issues/275">#275</a>)</li>
<li><strong>deps:</strong> bump douglascamata/setup-docker-macos-action (<a href="https://github.com/clouddrove/smurf/issues/274">#274</a>)</li>
</ul>
<h3 id="feat-15">Feat</h3>
<ul>
<li>add smurf selm init command</li>
<li>add command for push docker image on ghcr</li>
</ul>
<p><a name="v0.0.6"></a></p>
<h2 id="v006-2025-10-03"><a href="https://github.com/clouddrove/smurf/compare/v0.0.06...v0.0.6">v0.0.6</a> (2025-10-03)</h2>
<p><a name="v0.0.06"></a></p>
<h2 id="v0006-2025-10-03"><a href="https://github.com/clouddrove/smurf/compare/v0.0.8-Beta...v0.0.06">v0.0.06</a> (2025-10-03)</h2>
<h3 id="build-20">Build</h3>
<ul>
<li><strong>deps:</strong> bump github.com/docker/docker</li>
</ul>
<h3 id="feat-16">Feat</h3>
<ul>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>Updated smurf selm with code changes suggested by Gemini AI</li>
<li>update error log structure for selm</li>
</ul>
<h3 id="pull-requests-20">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/273">#273</a> from clouddrove/feat/selm-logs</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/271">#271</a> from clouddrove/dependabot/go_modules/github.com/docker/docker-28.5.0incompatible</li>
</ul>
<p><a name="v0.0.8-Beta"></a></p>
<h2 id="v008-beta-2025-10-01"><a href="https://github.com/clouddrove/smurf/compare/v0.0.7-Beta...v0.0.8-Beta">v0.0.8-Beta</a> (2025-10-01)</h2>
<h3 id="feat-17">Feat</h3>
<ul>
<li>update error log structure for selm</li>
</ul>
<p><a name="v0.0.7-Beta"></a></p>
<h2 id="v007-beta-2025-09-30"><a href="https://github.com/clouddrove/smurf/compare/v0.0.6-Beta...v0.0.7-Beta">v0.0.7-Beta</a> (2025-09-30)</h2>
<h3 id="feat-18">Feat</h3>
<ul>
<li>update smurf selm log structure</li>
</ul>
<p><a name="v0.0.6-Beta"></a></p>
<h2 id="v006-beta-2025-09-29"><a href="https://github.com/clouddrove/smurf/compare/v0.0.5...v0.0.6-Beta">v0.0.6-Beta</a> (2025-09-29)</h2>
<p><a name="v0.0.5"></a></p>
<h2 id="v005-2025-09-23"><a href="https://github.com/clouddrove/smurf/compare/v0.0.9-beta...v0.0.5">v0.0.5</a> (2025-09-23)</h2>
<p><a name="v0.0.9-beta"></a></p>
<h2 id="v009-beta-2025-09-23"><a href="https://github.com/clouddrove/smurf/compare/v0.0.8-beta...v0.0.9-beta">v0.0.9-beta</a> (2025-09-23)</h2>
<h3 id="fix-17">Fix</h3>
<ul>
<li>selm template command issue</li>
<li>selm template command issue</li>
</ul>
<h3 id="pull-requests-21">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/268">#268</a> from clouddrove/fix/time-issue</li>
</ul>
<p><a name="v0.0.8-beta"></a></p>
<h2 id="v008-beta-2025-09-22"><a href="https://github.com/clouddrove/smurf/compare/beta-v0.0.5...v0.0.8-beta">v0.0.8-beta</a> (2025-09-22)</h2>
<h3 id="build-21">Build</h3>
<ul>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-exec</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-json</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-json</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.18.6 to 3.19.0 (<a href="https://github.com/clouddrove/smurf/issues/260">#260</a>)</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.34.0 to 0.34.1 (<a href="https://github.com/clouddrove/smurf/issues/257">#257</a>)</li>
</ul>
<h3 id="fix-18">Fix</h3>
<ul>
<li>resolve readiness issue</li>
<li>resolve readiness issue</li>
</ul>
<h3 id="pull-requests-22">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/264">#264</a> from clouddrove/dependabot/go_modules/github.com/hashicorp/terraform-exec-0.24.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/265">#265</a> from clouddrove/dependabot/go_modules/github.com/hashicorp/terraform-json-0.27.2</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/262">#262</a> from clouddrove/dependabot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.12.0</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/263">#263</a> from clouddrove/dependabot/go_modules/github.com/hashicorp/terraform-json-0.27.1</li>
</ul>
<p><a name="beta-v0.0.5"></a></p>
<h2 id="beta-v005-2025-09-15"><a href="https://github.com/clouddrove/smurf/compare/v0.0.7-beta...beta-v0.0.5">beta-v0.0.5</a> (2025-09-15)</h2>
<p><a name="v0.0.7-beta"></a></p>
<h2 id="v007-beta-2025-09-15"><a href="https://github.com/clouddrove/smurf/compare/v0.0.6-beta...v0.0.7-beta">v0.0.7-beta</a> (2025-09-15)</h2>
<h3 id="feat-19">Feat</h3>
<ul>
<li>test new log structure</li>
<li>test new log structure</li>
</ul>
<p><a name="v0.0.6-beta"></a></p>
<h2 id="v006-beta-2025-09-15"><a href="https://github.com/clouddrove/smurf/compare/v0.0.5-beta...v0.0.6-beta">v0.0.6-beta</a> (2025-09-15)</h2>
<h3 id="feat-20">Feat</h3>
<ul>
<li>test new log structure</li>
</ul>
<p><a name="v0.0.5-beta"></a></p>
<h2 id="v005-beta-2025-09-08"><a href="https://github.com/clouddrove/smurf/compare/v0.0.4...v0.0.5-beta">v0.0.5-beta</a> (2025-09-08)</h2>
<h3 id="build-22">Build</h3>
<ul>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 (<a href="https://github.com/clouddrove/smurf/issues/256">#256</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker</li>
<li><strong>deps:</strong> bump actions/setup-go from 5 to 6</li>
<li><strong>deps:</strong> bump actions/setup-python from 5 to 6</li>
<li><strong>deps:</strong> bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a href="https://github.com/clouddrove/smurf/issues/251">#251</a>)</li>
</ul>
<h3 id="feat-21">Feat</h3>
<ul>
<li>update selm install log structure</li>
</ul>
<h3 id="pull-requests-23">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/252">#252</a> from clouddrove/dependabot/github_actions/actions/setup-python-6</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/253">#253</a> from clouddrove/dependabot/github_actions/actions/setup-go-6</li>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/254">#254</a> from clouddrove/dependabot/go_modules/github.com/docker/docker-28.4.0incompatible</li>
</ul>
<p><a name="v0.0.4"></a></p>
<h2 id="v004-2025-09-01"><a href="https://github.com/clouddrove/smurf/compare/v0.0.3...v0.0.4">v0.0.4</a> (2025-09-01)</h2>
<h3 id="build-23">Build</h3>
<ul>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.33.3 to 0.34.0 (<a href="https://github.com/clouddrove/smurf/issues/247">#247</a>)</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-exec (<a href="https://github.com/clouddrove/smurf/issues/246">#246</a>)</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.33.4 to 0.34.0 (<a href="https://github.com/clouddrove/smurf/issues/245">#245</a>)</li>
<li><strong>deps:</strong> bump github.com/stretchr/testify from 1.11.0 to 1.11.1 (<a href="https://github.com/clouddrove/smurf/issues/244">#244</a>)</li>
</ul>
<h3 id="feat-22">Feat</h3>
<ul>
<li>Add support for <code>--wait</code> flag in <code>smurf selm upgrade</code> command (<a href="https://github.com/clouddrove/smurf/issues/243">#243</a>)</li>
</ul>
<h3 id="feat-23">Feat</h3>
<ul>
<li>update claude pr workflows for testing (<a href="https://github.com/clouddrove/smurf/issues/242">#242</a>)</li>
</ul>
<h3 id="pull-requests-24">Pull Requests</h3>
<ul>
<li>Merge pull request <a href="https://github.com/clouddrove/smurf/issues/248">#248</a> from clouddrove/fix/cloud-workflow</li>
</ul>
<p><a name="v0.0.3"></a></p>
<h2 id="v003-2025-08-26"><a href="https://github.com/clouddrove/smurf/compare/v0.0.2...v0.0.3">v0.0.3</a> (2025-08-26)</h2>
<h3 id="build-24">Build</h3>
<ul>
<li><strong>deps:</strong> bump actions/upload-pages-artifact from 3 to 4 (<a href="https://github.com/clouddrove/smurf/issues/240">#240</a>)</li>
<li><strong>deps:</strong> bump github.com/stretchr/testify from 1.10.0 to 1.11.0 (<a href="https://github.com/clouddrove/smurf/issues/239">#239</a>)</li>
</ul>
<h3 id="fix-19">Fix</h3>
<ul>
<li>Add repo chart support in upgrade (<a href="https://github.com/clouddrove/smurf/issues/241">#241</a>)</li>
</ul>
<p><a name="v0.0.2"></a></p>
<h2 id="v002-2025-08-21"><a href="https://github.com/clouddrove/smurf/compare/v0.0.1...v0.0.2">v0.0.2</a> (2025-08-21)</h2>
<h3 id="build-25">Build</h3>
<ul>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.18.5 to 3.18.6 (<a href="https://github.com/clouddrove/smurf/issues/237">#237</a>)</li>
<li><strong>deps:</strong> bump github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8 (<a href="https://github.com/clouddrove/smurf/issues/236">#236</a>)</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.33.3 to 0.33.4 (<a href="https://github.com/clouddrove/smurf/issues/235">#235</a>)</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (<a href="https://github.com/clouddrove/smurf/issues/234">#234</a>)</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-json (<a href="https://github.com/clouddrove/smurf/issues/233">#233</a>)</li>
</ul>
<p><a name="v0.0.1"></a></p>
<h2 id="v001-2025-08-20">v0.0.1 (2025-08-20)</h2>
<h3 id="build-26">Build</h3>
<ul>
<li><strong>deps:</strong> bump the go_modules group with 2 updates (<a href="https://github.com/clouddrove/smurf/issues/230">#230</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.18.5 to 3.18.6 (<a href="https://github.com/clouddrove/smurf/issues/227">#227</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 in the go_modules group (<a href="https://github.com/clouddrove/smurf/issues/226">#226</a>)</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.33.3 to 0.33.4 (<a href="https://github.com/clouddrove/smurf/issues/221">#221</a>)</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-json (<a href="https://github.com/clouddrove/smurf/issues/220">#220</a>)</li>
<li><strong>deps:</strong> bump actions/checkout from 4 to 5 (<a href="https://github.com/clouddrove/smurf/issues/217">#217</a>)</li>
<li><strong>deps:</strong> bump actions/download-artifact from 4 to 5 (<a href="https://github.com/clouddrove/smurf/issues/216">#216</a>)</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (<a href="https://github.com/clouddrove/smurf/issues/215">#215</a>)</li>
<li><strong>deps:</strong> bump github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8 (<a href="https://github.com/clouddrove/smurf/issues/214">#214</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker in the go_modules group (<a href="https://github.com/clouddrove/smurf/issues/213">#213</a>)</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.33.2 to 0.33.3 (<a href="https://github.com/clouddrove/smurf/issues/206">#206</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/201">#201</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 in the go_modules group (<a href="https://github.com/clouddrove/smurf/issues/197">#197</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/194">#194</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/193">#193</a>)</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.33.1 to 0.33.2 (<a href="https://github.com/clouddrove/smurf/issues/190">#190</a>)</li>
<li><strong>deps:</strong> bump urllib3 (<a href="https://github.com/clouddrove/smurf/issues/189">#189</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.18.2 to 3.18.3 (<a href="https://github.com/clouddrove/smurf/issues/188">#188</a>)</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (<a href="https://github.com/clouddrove/smurf/issues/186">#186</a>)</li>
<li><strong>deps:</strong> bump requests (<a href="https://github.com/clouddrove/smurf/issues/185">#185</a>)</li>
<li><strong>deps:</strong> bump github.com/pterm/pterm from 0.12.80 to 0.12.81 (<a href="https://github.com/clouddrove/smurf/issues/182">#182</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.18.1 to 3.18.2 (<a href="https://github.com/clouddrove/smurf/issues/180">#180</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/179">#179</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/177">#177</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.18.0 to 3.18.1 (<a href="https://github.com/clouddrove/smurf/issues/176">#176</a>)</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.32.2 to 0.33.1 (<a href="https://github.com/clouddrove/smurf/issues/169">#169</a>)</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-json (<a href="https://github.com/clouddrove/smurf/issues/158">#158</a>)</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (<a href="https://github.com/clouddrove/smurf/issues/157">#157</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (<a href="https://github.com/clouddrove/smurf/issues/156">#156</a>)</li>
<li><strong>deps:</strong> bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 (<a href="https://github.com/clouddrove/smurf/issues/149">#149</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/148">#148</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/147">#147</a>)</li>
<li><strong>deps:</strong> bump douglascamata/setup-docker-macos-action (<a href="https://github.com/clouddrove/smurf/issues/146">#146</a>)</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-exec (<a href="https://github.com/clouddrove/smurf/issues/144">#144</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.17.2 to 3.17.3 (<a href="https://github.com/clouddrove/smurf/issues/143">#143</a>)</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (<a href="https://github.com/clouddrove/smurf/issues/142">#142</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (<a href="https://github.com/clouddrove/smurf/issues/139">#139</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/132">#132</a>)</li>
<li><strong>deps:</strong> bump github.com/golang-jwt/jwt/v5 in the go_modules group (<a href="https://github.com/clouddrove/smurf/issues/130">#130</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/125">#125</a>)</li>
<li><strong>deps:</strong> bump github.com/containerd/containerd (<a href="https://github.com/clouddrove/smurf/issues/123">#123</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.17.1 to 3.17.2 (<a href="https://github.com/clouddrove/smurf/issues/119">#119</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/net in the go_modules group (<a href="https://github.com/clouddrove/smurf/issues/117">#117</a>)</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.32.2 to 0.32.3 (<a href="https://github.com/clouddrove/smurf/issues/115">#115</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 (<a href="https://github.com/clouddrove/smurf/issues/111">#111</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/108">#108</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 (<a href="https://github.com/clouddrove/smurf/issues/107">#107</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/104">#104</a>)</li>
<li><strong>deps:</strong> bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (<a href="https://github.com/clouddrove/smurf/issues/97">#97</a>)</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.32.1 to 0.32.2 (<a href="https://github.com/clouddrove/smurf/issues/94">#94</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.16.4 to 3.17.1 (<a href="https://github.com/clouddrove/smurf/issues/91">#91</a>)</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-exec (<a href="https://github.com/clouddrove/smurf/issues/89">#89</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (<a href="https://github.com/clouddrove/smurf/issues/83">#83</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/77">#77</a>)</li>
<li><strong>deps:</strong> bump github.com/hashicorp/terraform-exec (<a href="https://github.com/clouddrove/smurf/issues/78">#78</a>)</li>
<li><strong>deps:</strong> bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (<a href="https://github.com/clouddrove/smurf/issues/69">#69</a>)</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.31.4 to 0.32.1 (<a href="https://github.com/clouddrove/smurf/issues/66">#66</a>)</li>
<li><strong>deps:</strong> bump github.com/aws/aws-sdk-go from 1.55.5 to 1.55.6 (<a href="https://github.com/clouddrove/smurf/issues/65">#65</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/63">#63</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (<a href="https://github.com/clouddrove/smurf/issues/59">#59</a>)</li>
<li><strong>deps:</strong> bump github.com/moby/term from 0.5.0 to 0.5.2 (<a href="https://github.com/clouddrove/smurf/issues/58">#58</a>)</li>
<li><strong>deps:</strong> bump jinja2 (<a href="https://github.com/clouddrove/smurf/issues/57">#57</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/56">#56</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 (<a href="https://github.com/clouddrove/smurf/issues/54">#54</a>)</li>
<li><strong>deps:</strong> bump golang.org/x/crypto in the go_modules group (<a href="https://github.com/clouddrove/smurf/issues/52">#52</a>)</li>
<li><strong>deps:</strong> bump k8s.io/api from 0.31.2 to 0.31.4 (<a href="https://github.com/clouddrove/smurf/issues/48">#48</a>)</li>
<li><strong>deps:</strong> bump github.com/docker/docker (<a href="https://github.com/clouddrove/smurf/issues/46">#46</a>)</li>
<li><strong>deps:</strong> bump github.com/pterm/pterm from 0.12.79 to 0.12.80 (<a href="https://github.com/clouddrove/smurf/issues/34">#34</a>)</li>
<li><strong>deps:</strong> bump k8s.io/apimachinery from 0.31.2 to 0.31.3 (<a href="https://github.com/clouddrove/smurf/issues/32">#32</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 (<a href="https://github.com/clouddrove/smurf/issues/29">#29</a>)</li>
<li><strong>deps:</strong> bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 (<a href="https://github.com/clouddrove/smurf/issues/19">#19</a>)</li>
<li><strong>deps:</strong> bump k8s.io/client-go from 0.31.1 to 0.31.2 (<a href="https://github.com/clouddrove/smurf/issues/16">#16</a>)</li>
</ul>
<h3 id="feat-24">Feat</h3>
<ul>
<li>Enhance smurf sdkr and smurf selm logging structure (<a href="https://github.com/clouddrove/smurf/issues/229">#229</a>)</li>
<li>added install.sh (<a href="https://github.com/clouddrove/smurf/issues/140">#140</a>)</li>
</ul>
<h3 id="feat-25">Feat</h3>
<ul>
<li>new release tag v1.1.1 (<a href="https://github.com/clouddrove/smurf/issues/170">#170</a>)</li>
<li>Improved performance of docker image (<a href="https://github.com/clouddrove/smurf/issues/153">#153</a>)</li>
<li>fixed docs code (<a href="https://github.com/clouddrove/smurf/issues/145">#145</a>)</li>
<li>integrated -f flag in lint and template of smurf selm (<a href="https://github.com/clouddrove/smurf/issues/136">#136</a>)</li>
<li>Working on smurf version command</li>
<li>Added new command in smurf which is helm plugin install (<a href="https://github.com/clouddrove/smurf/issues/127">#127</a>)</li>
<li>added flag for plan &ndash;destroy (<a href="https://github.com/clouddrove/smurf/issues/126">#126</a>)</li>
<li>updated docker image tag and documentation (<a href="https://github.com/clouddrove/smurf/issues/105">#105</a>)</li>
<li>updated naming convention</li>
<li>update contributors url</li>
<li>added major release (<a href="https://github.com/clouddrove/smurf/issues/100">#100</a>)</li>
<li>updated social logo (<a href="https://github.com/clouddrove/smurf/issues/90">#90</a>)</li>
<li>disable tests (<a href="https://github.com/clouddrove/smurf/issues/88">#88</a>)</li>
<li>unit test logic and smurf improvement (<a href="https://github.com/clouddrove/smurf/issues/62">#62</a>)</li>
<li>configured github action to deploy github pages (<a href="https://github.com/clouddrove/smurf/issues/28">#28</a>)</li>
<li>updated permission</li>
<li>added requirement.txt (<a href="https://github.com/clouddrove/smurf/issues/27">#27</a>)</li>
<li>added dns name (<a href="https://github.com/clouddrove/smurf/issues/26">#26</a>)</li>
<li>updated branch name in trigger</li>
<li>added workflows (<a href="https://github.com/clouddrove/smurf/issues/14">#14</a>)</li>
<li>Add initial Go module structure and foundational directories (<a href="https://github.com/clouddrove/smurf/issues/1">#1</a>)</li>
</ul>
<h3 id="fix-20">Fix</h3>
<ul>
<li>fixed test in install_test.go (<a href="https://github.com/clouddrove/smurf/issues/122">#122</a>)</li>
</ul>
<h3 id="fmt">Fmt</h3>
<ul>
<li>improved naming (<a href="https://github.com/clouddrove/smurf/issues/174">#174</a>)</li>
</ul>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>build(deps): bump helm.sh/helm/v3 from 3.21.0 to 3.21.1 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/426">https://github.com/clouddrove/smurf/pull/426</a></li>
<li>build(deps): bump the pip group across 1 directory with 2 updates by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/427">https://github.com/clouddrove/smurf/pull/427</a></li>
<li>build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.1 to 1.14.0 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/429">https://github.com/clouddrove/smurf/pull/429</a></li>
<li>build(deps): bump k8s.io/apimachinery from 0.36.1 to 0.36.2 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/428">https://github.com/clouddrove/smurf/pull/428</a></li>
<li>build(deps): bump actions/checkout from 6 to 7 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/431">https://github.com/clouddrove/smurf/pull/431</a></li>
<li>build(deps): bump actions/cache from 5 to 6 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/435">https://github.com/clouddrove/smurf/pull/435</a></li>
<li>build(deps): bump msgpack from 1.1.0 to 1.2.1 in /docs/sm/docs in the pip group across 1 directory by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/434">https://github.com/clouddrove/smurf/pull/434</a></li>
<li>build(deps): bump github.com/containerd/containerd from 1.7.32 to 1.7.33 in the go_modules group across 1 directory by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/433">https://github.com/clouddrove/smurf/pull/433</a></li>
<li>build(deps): bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml from ca8d61c90f059d7ed8c3fc608877d19cc5d965f5 to 5a15692ae38a05cc3aa3b7ab6744add91e9b8591 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/436">https://github.com/clouddrove/smurf/pull/436</a></li>
<li>build(deps): bump helm.sh/helm/v3 from 3.21.1 to 3.21.2 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/432">https://github.com/clouddrove/smurf/pull/432</a></li>
<li>fix: fix deployment validation for completed Kubernetes Job pods by @anket-cd in <a href="https://github.com/clouddrove/smurf/pull/430">https://github.com/clouddrove/smurf/pull/430</a></li>
<li>build(deps): bump clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml from 5a15692ae38a05cc3aa3b7ab6744add91e9b8591 to f6ef7e54f3a1f4e2a05a66ed1a8702c07ae94346 by @dependabot[bot] in <a href="https://github.com/clouddrove/smurf/pull/437">https://github.com/clouddrove/smurf/pull/437</a></li>
<li>feat: enhance smurf selm logs to capture terminated pod details during failed deployments by @anket-cd in <a href="https://github.com/clouddrove/smurf/pull/438">https://github.com/clouddrove/smurf/pull/438</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/clouddrove/smurf/compare/v1.1.4...v1.1.5">https://github.com/clouddrove/smurf/compare/v1.1.4...v1.1.5</a></p>
]]></content:encoded></item><item><title>Devr Codeguard</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/devr-codeguard/</link><pubDate>Fri, 03 Jul 2026 22:15:40 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/devr-codeguard/</guid><description>Version updated for https://github.com/devr-tools/codeguard to version v0.8.1.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.8.1 (2026-07-03) Bug Fixes release: disable PyPI attestations for reusable-workflow publish (28a147d)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/devr-tools/codeguard">https://github.com/devr-tools/codeguard</a></strong> to version <strong>v0.8.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/devr-codeguard">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="081-2026-07-03"><a href="https://github.com/devr-tools/codeguard/compare/v0.8.0...v0.8.1">0.8.1</a> (2026-07-03)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li><strong>release:</strong> disable PyPI attestations for reusable-workflow publish (<a href="https://github.com/devr-tools/codeguard/commit/28a147d14834ae20cf59749fcd6f21f51f02a568">28a147d</a>)</li>
</ul>
]]></content:encoded></item><item><title>FacturaScripts Playground PR Preview</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/facturascripts-playground-pr-preview/</link><pubDate>Fri, 03 Jul 2026 22:15:07 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/facturascripts-playground-pr-preview/</guid><description>Version updated for https://github.com/erseco/action-facturascripts-playground-pr-preview to version v1.1.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s new since v1.0.0 feat: append-to-description publish mode + workflow_run/pr-number support (#13) feat: warn (advisory, non-blocking) when the preview URL risks HTTP 414, and document the mitigation in the README (#19) ci: verify-dist gate, dependabot-dist auto-rebuild, immutable-action publishing Various dependency bumps All changes are backward compatible: new inputs default to the previous behavior, and the URL-length check only warns, it never fails the action. No breaking changes, so the v1 tag is being moved to this release rather than cutting a v2.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/erseco/action-facturascripts-playground-pr-preview">https://github.com/erseco/action-facturascripts-playground-pr-preview</a></strong> to version <strong>v1.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/facturascripts-playground-pr-preview">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-new-since-v100">What&rsquo;s new since v1.0.0</h2>
<ul>
<li>feat: append-to-description publish mode + workflow_run/pr-number support (#13)</li>
<li>feat: warn (advisory, non-blocking) when the preview URL risks HTTP 414, and document the mitigation in the README (#19)</li>
<li>ci: verify-dist gate, dependabot-dist auto-rebuild, immutable-action publishing</li>
<li>Various dependency bumps</li>
</ul>
<p>All changes are backward compatible: new inputs default to the previous behavior, and the URL-length check only warns, it never fails the action. No breaking changes, so the <code>v1</code> tag is being moved to this release rather than cutting a v2.</p>
]]></content:encoded></item><item><title>Garnet Runtime Visibility</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/garnet-runtime-visibility/</link><pubDate>Fri, 03 Jul 2026 22:14:34 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/garnet-runtime-visibility/</guid><description>Version updated for https://github.com/garnet-org/action to version v2.1.1.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 111 repositories.
Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @types/node from 26.0.1 to 26.1.0 by @dependabot[bot] in https://github.com/garnet-org/action/pull/81 fix: improve error messages by @nicolasparada in https://github.com/garnet-org/action/pull/84 feat: add agents.md to repo by @nicolasparada in https://github.com/garnet-org/action/pull/85 Full Changelog: https://github.com/garnet-org/action/compare/v2.1.0...v2.1.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/garnet-org/action">https://github.com/garnet-org/action</a></strong> to version <strong>v2.1.1</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>111</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/garnet-runtime-visibility">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps-dev): bump @types/node from 26.0.1 to 26.1.0 by @dependabot[bot] in <a href="https://github.com/garnet-org/action/pull/81">https://github.com/garnet-org/action/pull/81</a></li>
<li>fix: improve error messages by @nicolasparada in <a href="https://github.com/garnet-org/action/pull/84">https://github.com/garnet-org/action/pull/84</a></li>
<li>feat: add agents.md to repo by @nicolasparada in <a href="https://github.com/garnet-org/action/pull/85">https://github.com/garnet-org/action/pull/85</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/garnet-org/action/compare/v2.1.0...v2.1.1">https://github.com/garnet-org/action/compare/v2.1.0...v2.1.1</a></p>
]]></content:encoded></item><item><title>ghcr-manager</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/ghcr-manager/</link><pubDate>Fri, 03 Jul 2026 22:14:01 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/ghcr-manager/</guid><description>Version updated for https://github.com/ghcr-manager/ghcr-manager to version v1.1.5.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/ghcr-manager/ghcr-manager/compare/v1.1.4...v1.1.5</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/ghcr-manager/ghcr-manager">https://github.com/ghcr-manager/ghcr-manager</a></strong> to version <strong>v1.1.5</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ghcr-manager">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ghcr-manager/ghcr-manager/compare/v1.1.4...v1.1.5">https://github.com/ghcr-manager/ghcr-manager/compare/v1.1.4...v1.1.5</a></p>
]]></content:encoded></item><item><title>Easy Npm Publish</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/easy-npm-publish/</link><pubDate>Fri, 03 Jul 2026 22:13:28 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/easy-npm-publish/</guid><description>Version updated for https://github.com/glitch452/easy-npm-publish to version v1.0.43.
This action is used across all versions by 2 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Chores deps: update all non-major dependencies (595d091)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/glitch452/easy-npm-publish">https://github.com/glitch452/easy-npm-publish</a></strong> to version <strong>v1.0.43</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/easy-npm-publish">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="chores">Chores</h2>
<ul>
<li>deps: update all non-major dependencies (<a href="https://github.com/glitch452/easy-npm-publish/commit/595d0911807cc0e37dc46e714fbb5d65c0d71924">595d091</a>)</li>
</ul>
]]></content:encoded></item><item><title>GitHub Action for GraalVM</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/github-action-for-graalvm/</link><pubDate>Fri, 03 Jul 2026 22:12:56 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/github-action-for-graalvm/</guid><description>Version updated for https://github.com/graalvm/setup-graalvm to version v1.6.0.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 4,081 repositories.
Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump the “all” group with 2 updates across multiple ecosystems by @dependabot[bot] in https://github.com/graalvm/setup-graalvm/pull/222 Add support for GraalVM innovation releases by @fniephaus in https://github.com/graalvm/setup-graalvm/pull/223 Full Changelog: https://github.com/graalvm/setup-graalvm/compare/v1.5.6...v1.6.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/graalvm/setup-graalvm">https://github.com/graalvm/setup-graalvm</a></strong> to version <strong>v1.6.0</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>4,081</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/github-action-for-graalvm">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Bump the &ldquo;all&rdquo; group with 2 updates across multiple ecosystems by @dependabot[bot] in <a href="https://github.com/graalvm/setup-graalvm/pull/222">https://github.com/graalvm/setup-graalvm/pull/222</a></li>
<li>Add support for GraalVM innovation releases by @fniephaus in <a href="https://github.com/graalvm/setup-graalvm/pull/223">https://github.com/graalvm/setup-graalvm/pull/223</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/graalvm/setup-graalvm/compare/v1.5.6...v1.6.0">https://github.com/graalvm/setup-graalvm/compare/v1.5.6...v1.6.0</a></p>
]]></content:encoded></item><item><title>L10n.dev AI Localization Automation</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/l10n.dev-ai-localization-automation/</link><pubDate>Fri, 03 Jul 2026 22:12:23 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/l10n.dev-ai-localization-automation/</guid><description>Version updated for https://github.com/l10n-dev/ai-l10n to version v1.9.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: add GlossaryManager and LinguisticInstructionsManager and CLI for them by @AntonovAnton in https://github.com/l10n-dev/ai-l10n/pull/48 Full Changelog: https://github.com/l10n-dev/ai-l10n/compare/v1.8.0...v1.9.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/l10n-dev/ai-l10n">https://github.com/l10n-dev/ai-l10n</a></strong> to version <strong>v1.9.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/l10n-dev-ai-localization-automation">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat: add GlossaryManager and LinguisticInstructionsManager and CLI for them by @AntonovAnton in <a href="https://github.com/l10n-dev/ai-l10n/pull/48">https://github.com/l10n-dev/ai-l10n/pull/48</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/l10n-dev/ai-l10n/compare/v1.8.0...v1.9.0">https://github.com/l10n-dev/ai-l10n/compare/v1.8.0...v1.9.0</a></p>
]]></content:encoded></item><item><title>OSS Security Policy as Code</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/oss-security-policy-as-code/</link><pubDate>Fri, 03 Jul 2026 22:11:50 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/oss-security-policy-as-code/</guid><description>Version updated for https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit to version v10.0.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed OSS Security Policy as Code Starter Kit v10.0.0 The normalized-findings major (ADR-030). The kit now correlates the scanner evidence it already composes — six kit evidence JSONs plus four external SARIF drops — into one deduplicated, KEV/EPSS-ranked finding view, delivered as a new versioned artifact and a new command. Stateless by design: one clone-only run, no database, no state between runs, no network.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit">https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit</a></strong> to version <strong>v10.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/oss-security-policy-as-code">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="oss-security-policy-as-code-starter-kit-v1000">OSS Security Policy as Code Starter Kit v10.0.0</h2>
<p><strong>The normalized-findings major (ADR-030).</strong> The kit now correlates the scanner evidence it already composes — six kit evidence JSONs plus four external SARIF drops — into <strong>one deduplicated, KEV/EPSS-ranked finding view</strong>, delivered as a new versioned artifact and a new command. Stateless by design: one clone-only run, no database, no state between runs, no network.</p>
<hr>
<h2 id="highlights">Highlights</h2>
<ul>
<li><strong>New command: <code>correlate-findings</code></strong> (23rd command). Normalizes findings from Semgrep, the four IaC/K8s scanners, zizmor, poutine, OSV-Scanner, and Gitleaks into one vocabulary; deduplicates across scanners with deterministic <code>opk-fk/v1</code> fingerprints (conservative under-merge: the same CVE from two tools collapses, distinct issues never do); and ranks CISA-KEV first, then EPSS, then severity. Re-runs are bit-identical.</li>
<li><strong>New contract: <code>findings/1.0</code></strong> (<code>.oss-policy-kit/findings.json</code>) — strict schema, published at <code>reports/schema/findings-1.0.schema.json</code>. Every source&rsquo;s original severity is preserved verbatim; missing/unreadable evidence is recorded honestly, never fatal.</li>
<li><strong>Opt-in gates for the correlated set</strong>: <code>--fail-on-severity</code> and <code>--fail-on-kev</code> (a correlated group gates once, regardless of how many tools reported it). Control evaluators are untouched — fence tests prove <code>evaluate</code> output is byte-identical with the feature present or absent.</li>
<li><strong>Finding-level waivers</strong>: <code>vulnerability_ids:</code>-keyed entries in <code>waivers.yaml</code> (the same ones <code>emit-vex</code> consumes) mark findings as waived — visible in the artifact, exempt from the findings gates, and provably unable to change any control state.</li>
<li><strong>Offline EPSS/KEV enrichment</strong>: <code>--enrichment-file</code> takes a user-supplied snapshot that refines <strong>ranking only</strong> (inferred trust, provenance recorded). The kit ships no bundled advisory data.</li>
<li><strong>Aggregator SARIF export</strong>: <code>--format sarif</code> self-describes as an aggregator/correlator — never the scanner — with per-result source-tool attribution and a double-reporting warning.</li>
<li><strong><code>evaluate --with-findings-summary</code></strong>: additive <code>extensions.findings_summary</code> block (totals, by-severity, KEV/high-EPSS counts, findings digest) computed in-process; changes no state, summary, digest, or exit code.</li>
</ul>
<h2 id="breaking-changes-see-docsv1000-migration-guidemd">Breaking changes (see <a href="https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit/blob/master/docs/v10.0.0-migration-guide.md">docs/v10.0.0-migration-guide.md</a>)</h2>
<ul>
<li>The deprecated <strong><code>cra-eu-ready-2-1</code> profile alias is removed</strong> (ADR-029, one-major cycle complete). Use <code>cra-eu-conformance-evidence-1</code>; the old id exits 2 with a pointer.</li>
<li>The legacy <strong><code>evaluation-report-v1/v2/v3.schema.json</code> files no longer ship</strong> in the wheel or the public <code>reports/schema/</code> mirror (the contracts were removed in v9.0.0). The mirror now carries the real current contracts (reports/2.0 + findings/1.0).</li>
<li><strong><code>scripts/migrate-1.0-to-2.0.py</code> is removed</strong> — retrieve it from the v9.x tags for stored legacy reports.</li>
<li><strong><code>export-evidence</code> requires reports/2.0 input.</strong> The silent reports/1.0 fallbacks are gone, and previously-wrong outputs are fixed: SPDX annotations now carry real states/messages, every renderer reads <code>target_path</code>, chainloop stops reading a nonexistent waivers array.</li>
</ul>
<h2 id="docs">Docs</h2>
<ul>
<li>New <a href="https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit/blob/master/docs/findings-correlation.md">findings-correlation.md</a> — the contract, the <code>opk-fk/v1</code> key spec, the under-merge guarantees, and the anti-ASPM fence.</li>
<li>New v10.0.0 migration guide; CLI reference and README updated for the 23-command surface.</li>
<li><code>triage-cvss-epss-kev.md</code> no longer implies the evaluator thresholds are tunable (they are fixed; tunable prioritization is the findings surface).</li>
</ul>
<h2 id="integrity">Integrity</h2>
<p>Quality gates: 4,310 unit + 19 property tests (including determinism, order-independence, and six mandatory fence tests), mypy strict, coverage 93%+. Pre- and post-publish clean-room validation on the real PyPI artifact. PyPI Trusted Publishing + registry attestations; container signed with cosign keyless.</p>
<p><strong>License:</strong> Apache-2.0.</p>
]]></content:encoded></item><item><title>Run Maester</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/run-maester/</link><pubDate>Fri, 03 Jul 2026 22:11:16 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/run-maester/</guid><description>Version updated for https://github.com/maester365/maester-action to version v1.2.0.
This action is used across all versions by 7 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed ci: bump actions/checkout from 6 to 7 in the all-actions group by @dependabot[bot] in https://github.com/maester365/maester-action/pull/43 Interactive report available as GitHub artifact with a direct link by @svrooij in https://github.com/maester365/maester-action/pull/42 Full Changelog: https://github.com/maester365/maester-action/compare/v1.1.0...v1.2.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/maester365/maester-action">https://github.com/maester365/maester-action</a></strong> to version <strong>v1.2.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>7</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/run-maester">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>ci: bump actions/checkout from 6 to 7 in the all-actions group by @dependabot[bot] in <a href="https://github.com/maester365/maester-action/pull/43">https://github.com/maester365/maester-action/pull/43</a></li>
<li>Interactive report available as GitHub artifact with a direct link by @svrooij in <a href="https://github.com/maester365/maester-action/pull/42">https://github.com/maester365/maester-action/pull/42</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/maester365/maester-action/compare/v1.1.0...v1.2.0">https://github.com/maester365/maester-action/compare/v1.1.0...v1.2.0</a></p>
]]></content:encoded></item><item><title>Quorum consensus security scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/quorum-consensus-security-scan/</link><pubDate>Fri, 03 Jul 2026 22:10:43 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/quorum-consensus-security-scan/</guid><description>Version updated for https://github.com/Martinez1991/quorum-sec-scan to version v0.7.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog 8b28bef427d98b63b5f50a96aaf0fbc1e4575894: Merge pull request #45 from Martinez1991/feat/crosswalk-multicloud-azure-gcp (@Martinez1991) 8852a90f27d4d886188266d468c6962b3e31f789: feat(crosswalk): multi-cloud consensus — Azure + GCP + more AWS (real overlaps) (@Martinez1991)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Martinez1991/quorum-sec-scan">https://github.com/Martinez1991/quorum-sec-scan</a></strong> to version <strong>v0.7.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/quorum-consensus-security-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="changelog">Changelog</h2>
<ul>
<li>8b28bef427d98b63b5f50a96aaf0fbc1e4575894: Merge pull request #45 from Martinez1991/feat/crosswalk-multicloud-azure-gcp (@Martinez1991)</li>
<li>8852a90f27d4d886188266d468c6962b3e31f789: feat(crosswalk): multi-cloud consensus — Azure + GCP + more AWS (real overlaps) (@Martinez1991)</li>
</ul>
]]></content:encoded></item><item><title>Go Proxy Cache Updater</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/go-proxy-cache-updater/</link><pubDate>Fri, 03 Jul 2026 22:10:10 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/go-proxy-cache-updater/</guid><description>Version updated for https://github.com/nicholas-fedor/go-proxy-pull-action to version v1.1.12.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.1.12 (2026-07-03)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/nicholas-fedor/go-proxy-pull-action">https://github.com/nicholas-fedor/go-proxy-pull-action</a></strong> to version <strong>v1.1.12</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>10</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/go-proxy-cache-updater">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="1112-2026-07-03"><a href="https://github.com/nicholas-fedor/go-proxy-pull-action/compare/v1.1.11...v1.1.12">1.1.12</a> (2026-07-03)</h2>
]]></content:encoded></item><item><title>Run AER Tests</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/run-aer-tests/</link><pubDate>Fri, 03 Jul 2026 22:09:38 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/run-aer-tests/</guid><description>Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.6.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.6
Treat NUL Bytes As Ignorable Whitespace
Type Schema.SObjectType Describe-Result Properties As Their Real Types
Resolve Null-Argument Constructor Overloads By Most-Specific Non-Null Position
Allow Public Override Of A Global Abstract Method</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/octoberswimmer/aer-dist">https://github.com/octoberswimmer/aer-dist</a></strong> to version <strong>v1.2.6</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>0</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/run-aer-tests">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Version v1.2.6</p>
<ul>
<li>
<p>Treat NUL Bytes As Ignorable Whitespace</p>
</li>
<li>
<p>Type Schema.SObjectType Describe-Result Properties As Their Real Types</p>
</li>
<li>
<p>Resolve Null-Argument Constructor Overloads By Most-Specific Non-Null Position</p>
</li>
<li>
<p>Allow Public Override Of A Global Abstract Method</p>
</li>
<li>
<p>Match Namespaced Custom-SObject Type Arguments In Generic Assignability</p>
</li>
<li>
<p>Add Schema.SObjectType Child-Relationship Property Regression Test</p>
</li>
<li>
<p>Return Real Record-Type Infos From Schema.SObjectType Describe Properties</p>
</li>
<li>
<p>Treat Array-Literal Elements As Values, Not Constructor Arguments</p>
</li>
</ul>
]]></content:encoded></item><item><title>SpringSentinel</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/springsentinel/</link><pubDate>Fri, 03 Jul 2026 22:09:05 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/springsentinel/</guid><description>Version updated for https://github.com/pagano-antonio/springsentinel-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Create README.md (3e1d589) Update test.yml (3a7ed11) Update entrypoint.sh (4e15ea0) Update entrypoint.sh (6418942) Update entrypoint.sh (51f3a42) Create test.yml (d46361f) Create entrypoint.sh (bcf8584) Create Dockerfile (72d2f0b) Create action.yml (89fad1e)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/pagano-antonio/springsentinel-action">https://github.com/pagano-antonio/springsentinel-action</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/springsentinel">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>Create README.md (3e1d589)</li>
<li>Update test.yml (3a7ed11)</li>
<li>Update entrypoint.sh (4e15ea0)</li>
<li>Update entrypoint.sh (6418942)</li>
<li>Update entrypoint.sh (51f3a42)</li>
<li>Create test.yml (d46361f)</li>
<li>Create entrypoint.sh (bcf8584)</li>
<li>Create Dockerfile (72d2f0b)</li>
<li>Create action.yml (89fad1e)</li>
</ul>
]]></content:encoded></item><item><title>Rust Lint Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/rust-lint-action/</link><pubDate>Fri, 03 Jul 2026 22:08:31 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/rust-lint-action/</guid><description>Version updated for https://github.com/Profiidev/rust-lint-action to version v4.3.0.
This action is used across all versions by 25 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Lint action version v4.3.0 has been released!
What’s Changed chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/25 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/26 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/27 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/28 chore(deps): pin dependencies by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/29 chore(deps): update actions/checkout digest to df4cb1c by @renovate[bot] in https://github.com/Profiidev/rust-lint-action/pull/30 chore: shared renovate config by @Profiidev in https://github.com/Profiidev/rust-lint-action/pull/31 fix: add warnings on linter success by @Profiidev in https://github.com/Profiidev/rust-lint-action/pull/32 Release version v4.3.0 by @profidev-commit-bot[bot] in https://github.com/Profiidev/rust-lint-action/pull/33 Full Changelog: https://github.com/Profiidev/rust-lint-action/compare/v4.2.0...v4.3.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Profiidev/rust-lint-action">https://github.com/Profiidev/rust-lint-action</a></strong> to version <strong>v4.3.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>25</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/rust-lint-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Lint action version v4.3.0 has been released!</p>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps): lock file maintenance by @renovate[bot] in <a href="https://github.com/Profiidev/rust-lint-action/pull/25">https://github.com/Profiidev/rust-lint-action/pull/25</a></li>
<li>chore(deps): lock file maintenance by @renovate[bot] in <a href="https://github.com/Profiidev/rust-lint-action/pull/26">https://github.com/Profiidev/rust-lint-action/pull/26</a></li>
<li>chore(deps): lock file maintenance by @renovate[bot] in <a href="https://github.com/Profiidev/rust-lint-action/pull/27">https://github.com/Profiidev/rust-lint-action/pull/27</a></li>
<li>chore(deps): lock file maintenance by @renovate[bot] in <a href="https://github.com/Profiidev/rust-lint-action/pull/28">https://github.com/Profiidev/rust-lint-action/pull/28</a></li>
<li>chore(deps): pin dependencies by @renovate[bot] in <a href="https://github.com/Profiidev/rust-lint-action/pull/29">https://github.com/Profiidev/rust-lint-action/pull/29</a></li>
<li>chore(deps): update actions/checkout digest to df4cb1c by @renovate[bot] in <a href="https://github.com/Profiidev/rust-lint-action/pull/30">https://github.com/Profiidev/rust-lint-action/pull/30</a></li>
<li>chore: shared renovate config by @Profiidev in <a href="https://github.com/Profiidev/rust-lint-action/pull/31">https://github.com/Profiidev/rust-lint-action/pull/31</a></li>
<li>fix: add warnings on linter success by @Profiidev in <a href="https://github.com/Profiidev/rust-lint-action/pull/32">https://github.com/Profiidev/rust-lint-action/pull/32</a></li>
<li>Release version v4.3.0 by @profidev-commit-bot[bot] in <a href="https://github.com/Profiidev/rust-lint-action/pull/33">https://github.com/Profiidev/rust-lint-action/pull/33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/Profiidev/rust-lint-action/compare/v4.2.0...v4.3.0">https://github.com/Profiidev/rust-lint-action/compare/v4.2.0...v4.3.0</a></p>
]]></content:encoded></item><item><title>goog - OG Image Generator</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/goog-og-image-generator/</link><pubDate>Fri, 03 Jul 2026 22:07:28 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/goog-og-image-generator/</guid><description>Version updated for https://github.com/riceball-tw/goog to version v1.0.0.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/riceball-tw/goog/commits/v1.0.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/riceball-tw/goog">https://github.com/riceball-tw/goog</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/goog-og-image-generator">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/riceball-tw/goog/commits/v1.0.0">https://github.com/riceball-tw/goog/commits/v1.0.0</a></p>
]]></content:encoded></item><item><title>DiffGate Review Triage</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/diffgate-review-triage/</link><pubDate>Fri, 03 Jul 2026 22:06:55 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/diffgate-review-triage/</guid><description>Version updated for https://github.com/srbsa/diffgate to version v0.7.10.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed release: 0.7.10 — fix mcpb/Smithery bundle crash, MCP tool metadata (6eb9373) fix: mcpb/Smithery bundle crashed with no node_modules; add MCP tool metadata (8ed0ea0) release: 0.7.9 — per-rule path scoping + docs-prose carve-out (Backstage eval fixes) (54110d9) release: 0.7.8 — dependency-manifest goes section-aware (version bumps no longer flagged) (2f992bc) release: 0.7.7 — fix GH Marketplace action.yml rejection + MCP registry description cap (87b8fdf) fix: action.yml name collision + description over Marketplace’s 125-char cap (05227d2) fix: shorten server.json description under the MCP registry’s 100-char cap (2a4ada1) release: 0.7.6 — distribution plumbing (MCP registry, Docker/GHCR, pre-commit, GH Action, Claude plugin) (56fc4a6) release: 0.7.5, republish with updated README after 0.7.4 publish (3c778dd) docs: promote history-audit as the quick-start aha moment (2611797)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/srbsa/diffgate">https://github.com/srbsa/diffgate</a></strong> to version <strong>v0.7.10</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/diffgate-review-triage">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>release: 0.7.10 — fix mcpb/Smithery bundle crash, MCP tool metadata (6eb9373)</li>
<li>fix: mcpb/Smithery bundle crashed with no node_modules; add MCP tool metadata (8ed0ea0)</li>
<li>release: 0.7.9 — per-rule path scoping + docs-prose carve-out (Backstage eval fixes) (54110d9)</li>
<li>release: 0.7.8 — dependency-manifest goes section-aware (version bumps no longer flagged) (2f992bc)</li>
<li>release: 0.7.7 — fix GH Marketplace action.yml rejection + MCP registry description cap (87b8fdf)</li>
<li>fix: action.yml name collision + description over Marketplace&rsquo;s 125-char cap (05227d2)</li>
<li>fix: shorten server.json description under the MCP registry&rsquo;s 100-char cap (2a4ada1)</li>
<li>release: 0.7.6 — distribution plumbing (MCP registry, Docker/GHCR, pre-commit, GH Action, Claude plugin) (56fc4a6)</li>
<li>release: 0.7.5, republish with updated README after 0.7.4 publish (3c778dd)</li>
<li>docs: promote history-audit as the quick-start aha moment (2611797)</li>
</ul>
]]></content:encoded></item><item><title>Groundskeeper Issue Triage</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/groundskeeper-issue-triage/</link><pubDate>Fri, 03 Jul 2026 22:06:22 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/groundskeeper-issue-triage/</guid><description>Version updated for https://github.com/theadamdanielsson/groundskeeper to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First public release.
Groundskeeper is a first responder for new GitHub issues. When someone opens one, it reads your repo, then posts a single grounded comment: a duplicate check, the repro info that’s missing, a pointer to the relevant file and line, and suggested labels. If it doesn’t have anything solid to say, it stays silent.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/theadamdanielsson/groundskeeper">https://github.com/theadamdanielsson/groundskeeper</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/groundskeeper-issue-triage">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>First public release.</p>
<p>Groundskeeper is a first responder for new GitHub issues. When someone opens one, it reads your repo, then posts a single grounded comment: a duplicate check, the repro info that&rsquo;s missing, a pointer to the relevant file and line, and suggested labels. If it doesn&rsquo;t have anything solid to say, it stays silent.</p>
<p>It runs as a GitHub Action in your own CI on your own Anthropic key. No hosted service, no third-party app to install.</p>
<p>Install:</p>
<ul>
<li>uses: theadamdanielsson/groundskeeper@v1</li>
</ul>
<p>Defaults to claude-sonnet-4-6. Requires an ANTHROPIC_API_KEY repo secret and issues: write permission. See the README for the full setup.</p>
]]></content:encoded></item><item><title>MIU PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/miu-pr-review/</link><pubDate>Fri, 03 Jul 2026 22:05:49 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/miu-pr-review/</guid><description>Version updated for https://github.com/vanducng/miu-cr to version v0.84.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.84.1 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.84.1 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.84.1 GitHub Action:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/vanducng/miu-cr">https://github.com/vanducng/miu-cr</a></strong> to version <strong>v0.84.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/miu-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="miu-cr-v0841">miu-cr v0.84.1</h2>
<p>AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.</p>
<h3 id="install">Install</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.84.1
</span></span><span style="display:flex;"><span>brew install vanducng/tap/miucr
</span></span><span style="display:flex;"><span>go install github.com/vanducng/miu-cr/cmd/miucr@v0.84.1
</span></span></code></pre></div><p>GitHub Action:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">permissions</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">pull-requests</span>: <span style="color:#ae81ff">write</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">steps</span>:
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v6</span>
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">vanducng/miu-cr@v0.84.1</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">api-key</span>: <span style="color:#ae81ff">${{ secrets.ANTHROPIC_API_KEY }}</span>
</span></span></code></pre></div><h3 id="common-commands">Common commands</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>miucr login --provider openai
</span></span><span style="display:flex;"><span>miucr review --staged
</span></span><span style="display:flex;"><span>miucr review --from main --to HEAD --gate high
</span></span><span style="display:flex;"><span>miucr review --pr owner/repo#123 --post
</span></span><span style="display:flex;"><span>miucr upgrade
</span></span></code></pre></div><p>Docs: <a href="https://cr.miu.sh">https://cr.miu.sh</a></p>
]]></content:encoded></item><item><title>Vibgrate Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/vibgrate-scan/</link><pubDate>Fri, 03 Jul 2026 22:05:16 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/vibgrate-scan/</guid><description>Version updated for https://github.com/vibgrate/cli to version v2026.703.7.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Vibgrate CLI 2026.703.7 Released 2026-07-03
Routine maintenance update for the CLI.
What changed Changed Maintenance release with internal improvements and dependency updates. Benchmarks Two-arm benchmark of this release against 2026.703.5, interleaved on one runner against the pinned corpus (157 metrics compared).</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/vibgrate/cli">https://github.com/vibgrate/cli</a></strong> to version <strong>v2026.703.7</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/vibgrate-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="vibgrate-cli-20267037">Vibgrate CLI 2026.703.7</h1>
<p><em>Released 2026-07-03</em></p>
<p>Routine maintenance update for the CLI.</p>
<h2 id="what-changed">What changed</h2>
<h3 id="changed">Changed</h3>
<ul>
<li>Maintenance release with internal improvements and dependency updates.</li>
</ul>
<h2 id="benchmarks">Benchmarks</h2>
<p>Two-arm benchmark of this release against 2026.703.5, interleaved on one runner against the pinned corpus (157 metrics compared).</p>
<table>
  <thead>
      <tr>
          <th>Metric</th>
          <th>Previous</th>
          <th>This release</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>Languages with extraction</td>
          <td>19 count</td>
          <td>19 count</td>
      </tr>
      <tr>
          <td>Definitions extracted (corpus total)</td>
          <td>18413 count</td>
          <td>18413 count</td>
      </tr>
      <tr>
          <td>Call edges extracted (corpus total)</td>
          <td>6884 count</td>
          <td>6884 count</td>
      </tr>
      <tr>
          <td>Locate accuracy (top-1)</td>
          <td>0.97 ratio</td>
          <td>0.97 ratio</td>
      </tr>
      <tr>
          <td>Dependency detection (authored manifest truth)</td>
          <td>0.96 ratio</td>
          <td>0.96 ratio</td>
      </tr>
      <tr>
          <td>CLI startup (&ndash;version, median)</td>
          <td>613.80 ms</td>
          <td>618.20 ms</td>
      </tr>
  </tbody>
</table>
<p>No regressions against the previous release.</p>
<p>Full report and methodology: <a href="https://vibgrate.com/cli/benchmarks">https://vibgrate.com/cli/benchmarks</a></p>
<h2 id="install-or-update">Install or update</h2>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>npm install -g @vibgrate/cli
</span></span><span style="display:flex;"><span>vg
</span></span></code></pre></div><p>Full changelog: <a href="https://vibgrate.com/changelog/cli/2026.703.7">https://vibgrate.com/changelog/cli/2026.703.7</a></p>
]]></content:encoded></item><item><title>Setup vp</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-vp/</link><pubDate>Fri, 03 Jul 2026 22:04:43 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-vp/</guid><description>Version updated for https://github.com/voidzero-dev/setup-vp to version v1.14.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed docs: document the version release process by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/101 ci: auto-rebuild action bundle on Renovate dependency bumps by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/103 feat: resolve Vite+ version from package.json / catalog by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/102 Full Changelog: https://github.com/voidzero-dev/setup-vp/compare/v1.13.0...v1.14.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/voidzero-dev/setup-vp">https://github.com/voidzero-dev/setup-vp</a></strong> to version <strong>v1.14.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-vp">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>docs: document the version release process by @fengmk2 in <a href="https://github.com/voidzero-dev/setup-vp/pull/101">https://github.com/voidzero-dev/setup-vp/pull/101</a></li>
<li>ci: auto-rebuild action bundle on Renovate dependency bumps by @fengmk2 in <a href="https://github.com/voidzero-dev/setup-vp/pull/103">https://github.com/voidzero-dev/setup-vp/pull/103</a></li>
<li>feat: resolve Vite+ version from package.json / catalog by @fengmk2 in <a href="https://github.com/voidzero-dev/setup-vp/pull/102">https://github.com/voidzero-dev/setup-vp/pull/102</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/voidzero-dev/setup-vp/compare/v1.13.0...v1.14.0">https://github.com/voidzero-dev/setup-vp/compare/v1.13.0...v1.14.0</a></p>
]]></content:encoded></item><item><title>graph-sync</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/graph-sync/</link><pubDate>Fri, 03 Jul 2026 22:04:10 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/graph-sync/</guid><description>Version updated for https://github.com/wordlift/graph-sync to version v6.11.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/wordlift/graph-sync/compare/v6.11.2...v6.11.3</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/wordlift/graph-sync">https://github.com/wordlift/graph-sync</a></strong> to version <strong>v6.11.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/graph-sync">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/wordlift/graph-sync/compare/v6.11.2...v6.11.3">https://github.com/wordlift/graph-sync/compare/v6.11.2...v6.11.3</a></p>
]]></content:encoded></item><item><title>backlog-to-pr</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/backlog-to-pr/</link><pubDate>Fri, 03 Jul 2026 22:03:37 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/backlog-to-pr/</guid><description>Version updated for https://github.com/wrbl606/backlog.md-to-pr to version 0.0.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/wrbl606/backlog.md-to-pr/compare/0.0.2...0.0.3</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/wrbl606/backlog.md-to-pr">https://github.com/wrbl606/backlog.md-to-pr</a></strong> to version <strong>0.0.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/backlog-to-pr">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/wrbl606/backlog.md-to-pr/compare/0.0.2...0.0.3">https://github.com/wrbl606/backlog.md-to-pr/compare/0.0.2...0.0.3</a></p>
]]></content:encoded></item><item><title>Setup Modern C++ Development Environment</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-modern-c-development-environment/</link><pubDate>Fri, 03 Jul 2026 22:03:04 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-modern-c-development-environment/</guid><description>Version updated for https://github.com/wx257osn2/cxx_environment to version v20260703.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed bump up base image to resolute outdated: clang-format 17-20 enabled gnucoreutils bump up many components: gcc: 15.2 -&amp;gt; 16.1 Boost: 1.89.0 -&amp;gt; 1.91.0 CMake: 4.1.1 -&amp;gt; 4.3.3 difftastic: 0.64 -&amp;gt; 0.69 mold: 2.40.4 -&amp;gt; 2.41.0 wild: 0.8.0 -&amp;gt; 0.9.0 removed components: old clang-format s clang-head $ ./pull.bash v20260703</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/wx257osn2/cxx_environment">https://github.com/wx257osn2/cxx_environment</a></strong> to version <strong>v20260703</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-modern-c-development-environment">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>bump up base image to resolute
<ul>
<li>outdated: <code>clang-format</code> 17-20</li>
<li>enabled gnucoreutils</li>
</ul>
</li>
<li>bump up many components:
<ul>
<li>gcc: 15.2 -&gt; 16.1</li>
<li>Boost: 1.89.0 -&gt; 1.91.0</li>
<li>CMake: 4.1.1 -&gt; 4.3.3</li>
<li>difftastic: 0.64 -&gt; 0.69</li>
<li>mold: 2.40.4 -&gt; 2.41.0</li>
<li>wild: 0.8.0 -&gt; 0.9.0</li>
</ul>
</li>
<li>removed components:
<ul>
<li>old <code>clang-format</code> s</li>
<li><code>clang-head</code></li>
</ul>
</li>
</ul>
<pre tabindex="0"><code>$ ./pull.bash v20260703
</code></pre>]]></content:encoded></item><item><title>AGENTS.md Lint (Schliff)</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agents.md-lint-schliff/</link><pubDate>Fri, 03 Jul 2026 22:02:31 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agents.md-lint-schliff/</guid><description>Version updated for https://github.com/Zandereins/schliff to version v8.4.0.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Added operational_coverage dimension for AGENTS.md (#83). Measures whether an AGENTS.md actually equips a coding agent to operate the repo: real setup/build/test commands (command-family classification, doc-wide, headings never gate) plus code-style / gotchas / PR directive sections with concrete code tokens. Surfaced in the CLI dimension table, the GitHub Action’s PR comment, and accepted by the leaderboard submit API. Changed BREAKING (scores): the AGENTS.md headline profile is now structure 0.40 / operational_coverage 0.40 / efficiency 0.20 (was 0.5/0.5). efficiency was a validated gameable proxy — a junk-fence-stuffed doc scored 92.5/A while the same real commands written inline scored 70.0/C. All AGENTS.md scores re-baseline (30-file corpus: mean 61.06, no file reaches S). SKILL.md / CLAUDE.md / .cursorrules / system-prompt scoring is byte-identical to 8.3.0. Security Fixed a ReDoS in the operational_coverage heading regex (quadratic on whitespace-only heading lines) before it ever shipped — found by a 75-agent adversarial review pass, together with a directive-gate gaming hole, a fence-state desync, and 12 command-recall bugs. Full record: docs/specs/agents-md-operational-coverage.md §11. Full changelog: https://github.com/Zandereins/schliff/compare/v8.3.0...v8.4.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Zandereins/schliff">https://github.com/Zandereins/schliff</a></strong> to version <strong>v8.4.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agents-md-lint-schliff">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="added">Added</h2>
<ul>
<li><strong><code>operational_coverage</code> dimension for AGENTS.md</strong> (#83). Measures whether an AGENTS.md actually equips a coding agent to operate the repo: real setup/build/test commands (command-family classification, doc-wide, headings never gate) plus code-style / gotchas / PR directive sections with concrete code tokens. Surfaced in the CLI dimension table, the GitHub Action&rsquo;s PR comment, and accepted by the leaderboard submit API.</li>
</ul>
<h2 id="changed">Changed</h2>
<ul>
<li><strong>BREAKING (scores): the AGENTS.md headline profile is now <code>structure 0.40 / operational_coverage 0.40 / efficiency 0.20</code></strong> (was 0.5/0.5). <code>efficiency</code> was a validated gameable proxy — a junk-fence-stuffed doc scored 92.5/A while the same real commands written inline scored 70.0/C. All AGENTS.md scores re-baseline (30-file corpus: mean 61.06, no file reaches S). SKILL.md / CLAUDE.md / .cursorrules / system-prompt scoring is <strong>byte-identical</strong> to 8.3.0.</li>
</ul>
<h2 id="security">Security</h2>
<ul>
<li>Fixed a ReDoS in the operational_coverage heading regex (quadratic on whitespace-only heading lines) <strong>before it ever shipped</strong> — found by a 75-agent adversarial review pass, together with a directive-gate gaming hole, a fence-state desync, and 12 command-recall bugs. Full record: <code>docs/specs/agents-md-operational-coverage.md</code> §11.</li>
</ul>
<p><strong>Full changelog:</strong> <a href="https://github.com/Zandereins/schliff/compare/v8.3.0...v8.4.0">https://github.com/Zandereins/schliff/compare/v8.3.0...v8.4.0</a></p>
]]></content:encoded></item><item><title>GHCR Cleanup Manager</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/ghcr-cleanup-manager/</link><pubDate>Fri, 03 Jul 2026 06:46:39 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/ghcr-cleanup-manager/</guid><description>Version updated for https://github.com/ghcr-manager/ghcr-cleanup-manager to version v1.1.5.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/ghcr-manager/ghcr-cleanup-manager/compare/v1.1.4...v1.1.5</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/ghcr-manager/ghcr-cleanup-manager">https://github.com/ghcr-manager/ghcr-cleanup-manager</a></strong> to version <strong>v1.1.5</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ghcr-cleanup-manager">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ghcr-manager/ghcr-cleanup-manager/compare/v1.1.4...v1.1.5">https://github.com/ghcr-manager/ghcr-cleanup-manager/compare/v1.1.4...v1.1.5</a></p>
]]></content:encoded></item><item><title>SQL/NoSQL Syntax Validator</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/sql/nosql-syntax-validator/</link><pubDate>Fri, 03 Jul 2026 06:46:06 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/sql/nosql-syntax-validator/</guid><description>Version updated for https://github.com/GianfrancoArocutipa/sql-nosql-validator-action to version v1.
This action is used across all versions by 1 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Primera versión del SQL/NoSQL Syntax Validator Action. Valida archivos .sql y .mongo sin servidor requerido.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/GianfrancoArocutipa/sql-nosql-validator-action">https://github.com/GianfrancoArocutipa/sql-nosql-validator-action</a></strong> to version <strong>v1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/sql-nosql-syntax-validator">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Primera versión del SQL/NoSQL Syntax Validator Action.
Valida archivos .sql y .mongo sin servidor requerido.</p>
]]></content:encoded></item><item><title>Tenter Scan (Rust)</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/tenter-scan-rust/</link><pubDate>Fri, 03 Jul 2026 06:45:32 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/tenter-scan-rust/</guid><description>Version updated for https://github.com/goweft/tenter-rs to version v2.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/goweft/tenter-rs/compare/v2...v2.1.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/goweft/tenter-rs">https://github.com/goweft/tenter-rs</a></strong> to version <strong>v2.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/tenter-scan-rust">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/goweft/tenter-rs/compare/v2...v2.1.0">https://github.com/goweft/tenter-rs/compare/v2...v2.1.0</a></p>
]]></content:encoded></item><item><title>AI Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/ai-plugin-scanner/</link><pubDate>Fri, 03 Jul 2026 06:44:58 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/ai-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.372.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/dae00cbd1175595edfdf44f1b84bc3f043d08a0b with plugin-scanner 2.0.972.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.371...v1.2.372</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/ai-plugin-scanner-action">https://github.com/hashgraph-online/ai-plugin-scanner-action</a></strong> to version <strong>v1.2.372</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>17</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ai-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Published automatically from <a href="https://github.com/hashgraph-online/hol-guard/tree/dae00cbd1175595edfdf44f1b84bc3f043d08a0b">https://github.com/hashgraph-online/hol-guard/tree/dae00cbd1175595edfdf44f1b84bc3f043d08a0b</a> with plugin-scanner 2.0.972.</p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.371...v1.2.372">https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.371...v1.2.372</a></p>
]]></content:encoded></item><item><title>HOL Codex Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/hol-codex-plugin-scanner/</link><pubDate>Fri, 03 Jul 2026 06:44:24 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/hol-codex-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.372.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.372</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action</a></strong> to version <strong>v1.2.372</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>11</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/hol-codex-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.372">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.372</a></p>
]]></content:encoded></item><item><title>Supply Chain Guard</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/supply-chain-guard/</link><pubDate>Fri, 03 Jul 2026 06:43:50 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/supply-chain-guard/</guid><description>Version updated for https://github.com/homeofe/supply-chain-guard to version v5.6.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v5.6.0 (2026-07-03) Install-time guard + GitLab-native output + registry hardening (both remaining roadmap bets)
Ships the last two strategic bets from the 2026-07 roadmap. A second 4-lens adversarial verification gate reviewed the diff and BLOCKED the first candidate with 5 confirmed findings, all fixed here (a real Windows RCE among them). 40 new tests (1120 total).</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/homeofe/supply-chain-guard">https://github.com/homeofe/supply-chain-guard</a></strong> to version <strong>v5.6.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/supply-chain-guard">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h3 id="v560-2026-07-03">v5.6.0 (2026-07-03)</h3>
<p><strong>Install-time guard + GitLab-native output + registry hardening (both remaining roadmap bets)</strong></p>
<p>Ships the last two strategic bets from the 2026-07 roadmap. A second 4-lens
adversarial verification gate reviewed the diff and BLOCKED the first candidate
with 5 confirmed findings, all fixed here (a real Windows RCE among them).
40 new tests (1120 total).</p>
<ul>
<li><strong>Install Guard</strong> (Bet 2): <code>supply-chain-guard guard &lt;npm|pnpm|yarn|bun&gt; [args...]</code> checks each package spec against the offline IOC feed +
known-bad-version blocklist + typosquat heuristics BEFORE the package manager
runs any lifecycle script; a hit blocks the install (exit 2). <code>--force</code>
overrides with a loud warning, <code>--dry-run</code> never invokes the manager. The
only install blocker whose entire blocklist is auditable in git history,
offline, no account.</li>
<li><strong>GitLab-native output</strong> (Bet 3, delivered on the v5.5.0 GHCR image):
<code>--format gitlab</code> emits a GitLab Dependency Scanning report (schema 15.2.4)
for artifacts:reports:dependency_scanning, so findings surface in the GitLab
security UI. Suppressed findings are excluded (mirrors the SARIF path).</li>
<li><strong>Registry hardening</strong>: the Open VSX download and every redirect hop are now
constrained to an https host allowlist (open-vsx.org + its storage host);
the /tmp -&gt; os.tmpdir() migration is finished across npm/pypi scanners.</li>
<li><strong>CI/infra</strong>: Docker base images pinned by sha256 digest (with a weekly
dependabot docker ecosystem to refresh them); the Jenkins example uses npx;
<code>scan --no-history</code> skips writing .scg-history/ (the pre-commit hook uses it
so hooks never write state into consumer repos).</li>
</ul>
<p>Fixed by the verification gate before release:</p>
<ul>
<li><strong>Windows command injection (critical)</strong> in the Install Guard: the cmd.exe
argument escaping was single-pass, but the npm/pnpm/yarn/bun .cmd shims
re-parse %*, so a crafted package token (<code>x&quot;&amp;echo ...&amp;&quot;</code>) could execute
arbitrary commands. Now double-escaped (cross-spawn doubleEscapeMetaChars),
proven closed by the gate&rsquo;s own PoC.</li>
<li>Install-verb bypasses: <code>npm isntall</code> (and the other documented typo-aliases),
<code>yarn global add</code>, and a value-taking global flag before the verb
(<code>npm --prefix x install evil</code>) all silently skipped scanning. Verb detection
rewritten; flag values are no longer misread as package specs.</li>
<li><code>--format gitlab</code> could emit a &gt;255-char vulnerability name that fails the
GitLab schema, making GitLab discard the whole report; names are now capped.</li>
</ul>
]]></content:encoded></item><item><title>cibuild-action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/cibuild-action/</link><pubDate>Fri, 03 Jul 2026 06:43:16 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/cibuild-action/</guid><description>Version updated for https://github.com/invarnhq/cibuild to version v2.2.9.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Release v2.2.9</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/invarnhq/cibuild">https://github.com/invarnhq/cibuild</a></strong> to version <strong>v2.2.9</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/cibuild-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Release v2.2.9</p>
]]></content:encoded></item><item><title>isreadyai — AI readiness audit</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/isreadyai-ai-readiness-audit/</link><pubDate>Fri, 03 Jul 2026 06:42:43 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/isreadyai-ai-readiness-audit/</guid><description>Version updated for https://github.com/isreadyai/audit-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release 🎉 Audit how AI crawlers (GPTBot, ClaudeBot, PerplexityBot) read your site - straight from your CI.
Highlights Deep-crawl audit of any URL, parsed exactly the way Al crawlers see it (no JS execution) 0-100 score + grade, with the full per-page report written to the GitHub job summary CI gate: the step fails when the score drops below your threshold Branch preview support: boot your environment with command, scan it locally before it ships Optional authenticated CI report + repo badge on isready.ai with a Pro/Team api-key (OIDC-verified) Zero setup: pre-bundled, dependency-free - no install step at runtime Usage - name: AI readiness audit uses: isreadyai/audit-action@v1 with: url: ${{ env.DEPLOY_URL }} threshold: 80 See the README for all inputs, outputs, permissions and security notes. Learn more at isready.ai.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/isreadyai/audit-action">https://github.com/isreadyai/audit-action</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/isreadyai-ai-readiness-audit">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="initial-release-">Initial release 🎉</h2>
<p>Audit how AI crawlers (GPTBot, ClaudeBot, PerplexityBot) read your site - straight from your CI.</p>
<h3 id="highlights">Highlights</h3>
<ul>
<li><strong>Deep-crawl audit</strong> of any URL, parsed exactly the way Al crawlers see it (no JS execution)</li>
<li><strong>0-100 score + grade</strong>, with the full per-page report written to the GitHub job summary</li>
<li><strong>CI gate</strong>: the step fails when the score drops below your <code>threshold</code></li>
<li><strong>Branch preview support</strong>: boot your environment with <code>command</code>, scan it locally before it ships</li>
<li>Optional <strong>authenticated CI report + repo badge</strong> on isready.ai with a Pro/Team <code>api-key</code> (OIDC-verified)</li>
<li>Zero setup: pre-bundled, dependency-free - no install step at runtime</li>
</ul>
<h3 id="usage">Usage</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">AI readiness audit</span>
</span></span><span style="display:flex;"><span>   <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">isreadyai/audit-action@v1</span>
</span></span><span style="display:flex;"><span>   <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>     <span style="color:#f92672">url</span>: <span style="color:#ae81ff">${{ env.DEPLOY_URL }}</span>
</span></span><span style="display:flex;"><span>     <span style="color:#f92672">threshold</span>: <span style="color:#ae81ff">80</span>
</span></span></code></pre></div><p>See the <a href="https://github.com/isreadyai/audit-action#readme">README</a> for all inputs, outputs, permissions and security notes. Learn more at <a href="https://isready.ai">isready.ai</a>.</p>
]]></content:encoded></item><item><title>Agent Guard Secret Guardrails</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agent-guard-secret-guardrails/</link><pubDate>Fri, 03 Jul 2026 06:42:09 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agent-guard-secret-guardrails/</guid><description>Version updated for https://github.com/JeongJaeSoon/agent-guard to version v1.7.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix(shell): make setup-shell rc line self-healing when the CLI leaves $PATH by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/96 release: v1.7.1 by @github-actions[bot] in https://github.com/JeongJaeSoon/agent-guard/pull/97 Full Changelog: https://github.com/JeongJaeSoon/agent-guard/compare/v1.7.0...v1.7.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/JeongJaeSoon/agent-guard">https://github.com/JeongJaeSoon/agent-guard</a></strong> to version <strong>v1.7.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agent-guard-secret-guardrails">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>fix(shell): make setup-shell rc line self-healing when the CLI leaves $PATH by @JeongJaeSoon in <a href="https://github.com/JeongJaeSoon/agent-guard/pull/96">https://github.com/JeongJaeSoon/agent-guard/pull/96</a></li>
<li>release: v1.7.1 by @github-actions[bot] in <a href="https://github.com/JeongJaeSoon/agent-guard/pull/97">https://github.com/JeongJaeSoon/agent-guard/pull/97</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/JeongJaeSoon/agent-guard/compare/v1.7.0...v1.7.1">https://github.com/JeongJaeSoon/agent-guard/compare/v1.7.0...v1.7.1</a></p>
]]></content:encoded></item><item><title>sops tools installer</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/sops-tools-installer/</link><pubDate>Fri, 03 Jul 2026 06:41:36 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/sops-tools-installer/</guid><description>Version updated for https://github.com/jkroepke/setup-sops to version v1.5.46.
This action is used across all versions by 4 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed 🛠️ Dependencies chore(deps): update dependencies by @renovate[bot] in https://github.com/jkroepke/setup-sops/pull/238 Full Changelog: https://github.com/jkroepke/setup-sops/compare/v1.5.45...v1.5.46</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/jkroepke/setup-sops">https://github.com/jkroepke/setup-sops</a></strong> to version <strong>v1.5.46</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>4</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/sops-tools-installer">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<!-- Release notes generated using configuration in .github/release.yml at v1.5.46 -->
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<h3 id="-dependencies">🛠️ Dependencies</h3>
<ul>
<li>chore(deps): update dependencies by @renovate[bot] in <a href="https://github.com/jkroepke/setup-sops/pull/238">https://github.com/jkroepke/setup-sops/pull/238</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jkroepke/setup-sops/compare/v1.5.45...v1.5.46">https://github.com/jkroepke/setup-sops/compare/v1.5.45...v1.5.46</a></p>
]]></content:encoded></item><item><title>ShipSignal readiness gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/shipsignal-readiness-gate/</link><pubDate>Fri, 03 Jul 2026 06:41:02 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/shipsignal-readiness-gate/</guid><description>Version updated for https://github.com/jpaul67/ShipSignal to version v0.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Added README hero image + social-preview card GitHub Action: sticky PR comments (pr-comment input) — score, grade, top 3 fixes, kept updated in place; degrades safely on fork PRs Fixed Security hardening: argument-injection fix in gitinfo.clone, least-privilege GITHUB_TOKEN, all third-party Actions pinned to commit SHAs + Dependabot, secret scanning + branch protection enabled CI: full-history checkout fixes a PR-merge-commit misclassification in the self-scan dogfood tests Full details: CHANGELOG.md</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/jpaul67/ShipSignal">https://github.com/jpaul67/ShipSignal</a></strong> to version <strong>v0.8.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/shipsignal-readiness-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="added">Added</h2>
<ul>
<li>README hero image + social-preview card</li>
<li>GitHub Action: sticky PR comments (<code>pr-comment</code> input) — score, grade, top 3 fixes, kept updated in place; degrades safely on fork PRs</li>
</ul>
<h2 id="fixed">Fixed</h2>
<ul>
<li>Security hardening: argument-injection fix in <code>gitinfo.clone</code>, least-privilege <code>GITHUB_TOKEN</code>, all third-party Actions pinned to commit SHAs + Dependabot, secret scanning + branch protection enabled</li>
<li>CI: full-history checkout fixes a PR-merge-commit misclassification in the self-scan dogfood tests</li>
</ul>
<p>Full details: <a href="https://github.com/jpaul67/ShipSignal/blob/v0.8.0/CHANGELOG.md#080--2026-07-02">CHANGELOG.md</a></p>
]]></content:encoded></item><item><title>probelock gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/probelock-gate/</link><pubDate>Fri, 03 Jul 2026 06:40:28 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/probelock-gate/</guid><description>Version updated for https://github.com/kelkalot/probelock to version v0.2.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Add ingest pipeline and trace-mined probes by @kelkalot in https://github.com/kelkalot/probelock/pull/1 New Contributors @kelkalot made their first contribution in https://github.com/kelkalot/probelock/pull/1 Full Changelog: https://github.com/kelkalot/probelock/compare/v0.1.0...v0.2.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/kelkalot/probelock">https://github.com/kelkalot/probelock</a></strong> to version <strong>v0.2.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/probelock-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Add ingest pipeline and trace-mined probes by @kelkalot in <a href="https://github.com/kelkalot/probelock/pull/1">https://github.com/kelkalot/probelock/pull/1</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@kelkalot made their first contribution in <a href="https://github.com/kelkalot/probelock/pull/1">https://github.com/kelkalot/probelock/pull/1</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/kelkalot/probelock/compare/v0.1.0...v0.2.0">https://github.com/kelkalot/probelock/compare/v0.1.0...v0.2.0</a></p>
]]></content:encoded></item><item><title>Repository Languages and CodeQL Support Map</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/repository-languages-and-codeql-support-map/</link><pubDate>Fri, 03 Jul 2026 06:39:55 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/repository-languages-and-codeql-support-map/</guid><description>Version updated for https://github.com/lfventura/list-repository-languages to version v3.3.0.
This action is used across all versions by 7 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: force_languages input by @lfventura in https://github.com/lfventura/list-repository-languages/pull/8 Full Changelog: https://github.com/lfventura/list-repository-languages/compare/v3.2.1...v3.3.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/lfventura/list-repository-languages">https://github.com/lfventura/list-repository-languages</a></strong> to version <strong>v3.3.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>7</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/repository-languages-and-codeql-support-map">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat: force_languages input by @lfventura in <a href="https://github.com/lfventura/list-repository-languages/pull/8">https://github.com/lfventura/list-repository-languages/pull/8</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/lfventura/list-repository-languages/compare/v3.2.1...v3.3.0">https://github.com/lfventura/list-repository-languages/compare/v3.2.1...v3.3.0</a></p>
]]></content:encoded></item><item><title>MCIX Overlay Apply</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/mcix-overlay-apply/</link><pubDate>Fri, 03 Jul 2026 06:39:21 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/mcix-overlay-apply/</guid><description>Version updated for https://github.com/MettleCI/mcix-overlay-apply to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-overlay-apply/compare/v0.0.36...v0.0.37</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/MettleCI/mcix-overlay-apply">https://github.com/MettleCI/mcix-overlay-apply</a></strong> to version <strong>v0.0.37</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/mcix-overlay-apply">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/MettleCI/mcix-overlay-apply/compare/v0.0.36...v0.0.37">https://github.com/MettleCI/mcix-overlay-apply/compare/v0.0.36...v0.0.37</a></p>
]]></content:encoded></item><item><title>MCIX System Version</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/mcix-system-version/</link><pubDate>Fri, 03 Jul 2026 06:38:47 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/mcix-system-version/</guid><description>Version updated for https://github.com/MettleCI/mcix-system-version to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-system-version/compare/v0.0.27...v0.0.37</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/MettleCI/mcix-system-version">https://github.com/MettleCI/mcix-system-version</a></strong> to version <strong>v0.0.37</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/mcix-system-version">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/MettleCI/mcix-system-version/compare/v0.0.27...v0.0.37">https://github.com/MettleCI/mcix-system-version/compare/v0.0.27...v0.0.37</a></p>
]]></content:encoded></item><item><title>MCIX Unit-Test Execute</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/mcix-unit-test-execute/</link><pubDate>Fri, 03 Jul 2026 06:38:14 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/mcix-unit-test-execute/</guid><description>Version updated for https://github.com/MettleCI/mcix-unit-test-execute to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-unit-test-execute/compare/v0.0.27...v0.0.37</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/MettleCI/mcix-unit-test-execute">https://github.com/MettleCI/mcix-unit-test-execute</a></strong> to version <strong>v0.0.37</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/mcix-unit-test-execute">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/MettleCI/mcix-unit-test-execute/compare/v0.0.27...v0.0.37">https://github.com/MettleCI/mcix-unit-test-execute/compare/v0.0.27...v0.0.37</a></p>
]]></content:encoded></item><item><title>hestia-cache</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/hestia-cache/</link><pubDate>Fri, 03 Jul 2026 06:37:40 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/hestia-cache/</guid><description>Version updated for https://github.com/Mic92/hestia to version v1.0.4.
This action is used across all versions by 8 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Usage - uses: Mic92/hestia@v1.0.4 with: version: v1.0.4 What’s Changed gha: retry finalize when the uploaded entry is not yet visible by @Mic92 in https://github.com/Mic92/hestia/pull/86 Full Changelog: https://github.com/Mic92/hestia/compare/v1.0.3...v1.0.4</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Mic92/hestia">https://github.com/Mic92/hestia</a></strong> to version <strong>v1.0.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>8</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/hestia-cache">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="usage">Usage</h2>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">Mic92/hestia@v1.0.4</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">version</span>: <span style="color:#ae81ff">v1.0.4</span>
</span></span></code></pre></div><h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>gha: retry finalize when the uploaded entry is not yet visible by @Mic92 in <a href="https://github.com/Mic92/hestia/pull/86">https://github.com/Mic92/hestia/pull/86</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/Mic92/hestia/compare/v1.0.3...v1.0.4">https://github.com/Mic92/hestia/compare/v1.0.3...v1.0.4</a></p>
]]></content:encoded></item><item><title>Agent Done Or Not</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agent-done-or-not/</link><pubDate>Fri, 03 Jul 2026 06:37:07 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agent-done-or-not/</guid><description>Version updated for https://github.com/mohamedzhioua/agent-done-or-not to version v0.10.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.10.1 — Marketplace branding + cleanup A packaging/metadata patch on top of v0.10.0. No engine behavior change — receipts, mode: verify, and the gates are identical.
What changed Marketplace branding on the composite Action (branding.icon: check-circle, color: green) so it can be listed on the GitHub Marketplace with an icon. Removed a now-unreachable inner mode != assert guard in the assert step (already gated by the step if: and the reject-unsupported-mode step). @v0 references in the docs now resolve via a moving v0 major tag that tracks the latest v0.x release. For the security-critical mode: verify gate, keep pinning an exact tag (e.g. @v0.10.1) as the README recommends. Verify quick reference - uses: actions/checkout@v4 # set up your runtime + deps here (setup-node, npm ci, …) - uses: mohamedzhioua/agent-done-or-not@v0.10.1 with: mode: verify checks: | test: npm test build: npm run build Full history in CHANGELOG.md.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mohamedzhioua/agent-done-or-not">https://github.com/mohamedzhioua/agent-done-or-not</a></strong> to version <strong>v0.10.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agent-done-or-not">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="v0101--marketplace-branding--cleanup">v0.10.1 — Marketplace branding + cleanup</h1>
<p>A packaging/metadata patch on top of <a href="https://github.com/mohamedzhioua/agent-done-or-not/releases/tag/v0.10.0">v0.10.0</a>. <strong>No engine behavior change</strong> — receipts, <code>mode: verify</code>, and the gates are identical.</p>
<h2 id="what-changed">What changed</h2>
<ul>
<li><strong>Marketplace branding</strong> on the composite Action (<code>branding.icon: check-circle</code>, <code>color: green</code>) so it can be listed on the GitHub Marketplace with an icon.</li>
<li>Removed a now-unreachable inner <code>mode != assert</code> guard in the <code>assert</code> step (already gated by the step <code>if:</code> and the reject-unsupported-mode step).</li>
<li><code>@v0</code> references in the docs now resolve via a <strong>moving <code>v0</code> major tag</strong> that tracks the latest <code>v0.x</code> release. For the security-critical <code>mode: verify</code> gate, keep pinning an exact tag (e.g. <code>@v0.10.1</code>) as the README recommends.</li>
</ul>
<h2 id="verify-quick-reference">Verify quick reference</h2>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v4</span>
</span></span><span style="display:flex;"><span><span style="color:#75715e"># set up your runtime + deps here (setup-node, npm ci, …)</span>
</span></span><span style="display:flex;"><span>- <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">mohamedzhioua/agent-done-or-not@v0.10.1</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">mode</span>: <span style="color:#ae81ff">verify</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">checks</span>: |<span style="color:#e6db74">
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">      test: npm test
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">      build: npm run build</span>
</span></span></code></pre></div><p>Full history in <a href="../CHANGELOG.md">CHANGELOG.md</a>.</p>
]]></content:encoded></item><item><title>Agent Security Harness</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agent-security-harness/</link><pubDate>Fri, 03 Jul 2026 06:36:33 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/agent-security-harness/</guid><description>Version updated for https://github.com/msaleme/red-team-blue-team-agent-fabric to version v4.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Promotes the funding-instrument checks that were a single dimension of the AP2 harness (AP2-015) into a first-class module — the tokenized card credential (Visa Trusted Agent Protocol / Mastercard Agentic Tokens) that sits inside an AP2 Payment Mandate as the instrument that actually moves money.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/msaleme/red-team-blue-team-agent-fabric">https://github.com/msaleme/red-team-blue-team-agent-fabric</a></strong> to version <strong>v4.8.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agent-security-harness">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Promotes the funding-instrument checks that were a single dimension of the AP2 harness (AP2-015) into a <strong>first-class module</strong> — the tokenized card credential (Visa Trusted Agent Protocol / Mastercard Agentic Tokens) that sits <em>inside</em> an AP2 Payment Mandate as the instrument that actually moves money.</p>
<h2 id="new-card_token_harnesspy--12-tests-ctk-001012-229">New: <code>card_token_harness.py</code> — 12 tests (CTK-001..012), #229</h2>
<p>Stdlib-only, deterministic reference verifier, <strong>every check fails closed</strong>.</p>
<ul>
<li><strong>Binding:</strong> agent holder-key, channel/domain, cross-network substitution</li>
<li><strong>Scope:</strong> merchant, per-transaction amount cap (both bounds — negative amounts rejected), cumulative velocity cap, consent policy</li>
<li><strong>Cryptogram:</strong> freshness (monotonic-counter replay), amount-binding (no re-pricing)</li>
<li><strong>Lifecycle:</strong> expiry, revocation/suspension (&ldquo;identify and revoke&rdquo;)</li>
<li><strong>Supply chain:</strong> PAN de-tokenization protection</li>
</ul>
<p>Grounded in EMV payment tokenisation + TAVV/DTVV dynamic cryptograms. AP2 answers <em>&ldquo;is this agent authorized to pay for this cart&rdquo;</em>; the card token answers <em>&ldquo;is this credential valid, unrevoked, fresh, and bound to this agent/merchant/amount/channel&rdquo;</em> — they compose.</p>
<p><strong>520 → 532 tests, 36 → 37 modules.</strong> Two fail-open gaps (negative-amount, <code>None==None</code> binding) surfaced by Bugbot were fixed and are now guarded by negative tests before merge.</p>
<p>The harness now covers all four layers of the agentic-payments stack <strong>plus</strong> the card-network funding rail underneath them. Verified by <code>scripts/count_tests.py</code> (definitive: 532).</p>
]]></content:encoded></item><item><title>Polygraph MCP gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/polygraph-mcp-gate/</link><pubDate>Fri, 03 Jul 2026 06:36:00 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/polygraph-mcp-gate/</guid><description>Version updated for https://github.com/polygraphso/litmus to version litmus-v0.24.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Methodology litmus-v12 — two false-positive fixes so a server’s correct, defensive behavior is no longer graded as a fault.
C-04 (probe 3.2): a validation error that quotes the rejected input back (e.g. Pydantic input_value=&amp;#39;…&amp;#39;) is a safe rejection, not server-generated amplification — no longer a false D. (#85) C-02 (probe 2.1): a mutation verb under a negation (“Cannot create or revoke keys”) no longer reads as a permission-mislabel lie; clause-scoped, so a real “Deletes… Cannot be undone.” still trips. (#85) methodologyVersion moves litmus-v11 → litmus-v12 (a string, so older attestations coexist). Release bump in #86. Both fixes are covered by regression tests reproduced from real servers.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/polygraphso/litmus">https://github.com/polygraphso/litmus</a></strong> to version <strong>litmus-v0.24.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/polygraph-mcp-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Methodology <strong>litmus-v12</strong> — two false-positive fixes so a server&rsquo;s correct, defensive behavior is no longer graded as a fault.</p>
<ul>
<li><strong>C-04 (probe 3.2):</strong> a validation error that quotes the rejected input back (e.g. Pydantic <code>input_value='…'</code>) is a safe rejection, not server-generated amplification — no longer a false D. (#85)</li>
<li><strong>C-02 (probe 2.1):</strong> a mutation verb under a negation (&ldquo;Cannot create or revoke keys&rdquo;) no longer reads as a permission-mislabel lie; clause-scoped, so a real &ldquo;Deletes… Cannot be undone.&rdquo; still trips. (#85)</li>
</ul>
<p><code>methodologyVersion</code> moves <code>litmus-v11 → litmus-v12</code> (a string, so older attestations coexist). Release bump in #86. Both fixes are covered by regression tests reproduced from real servers.</p>
]]></content:encoded></item><item><title>Remyx Outrider</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/remyx-outrider/</link><pubDate>Fri, 03 Jul 2026 06:35:26 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/remyx-outrider/</guid><description>Version updated for https://github.com/remyxai/outrider to version v1.7.9.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v1.7.8 was tagged on the wrong commit and did not actually contain the enrichment fix; v1 pointer was updated but the deployed code path in fast-paths still skipped _enrich_candidate_licenses. This release ships the real fix: _enrich_candidate_licenses(candidates, target) is now called on the pin-arxiv and search-method fast-paths (gated on REMYX_LICENSE_GATE, idempotent, best-effort). REMYX-190 evidence: https://github.com/remyxai/VQASynth/issues/105 opened with license_class=unknown despite WnQinm/Annotator having a clearly readable BSD-3-Clause LICENSE — the fast-path never called the enrichment step.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/remyxai/outrider">https://github.com/remyxai/outrider</a></strong> to version <strong>v1.7.9</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/remyx-outrider">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>v1.7.8 was tagged on the wrong commit and did not actually contain the enrichment fix; v1 pointer was updated but the deployed code path in fast-paths still skipped <code>_enrich_candidate_licenses</code>. This release ships the real fix: <code>_enrich_candidate_licenses(candidates, target)</code> is now called on the pin-arxiv and search-method fast-paths (gated on <code>REMYX_LICENSE_GATE</code>, idempotent, best-effort). REMYX-190 evidence: <a href="https://github.com/remyxai/VQASynth/issues/105">https://github.com/remyxai/VQASynth/issues/105</a> opened with <code>license_class=unknown</code> despite WnQinm/Annotator having a clearly readable BSD-3-Clause LICENSE — the fast-path never called the enrichment step.</p>
]]></content:encoded></item><item><title>DiffGate Review Triage</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/diffgate-review-triage/</link><pubDate>Fri, 03 Jul 2026 06:34:52 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/diffgate-review-triage/</guid><description>Version updated for https://github.com/srbsa/diffgate to version v0.7.7.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/srbsa/diffgate/compare/v0.7.6...v0.7.7</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/srbsa/diffgate">https://github.com/srbsa/diffgate</a></strong> to version <strong>v0.7.7</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/diffgate-review-triage">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/srbsa/diffgate/compare/v0.7.6...v0.7.7">https://github.com/srbsa/diffgate/compare/v0.7.6...v0.7.7</a></p>
]]></content:encoded></item><item><title>rag-redteam</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/rag-redteam/</link><pubDate>Fri, 03 Jul 2026 06:34:19 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/rag-redteam/</guid><description>Version updated for https://github.com/Srivatsa03/rag-redteam to version v0.3.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Adds embedding_inversion, a 7th probe that flags pipelines exposing raw embedding vectors (invertible back to source text per vec2text). Structural detector, a vulnerable/hardened demo pair, unit tests, and a threat-model section. Install or upgrade: pip install -U rag-redteam</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Srivatsa03/rag-redteam">https://github.com/Srivatsa03/rag-redteam</a></strong> to version <strong>v0.3.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/rag-redteam">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Adds embedding_inversion, a 7th probe that flags pipelines exposing raw embedding vectors (invertible back to source text per vec2text). Structural detector, a vulnerable/hardened demo pair, unit tests, and a threat-model section. Install or upgrade: pip install -U rag-redteam</p>
]]></content:encoded></item><item><title>Node Semantic Release</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/node-semantic-release/</link><pubDate>Fri, 03 Jul 2026 06:33:45 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/node-semantic-release/</guid><description>Version updated for https://github.com/stairwaytowonderland/node-semantic-release to version v1.193.0.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed chore(release): 1.193.0
1.193.0 (2026-07-03) ✨ Features remove is-first-release-tag (f210a51)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/stairwaytowonderland/node-semantic-release">https://github.com/stairwaytowonderland/node-semantic-release</a></strong> to version <strong>v1.193.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>3</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/node-semantic-release">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>chore(release): 1.193.0</p>
<h2 id="11930-2026-07-03"><a href="https://github.com/stairwaytowonderland/node-semantic-release/compare/v1.192.0...v1.193.0">1.193.0</a> (2026-07-03)</h2>
<h3 id="-features">✨ Features</h3>
<ul>
<li>remove is-first-release-tag (<a href="https://github.com/stairwaytowonderland/node-semantic-release/commit/f210a51d58961f446565736f7bfcfd3d8f18a882">f210a51</a>)</li>
</ul>
]]></content:encoded></item><item><title>MIU PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/miu-pr-review/</link><pubDate>Fri, 03 Jul 2026 06:33:12 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/miu-pr-review/</guid><description>Version updated for https://github.com/vanducng/miu-cr to version v0.82.4.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.82.4 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.82.4 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.82.4 GitHub Action:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/vanducng/miu-cr">https://github.com/vanducng/miu-cr</a></strong> to version <strong>v0.82.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/miu-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="miu-cr-v0824">miu-cr v0.82.4</h2>
<p>AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.</p>
<h3 id="install">Install</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.82.4
</span></span><span style="display:flex;"><span>brew install vanducng/tap/miucr
</span></span><span style="display:flex;"><span>go install github.com/vanducng/miu-cr/cmd/miucr@v0.82.4
</span></span></code></pre></div><p>GitHub Action:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">permissions</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">pull-requests</span>: <span style="color:#ae81ff">write</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">steps</span>:
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v6</span>
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">vanducng/miu-cr@v0.82.4</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">api-key</span>: <span style="color:#ae81ff">${{ secrets.ANTHROPIC_API_KEY }}</span>
</span></span></code></pre></div><h3 id="common-commands">Common commands</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>miucr login --provider openai
</span></span><span style="display:flex;"><span>miucr review --staged
</span></span><span style="display:flex;"><span>miucr review --from main --to HEAD --gate high
</span></span><span style="display:flex;"><span>miucr review --pr owner/repo#123 --post
</span></span><span style="display:flex;"><span>miucr upgrade
</span></span></code></pre></div><p>Docs: <a href="https://cr.miu.sh">https://cr.miu.sh</a></p>
]]></content:encoded></item><item><title>Setup Modern C++ Development Environment</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-modern-c-development-environment/</link><pubDate>Fri, 03 Jul 2026 06:32:38 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/03/setup-modern-c-development-environment/</guid><description>Version updated for https://github.com/wx257osn2/cxx_environment to version v3.5.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed workaround for non-UTC timezone host environment Singularity/Apptainer binds Etc/UTC to host timezone at default speed up CI bump up actions including apptainer 1.4.4 -&amp;gt; 1.5.2 update msvc-wine</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/wx257osn2/cxx_environment">https://github.com/wx257osn2/cxx_environment</a></strong> to version <strong>v3.5.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-modern-c-development-environment">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>workaround for non-UTC timezone host environment
<ul>
<li>Singularity/Apptainer binds <code>Etc/UTC</code> to host timezone at default</li>
</ul>
</li>
<li>speed up CI</li>
<li>bump up actions
<ul>
<li>including apptainer 1.4.4 -&gt; 1.5.2</li>
</ul>
</li>
<li>update msvc-wine</li>
</ul>
]]></content:encoded></item><item><title>VStyle Curate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/vstyle-curate/</link><pubDate>Thu, 02 Jul 2026 22:26:26 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/vstyle-curate/</guid><description>Version updated for https://github.com/hack-ink/vibe-style to version v0.2.2.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Sync language check structure by @yvette-carlisle in https://github.com/hack-ink/vibe-style/pull/35 Roll dependencies by @yvette-carlisle in https://github.com/hack-ink/vibe-style/pull/81 Speed up vstyle tune telemetry by @yvette-carlisle in https://github.com/hack-ink/vibe-style/pull/82 Full Changelog: https://github.com/hack-ink/vibe-style/compare/v0.2.1...v0.2.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hack-ink/vibe-style">https://github.com/hack-ink/vibe-style</a></strong> to version <strong>v0.2.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/vstyle-curate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Sync language check structure by @yvette-carlisle in <a href="https://github.com/hack-ink/vibe-style/pull/35">https://github.com/hack-ink/vibe-style/pull/35</a></li>
<li>Roll dependencies by @yvette-carlisle in <a href="https://github.com/hack-ink/vibe-style/pull/81">https://github.com/hack-ink/vibe-style/pull/81</a></li>
<li>Speed up vstyle tune telemetry by @yvette-carlisle in <a href="https://github.com/hack-ink/vibe-style/pull/82">https://github.com/hack-ink/vibe-style/pull/82</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hack-ink/vibe-style/compare/v0.2.1...v0.2.2">https://github.com/hack-ink/vibe-style/compare/v0.2.1...v0.2.2</a></p>
]]></content:encoded></item><item><title>AI Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/ai-plugin-scanner/</link><pubDate>Thu, 02 Jul 2026 22:25:53 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/ai-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.368.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/6a3f3b3419536de769697931aecf26e2e0d10df8 with plugin-scanner 2.0.968.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.367...v1.2.368</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/ai-plugin-scanner-action">https://github.com/hashgraph-online/ai-plugin-scanner-action</a></strong> to version <strong>v1.2.368</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>17</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ai-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Published automatically from <a href="https://github.com/hashgraph-online/hol-guard/tree/6a3f3b3419536de769697931aecf26e2e0d10df8">https://github.com/hashgraph-online/hol-guard/tree/6a3f3b3419536de769697931aecf26e2e0d10df8</a> with plugin-scanner 2.0.968.</p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.367...v1.2.368">https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.367...v1.2.368</a></p>
]]></content:encoded></item><item><title>HOL Codex Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/hol-codex-plugin-scanner/</link><pubDate>Thu, 02 Jul 2026 22:25:20 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/hol-codex-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.368.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.368</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action</a></strong> to version <strong>v1.2.368</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>11</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/hol-codex-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.368">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.368</a></p>
]]></content:encoded></item><item><title>Supply Chain Guard</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/supply-chain-guard/</link><pubDate>Thu, 02 Jul 2026 22:24:47 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/supply-chain-guard/</guid><description>Version updated for https://github.com/homeofe/supply-chain-guard to version v5.5.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v5.5.0 (2026-07-02) Community batch: all 8 seeded issues shipped, hardened by an adversarial release gate
Implements every open issue (#40-#47) in one release. Before tagging, a 4-lens adversarial verification gate reviewed the full diff and BLOCKED the first candidate with 6 confirmed findings - all fixed here (details below). 35 new tests (1057 total).</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/homeofe/supply-chain-guard">https://github.com/homeofe/supply-chain-guard</a></strong> to version <strong>v5.5.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/supply-chain-guard">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h3 id="v550-2026-07-02">v5.5.0 (2026-07-02)</h3>
<p><strong>Community batch: all 8 seeded issues shipped, hardened by an adversarial release gate</strong></p>
<p>Implements every open issue (#40-#47) in one release. Before tagging, a
4-lens adversarial verification gate reviewed the full diff and BLOCKED the
first candidate with 6 confirmed findings - all fixed here (details below).
35 new tests (1057 total).</p>
<ul>
<li><strong>Open VSX registry support</strong> (#40): <code>supply-chain-guard vscode &lt;id&gt; --registry openvsx</code> scans extensions from open-vsx.org (VSCodium, Gitpod,
Theia); marketplace stays the default. Windows fix: scanner temp dirs now
use os.tmpdir() instead of /tmp.</li>
<li><strong>Badge output</strong> (#42): <code>--format badge</code> emits Shields.io endpoint JSON.
The badge derives from the findings summary, mirroring exit-code semantics
(critical = red, high = orange, medium = yellow, else green).</li>
<li><strong>pre-commit hook</strong> (#41): .pre-commit-hooks.yaml + a &ldquo;prepare&rdquo; build script
so git-based installs compile dist/; README documents the
.pre-commit-config.yaml snippet.</li>
<li><strong>CI recipes</strong> (#44, #45, #46): examples/ gains CircleCI, Jenkins, and Azure
Pipelines gate configs.</li>
<li><strong>Official Docker image</strong> (#47): multi-stage Dockerfile (non-root, unzip
included, installs the locally built tarball of the tagged source) +
docker.yml publishing multi-arch (amd64/arm64) images to
ghcr.io/homeofe/supply-chain-guard on every release tag, with provenance and
SBOM attestations. All workflow actions SHA-pinned and verified upstream.</li>
<li><strong>Coverage gate</strong> (#43): vitest v8 coverage with thresholds wired into CI;
coverage summary uploaded as a build artifact.</li>
</ul>
<p>Fixed by the verification gate before release (would have shipped broken):</p>
<ul>
<li>Docker build died at <code>npm ci</code> (the new prepare script ran before
tsconfig/src existed in the layer) - now &ndash;ignore-scripts in the builder.</li>
<li>Badge severity inversion: one critical finding scored &ldquo;medium&rdquo; risk level
and rendered a YELLOW badge while the CLI exited 2 - badges now mirror the
gate.</li>
<li><code>prepare: npx tsc</code> could download and execute the namesquatted &ldquo;tsc&rdquo;
registry package on cold installs - now plain <code>tsc</code> (bin-PATH only).</li>
<li>pre-commit docs pinned rev v5.4.2, a tag that predates the hook file - now
gate-enforced via check:version-sync.</li>
<li>CircleCI example used an invalid <code>when:</code> key and would not compile.</li>
<li>The README badge recipe froze the badge green exactly when findings
appeared (scan exits non-zero, publish step skipped) - now || true +
if: always().</li>
</ul>
]]></content:encoded></item><item><title>Agent Guard Secret Guardrails</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/agent-guard-secret-guardrails/</link><pubDate>Thu, 02 Jul 2026 22:24:15 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/agent-guard-secret-guardrails/</guid><description>Version updated for https://github.com/JeongJaeSoon/agent-guard to version v1.7.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat(shell): resolve agent-guard without a PATH install for the bang guard by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/94 release: v1.7.0 by @github-actions[bot] in https://github.com/JeongJaeSoon/agent-guard/pull/95 Full Changelog: https://github.com/JeongJaeSoon/agent-guard/compare/v1.6.0...v1.7.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/JeongJaeSoon/agent-guard">https://github.com/JeongJaeSoon/agent-guard</a></strong> to version <strong>v1.7.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agent-guard-secret-guardrails">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat(shell): resolve agent-guard without a PATH install for the bang guard by @JeongJaeSoon in <a href="https://github.com/JeongJaeSoon/agent-guard/pull/94">https://github.com/JeongJaeSoon/agent-guard/pull/94</a></li>
<li>release: v1.7.0 by @github-actions[bot] in <a href="https://github.com/JeongJaeSoon/agent-guard/pull/95">https://github.com/JeongJaeSoon/agent-guard/pull/95</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/JeongJaeSoon/agent-guard/compare/v1.6.0...v1.7.0">https://github.com/JeongJaeSoon/agent-guard/compare/v1.6.0...v1.7.0</a></p>
]]></content:encoded></item><item><title>Official Junie GitHub Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/official-junie-github-action/</link><pubDate>Thu, 02 Jul 2026 22:23:42 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/official-junie-github-action/</guid><description>Version updated for https://github.com/JetBrains/junie-github-action to version v1.5.6.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 38 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed [Junie]: Update Junie CLI Version to 2144.7 in Files by @mashan555 in https://github.com/JetBrains/junie-github-action/pull/172 Full Changelog: https://github.com/JetBrains/junie-github-action/compare/v1...v1.5.6</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/JetBrains/junie-github-action">https://github.com/JetBrains/junie-github-action</a></strong> to version <strong>v1.5.6</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>38</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/official-junie-github-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>[Junie]: Update Junie CLI Version to 2144.7 in Files by @mashan555 in <a href="https://github.com/JetBrains/junie-github-action/pull/172">https://github.com/JetBrains/junie-github-action/pull/172</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/JetBrains/junie-github-action/compare/v1...v1.5.6">https://github.com/JetBrains/junie-github-action/compare/v1...v1.5.6</a></p>
]]></content:encoded></item><item><title>NeuroLink AI</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/neurolink-ai/</link><pubDate>Thu, 02 Jul 2026 22:23:08 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/neurolink-ai/</guid><description>Version updated for https://github.com/juspay/neurolink to version v9.80.4.
This action is used across all versions by 10 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 9.80.4 (2026-07-02) Bug Fixes (core): vertex schema fallback, mcp log dedup, safe serialization, timeout handling (2889ed2)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/juspay/neurolink">https://github.com/juspay/neurolink</a></strong> to version <strong>v9.80.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>10</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/neurolink-ai">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="9804-2026-07-02"><a href="https://github.com/juspay/neurolink/compare/v9.80.3...v9.80.4">9.80.4</a> (2026-07-02)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li><strong>(core):</strong>  vertex schema fallback, mcp log dedup, safe serialization, timeout handling (<a href="https://github.com/juspay/neurolink/commit/2889ed23fa542b88606f40ca0756dda0fbc2bd7b">2889ed2</a>)</li>
</ul>
]]></content:encoded></item><item><title>BPFCompat eBPF Compatibility Gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/bpfcompat-ebpf-compatibility-gate/</link><pubDate>Thu, 02 Jul 2026 22:22:35 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/bpfcompat-ebpf-compatibility-gate/</guid><description>Version updated for https://github.com/Kernel-Guard/bpfcompat to version v0.3.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed fix(ci): prefetch quirk-library images before validation in the publish lane (#76) (c7ef4fb) chore(release): prepare v0.3.0 — changelog + version refs (#75) (b2ef03e) docs: consolidate experimental tracks into docs/experimental.md (#73) (8a910a5) feat(examples): ebpf-go validation recipe — loader example + cookbook (#72) (7eed351) feat(ci): publish the quirk-library matrix to GitHub Pages weekly (#71) (1d75677) feat(action): command-mode inputs + built-in matrix names for the GitHub Action (#70) (00e2017) docs: drop internal “Repository Hygiene” section from README (#69) (b127315) fix(docs): readable contrast in test-command screenshot (#68) (2491a69) feat(cli): add test-command verb + README screenshot of a real run (#67) (88971fe) docs: surface command mode as a core feature + soften Falco loader claim (#66) (c790219)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Kernel-Guard/bpfcompat">https://github.com/Kernel-Guard/bpfcompat</a></strong> to version <strong>v0.3.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/bpfcompat-ebpf-compatibility-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>fix(ci): prefetch quirk-library images before validation in the publish lane (#76) (c7ef4fb)</li>
<li>chore(release): prepare v0.3.0 — changelog + version refs (#75) (b2ef03e)</li>
<li>docs: consolidate experimental tracks into docs/experimental.md (#73) (8a910a5)</li>
<li>feat(examples): ebpf-go validation recipe — loader example + cookbook (#72) (7eed351)</li>
<li>feat(ci): publish the quirk-library matrix to GitHub Pages weekly (#71) (1d75677)</li>
<li>feat(action): command-mode inputs + built-in matrix names for the GitHub Action (#70) (00e2017)</li>
<li>docs: drop internal &ldquo;Repository Hygiene&rdquo; section from README (#69) (b127315)</li>
<li>fix(docs): readable contrast in test-command screenshot (#68) (2491a69)</li>
<li>feat(cli): add <code>test-command</code> verb + README screenshot of a real run (#67) (88971fe)</li>
<li>docs: surface command mode as a core feature + soften Falco loader claim (#66) (c790219)</li>
</ul>
]]></content:encoded></item><item><title>L10n.dev AI Localization Automation</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/l10n.dev-ai-localization-automation/</link><pubDate>Thu, 02 Jul 2026 22:22:02 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/l10n.dev-ai-localization-automation/</guid><description>Version updated for https://github.com/l10n-dev/ai-l10n to version v1.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: implement safety improvements by removing apiKey field and refactoring key management by @AntonovAnton in https://github.com/l10n-dev/ai-l10n/pull/47 Full Changelog: https://github.com/l10n-dev/ai-l10n/compare/v1.7.1...v1.8.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/l10n-dev/ai-l10n">https://github.com/l10n-dev/ai-l10n</a></strong> to version <strong>v1.8.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/l10n-dev-ai-localization-automation">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat: implement safety improvements by removing apiKey field and refactoring key management by @AntonovAnton in <a href="https://github.com/l10n-dev/ai-l10n/pull/47">https://github.com/l10n-dev/ai-l10n/pull/47</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/l10n-dev/ai-l10n/compare/v1.7.1...v1.8.0">https://github.com/l10n-dev/ai-l10n/compare/v1.7.1...v1.8.0</a></p>
]]></content:encoded></item><item><title>crabd</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/crabd/</link><pubDate>Thu, 02 Jul 2026 22:21:29 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/crabd/</guid><description>Version updated for https://github.com/louisescher/crabd to version v0.1.1.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: review verdict labels, comment-only reviews, web search by @louisescher in https://github.com/louisescher/crabd/pull/4 feat: Delete crabd.yml, prepare for public release by @louisescher in https://github.com/louisescher/crabd/pull/6 chore: version packages by @github-actions[bot] in https://github.com/louisescher/crabd/pull/5 New Contributors @louisescher made their first contribution in https://github.com/louisescher/crabd/pull/4 Full Changelog: https://github.com/louisescher/crabd/compare/v0.1.0...v0.1.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/louisescher/crabd">https://github.com/louisescher/crabd</a></strong> to version <strong>v0.1.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/crab-d">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat: review verdict labels, comment-only reviews, web search by @louisescher in <a href="https://github.com/louisescher/crabd/pull/4">https://github.com/louisescher/crabd/pull/4</a></li>
<li>feat: Delete crabd.yml, prepare for public release by @louisescher in <a href="https://github.com/louisescher/crabd/pull/6">https://github.com/louisescher/crabd/pull/6</a></li>
<li>chore: version packages by @github-actions[bot] in <a href="https://github.com/louisescher/crabd/pull/5">https://github.com/louisescher/crabd/pull/5</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@louisescher made their first contribution in <a href="https://github.com/louisescher/crabd/pull/4">https://github.com/louisescher/crabd/pull/4</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/louisescher/crabd/compare/v0.1.0...v0.1.1">https://github.com/louisescher/crabd/compare/v0.1.0...v0.1.1</a></p>
]]></content:encoded></item><item><title>moult-action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/moult-action/</link><pubDate>Thu, 02 Jul 2026 22:20:56 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/moult-action/</guid><description>Version updated for https://github.com/moult-rb/moult-rb to version v0.3.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First gem release since 0.1.0 (v0.2.0 was tagged but its publish failed; its changes are included here). Published to RubyGems as moult.
moult-action The bare uses: moult-rb/moult-rb@v1 workflow now works out of the box: the action installs moult from its own checkout (no Gemfile needed in your repo) and moult-cloud-url defaults to https://moultrb.com. Actionable first-run errors: a missing permissions: id-token: write now says exactly that instead of a Ruby backtrace; non-2xx responses from GitHub’s token endpoint are reported with status and body. Pull requests from forks are gated in CI but skip the upload with a notice — GitHub issues no OIDC identity to fork PRs. base-sha defaults to the PR base branch (or the merge queue’s base SHA), falling back to the repository default branch — repos whose base branch isn’t main no longer fail their first PR scan. merge_group events are supported as pr scans; pull_request_target is rejected in auto mode (it checks out the base branch, which would silently gate an empty diff as a pass). Gem Moult::CloudUpload.projection — the sanitised upload payload builder (allow-listed keys, absolute paths stripped). License changed from MIT to Apache-2.0. Full details in CHANGELOG.md.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/moult-rb/moult-rb">https://github.com/moult-rb/moult-rb</a></strong> to version <strong>v0.3.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/moult-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>First gem release since 0.1.0 (v0.2.0 was tagged but its publish failed; its changes are included here). Published to RubyGems as <code>moult</code>.</p>
<h2 id="moult-action">moult-action</h2>
<ul>
<li>The bare <code>uses: moult-rb/moult-rb@v1</code> workflow now works out of the box: the action installs moult from its own checkout (no Gemfile needed in your repo) and <code>moult-cloud-url</code> defaults to <a href="https://moultrb.com">https://moultrb.com</a>.</li>
<li>Actionable first-run errors: a missing <code>permissions: id-token: write</code> now says exactly that instead of a Ruby backtrace; non-2xx responses from GitHub&rsquo;s token endpoint are reported with status and body.</li>
<li>Pull requests from forks are gated in CI but skip the upload with a notice — GitHub issues no OIDC identity to fork PRs.</li>
<li><code>base-sha</code> defaults to the PR base branch (or the merge queue&rsquo;s base SHA), falling back to the repository default branch — repos whose base branch isn&rsquo;t <code>main</code> no longer fail their first PR scan.</li>
<li><code>merge_group</code> events are supported as <code>pr</code> scans; <code>pull_request_target</code> is rejected in auto mode (it checks out the base branch, which would silently gate an empty diff as a pass).</li>
</ul>
<h2 id="gem">Gem</h2>
<ul>
<li><code>Moult::CloudUpload.projection</code> — the sanitised upload payload builder (allow-listed keys, absolute paths stripped).</li>
<li>License changed from MIT to Apache-2.0.</li>
</ul>
<p>Full details in <a href="https://github.com/moult-rb/moult-rb/blob/main/CHANGELOG.md">CHANGELOG.md</a>.</p>
]]></content:encoded></item><item><title>DeepRabbit Code Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/deeprabbit-code-review/</link><pubDate>Thu, 02 Jul 2026 22:20:23 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/deeprabbit-code-review/</guid><description>Version updated for https://github.com/n0namedeveloper/DeepRabbit to version v1.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Github Marketplace release.
Full Changelog: https://github.com/n0namedeveloper/DeepRabbit/compare/v1.1.0...v1.1.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/n0namedeveloper/DeepRabbit">https://github.com/n0namedeveloper/DeepRabbit</a></strong> to version <strong>v1.1.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/deeprabbit-code-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Github Marketplace release.</p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/n0namedeveloper/DeepRabbit/compare/v1.1.0...v1.1.1">https://github.com/n0namedeveloper/DeepRabbit/compare/v1.1.0...v1.1.1</a></p>
]]></content:encoded></item><item><title>Parkstatic Build and Deploy</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/parkstatic-build-and-deploy/</link><pubDate>Thu, 02 Jul 2026 22:19:50 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/parkstatic-build-and-deploy/</guid><description>Version updated for https://github.com/ParkStatic/action to version v1.2.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Bump pnpm/action-setup from v4 to v6 (0b8282d) CI: add Astro, SvelteKit, Remix, and Nuxt fixtures to the test matrix (377d196) Support Astro, SvelteKit, Remix, and Nuxt static builds (2bb9389) Add framework-compatibility test suite and offline build inputs (b31ebe4) Initial release (6857aff)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/ParkStatic/action">https://github.com/ParkStatic/action</a></strong> to version <strong>v1.2.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/parkstatic-build-and-deploy">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>Bump pnpm/action-setup from v4 to v6 (0b8282d)</li>
<li>CI: add Astro, SvelteKit, Remix, and Nuxt fixtures to the test matrix (377d196)</li>
<li>Support Astro, SvelteKit, Remix, and Nuxt static builds (2bb9389)</li>
<li>Add framework-compatibility test suite and offline build inputs (b31ebe4)</li>
<li>Initial release (6857aff)</li>
</ul>
]]></content:encoded></item><item><title>Blog to Newsletter</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/blog-to-newsletter/</link><pubDate>Thu, 02 Jul 2026 22:19:17 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/blog-to-newsletter/</guid><description>Version updated for https://github.com/peterpeterparker/blog-to-newsletter-action to version v0.0.4.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: deny closing footer with name and website by @peterpeterparker in https://github.com/peterpeterparker/blog-to-newsletter-action/pull/5 Full Changelog: https://github.com/peterpeterparker/blog-to-newsletter-action/compare/v0.0.3...v0.0.4</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/peterpeterparker/blog-to-newsletter-action">https://github.com/peterpeterparker/blog-to-newsletter-action</a></strong> to version <strong>v0.0.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/blog-to-newsletter">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat: deny closing footer with name and website by @peterpeterparker in <a href="https://github.com/peterpeterparker/blog-to-newsletter-action/pull/5">https://github.com/peterpeterparker/blog-to-newsletter-action/pull/5</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/peterpeterparker/blog-to-newsletter-action/compare/v0.0.3...v0.0.4">https://github.com/peterpeterparker/blog-to-newsletter-action/compare/v0.0.3...v0.0.4</a></p>
]]></content:encoded></item><item><title>Polygraph MCP gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/polygraph-mcp-gate/</link><pubDate>Thu, 02 Jul 2026 22:18:44 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/polygraph-mcp-gate/</guid><description>Version updated for https://github.com/polygraphso/litmus to version litmus-v0.23.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed litmus-v11 — C-02 gains expected-upstream inference, fixing a first-party-egress false positive.
An honest API-wrapper server — a tool that transparently calls the API it advertises (openai_chat → api.openai.com) — made an undeclared egress attempt and was capped at D, even though the upstream is the very API its own surface names. Before an undeclared host is now counted as overreach, the harness infers whether it is a plausible upstream for the server’s own tool surface: a host named verbatim in the tool text (strong), or an egress host whose registrable label matches a non-generic brand token drawn from the surface and the package owner/name (medium, plain-TLD hosts only). A match reclassifies the attempt from overreach into an informational egress-inferred finding — disclosure, not exoneration.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/polygraphso/litmus">https://github.com/polygraphso/litmus</a></strong> to version <strong>litmus-v0.23.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/polygraph-mcp-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>litmus-v11</strong> — C-02 gains expected-upstream inference, fixing a first-party-egress false positive.</p>
<p>An honest API-wrapper server — a tool that transparently calls the API it advertises (<code>openai_chat</code> → <code>api.openai.com</code>) — made an <em>undeclared</em> egress attempt and was capped at <strong>D</strong>, even though the upstream is the very API its own surface names. Before an undeclared host is now counted as overreach, the harness infers whether it is a plausible upstream for the server&rsquo;s own tool surface: a host named <strong>verbatim</strong> in the tool text (strong), or an egress host whose <strong>registrable label</strong> matches a non-generic <strong>brand token</strong> drawn from the surface and the package owner/name (medium, plain-TLD hosts only). A match reclassifies the attempt from overreach into an informational <code>egress-inferred</code> finding — <strong>disclosure, not exoneration</strong>.</p>
<p>Guardrails keep lookalikes out: whole-label (never substring) matching, a generic-label stoplist, registrable-label-only matching (so <code>openai.evil-cdn.com</code> is not cleared), and shared-tenant suffixes (<code>github.io</code>, <code>vercel.app</code>, …) treated as their own level (so <code>attacker.github.io</code> does not inherit <code>foo.github.io</code>&rsquo;s match). This only ever turns a false <strong>D → a correct pass</strong>, never the reverse, so every <code>litmus-v1…v10</code> attestation stays valid. The independent <strong>C-03 probe 4.2</strong> canary-in-egress check is unchanged and still floors real exfiltration at <strong>F</strong>. The A–F rubric and the on-chain EAS schema are unchanged; the evidence bundle schema advances to <code>1.7.0</code> (adds the <code>egress-inferred</code> finding kind).</p>
<p>Ships #83 (the fix) and #84 (the release bump). <code>methodologyVersion</code> → <code>litmus-v11</code>.</p>
]]></content:encoded></item><item><title>Prowler Security Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/prowler-security-scan/</link><pubDate>Thu, 02 Jul 2026 22:18:11 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/prowler-security-scan/</guid><description>Version updated for https://github.com/prowler-cloud/prowler to version 5.32.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed ✨ New features to highlight in this version Enjoy them all now for free at https://cloud.prowler.com
🔎 Findings Triage [!NOTE] This feature is available exclusively in Prowler Cloud and Prowler Enterprise with a subscription.
Triage findings straight from the Findings view. Each finding gets a triage status you can move through its lifecycle:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/prowler-cloud/prowler">https://github.com/prowler-cloud/prowler</a></strong> to version <strong>5.32.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/prowler-security-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="-new-features-to-highlight-in-this-version">✨ New features to highlight in this version</h1>
<p>Enjoy them all now for free at <a href="https://cloud.prowler.com">https://cloud.prowler.com</a></p>
<h2 id="-findings-triage">🔎 Findings Triage</h2>
<blockquote>
<p>[!NOTE]
This feature is available exclusively in <strong>Prowler Cloud</strong> and <strong>Prowler Enterprise</strong> with a <a href="https://prowler.com/pricing">subscription</a>.</p>
</blockquote>
<p>Triage findings straight from the Findings view. Each finding gets a triage status you can move through its lifecycle:</p>
<p><strong>Open → Under Review → Remediating → Risk Accepted → False Positive → Resolved</strong></p>
<p>Add a triage note to record the decision, mute a finding, all from the row&rsquo;s actions menu. The current status shows inline on every finding row, so you keep track of what has been reviewed and stop re-checking the same issues scan after scan.</p>
<img width="1380" height="159" alt="Triage 1" src="https://github.com/user-attachments/assets/f5268766-76ac-4c7f-a745-a3f013c18c23" />
<p>The status also follows the finding automatically across scans: when a finding flips from <code>FAIL</code> to <code>PASS</code> on the next scan it moves to <strong>Resolved</strong>, and when it flips from <code>PASS</code> back to <code>FAIL</code> it moves to <strong>Reopened</strong>. You always know whether an issue is genuinely fixed or has regressed, without touching it by hand.</p>
<img width="1382" height="496" alt="Triage 2" src="https://github.com/user-attachments/assets/258b5302-79f0-4995-a27e-b9b07c1ded57" />
<p>Read more in our <a href="https://docs.prowler.com/user-guide/tutorials/prowler-app-findings-triage">Findings Triage documentation</a>.</p>
<h2 id="-scan-configuration">⚙️ Scan Configuration</h2>
<blockquote>
<p>[!NOTE]
This feature is available exclusively in <strong>Prowler Cloud</strong> and <strong>Prowler Enterprise</strong> with a <a href="https://prowler.com/pricing">subscription</a>.</p>
</blockquote>
<p>Create named, reusable scan configurations from a dedicated <strong>Scans / Configuration</strong> page. Each configuration is YAML that follows the structure of <a href="https://github.com/prowler-cloud/prowler/blob/master/prowler/config/config.yaml"><code>prowler/config/config.yaml</code></a>, so you only include the keys you want to override; the rest fall back to the built-in defaults. Values are validated on save against a per-provider, type-safe configuration schema that range-checks each field and rejects unknown keys, so a malformed config is caught before it ever reaches a scan. Attach a configuration to one or more providers so it applies on their next scan, or save it now and attach providers later.</p>
<img width="1420" height="899" alt="Config 1" src="https://github.com/user-attachments/assets/8065313c-8be5-4613-bdc4-3b255d14ed07" />
<p>From the Providers view you can pick which configuration a provider uses (<code>Default</code> or any of your saved ones) without leaving the page. No more passing config files around by hand.</p>
<img width="1425" height="660" alt="Config 2" src="https://github.com/user-attachments/assets/183f15ea-49dd-4025-a284-a5c664139146" />
<p>Read more in our <a href="https://docs.prowler.com/user-guide/tutorials/prowler-app-scan-configuration">Scan Configuration documentation</a>.</p>
<h2 id="-per-requirement-configuration-validation">✅ Per-Requirement Configuration Validation</h2>
<blockquote>
<p>[!NOTE]
This feature is available exclusively in <strong>Prowler Cloud</strong> and <strong>Prowler Enterprise</strong> with a <a href="https://prowler.com/pricing">subscription</a>.</p>
</blockquote>
<p>Compliance frameworks can now declare <code>ConfigRequirements</code> on a requirement, so it&rsquo;s reported as <strong>FAIL</strong> when its mapped checks ran under a configuration too loose to satisfy it. Even if every individual finding PASSed. This applies across all compliance outputs: CSV, OCSF, and console tables, and is the engine behind Scan Configuration&rsquo;s &ldquo;marked as FAIL&rdquo; behavior described above.</p>
<img width="2838" height="516" alt="compliance 1" src="https://github.com/user-attachments/assets/8992d8c9-7ec1-4ad2-8fc5-639fb5127d35" />
<p>Read more in our <a href="https://docs.prowler.com/user-guide/cli/tutorials/configuration_file">Configuration File documentation</a>.</p>
<h2 id="-okta--request-throttling--retries">⏱️ Okta — Request Throttling &amp; Retries</h2>
<p>Prowler now proactively throttles Okta API requests to stay under rate limits, with reactive retries on HTTP 429 as a safety net. Both are set in the scan configuration (or their equivalent CLI flags):</p>
<ul>
<li><code>okta_requests_per_second</code> (config file) / <code>--okta-requests-per-second</code> (CLI) — cap the request rate. Default: 4 req/s.</li>
<li><code>okta_max_retries</code> (config file) / <code>--okta-retries-max-attempts</code> (CLI) — bound retry attempts. Default: 5.</li>
</ul>
<p>This makes large Okta scans more reliable and less likely to be rate-limited.</p>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/providers/okta/retry-configuration#request-throttling-requests-per-second">Okta rate limit documentation</a>.</p>
<h2 id="-aws--cap-resources-scanned-per-service">📉 AWS — Cap Resources Scanned per Service</h2>
<p>Large AWS accounts can now cap how many resources Prowler analyzes for the highest-volume services, keeping scan time and cost under control. Set a global limit with <code>max_scanned_resources_per_service</code>, or override it per service:</p>
<ul>
<li>EBS snapshots (<code>max_ebs_snapshots</code>)</li>
<li>Backup recovery points (<code>max_backup_recovery_points</code>)</li>
<li>CloudWatch log groups (<code>max_cloudwatch_log_groups</code>)</li>
<li>Lambda functions (<code>max_lambda_functions</code>)</li>
<li>ECS task definitions (<code>max_ecs_task_definitions</code>)</li>
<li>CodeArtifact packages (<code>max_codeartifact_packages</code>)</li>
</ul>
<p>Limits are <strong>disabled by default</strong> (<code>0</code> = unlimited); only positive values cap the analyzed resources.</p>
<blockquote>
<p>[!WARNING]
When a positive limit is set, compliance results reflect only the sampled resources, not every matching resource in the account.</p>
</blockquote>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/cli/tutorials/configuration_file#supported-aws-resource-limits">configuration file documentation</a>.</p>
<h2 id="azure--filter-by-resource-group">🏷️ Azure — Filter by Resource Group</h2>
<p>Azure scans can now be scoped to one or more resource groups with the new <code>--azure-resource-group</code> / <code>--azure-resource-groups</code> option. This lets you run focused assessments against specific environments, teams, or workloads instead of scanning every accessible resource in the subscription.</p>
<p>Prowler validates the requested resource groups across accessible subscriptions and applies the scope across supported Azure services, making targeted Azure scans faster, cleaner, and easier to review.</p>
<p>Examples:</p>
<ul>
<li>Single resource group: <code>prowler azure --az-cli-auth --azure-resource-group rg-prod</code></li>
<li>Multiple resource groups: <code>prowler azure --az-cli-auth --azure-resource-group rg-prod1 rg-prod2</code></li>
</ul>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/providers/azure/resource-groups">Azure Resource Groups documentation</a>.</p>
<p>Thanks to @Legin-ML for contributing this feature!</p>
<h2 id="-provider-group-filter">🧭 Provider Group Filter</h2>
<p>Filter the <strong>Overview, Findings, Resources, Scans, and Providers</strong> views by provider group. Scope the whole app to a team, an environment, or a business unit in one click instead of filtering provider by provider.</p>
<img width="1426" height="517" alt="ProviderGroupFilter 1" src="https://github.com/user-attachments/assets/6df4ec5e-f9d9-4828-a674-a392e5fc852b" />
<p>Read more about managing provider groups in our <a href="https://docs.prowler.com/user-guide/tutorials/prowler-app-rbac">RBAC documentation</a>.</p>
<h2 id="-api--timestamp-precision-in-findings-filters">🔬 API — Timestamp Precision in Findings Filters</h2>
<p>The <code>/api/v1/findings</code> endpoint now accepts full timestamps on the <code>inserted_at</code> and <code>updated_at</code> filters (<code>filter[inserted_at__gte]</code>, <code>filter[inserted_at__lte]</code>, and the <code>updated_at</code> variants), so you can query narrow time windows instead of whole days. Date-only filtering keeps working, so existing integrations are unaffected.</p>
<h3 id="findings-inserted-within-a-precise-timestamp-window">Findings inserted within a precise timestamp window</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>curl --globoff <span style="color:#ae81ff">\
</span></span></span><span style="display:flex;"><span>    
</span></span><span style="display:flex;"><span><span style="color:#e6db74">&#39;[http://localhost:8080/api/v1/findings?filter[inserted_at__gte]=2026-07-01T06:12:18Z&amp;filter[inserted_at__lte]=2026-07-02T19:25:55Z](http://localhost:8080/api/v1/findings?filter[inserted_at__gte]=2026-07-01T06:12:18Z&amp;filter[inserted_at__lte]=2026-07-02T19:25:55Z)&#39;</span> <span style="color:#ae81ff">\ </span>   
</span></span><span style="display:flex;"><span>-H <span style="color:#e6db74">&#39;Authorization: Bearer &lt;YOUR_TOKEN&gt;&#39;</span> <span style="color:#ae81ff">\ </span>   
</span></span><span style="display:flex;"><span>-H <span style="color:#e6db74">&#39;Accept: application/vnd.api+json&#39;</span>
</span></span></code></pre></div><h3 id="combine-inserted_at-and-updated_at-windows-in-a-single-request">Combine inserted_at and updated_at windows in a single request</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>curl --globoff <span style="color:#ae81ff">\
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">&#39;[http://localhost:8080/api/v1/findings?filter[inserted_at__gte]=2026-07-01T05:12:18Z&amp;filter[inserted_at__lte]=2026-07-02T20:25:55Z&amp;filter[updated_at__gte]=2026-07-01T06:12:18Z&amp;filter[updated_at__lte]=2026-07-02T19:25:55Z](http://localhost:8080/api/v1/findings?filter[inserted_at__gte]=2026-07-01T05:12:18Z&amp;filter[inserted_at__lte]=2026-07-02T20:25:55Z&amp;filter[updated_at__gte]=2026-07-01T06:12:18Z&amp;filter[updated_at__lte]=2026-07-02T19:25:55Z)&#39;</span> <span style="color:#ae81ff">\
</span></span></span><span style="display:flex;"><span>-H <span style="color:#e6db74">&#39;Authorization: Bearer &lt;YOUR_TOKEN&gt;&#39;</span> <span style="color:#ae81ff">\
</span></span></span><span style="display:flex;"><span>-H <span style="color:#e6db74">&#39;Accept: application/vnd.api+json&#39;</span>
</span></span></code></pre></div><h2 id="-attack-paths--neptune-as-a-persistent-sink">🕸️ Attack Paths — Neptune as a persistent sink</h2>
<p>Attack Paths can now persist its graph in <strong>AWS Neptune</strong> in addition to Neo4j, selectable via <code>ATTACK_PATHS_SINK_DATABASE=neptune</code> (default <code>neo4j</code>). Cartography&rsquo;s per-scan ingest database stays on Neo4j. The scan task preflights the ingest database and the configured sink before ingestion, and provider graph cleanup now deletes relationships in directed batches before deleting nodes.</p>
<p>This is the groundwork for scale: a managed graph database lets Attack Paths hold much larger graphs, extend coverage to more providers, and link resources across them so an attack path can cross provider boundaries instead of stopping at one cloud&rsquo;s edge.</p>
<p>Read more in the <a href="https://docs.prowler.com/user-guide/tutorials/prowler-app-attack-paths">Attack Paths documentation</a>.</p>
<h2 id="-new-secret-scanning-engine--kingfisher">🔐 New Secret-Scanning Engine — Kingfisher</h2>
<p>Prowler&rsquo;s secret-scanning checks now run on <a href="https://github.com/mongodb/kingfisher">Kingfisher</a> instead of <code>detect-secrets</code>. Scans run <strong>fully offline by default</strong>, and obvious placeholder values (e.g. <code>password123</code>, <code>changeme</code>) are no longer reported, cutting down false positives.</p>
<p>Opt in to <strong>live validation</strong> with the new <code>--scan-secrets-validate</code> flag (or the <code>aws.secrets_validate</code> config option): Prowler checks discovered secrets against the provider APIs, and any secret confirmed to be <strong>live is reported as critical</strong>, so you can prioritize the credentials that actually work.</p>
<blockquote>
<p>[!NOTE]
The <code>detect_secrets_plugins</code> configuration option has been removed, as it is no longer used by the new engine.</p>
</blockquote>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/cli/tutorials/pentesting#detect-secrets">secret detection documentation</a>.</p>
<h2 id="-checks">🔍 Checks</h2>
<h3 id="aws">AWS</h3>
<ul>
<li><code>stepfunctions_statemachine_encrypted_with_cmk</code> — Step Functions state machines use a customer-managed KMS key for encryption at rest instead of the default AWS-owned key. Thanks to @Sid-0602!</li>
<li><code>waf_regional_webacl_logging_enabled</code> — AWS WAF Classic Regional Web ACLs have logging enabled to a Kinesis Data Firehose stream. Thanks to @Sid-0602!</li>
<li><strong>IAM privilege escalation</strong> — the privesc checks now cover <strong>AWS Bedrock AgentCore</strong> paths across Runtime, Harness, Code Interpreter, and Custom Browser. Thanks to @MrCloudSec!</li>
<li><code>apigateway_restapi_no_secrets_in_stage_variables</code> - Scans API Gateway REST API stage variables for hardcoded passwords, API keys, and tokens. Thanks to @chirag1206!</li>
<li><code>awslambda_function_no_secrets_in_code</code> — This check now supports a <code>secrets_ignore_files</code> audit-config option to skip files inside the deployment package by glob pattern (e.g. <code>*.deps.json</code>), suppressing .NET dependency-manifest false positives without masking real secrets.</li>
<li><code>s3_bucket_object_public</code> — spot-checks a configurable sample of object ACLs in each bucket and flags objects granted to the <code>AllUsers</code> or <code>AuthenticatedUsers</code> groups. Disabled by default; opt in via the <code>s3_bucket_object_public_enabled</code> configuration option. Thanks to @Synchx00!</li>
</ul>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/providers/aws/getting-started-aws">AWS documentation</a>.</p>
<p>Explore all AWS checks at <a href="https://hub.prowler.com/check?provider=aws">Prowler Hub</a>.</p>
<h3 id="microsoft-365">Microsoft 365</h3>
<p>New <strong>Conditional Access</strong> hardening checks:</p>
<ul>
<li><code>entra_conditional_access_policy_explicitly_targets_azure_devops</code> — at least one enabled policy explicitly includes the Azure DevOps cloud application, rather than relying on a broad &ldquo;All cloud apps&rdquo; policy. Thanks to @mzl2233!</li>
<li><code>entra_conditional_access_policy_no_exclusion_gaps</code> — every user, group, role, or application excluded from an enabled policy stays in scope of another enabled policy. Thanks to @UTKARSH698 with @arieleli01212 as co-author!</li>
<li><code>entra_conditional_access_policy_groups_management_restricted</code> — every security group referenced by an enabled or report-only policy is management-restricted or role-assignable. Thanks to @SAMurai-16!</li>
<li><code>exchange_application_access_policy_restricts_mailbox_apps</code> — every service principal with Microsoft Graph application-level Exchange mailbox permissions is restricted by an Exchange Online Application Access Policy. Thanks to @VasistAcharya!</li>
</ul>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/providers/microsoft365/getting-started-m365">Microsoft 365 documentation</a>.</p>
<p>Explore all Microsoft 365 checks at <a href="https://hub.prowler.com/check?provider=m365">Prowler Hub</a>.</p>
<h2 id="compliance">Compliance</h2>
<h3 id="-cis-benchmark-refresh--six-new-versions">🧩 CIS Benchmark Refresh — Six New Versions</h3>
<p>Prowler ships a coordinated refresh of the CIS Benchmarks across six providers:</p>
<ul>
<li><strong>AWS</strong> — CIS Amazon Web Services Foundations Benchmark v7.0.0, adding the new Organizations section (2.1.1-2.1.6), resource policy (2.21), web front-end access logging (4.10), and VPC Endpoints (6.8) recommendations.</li>
<li><strong>Azure</strong> — CIS Microsoft Azure Foundations Benchmark v6.0.0.</li>
<li><strong>GCP</strong> — CIS Google Cloud Platform Foundation Benchmark v5.0.0.</li>
<li><strong>Kubernetes</strong> — CIS Kubernetes Benchmark v2.0.1.</li>
<li><strong>GitHub</strong> — CIS GitHub Benchmark v1.2.0.</li>
<li><strong>Microsoft 365</strong> — CIS Microsoft 365 Foundations Benchmark v7.0.0.</li>
</ul>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/cli/tutorials/compliance">compliance documentation</a>.</p>
<p>Explore the full compliance catalog at <a href="https://hub.prowler.com/compliance">Prowler Hub</a>.</p>
<h3 id="-cis-controls-v81--universal-framework">🌐 CIS Controls v8.1 — Universal Framework</h3>
<p>A new <strong>universal</strong> (cross-provider) compliance framework mapping existing checks across 18 providers — AWS, Azure, GCP, Kubernetes, M365, GitHub, AlibabaCloud, OracleCloud, GoogleWorkspace, Okta, Cloudflare, Vercel, MongoDB Atlas, OpenStack, Linode, StackIT, NHN, and Scaleway — to the 18 CIS Critical Security Controls and their Safeguards. Ships with a dedicated detail view and report mapping in the UI.</p>
<p>Read more in our <a href="https://docs.prowler.com/user-guide/cli/tutorials/compliance">compliance documentation</a>.</p>
<p>Explore the full compliance catalog at <a href="https://hub.prowler.com/compliance">Prowler Hub</a>.</p>
<h2 id="-external-contributors">🙌 External Contributors</h2>
<p>Thank you to our community contributors for this release!</p>
<ul>
<li>@chirag1206 — <code>apigateway_restapi_no_secrets_in_stage_variables</code> check <a href="https://github.com/prowler-cloud/prowler/pull/11188">(#11188)</a></li>
<li>@MrCloudSec — AWS Bedrock AgentCore privilege escalation paths in the IAM privesc checks <a href="https://github.com/prowler-cloud/prowler/pull/11726">(#11726)</a></li>
<li>@Sid-0602 — <code>stepfunctions_statemachine_encrypted_with_cmk</code> <a href="https://github.com/prowler-cloud/prowler/pull/11538">(#11538)</a> and <code>waf_regional_webacl_logging_enabled</code> <a href="https://github.com/prowler-cloud/prowler/pull/11539">(#11539)</a> checks</li>
<li>@mzl2233 — <code>entra_conditional_access_policy_explicitly_targets_azure_devops</code> check <a href="https://github.com/prowler-cloud/prowler/pull/11182">(#11182)</a></li>
<li>@UTKARSH698 with @arieleli01212 as co-author — <code>entra_conditional_access_policy_no_exclusion_gaps</code> check <a href="https://github.com/prowler-cloud/prowler/pull/11577">(#11577)</a></li>
<li>@SAMurai-16 — <code>entra_conditional_access_policy_groups_management_restricted</code> check <a href="https://github.com/prowler-cloud/prowler/pull/11342">(#11342)</a></li>
<li>@vahidg — Azure PostgreSQL flexible server collection resilience fix <a href="https://github.com/prowler-cloud/prowler/pull/11595">(#11595)</a></li>
<li>@davletd — Azure <code>keyvault_logging_enabled</code> <code>AuditEvent</code> category fix <a href="https://github.com/prowler-cloud/prowler/pull/11660">(#11660)</a></li>
<li>@VasistAcharya — <code>exchange_application_access_policy_restricts_mailbox_apps</code> <a href="https://github.com/prowler-cloud/prowler/pull/11247">(#11247)</a></li>
<li>@Legin-ML — Filter scans at Resource Group level <a href="https://github.com/prowler-cloud/prowler/pull/10657">(#10657)</a></li>
<li>@Synchx00 — <code>s3_bucket_object_public</code> check <a href="https://github.com/prowler-cloud/prowler/pull/9517">(#9517)</a></li>
</ul>
<hr>
<h2 id="ui">UI</h2>
<h3 id="-added">🚀 Added</h3>
<ul>
<li>Filter the Overview, Findings, Resources, Scans, and Providers views by provider group <a href="https://github.com/prowler-cloud/prowler/pull/11659">(#11659)</a></li>
<li>CIS Controls v8.1 compliance support, including its detail view and report mapping <a href="https://github.com/prowler-cloud/prowler/pull/11700">(#11700)</a></li>
</ul>
<h2 id="api">API</h2>
<h3 id="-added-1">🚀 Added</h3>
<ul>
<li>Timestamp precision support for <code>/api/v1/findings</code> <code>inserted_at</code> and <code>updated_at</code> filters <a href="https://github.com/prowler-cloud/prowler/pull/11754">(#11754)</a></li>
</ul>
<h3 id="-changed">🔄 Changed</h3>
<ul>
<li>Attack Paths: AWS Neptune is now supported as a persistent sink database, selectable via <code>ATTACK_PATHS_SINK_DATABASE=neptune</code> (default <code>neo4j</code>), Cartography&rsquo;s (bumped to 0.138.1) per-scan ingest database stays on Neo4j <a href="https://github.com/prowler-cloud/prowler/pull/11524">(#11524)</a></li>
<li>Attack Paths: Scan task now checks the ingest Neo4j database and configured graph sink before starting graph ingestion <a href="https://github.com/prowler-cloud/prowler/pull/11743">(#11743)</a></li>
<li>Disable PowerShell telemetry in the API container image <a href="https://github.com/prowler-cloud/prowler/pull/11746">(#11746)</a></li>
</ul>
<h3 id="-fixed">🐞 Fixed</h3>
<ul>
<li>Attack Paths: Provider graph cleanup now deletes Neo4j and Neptune relationships in directed batches before deleting nodes <a href="https://github.com/prowler-cloud/prowler/pull/11755">(#11755)</a></li>
<li><code>scan-perform</code> no longer reports an error when a provider is deleted during a running scan <a href="https://github.com/prowler-cloud/prowler/pull/11696">(#11696)</a></li>
</ul>
<h2 id="sdk">SDK</h2>
<h3 id="-added-2">🚀 Added</h3>
<ul>
<li><code>exchange_application_access_policy_restricts_mailbox_apps</code> check for M365 provider, verifying every service principal with Microsoft Graph application-level Exchange mailbox permissions is restricted by an Exchange Online Application Access Policy, preventing tenant-wide mailbox access by unscoped applications <a href="https://github.com/prowler-cloud/prowler/pull/11247">(#11247)</a></li>
<li>Per-requirement configuration validation for compliance frameworks via <code>ConfigRequirements</code>, so a requirement is reported as FAIL when its configurable checks ran with a configuration too loose to satisfy it (applied across all compliance outputs: CSV, OCSF, and console tables) <a href="https://github.com/prowler-cloud/prowler/pull/11669">(#11669)</a></li>
<li><code>entra_conditional_access_policy_explicitly_targets_azure_devops</code> check for M365 provider, verifying at least one enabled Conditional Access policy explicitly includes the Azure DevOps cloud application instead of relying on a broad &ldquo;All cloud apps&rdquo; policy <a href="https://github.com/prowler-cloud/prowler/pull/11182">(#11182)</a></li>
<li><code>entra_conditional_access_policy_no_exclusion_gaps</code> check for M365 provider, verifying every user, group, role, or application excluded from an enabled Conditional Access policy stays in scope of another enabled policy <a href="https://github.com/prowler-cloud/prowler/pull/11577">(#11577)</a></li>
<li><code>entra_conditional_access_policy_groups_management_restricted</code> check for M365 provider, verifying every security group referenced by an enabled or report-only Conditional Access policy is management-restricted or role-assignable <a href="https://github.com/prowler-cloud/prowler/pull/11342">(#11342)</a></li>
<li><code>stepfunctions_statemachine_encrypted_with_cmk</code> check for AWS provider, verifying that each Step Functions state machine uses a customer-managed KMS key for encryption at rest rather than the default AWS-owned key <a href="https://github.com/prowler-cloud/prowler/pull/11538">(#11538)</a></li>
<li>CIS Controls v8.1 universal compliance framework mapping existing checks across 18 providers (AWS, Azure, GCP, Kubernetes, M365, GitHub, AlibabaCloud, OracleCloud, GoogleWorkspace, Okta, Cloudflare, Vercel, MongoDB Atlas, OpenStack, Linode, StackIT, NHN, and Scaleway) to the 18 CIS Critical Security Controls and their Safeguards <a href="https://github.com/prowler-cloud/prowler/pull/11700">(#11700)</a></li>
<li>CIS Microsoft 365 Foundations Benchmark v7.0.0 compliance framework for the M365 provider <a href="https://github.com/prowler-cloud/prowler/pull/11699">(#11699)</a></li>
<li><code>waf_regional_webacl_logging_enabled</code> check for AWS provider, verifying that each AWS WAF Classic Regional Web ACL has logging enabled to a Kinesis Data Firehose stream <a href="https://github.com/prowler-cloud/prowler/pull/11539">(#11539)</a></li>
<li><code>sdk_only</code> provider property (default <code>true</code>) and <code>Provider.get_app_providers()</code>, so a provider (built-in or external) stays CLI/SDK-only and hidden from the app unless it declares <code>sdk_only = False</code> <a href="https://github.com/prowler-cloud/prowler/pull/11427">(#11427)</a></li>
<li><code>Provider.get_scan_arguments()</code>, <code>Provider.get_connection_arguments()</code> and <code>Provider.get_credentials_schema()</code> contract methods, so a provider persisted as a stored uid plus a secret dict can be constructed and validated programmatically (to be consumed by the API in a later change) <a href="https://github.com/prowler-cloud/prowler/pull/11578">(#11578)</a></li>
<li>Okta API request throttling to proactively stay under rate limits, configurable via <code>okta_requests_per_second</code> in the config file and the <code>--okta-requests-per-second</code> CLI flag, plus configurable retries via <code>okta_max_retries</code> / <code>--okta-retries-max-attempts</code> as a safety net <a href="https://github.com/prowler-cloud/prowler/pull/11702">(#11702)</a></li>
<li>CIS Amazon Web Services Foundations Benchmark v7.0.0 compliance framework for the AWS provider, adding the new Organizations section (2.1.1-2.1.6), resource policy (2.21), web front-end access logging (4.10), and VPC Endpoints (6.8) recommendations <a href="https://github.com/prowler-cloud/prowler/pull/11707">(#11707)</a></li>
<li>CIS Microsoft Azure Foundations Benchmark v6.0.0 compliance framework for the Azure provider <a href="https://github.com/prowler-cloud/prowler/pull/11708">(#11708)</a></li>
<li>CIS Google Cloud Platform Foundation Benchmark v5.0.0 compliance framework for the GCP provider <a href="https://github.com/prowler-cloud/prowler/pull/11714">(#11714)</a></li>
<li>CIS Kubernetes Benchmark v2.0.1 compliance framework for the Kubernetes provider <a href="https://github.com/prowler-cloud/prowler/pull/11722">(#11722)</a></li>
<li>CIS GitHub Benchmark v1.2.0 compliance framework for the GitHub provider <a href="https://github.com/prowler-cloud/prowler/pull/11719">(#11719)</a></li>
<li>AWS Bedrock AgentCore privilege escalation paths in the IAM privilege escalation checks, covering Runtime, Harness, Code Interpreter and Custom Browser <a href="https://github.com/prowler-cloud/prowler/pull/11726">(#11726)</a></li>
<li><code>--scan-secrets-validate</code> flag and <code>aws.secrets_validate</code> configuration option to optionally validate the secrets discovered by the secret-scanning checks against the provider APIs; secrets confirmed to be live are reported as critical <a href="https://github.com/prowler-cloud/prowler/pull/11694">(#11694)</a></li>
<li><code>apigateway_restapi_no_secrets_in_stage_variables</code> check for AWS provider, scanning API Gateway REST API stage variables for hardcoded secrets such as passwords, API keys, and tokens <a href="https://github.com/prowler-cloud/prowler/pull/11188">(#11188)</a></li>
<li><code>s3_bucket_object_public</code> check for AWS provider, spot-checking a configurable sample of object ACLs in each bucket and flagging objects granted to the AllUsers or AuthenticatedUsers groups; disabled by default and opted into via the <code>s3_bucket_object_public_enabled</code> configuration option <a href="https://github.com/prowler-cloud/prowler/pull/9517">(#9517)</a></li>
<li>Azure provider now supports <code>--azure-resource-group</code> to scope resource-level checks to specific resource groups across all accessible subscriptions <a href="https://github.com/prowler-cloud/prowler/pull/10657">(#10657)</a></li>
</ul>
<h3 id="-changed-1">🔄 Changed</h3>
<ul>
<li>Replaced the <code>detect-secrets</code> library with <a href="https://github.com/mongodb/kingfisher">Kingfisher</a> as the engine for the secret-scanning checks; scans run fully offline by default and obvious placeholder values are no longer reported as findings <a href="https://github.com/prowler-cloud/prowler/pull/11694">(#11694)</a></li>
<li>Removed the <code>detect_secrets_plugins</code> configuration option, which is no longer used by the new secret-scanning engine <a href="https://github.com/prowler-cloud/prowler/pull/11694">(#11694)</a></li>
<li><code>awslambda_function_no_secrets_in_code</code> now supports a <code>secrets_ignore_files</code> audit-config option to skip files inside the deployment package by glob pattern (e.g. <code>*.deps.json</code>), suppressing .NET dependency-manifest false positives without masking real secrets <a href="https://github.com/prowler-cloud/prowler/pull/11222">(#11222)</a></li>
<li>AWS scans for EBS snapshots, Backup recovery points, CloudWatch log groups, Lambda functions, ECS task definitions, and CodeArtifact packages now support configurable resource analysis limits via <code>aws.max_scanned_resources_per_service</code>; limits are disabled by default and only positive values cap analyzed resources <a href="https://github.com/prowler-cloud/prowler/pull/11228">(#11228)</a></li>
</ul>
<h3 id="-fixed-1">🐞 Fixed</h3>
<ul>
<li>GitHub <code>repository_has_codeowners_file</code> check no longer flags archived repositories, since they are read-only and cannot be updated without first being unarchived, making the finding not actionable <a href="https://github.com/prowler-cloud/prowler/pull/11735">(#11735)</a></li>
<li>Report secret-scanning checks as <code>MANUAL</code> instead of <code>PASS</code> when the scanner fails (non-zero exit, timeout, unparseable output or missing binary), so a scanner failure is no longer indistinguishable from &ldquo;no secrets found&rdquo; <a href="https://github.com/prowler-cloud/prowler/pull/11694">(#11694)</a></li>
<li>Avoid a false <code>FAIL</code> in <code>cloudwatch_log_group_no_secrets_in_logs</code> when a multiline event&rsquo;s secrets are all removed by <code>secrets_ignore_patterns</code> during the rescan <a href="https://github.com/prowler-cloud/prowler/pull/11694">(#11694)</a></li>
<li>Key the <code>cloudwatch_log_group_no_secrets_in_logs</code> secret scan by log group ARN instead of name, so same-named log groups and streams in different regions no longer collide and reuse each other&rsquo;s findings <a href="https://github.com/prowler-cloud/prowler/pull/11694">(#11694)</a></li>
<li>Compliance frameworks contributed by several external packages under the same provider are now merged instead of overwritten, so every entry-point directory a provider contributes is discovered <a href="https://github.com/prowler-cloud/prowler/pull/11578">(#11578)</a></li>
<li>Azure PostgreSQL flexible server collection no longer drops the remaining servers in a subscription when one server fails to collect; the <code>connection_throttle.enable</code> parameter (removed in PostgreSQL 16+) is treated as absent only when the Azure SDK reports it as not found, so unexpected lookup failures are not silently reported as throttling disabled <a href="https://github.com/prowler-cloud/prowler/pull/11595">(#11595)</a></li>
<li>Azure <code>keyvault_logging_enabled</code> now accepts Key Vault diagnostic settings that enable the explicit <code>AuditEvent</code> category, avoiding false failures when Azure returns category-based logs without category groups <a href="https://github.com/prowler-cloud/prowler/pull/11660">(#11660)</a></li>
<li>GitHub default branch protection checks now evaluate repository rulesets in addition to classic branch protection, avoiding false positives for repositories that enforce protection through rulesets <a href="https://github.com/prowler-cloud/prowler/pull/11723">(#11723)</a></li>
<li>Okta, Alibaba Cloud and OpenStack scan-config sections are now validated against a registered schema instead of being silently accepted, so their configurable thresholds (session/idle timeouts, retention days, image-sharing and secret-scanning settings) log a warning and fall back to the built-in default whenever a value is out of range <a href="https://github.com/prowler-cloud/prowler/pull/11725">(#11725)</a></li>
</ul>
]]></content:encoded></item><item><title>Assay - AI Agent Security</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/assay-ai-agent-security/</link><pubDate>Thu, 02 Jul 2026 22:17:38 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/assay-ai-agent-security/</guid><description>Version updated for https://github.com/Rul1an/assay-action to version v3.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v3 is the current major: verify, lint, and diff evidence bundles from AI agent runs in CI, with coding-agent sandbox governance and in-toto/DSSE bundle attestation.
What v3 carries
sandbox-command: run a coding agent under assay sandbox and verify the resulting evidence bundle in the same job. attest-key: in-toto/DSSE attestation over the bundle (assay evidence attest). The v2.1 AI Agent Security feature set: compliance packs, BYOS push, artifact attestation, coverage badges, PR summaries, SARIF for code scanning. v3.0.1 fixes</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Rul1an/assay-action">https://github.com/Rul1an/assay-action</a></strong> to version <strong>v3.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/assay-ai-agent-security">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>v3 is the current major: verify, lint, and diff evidence bundles from AI agent runs in CI, with coding-agent sandbox governance and in-toto/DSSE bundle attestation.</p>
<p><strong>What v3 carries</strong></p>
<ul>
<li><code>sandbox-command</code>: run a coding agent under <code>assay sandbox</code> and verify the resulting evidence bundle in the same job.</li>
<li><code>attest-key</code>: in-toto/DSSE attestation over the bundle (<code>assay evidence attest</code>).</li>
<li>The v2.1 AI Agent Security feature set: compliance packs, BYOS push, artifact attestation, coverage badges, PR summaries, SARIF for code scanning.</li>
</ul>
<p><strong>v3.0.1 fixes</strong></p>
<ul>
<li>Authenticate the latest-release lookup and resolve the release before caching the CLI (#30, #31), removing rate-limit flakes on busy runners.</li>
</ul>
<p><strong>Breaking vs v2</strong>: the legacy marketplace <code>mode</code>/<code>run</code> inputs are not carried; pin <code>Rul1an/assay-action@v2</code> if you depend on those. Migration notes in the <a href="https://github.com/Rul1an/assay/blob/main/docs/architecture/SPEC-GitHub-Action-v2.1.md">action spec</a>.</p>
<p>Pin the major: <code>uses: Rul1an/assay-action@v3</code></p>
]]></content:encoded></item><item><title>CDK Lambda Size Gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/cdk-lambda-size-gate/</link><pubDate>Thu, 02 Jul 2026 22:17:05 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/cdk-lambda-size-gate/</guid><description>Version updated for https://github.com/schuettc/cdk-lambda-size-gate to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog 16da0508205b06be18de0adb4a721ba5fc07182a: ci: e2e verification of the published action (v1.0.0 + v1, linux + windows) (@schuettc) 1d399dc296ec3f1977e607a204deb0fc133a8109: fix(action): shorten description under Marketplace 125-char limit (@schuettc)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/schuettc/cdk-lambda-size-gate">https://github.com/schuettc/cdk-lambda-size-gate</a></strong> to version <strong>v1.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/cdk-lambda-size-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="changelog">Changelog</h2>
<ul>
<li>16da0508205b06be18de0adb4a721ba5fc07182a: ci: e2e verification of the published action (v1.0.0 + v1, linux + windows) (@schuettc)</li>
<li>1d399dc296ec3f1977e607a204deb0fc133a8109: fix(action): shorten description under Marketplace 125-char limit (@schuettc)</li>
</ul>
]]></content:encoded></item><item><title>Bernstein — Multi-Agent Orchestration</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/bernstein-multi-agent-orchestration/</link><pubDate>Thu, 02 Jul 2026 22:16:32 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/bernstein-multi-agent-orchestration/</guid><description>Version updated for https://github.com/sipyourdrink-ltd/bernstein to version v2.13.0.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.13.0 Released 2026-07-02.
Run-safety guardrails and per-role endpoint configuration.
Fixes (run safety) GitHub backlog auto-sync is now opt-in and off by default. Previously a run in a repository with open GitHub issues would pull every open issue into the backlog before task scoping, which could silently discard a seeded goal and spawn work against the entire issue list. Enable it explicitly with the github.sync_backlog seed config key (or the BERNSTEIN_SYNC_GITHUB_BACKLOG env override). (#2178) A seeded goal is no longer silently dropped when the backlog is non-empty: the run now prints a loud warning naming the precedence and how to force the goal, instead of quietly planning from the backlog. (#2178) Agent worktree merges refuse to land on the repository default branch. The merge and push path resolves the protected default (origin/HEAD, then init.defaultBranch, then the conventional names, treating both main and master as protected when the remote head is ambiguous) and refuses to merge or push agent work onto it, recording the refusal, so a run started from a default-branch checkout can no longer push unreviewed commits straight to the trunk. (#2178) Features (per-role model configuration) role_model_policy entries gain optional base_url and api_key_env next to model/provider, so different roles can target different OpenAI-compatible endpoints in one workflow (for example a fast manager endpoint and cheaper worker endpoints). api_key_env names an environment variable and is validated against the same fail-closed provider allowlist as the runner. YAML anchors give reuse across roles with no new file format. Absent fields keep today’s behavior. (#2159) ModeProfile gains top_p, top_k, and max_tokens beside its existing temperature, and the previously-deferred apply_mode_to_spawn wiring is completed so a mode profile’s sampling parameters actually reach the spawn and the runner manifest. (#2159) Opt-in builtin tools for the openai_agents runner, for runs without an MCP gateway, selected by tool_source: builtin (the gateway remains the default). read_file, write_file, and list_dir are workdir-confined (absolute and parent-escape paths are rejected). run_command is a restricted process-exec primitive: bare-name commands only, shell interpreters blocked, resolved against PATH, available only under a configured OS sandbox provider or an explicit opt-in; its filesystem confinement is the OS sandbox, not the builtin. Every builtin call is recorded to the run event log so a gateway-free run stays auditable. (#2159) Quality Resolved refurb FURB123 findings in the OWASP control-map builders.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/sipyourdrink-ltd/bernstein">https://github.com/sipyourdrink-ltd/bernstein</a></strong> to version <strong>v2.13.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>5</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/bernstein-multi-agent-orchestration">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="v2130">v2.13.0</h1>
<p>Released 2026-07-02.</p>
<p>Run-safety guardrails and per-role endpoint configuration.</p>
<h2 id="fixes-run-safety">Fixes (run safety)</h2>
<ul>
<li>GitHub backlog auto-sync is now opt-in and off by default. Previously a run in a repository with open GitHub issues would pull every open issue into the backlog before task scoping, which could silently discard a seeded goal and spawn work against the entire issue list. Enable it explicitly with the <code>github.sync_backlog</code> seed config key (or the <code>BERNSTEIN_SYNC_GITHUB_BACKLOG</code> env override). (#2178)</li>
<li>A seeded goal is no longer silently dropped when the backlog is non-empty: the run now prints a loud warning naming the precedence and how to force the goal, instead of quietly planning from the backlog. (#2178)</li>
<li>Agent worktree merges refuse to land on the repository default branch. The merge and push path resolves the protected default (origin/HEAD, then <code>init.defaultBranch</code>, then the conventional names, treating both <code>main</code> and <code>master</code> as protected when the remote head is ambiguous) and refuses to merge or push agent work onto it, recording the refusal, so a run started from a default-branch checkout can no longer push unreviewed commits straight to the trunk. (#2178)</li>
</ul>
<h2 id="features-per-role-model-configuration">Features (per-role model configuration)</h2>
<ul>
<li><code>role_model_policy</code> entries gain optional <code>base_url</code> and <code>api_key_env</code> next to <code>model</code>/<code>provider</code>, so different roles can target different OpenAI-compatible endpoints in one workflow (for example a fast manager endpoint and cheaper worker endpoints). <code>api_key_env</code> names an environment variable and is validated against the same fail-closed provider allowlist as the runner. YAML anchors give reuse across roles with no new file format. Absent fields keep today&rsquo;s behavior. (#2159)</li>
<li><code>ModeProfile</code> gains <code>top_p</code>, <code>top_k</code>, and <code>max_tokens</code> beside its existing <code>temperature</code>, and the previously-deferred <code>apply_mode_to_spawn</code> wiring is completed so a mode profile&rsquo;s sampling parameters actually reach the spawn and the runner manifest. (#2159)</li>
<li>Opt-in builtin tools for the openai_agents runner, for runs without an MCP gateway, selected by <code>tool_source: builtin</code> (the gateway remains the default). <code>read_file</code>, <code>write_file</code>, and <code>list_dir</code> are workdir-confined (absolute and parent-escape paths are rejected). <code>run_command</code> is a restricted process-exec primitive: bare-name commands only, shell interpreters blocked, resolved against PATH, available only under a configured OS sandbox provider or an explicit opt-in; its filesystem confinement is the OS sandbox, not the builtin. Every builtin call is recorded to the run event log so a gateway-free run stays auditable. (#2159)</li>
</ul>
<h2 id="quality">Quality</h2>
<ul>
<li>Resolved refurb FURB123 findings in the OWASP control-map builders.</li>
</ul>
]]></content:encoded></item><item><title>Pipr Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/pipr-review/</link><pubDate>Thu, 02 Jul 2026 22:15:59 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/pipr-review/</guid><description>Version updated for https://github.com/somus/pipr to version v0.2.0.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.2.0 (2026-07-02) ⚠ BREAKING CHANGES pipr init –types-only and –no-types are removed and generated .pipr/types/pipr-sdk.d.ts is no longer written; types come from the installed @usepipr/sdk package. structure runtime action logging (#10) consolidate public API contracts (#9) Features consolidate public API contracts (#9) (01db150) support installable npm dependencies in .pipr config (#14) (97794bc) Code Refactoring structure runtime action logging (#10) (64addf1)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/somus/pipr">https://github.com/somus/pipr</a></strong> to version <strong>v0.2.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/pipr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="020-2026-07-02"><a href="https://github.com/somus/pipr/compare/v0.1.3...v0.2.0">0.2.0</a> (2026-07-02)</h2>
<h3 id="-breaking-changes">⚠ BREAKING CHANGES</h3>
<ul>
<li>pipr init &ndash;types-only and &ndash;no-types are removed and generated .pipr/types/pipr-sdk.d.ts is no longer written; types come from the installed @usepipr/sdk package.</li>
<li>structure runtime action logging (<a href="https://github.com/somus/pipr/issues/10">#10</a>)</li>
<li>consolidate public API contracts (<a href="https://github.com/somus/pipr/issues/9">#9</a>)</li>
</ul>
<h3 id="features">Features</h3>
<ul>
<li>consolidate public API contracts (<a href="https://github.com/somus/pipr/issues/9">#9</a>) (<a href="https://github.com/somus/pipr/commit/01db1506ff9af35864f130c27a6d0b2df37fdbe1">01db150</a>)</li>
<li>support installable npm dependencies in .pipr config (<a href="https://github.com/somus/pipr/issues/14">#14</a>) (<a href="https://github.com/somus/pipr/commit/97794bc8c9bd588e69e2935de4f443e704779cd6">97794bc</a>)</li>
</ul>
<h3 id="code-refactoring">Code Refactoring</h3>
<ul>
<li>structure runtime action logging (<a href="https://github.com/somus/pipr/issues/10">#10</a>) (<a href="https://github.com/somus/pipr/commit/64addf117c9c47c2c853bde63e3502d8254468da">64addf1</a>)</li>
</ul>
]]></content:encoded></item><item><title>Repository Create</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/repository-create/</link><pubDate>Thu, 02 Jul 2026 22:15:26 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/repository-create/</guid><description>Version updated for https://github.com/stairwaytowonderland/repository-create to version v1.74.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed chore(release): 1.74.0
1.74.0 (2026-07-02) ✨ Features updates (328fff6)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/stairwaytowonderland/repository-create">https://github.com/stairwaytowonderland/repository-create</a></strong> to version <strong>v1.74.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/repository-create">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>chore(release): 1.74.0</p>
<h2 id="1740-2026-07-02"><a href="https://github.com/stairwaytowonderland/repository-create/compare/v1.73.0...v1.74.0">1.74.0</a> (2026-07-02)</h2>
<h3 id="-features">✨ Features</h3>
<ul>
<li>updates (<a href="https://github.com/stairwaytowonderland/repository-create/commit/328fff62871ca4f2f4b50953a3306ecabcc9472c">328fff6</a>)</li>
</ul>
]]></content:encoded></item><item><title>Frisk — AI supply-chain scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/frisk-ai-supply-chain-scan/</link><pubDate>Thu, 02 Jul 2026 22:14:53 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/frisk-ai-supply-chain-scan/</guid><description>Version updated for https://github.com/Thandv/frisk to version v0.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First release. Static, zero-execution scanner for AI-agent content (MCP servers, skills, plugins): RCE, secret exfiltration, destructive ops, prompt-injection, tool-poisoning, hidden-unicode. Rug-pull detection (lock/verify), OWASP LLM Top 10 mapping, SARIF, GitHub Action, and an MCP server to vet-before-install. Install: pip install frisk-scan</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Thandv/frisk">https://github.com/Thandv/frisk</a></strong> to version <strong>v0.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/frisk-ai-supply-chain-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>First release. Static, zero-execution scanner for AI-agent content (MCP servers, skills, plugins): RCE, secret exfiltration, destructive ops, prompt-injection, tool-poisoning, hidden-unicode. Rug-pull detection (lock/verify), OWASP LLM Top 10 mapping, SARIF, GitHub Action, and an MCP server to vet-before-install. Install: pip install frisk-scan</p>
]]></content:encoded></item><item><title>UnityInFlow Spec Compliance</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/unityinflow-spec-compliance/</link><pubDate>Thu, 02 Jul 2026 22:14:20 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/unityinflow-spec-compliance/</guid><description>Version updated for https://github.com/UnityInFlow/spec-ci-plugin to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First stable Marketplace release of the UnityInFlow Spec Compliance action.
What’s included Typed status and report action outputs (matching the runtime core.setOutput calls) injection-scanner-version default bumped to v0.0.2 — the tag carrying the Linux musl binaries the action downloads at runtime Deterministic committed dist/ (no sourcemaps) guarded by a git diff --exit-code dist/ staleness gate in CI Public/fork CI runs secretless on GitHub-hosted runners; release automation stays on org self-hosted runners Moving v1 tag maintained automatically on release publish Usage - uses: UnityInFlow/spec-ci-plugin@v1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/UnityInFlow/spec-ci-plugin">https://github.com/UnityInFlow/spec-ci-plugin</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/unityinflow-spec-compliance">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>First stable Marketplace release of the UnityInFlow Spec Compliance action.</p>
<h2 id="whats-included">What&rsquo;s included</h2>
<ul>
<li>Typed <code>status</code> and <code>report</code> action outputs (matching the runtime <code>core.setOutput</code> calls)</li>
<li><code>injection-scanner-version</code> default bumped to <code>v0.0.2</code> — the tag carrying the Linux musl binaries the action downloads at runtime</li>
<li>Deterministic committed <code>dist/</code> (no sourcemaps) guarded by a <code>git diff --exit-code dist/</code> staleness gate in CI</li>
<li>Public/fork CI runs secretless on GitHub-hosted runners; release automation stays on org self-hosted runners</li>
<li>Moving <code>v1</code> tag maintained automatically on release publish</li>
</ul>
<h2 id="usage">Usage</h2>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">UnityInFlow/spec-ci-plugin@v1</span>
</span></span></code></pre></div>]]></content:encoded></item><item><title>Polder Drift — Design System Drift Alerts</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/polder-drift-design-system-drift-alerts/</link><pubDate>Thu, 02 Jul 2026 22:13:47 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/polder-drift-design-system-drift-alerts/</guid><description>Version updated for https://github.com/usepolder/drift to version v1.1.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Polder Drift now works with any design system — including your in-house one. Point library_paths at a checkout of your DS repo (source-only monorepo workspaces work too), and generate the look-alike detection data straight from your DS’s own source:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/usepolder/drift">https://github.com/usepolder/drift</a></strong> to version <strong>v1.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/polder-drift-design-system-drift-alerts">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Polder Drift now works with any design system — including your in-house one.</strong> Point <code>library_paths</code> at a checkout of your DS repo (source-only monorepo workspaces work too), and generate the look-alike detection data straight from your DS&rsquo;s own source:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>npx @usepolder/drift profile   <span style="color:#75715e"># writes .polder.profile.yml — review, prune, commit</span>
</span></span></code></pre></div><p>Also in this release: PRs with 100+ changed files are now fully analysed, the CLI honours <code>.polderignore</code> and shows each finding&rsquo;s suppression id, every finding carries its source line, and scans are ~3× faster. All backward compatible — existing configs, suppression files, and <code>@v1</code> workflows keep working unchanged.</p>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>docs: add fetch-depth: 0 to the recommended workflow by @jongjesse in <a href="https://github.com/usepolder/drift/pull/9">https://github.com/usepolder/drift/pull/9</a></li>
<li>Five improvements: pagination, CLI suppression parity, detection profiles, finding lines, single parse by @jongjesse in <a href="https://github.com/usepolder/drift/pull/10">https://github.com/usepolder/drift/pull/10</a></li>
<li>Any design system: resolve exports from DS repos + auto-generate detection profiles by @jongjesse in <a href="https://github.com/usepolder/drift/pull/11">https://github.com/usepolder/drift/pull/11</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/usepolder/drift/compare/v1...v1.1.0">https://github.com/usepolder/drift/compare/v1...v1.1.0</a></p>
]]></content:encoded></item><item><title>configure-huawei-cloud-credentials</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/configure-huawei-cloud-credentials/</link><pubDate>Thu, 02 Jul 2026 22:13:14 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/configure-huawei-cloud-credentials/</guid><description>Version updated for https://github.com/vbem/configure-huawei-cloud-credentials to version v1.0.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/vbem/configure-huawei-cloud-credentials/compare/v0.0.2...v1.0.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/vbem/configure-huawei-cloud-credentials">https://github.com/vbem/configure-huawei-cloud-credentials</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/configure-huawei-cloud-credentials">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/vbem/configure-huawei-cloud-credentials/compare/v0.0.2...v1.0.0">https://github.com/vbem/configure-huawei-cloud-credentials/compare/v0.0.2...v1.0.0</a></p>
]]></content:encoded></item><item><title>Install The Hive Skill</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/install-the-hive-skill/</link><pubDate>Thu, 02 Jul 2026 22:12:41 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/install-the-hive-skill/</guid><description>Version updated for https://github.com/yuzuruu29/the-hive-skill to version v0.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The Hive Skill v0.1.0 Initial public release of The Hive Skill, an open-source autonomous multi-agent orchestration skill for agentic coders.
The Hive Skill turns one AI coding agent into a structured six-role council:
Role Table Role Responsibility Queen Coordinates the council, makes final decisions, and ensures the goal is met. Scout Explores the codebase and gathers necessary context. Architect Designs the solution and plans the changes. Forger Writes the code and implements the Architect’s plan. Sentinel Validates the changes, runs tests, and ensures quality. Scribe Documents the process and writes the final report. What is included SKILL.md core skill definition Six council role files Autonomous execution loop Token efficiency mode Compressed role output mode Default invocation behavior Anti-slop rules Validation rules Final and blocked report formats OpenCode / OpenCode Go adapter Claude Code adapter Codex adapter Generic .agents adapter Install scripts for Bash and PowerShell GitHub Action wrapper Security policy Apache-2.0 license Supported agentic coding workflows The Hive Skill is designed for:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/yuzuruu29/the-hive-skill">https://github.com/yuzuruu29/the-hive-skill</a></strong> to version <strong>v0.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/install-the-hive-skill">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="the-hive-skill-v010">The Hive Skill v0.1.0</h1>
<p>Initial public release of <strong>The Hive Skill</strong>, an open-source autonomous multi-agent orchestration skill for agentic coders.</p>
<p>The Hive Skill turns one AI coding agent into a structured six-role council:</p>
<h2 id="role-table">Role Table</h2>
<table>
  <thead>
      <tr>
          <th>Role</th>
          <th>Responsibility</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td>Queen</td>
          <td>Coordinates the council, makes final decisions, and ensures the goal is met.</td>
      </tr>
      <tr>
          <td>Scout</td>
          <td>Explores the codebase and gathers necessary context.</td>
      </tr>
      <tr>
          <td>Architect</td>
          <td>Designs the solution and plans the changes.</td>
      </tr>
      <tr>
          <td>Forger</td>
          <td>Writes the code and implements the Architect&rsquo;s plan.</td>
      </tr>
      <tr>
          <td>Sentinel</td>
          <td>Validates the changes, runs tests, and ensures quality.</td>
      </tr>
      <tr>
          <td>Scribe</td>
          <td>Documents the process and writes the final report.</td>
      </tr>
  </tbody>
</table>
<h2 id="what-is-included">What is included</h2>
<ul>
<li><code>SKILL.md</code> core skill definition</li>
<li>Six council role files</li>
<li>Autonomous execution loop</li>
<li>Token efficiency mode</li>
<li>Compressed role output mode</li>
<li>Default invocation behavior</li>
<li>Anti-slop rules</li>
<li>Validation rules</li>
<li>Final and blocked report formats</li>
<li>OpenCode / OpenCode Go adapter</li>
<li>Claude Code adapter</li>
<li>Codex adapter</li>
<li>Generic <code>.agents</code> adapter</li>
<li>Install scripts for Bash and PowerShell</li>
<li>GitHub Action wrapper</li>
<li>Security policy</li>
<li>Apache-2.0 license</li>
</ul>
<h2 id="supported-agentic-coding-workflows">Supported agentic coding workflows</h2>
<p>The Hive Skill is designed for:</p>
<ul>
<li>OpenCode / OpenCode Go</li>
<li>Claude Code</li>
<li>Codex</li>
<li>Generic <code>.agents</code> workflows</li>
<li><code>SKILL.md</code>-compatible agent runtimes</li>
</ul>
<h2 id="important-note">Important note</h2>
<p>Version <code>v0.1.0</code> provides <strong>role-simulated orchestration</strong> inside compatible agentic coding tools.</p>
<p>Real multi-model or real subagent execution depends on the runtime being used.</p>
<h2 id="basic-usage">Basic usage</h2>
<p>Invoke the skill with a simple prompt:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>Use The Hive Skill to fix this.
</span></span></code></pre></div>]]></content:encoded></item><item><title>HOL Codex Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/hol-codex-plugin-scanner/</link><pubDate>Thu, 02 Jul 2026 15:00:10 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/hol-codex-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.367.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.367</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action</a></strong> to version <strong>v1.2.367</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>11</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/hol-codex-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.367">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.367</a></p>
]]></content:encoded></item><item><title>Skill Probe - AI Agent Skill Auditor</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/skill-probe-ai-agent-skill-auditor/</link><pubDate>Thu, 02 Jul 2026 14:59:36 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/skill-probe-ai-agent-skill-auditor/</guid><description>Version updated for https://github.com/HystonKayange/skill-probe to version v0.9.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed skill-probe in your pipeline, gating on statistics instead of vibes The CI question isn’t “are my skills perfect?” — it’s “did this PR make any skill worse?” Activation is stochastic, so raw-rate comparisons make CI flaky. v0.9.0 makes the gate honest.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/HystonKayange/skill-probe">https://github.com/HystonKayange/skill-probe</a></strong> to version <strong>v0.9.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skill-probe-ai-agent-skill-auditor">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="skill-probe-in-your-pipeline-gating-on-statistics-instead-of-vibes">skill-probe in your pipeline, gating on statistics instead of vibes</h2>
<p>The CI question isn&rsquo;t <em>&ldquo;are my skills perfect?&rdquo;</em> — it&rsquo;s <strong>&ldquo;did this PR make any skill worse?&rdquo;</strong> Activation is stochastic, so raw-rate comparisons make CI flaky. v0.9.0 makes the gate honest.</p>
<h3 id="baseline-regression-gating">Baseline regression gating</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>skill-probe --config probe.config.json --save-baseline baselines/main.json   <span style="color:#75715e"># once, on main</span>
</span></span><span style="display:flex;"><span>skill-probe --config probe.config.json --baseline baselines/main.json        <span style="color:#75715e"># every PR</span>
</span></span></code></pre></div><p>Each case is compared against the baseline with <strong>Fisher&rsquo;s exact test, Benjamini-Hochberg corrected</strong> — noise passes, significant drops fail (exit 1). Drift in config/runtime/model since the baseline warns (matched cases still gated); new/missing cases are reported, not gated; a side with no valid probes is <strong>NOT COMPARABLE</strong>, never a silent pass. Significant improvements are flagged as a nudge to re-save the baseline.</p>
<h3 id="run-manifest">Run manifest</h3>
<p>Every <code>--json</code> result now stamps <em>who/what/when</em>: tool version, command, ISO date, runtime, model, k/threshold/conf, and a <strong>config hash</strong> (cwd excluded — the same library on a laptop and a CI runner is the same experiment). Two runs are comparable; a report is citable.</p>
<h3 id="github-action">GitHub Action</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">HystonKayange/skill-probe@main</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">config</span>: <span style="color:#ae81ff">probe.config.json</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">args</span>: --<span style="color:#ae81ff">baseline baselines/main.json</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">env</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">ANTHROPIC_API_KEY</span>: <span style="color:#ae81ff">${{ secrets.ANTHROPIC_API_KEY }}</span>
</span></span></code></pre></div><p>Installs skill-probe + the runtime CLI (Claude Code by default, swappable) and runs any subcommand (<code>audit</code>/<code>context</code>/<code>diagnose</code>/<code>doctor</code>).</p>
<p>Plus: repo CI (typecheck + tests, no API calls). 83 tests. Baseline save→gate loop proven live.</p>
]]></content:encoded></item><item><title>MLX Model Doctor</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/mlx-model-doctor/</link><pubDate>Thu, 02 Jul 2026 14:59:03 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/mlx-model-doctor/</guid><description>Version updated for https://github.com/IonDen/mlx-model-doctor to version v0.6.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed v0.6.2: memory pass/fail semantics and hardening fixes by @IonDen in https://github.com/IonDen/mlx-model-doctor/pull/22 Full Changelog: https://github.com/IonDen/mlx-model-doctor/compare/v0.6.1...v0.6.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/IonDen/mlx-model-doctor">https://github.com/IonDen/mlx-model-doctor</a></strong> to version <strong>v0.6.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/mlx-model-doctor">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>v0.6.2: memory pass/fail semantics and hardening fixes by @IonDen in <a href="https://github.com/IonDen/mlx-model-doctor/pull/22">https://github.com/IonDen/mlx-model-doctor/pull/22</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/IonDen/mlx-model-doctor/compare/v0.6.1...v0.6.2">https://github.com/IonDen/mlx-model-doctor/compare/v0.6.1...v0.6.2</a></p>
]]></content:encoded></item><item><title>zizmor - static analysis tool for Actions workflows</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/zizmor-static-analysis-tool-for-actions-workflows/</link><pubDate>Thu, 02 Jul 2026 14:58:30 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/zizmor-static-analysis-tool-for-actions-workflows/</guid><description>Version updated for https://github.com/its-me/action.zizmor to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release of the action.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/its-me/action.zizmor">https://github.com/its-me/action.zizmor</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/zizmor-static-analysis-tool-for-actions-workflows">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Initial release of the action.</p>
]]></content:encoded></item><item><title>NeuroLink AI</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/neurolink-ai/</link><pubDate>Thu, 02 Jul 2026 14:57:57 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/neurolink-ai/</guid><description>Version updated for https://github.com/juspay/neurolink to version v9.80.3.
This action is used across all versions by 10 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 9.80.3 (2026-07-02) Bug Fixes (vertex): reserve final_result step + graceful cap recovery in native Anthropic loop (ee44e60), closes #1123</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/juspay/neurolink">https://github.com/juspay/neurolink</a></strong> to version <strong>v9.80.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>10</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/neurolink-ai">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="9803-2026-07-02"><a href="https://github.com/juspay/neurolink/compare/v9.80.2...v9.80.3">9.80.3</a> (2026-07-02)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li><strong>(vertex):</strong>  reserve final_result step + graceful cap recovery in native Anthropic loop (<a href="https://github.com/juspay/neurolink/commit/ee44e6055ee6658ae471ac15c6bee6a890888350">ee44e60</a>), closes <a href="https://github.com/juspay/neurolink/issues/1123">#1123</a></li>
</ul>
]]></content:encoded></item><item><title>OLIVE Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/olive-action/</link><pubDate>Thu, 02 Jul 2026 14:57:24 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/olive-action/</guid><description>Version updated for https://github.com/kakao/olive-action to version v1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 🚀 OLIVE Action v1 - 첫 번째 릴리즈 📋 릴리즈 개요 OLIVE Action의 첫 번째 공식 릴리즈입니다. 이 Action은 GitHub Actions에서 OLIVE CLI를 사용하여 오픈소스 라이선스 의무사항 준수를 자동화하는 도구입니다.
✨ 주요 기능 🔍 자동 의존성 분석 Pull Request 생성 시 소스코드 의존성을 자동으로 분석 다양한 프로그래밍 언어 지원 (Python, Node.js, Java, Rust, Ruby, Dart, Flutter 등) ORT (OSS Review Toolkit) 기반의 정확한 의존성 추출 💬 PR 코멘트 자동 작성 분석 결과를 Pull Request에 자동으로 코멘트 작성 라이선스 정보, 매핑된 컴포넌트, 매핑되지 않은 의존성 목록 제공 실패 시에도 적절한 에러 메시지 자동 작성 🔗 OLIVE Platform 연동 분석 결과를 OLIVE Platform으로 자동 전송 오픈소스 라이선스 및 취약점 관리 지원 프로젝트별 라이선스 의무사항 추적 📦 분석 결과 저장 GitHub Artifacts를 통한 상세 분석 결과 저장 dependency.csv, dependency.json, mapping.csv, mapping.json, unmapping.csv 파일 제공 설정 파일 (local-config.yaml) 보관 🛠️ 기술적 특징 컨테이너 기반 실행 Docker 컨테이너 환경에서 격리된 실행 다양한 개발 도구가 사전 설치된 통합 환경 안정적이고 재현 가능한 실행 환경 다중 언어 지원 Python: 3.11.10, pip, pipenv, poetry, conan Node.js: 20.14.0, npm, yarn, pnpm, bower Java: Gradle 8.13, OpenJDK 11 Rust: 1.72.0 Ruby: 3.3.5, bundler, cocoapods Dart/Flutter: 2.18.4/3.24.4 PHP: 8.3, composer Android: Android SDK, command-line tools 모듈화된 구조 6단계 실행 프로세스로 명확한 워크플로우 각 기능별 분리된 스크립트로 유지보수성 향상 사용자 정의 설정 파일 지원 🚀 사용법 기본 사용법 name: OLIVE Action on: pull_request: types: [opened, synchronize, reopened] branches: [main, develop] permissions: contents: read issues: write pull-requests: write jobs: olive-scan: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Run OLIVE Action uses: kakao/olive-action@v1 with: olive-token: ${{ secrets.OLIVE_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }} 고급 설정 - name: Run OLIVE Action with custom settings uses: kakao/olive-action@v1 with: olive-project-name: &amp;#34;my-custom-project&amp;#34; olive-token: ${{ secrets.OLIVE_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }} source-path: &amp;#34;./src&amp;#34; user-config-path: &amp;#34;./user-config.yml&amp;#34; artifact-retention-days: &amp;#34;7&amp;#34; comment-on-pr: &amp;#34;true&amp;#34; analyze-only: &amp;#34;false&amp;#34; debug: &amp;#34;false&amp;#34; 🔧 입력 파라미터 파라미터 설명 필수 기본값 olive-token OLIVE Platform API 토큰 ✅ - github-token PR 코멘트 작성용 GitHub 토큰 ✅ - olive-project-name OLIVE Platform 프로젝트 이름 ❌ 저장소 이름 source-path 분석할 소스코드 경로 ❌ ./ user-config-path 사용자 정의 config 파일 경로 ❌ &amp;#34;&amp;#34; artifact-retention-days 아티팩트 보관 기간 (일) ❌ 30 comment-on-pr PR에 코멘트 작성 여부 ❌ true analyze-only 분석만 수행하고 Platform 연동 생략 ❌ false debug 디버그 모드 활성화 ❌ false 📊 출력 결과 GitHub Artifacts dependency.csv, dependency.json: 의존성 분석 결과 mapping.csv, mapping.json: 컴포넌트 매핑 결과 unmapping.csv: 매핑되지 않은 의존성 목록 local-config.yaml: OLIVE CLI 설정 파일 PR 코멘트 OLIVE CLI 버전 및 프로젝트 정보 라이선스 분석 결과 요약 매핑된 컴포넌트 및 매핑되지 않은 의존성 목록 아티팩트 다운로드 링크 🚨 사전 준비사항 1. OLIVE Platform 토큰 발급 OLIVE Platform에서 API 토큰 발급 토큰 발급 가이드 참고 2. GitHub Secrets 설정 OLIVE_TOKEN: OLIVE Platform API 토큰 GITHUB_TOKEN: GitHub Actions 기본 토큰 (자동 제공) 🔍 실행 단계 소스 위치 검증 - 분석할 소스코드 경로 확인 OLIVE CLI 초기화 - 프로젝트 설정 및 토큰 검증 의존성 분석 - 소스코드 의존성 추출 및 분석 컴포넌트 분석 - 의존성을 OLIVE 컴포넌트에 매핑 라이선스 분석 - 라이선스 정보 추출 및 분석 OLIVE Platform 연동 - 분석 결과를 Platform으로 전송 🛡️ 보안 및 안정성 격리된 실행 환경: Docker 컨테이너를 통한 안전한 실행 토큰 검증: 실행 전 필수 토큰들의 유효성 검증 에러 처리: 실패 시 자동 정리 및 에러 리포팅 리소스 관리: 컨테이너 자동 정리로 메모리 누수 방지 📚 문서 및 지원 사용 가이드: README.md OLIVE Platform: https://olive.kakao.com/ OLIVE CLI: https://github.com/kakao/olive-cli 📄 라이선스 이 프로젝트는 Apache License 2.0 하에 배포됩니다.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/kakao/olive-action">https://github.com/kakao/olive-action</a></strong> to version <strong>v1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/olive-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="-olive-action-v1---첫-번째-릴리즈">🚀 OLIVE Action v1 - 첫 번째 릴리즈</h1>
<h3 id="-릴리즈-개요">📋 릴리즈 개요</h3>
<p><strong>OLIVE Action</strong>의 첫 번째 공식 릴리즈입니다. 이 Action은 GitHub Actions에서 OLIVE CLI를 사용하여 오픈소스 라이선스 의무사항 준수를 자동화하는 도구입니다.</p>
<hr>
<h2 id="-주요-기능">✨ 주요 기능</h2>
<h3 id="-자동-의존성-분석">🔍 <strong>자동 의존성 분석</strong></h3>
<ul>
<li>Pull Request 생성 시 소스코드 의존성을 자동으로 분석</li>
<li>다양한 프로그래밍 언어 지원 (Python, Node.js, Java, Rust, Ruby, Dart, Flutter 등)</li>
<li>ORT (OSS Review Toolkit) 기반의 정확한 의존성 추출</li>
</ul>
<h3 id="-pr-코멘트-자동-작성">💬 <strong>PR 코멘트 자동 작성</strong></h3>
<ul>
<li>분석 결과를 Pull Request에 자동으로 코멘트 작성</li>
<li>라이선스 정보, 매핑된 컴포넌트, 매핑되지 않은 의존성 목록 제공</li>
<li>실패 시에도 적절한 에러 메시지 자동 작성</li>
</ul>
<h3 id="-olive-platform-연동">🔗 <strong>OLIVE Platform 연동</strong></h3>
<ul>
<li>분석 결과를 OLIVE Platform으로 자동 전송</li>
<li>오픈소스 라이선스 및 취약점 관리 지원</li>
<li>프로젝트별 라이선스 의무사항 추적</li>
</ul>
<h3 id="-분석-결과-저장">📦 <strong>분석 결과 저장</strong></h3>
<ul>
<li>GitHub Artifacts를 통한 상세 분석 결과 저장</li>
<li><code>dependency.csv</code>, <code>dependency.json</code>, <code>mapping.csv</code>, <code>mapping.json</code>, <code>unmapping.csv</code> 파일 제공</li>
<li>설정 파일 (<code>local-config.yaml</code>) 보관</li>
</ul>
<hr>
<h2 id="-기술적-특징">🛠️ 기술적 특징</h2>
<h3 id="컨테이너-기반-실행"><strong>컨테이너 기반 실행</strong></h3>
<ul>
<li>Docker 컨테이너 환경에서 격리된 실행</li>
<li>다양한 개발 도구가 사전 설치된 통합 환경</li>
<li>안정적이고 재현 가능한 실행 환경</li>
</ul>
<h3 id="다중-언어-지원"><strong>다중 언어 지원</strong></h3>
<ul>
<li><strong>Python</strong>: 3.11.10, pip, pipenv, poetry, conan</li>
<li><strong>Node.js</strong>: 20.14.0, npm, yarn, pnpm, bower</li>
<li><strong>Java</strong>: Gradle 8.13, OpenJDK 11</li>
<li><strong>Rust</strong>: 1.72.0</li>
<li><strong>Ruby</strong>: 3.3.5, bundler, cocoapods</li>
<li><strong>Dart/Flutter</strong>: 2.18.4/3.24.4</li>
<li><strong>PHP</strong>: 8.3, composer</li>
<li><strong>Android</strong>: Android SDK, command-line tools</li>
</ul>
<h3 id="모듈화된-구조"><strong>모듈화된 구조</strong></h3>
<ul>
<li>6단계 실행 프로세스로 명확한 워크플로우</li>
<li>각 기능별 분리된 스크립트로 유지보수성 향상</li>
<li>사용자 정의 설정 파일 지원</li>
</ul>
<hr>
<h2 id="-사용법">🚀 사용법</h2>
<h3 id="기본-사용법"><strong>기본 사용법</strong></h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">name</span>: <span style="color:#ae81ff">OLIVE Action</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">on</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">pull_request</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">types</span>: [<span style="color:#ae81ff">opened, synchronize, reopened]</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">branches</span>: [<span style="color:#ae81ff">main, develop]</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">permissions</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">contents</span>: <span style="color:#ae81ff">read</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">issues</span>: <span style="color:#ae81ff">write</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">pull-requests</span>: <span style="color:#ae81ff">write</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">jobs</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">olive-scan</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">runs-on</span>: <span style="color:#ae81ff">ubuntu-latest</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">steps</span>:
</span></span><span style="display:flex;"><span>      - <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Checkout code</span>
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v4</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>      - <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Run OLIVE Action</span>
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">kakao/olive-action@v1</span>
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>          <span style="color:#f92672">olive-token</span>: <span style="color:#ae81ff">${{ secrets.OLIVE_TOKEN }}</span>
</span></span><span style="display:flex;"><span>          <span style="color:#f92672">github-token</span>: <span style="color:#ae81ff">${{ secrets.GITHUB_TOKEN }}</span>
</span></span></code></pre></div><h3 id="고급-설정"><strong>고급 설정</strong></h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Run OLIVE Action with custom settings</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">kakao/olive-action@v1</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">olive-project-name</span>: <span style="color:#e6db74">&#34;my-custom-project&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">olive-token</span>: <span style="color:#ae81ff">${{ secrets.OLIVE_TOKEN }}</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">github-token</span>: <span style="color:#ae81ff">${{ secrets.GITHUB_TOKEN }}</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">source-path</span>: <span style="color:#e6db74">&#34;./src&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">user-config-path</span>: <span style="color:#e6db74">&#34;./user-config.yml&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">artifact-retention-days</span>: <span style="color:#e6db74">&#34;7&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">comment-on-pr</span>: <span style="color:#e6db74">&#34;true&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">analyze-only</span>: <span style="color:#e6db74">&#34;false&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">debug</span>: <span style="color:#e6db74">&#34;false&#34;</span>
</span></span></code></pre></div><hr>
<h2 id="-입력-파라미터">🔧 입력 파라미터</h2>
<table>
  <thead>
      <tr>
          <th>파라미터</th>
          <th>설명</th>
          <th>필수</th>
          <th>기본값</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td><code>olive-token</code></td>
          <td>OLIVE Platform API 토큰</td>
          <td>✅</td>
          <td>-</td>
      </tr>
      <tr>
          <td><code>github-token</code></td>
          <td>PR 코멘트 작성용 GitHub 토큰</td>
          <td>✅</td>
          <td>-</td>
      </tr>
      <tr>
          <td><code>olive-project-name</code></td>
          <td>OLIVE Platform 프로젝트 이름</td>
          <td>❌</td>
          <td>저장소 이름</td>
      </tr>
      <tr>
          <td><code>source-path</code></td>
          <td>분석할 소스코드 경로</td>
          <td>❌</td>
          <td><code>./</code></td>
      </tr>
      <tr>
          <td><code>user-config-path</code></td>
          <td>사용자 정의 config 파일 경로</td>
          <td>❌</td>
          <td><code>&quot;&quot;</code></td>
      </tr>
      <tr>
          <td><code>artifact-retention-days</code></td>
          <td>아티팩트 보관 기간 (일)</td>
          <td>❌</td>
          <td><code>30</code></td>
      </tr>
      <tr>
          <td><code>comment-on-pr</code></td>
          <td>PR에 코멘트 작성 여부</td>
          <td>❌</td>
          <td><code>true</code></td>
      </tr>
      <tr>
          <td><code>analyze-only</code></td>
          <td>분석만 수행하고 Platform 연동 생략</td>
          <td>❌</td>
          <td><code>false</code></td>
      </tr>
      <tr>
          <td><code>debug</code></td>
          <td>디버그 모드 활성화</td>
          <td>❌</td>
          <td><code>false</code></td>
      </tr>
  </tbody>
</table>
<hr>
<h2 id="-출력-결과">📊 출력 결과</h2>
<h3 id="github-artifacts"><strong>GitHub Artifacts</strong></h3>
<ul>
<li><code>dependency.csv</code>, <code>dependency.json</code>: 의존성 분석 결과</li>
<li><code>mapping.csv</code>, <code>mapping.json</code>: 컴포넌트 매핑 결과</li>
<li><code>unmapping.csv</code>: 매핑되지 않은 의존성 목록</li>
<li><code>local-config.yaml</code>: OLIVE CLI 설정 파일</li>
</ul>
<h3 id="pr-코멘트"><strong>PR 코멘트</strong></h3>
<ul>
<li>OLIVE CLI 버전 및 프로젝트 정보</li>
<li>라이선스 분석 결과 요약</li>
<li>매핑된 컴포넌트 및 매핑되지 않은 의존성 목록</li>
<li>아티팩트 다운로드 링크</li>
</ul>
<hr>
<h2 id="-사전-준비사항">🚨 사전 준비사항</h2>
<h3 id="1-olive-platform-토큰-발급">1. <strong>OLIVE Platform 토큰 발급</strong></h3>
<ul>
<li><a href="https://olive.kakao.com/">OLIVE Platform</a>에서 API 토큰 발급</li>
<li><a href="https://olive.kakao.com/docs/my-page/token">토큰 발급 가이드</a> 참고</li>
</ul>
<h3 id="2-github-secrets-설정">2. <strong>GitHub Secrets 설정</strong></h3>
<ul>
<li><code>OLIVE_TOKEN</code>: OLIVE Platform API 토큰</li>
<li><code>GITHUB_TOKEN</code>: GitHub Actions 기본 토큰 (자동 제공)</li>
</ul>
<hr>
<h2 id="-실행-단계">🔍 실행 단계</h2>
<ol>
<li><strong>소스 위치 검증</strong> - 분석할 소스코드 경로 확인</li>
<li><strong>OLIVE CLI 초기화</strong> - 프로젝트 설정 및 토큰 검증</li>
<li><strong>의존성 분석</strong> - 소스코드 의존성 추출 및 분석</li>
<li><strong>컴포넌트 분석</strong> - 의존성을 OLIVE 컴포넌트에 매핑</li>
<li><strong>라이선스 분석</strong> - 라이선스 정보 추출 및 분석</li>
<li><strong>OLIVE Platform 연동</strong> - 분석 결과를 Platform으로 전송</li>
</ol>
<hr>
<h2 id="-보안-및-안정성">🛡️ 보안 및 안정성</h2>
<ul>
<li><strong>격리된 실행 환경</strong>: Docker 컨테이너를 통한 안전한 실행</li>
<li><strong>토큰 검증</strong>: 실행 전 필수 토큰들의 유효성 검증</li>
<li><strong>에러 처리</strong>: 실패 시 자동 정리 및 에러 리포팅</li>
<li><strong>리소스 관리</strong>: 컨테이너 자동 정리로 메모리 누수 방지</li>
</ul>
<hr>
<h2 id="-문서-및-지원">📚 문서 및 지원</h2>
<ul>
<li><strong>사용 가이드</strong>: <a href="README.md">README.md</a></li>
<li><strong>OLIVE Platform</strong>: <a href="https://olive.kakao.com/">https://olive.kakao.com/</a></li>
<li><strong>OLIVE CLI</strong>: <a href="https://github.com/kakao/olive-cli">https://github.com/kakao/olive-cli</a></li>
</ul>
<hr>
<h2 id="-라이선스">📄 라이선스</h2>
<p>이 프로젝트는 Apache License 2.0 하에 배포됩니다.</p>
<p>Copyright 2025 Kakao Corp. <a href="http://www.kakaocorp.com">http://www.kakaocorp.com</a></p>
]]></content:encoded></item><item><title>Night Sky Contrib</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/night-sky-contrib/</link><pubDate>Thu, 02 Jul 2026 14:56:51 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/night-sky-contrib/</guid><description>Version updated for https://github.com/maxmode-now/night-sky-contrib to version v1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release.
night / dawn / city themes real moon phase, longest streak constellation, language mountains or skyline zero dependencies, works with the default GITHUB_TOKEN</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/maxmode-now/night-sky-contrib">https://github.com/maxmode-now/night-sky-contrib</a></strong> to version <strong>v1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/night-sky-contrib">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Initial release.</p>
<ul>
<li>night / dawn / city themes</li>
<li>real moon phase, longest streak constellation, language mountains or skyline</li>
<li>zero dependencies, works with the default GITHUB_TOKEN</li>
</ul>
]]></content:encoded></item><item><title>Pollinations PR Reviewer</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/pollinations-pr-reviewer/</link><pubDate>Thu, 02 Jul 2026 14:56:18 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/pollinations-pr-reviewer/</guid><description>Version updated for https://github.com/mikl-shortcuts/Pollinations-PR-Reviewer to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Small Update: Integrate minimatch Improve comment parsing Add PR descriptions passing Add reasoning-effort and timeout parameters Improve logging Bug fixes</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mikl-shortcuts/Pollinations-PR-Reviewer">https://github.com/mikl-shortcuts/Pollinations-PR-Reviewer</a></strong> to version <strong>v1.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/pollinations-pr-reviewer">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h3 id="small-update">Small Update:</h3>
<ul>
<li>Integrate minimatch</li>
<li>Improve comment parsing</li>
<li>Add PR descriptions passing</li>
<li>Add reasoning-effort and timeout parameters</li>
<li>Improve logging</li>
<li>Bug fixes</li>
</ul>
]]></content:encoded></item><item><title>Synaptic PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/synaptic-pr-review/</link><pubDate>Thu, 02 Jul 2026 14:55:44 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/synaptic-pr-review/</guid><description>Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.2.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed ✨ New Features Repository Memory Rules — teach the bot your team’s coding conventions Comment @synaptic-ai remember: &amp;lt;rule&amp;gt; on any PR to add a rule Rules stored in .synaptic/rules.json and enforced during every review Collaborator verification before adding rules Dedicated extraction prompt for faster processing 🐛 Bug Fixes Fix pr_number used before defined in main_remember() Fix direct engine not outputting REMEMBER_RULE_JSON Move collaborator check before LLM extraction to avoid wasted API calls Add collaborator check to process_remember_from_comment() Filter find_latest_comment_with_remember() by bot author + review signature 📝 Documentation Add preview screenshots (PR Overview, Issue Summary, Inline Comments) to README Full Changelog: https://github.com/minhphu102003/ai-pr-review-action/compare/v0.1.3...v0.2.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/minhphu102003/ai-pr-review-action">https://github.com/minhphu102003/ai-pr-review-action</a></strong> to version <strong>v0.2.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/synaptic-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="-new-features">✨ New Features</h2>
<ul>
<li><strong>Repository Memory Rules</strong> — teach the bot your team&rsquo;s coding conventions
<ul>
<li>Comment <code>@synaptic-ai remember: &lt;rule&gt;</code> on any PR to add a rule</li>
<li>Rules stored in <code>.synaptic/rules.json</code> and enforced during every review</li>
<li>Collaborator verification before adding rules</li>
<li>Dedicated extraction prompt for faster processing</li>
</ul>
</li>
</ul>
<h2 id="-bug-fixes">🐛 Bug Fixes</h2>
<ul>
<li>Fix <code>pr_number</code> used before defined in <code>main_remember()</code></li>
<li>Fix direct engine not outputting <code>REMEMBER_RULE_JSON</code></li>
<li>Move collaborator check before LLM extraction to avoid wasted API calls</li>
<li>Add collaborator check to <code>process_remember_from_comment()</code></li>
<li>Filter <code>find_latest_comment_with_remember()</code> by bot author + review signature</li>
</ul>
<h2 id="-documentation">📝 Documentation</h2>
<ul>
<li>Add preview screenshots (PR Overview, Issue Summary, Inline Comments) to README</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/minhphu102003/ai-pr-review-action/compare/v0.1.3...v0.2.0">https://github.com/minhphu102003/ai-pr-review-action/compare/v0.1.3...v0.2.0</a></p>
]]></content:encoded></item><item><title>moult-action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/moult-action/</link><pubDate>Thu, 02 Jul 2026 14:55:11 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/moult-action/</guid><description>Version updated for https://github.com/moult-rb/moult-rb to version v0.2.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Update README.md by @GoodPie in https://github.com/moult-rb/moult-rb/pull/2 Add GitHub Actions workflow for Moult integration by @GoodPie in https://github.com/moult-rb/moult-rb/pull/3 Support baseline scan uploads in the composite action by @GoodPie in https://github.com/moult-rb/moult-rb/pull/4 New Contributors @GoodPie made their first contribution in https://github.com/moult-rb/moult-rb/pull/2 Full Changelog: https://github.com/moult-rb/moult-rb/compare/v0.1.0...v0.2.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/moult-rb/moult-rb">https://github.com/moult-rb/moult-rb</a></strong> to version <strong>v0.2.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/moult-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Update README.md by @GoodPie in <a href="https://github.com/moult-rb/moult-rb/pull/2">https://github.com/moult-rb/moult-rb/pull/2</a></li>
<li>Add GitHub Actions workflow for Moult integration by @GoodPie in <a href="https://github.com/moult-rb/moult-rb/pull/3">https://github.com/moult-rb/moult-rb/pull/3</a></li>
<li>Support baseline scan uploads in the composite action by @GoodPie in <a href="https://github.com/moult-rb/moult-rb/pull/4">https://github.com/moult-rb/moult-rb/pull/4</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@GoodPie made their first contribution in <a href="https://github.com/moult-rb/moult-rb/pull/2">https://github.com/moult-rb/moult-rb/pull/2</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/moult-rb/moult-rb/compare/v0.1.0...v0.2.0">https://github.com/moult-rb/moult-rb/compare/v0.1.0...v0.2.0</a></p>
]]></content:encoded></item><item><title>Go Proxy Cache Updater</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/go-proxy-cache-updater/</link><pubDate>Thu, 02 Jul 2026 14:54:38 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/go-proxy-cache-updater/</guid><description>Version updated for https://github.com/nicholas-fedor/go-proxy-pull-action to version v1.1.11.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.1.11 (2026-07-02)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/nicholas-fedor/go-proxy-pull-action">https://github.com/nicholas-fedor/go-proxy-pull-action</a></strong> to version <strong>v1.1.11</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>10</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/go-proxy-cache-updater">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="1111-2026-07-02"><a href="https://github.com/nicholas-fedor/go-proxy-pull-action/compare/v1.1.10...v1.1.11">1.1.11</a> (2026-07-02)</h2>
]]></content:encoded></item><item><title>Open Delivery Spec</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/open-delivery-spec/</link><pubDate>Thu, 02 Jul 2026 14:54:02 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/open-delivery-spec/</guid><description>Version updated for https://github.com/open-delivery-spec/validate-action to version v0.2.1.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed 👻 Maintenance ci: add scheduled workflow to bump the pinned CLI version by @shenxianpeng in #45 chore: pin default cli-ref to a stable release for reproducibility by @shenxianpeng in #43 Full Changelog: https://github.com/open-delivery-spec/validate-action/compare/v0.2.0...v0.2.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/open-delivery-spec/validate-action">https://github.com/open-delivery-spec/validate-action</a></strong> to version <strong>v0.2.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>3</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/open-delivery-spec">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<h2 id="-maintenance">👻 Maintenance</h2>
<ul>
<li>ci: add scheduled workflow to bump the pinned CLI version by @shenxianpeng in #45</li>
<li>chore: pin default cli-ref to a stable release for reproducibility by @shenxianpeng in #43</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/open-delivery-spec/validate-action/compare/v0.2.0...v0.2.1">https://github.com/open-delivery-spec/validate-action/compare/v0.2.0...v0.2.1</a></p>
]]></content:encoded></item><item><title>Polygraph MCP gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/polygraph-mcp-gate/</link><pubDate>Thu, 02 Jul 2026 14:53:29 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/polygraph-mcp-gate/</guid><description>Version updated for https://github.com/polygraphso/litmus to version litmus-v0.22.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Patch release shipping the security and correctness fixes from the 2026-07-02 engineering review.
False-pass paths (grading correctness):
A1 — iptables add-op is now atomic (set -e): a partial rule insertion exits non-zero so the caller falls back to --internal instead of running with broken NAT and silently missing IP-literal/DoH egress A2 — readOnlyHint:true can no longer bypass the exercise skip gate: unsafeToExerciseToolNames now checks the broad STATE_CHANGING_VERBS set regardless of the annotation, so a lying swap_*/buy_*/approve_*/mint_* tool is never actively bait-called A3 — content in a JSON-RPC error response is now scanned: callToolArgs carries errorText; probes 1.2, 1.3 run scanInjection on it, probe 3.1 runs internalsLeak A5 — MCP progress forwarding: void sendNotification(…) → .catch(() =&amp;gt; {}) so a client disconnect during a run can’t kill the server process Sandbox observability:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/polygraphso/litmus">https://github.com/polygraphso/litmus</a></strong> to version <strong>litmus-v0.22.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/polygraph-mcp-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Patch release shipping the security and correctness fixes from the 2026-07-02 engineering review.</p>
<p><strong>False-pass paths (grading correctness):</strong></p>
<ul>
<li>A1 — iptables add-op is now atomic (<code>set -e</code>): a partial rule insertion exits non-zero so the caller falls back to <code>--internal</code> instead of running with broken NAT and silently missing IP-literal/DoH egress</li>
<li>A2 — <code>readOnlyHint:true</code> can no longer bypass the exercise skip gate: <code>unsafeToExerciseToolNames</code> now checks the broad <code>STATE_CHANGING_VERBS</code> set regardless of the annotation, so a lying <code>swap_*</code>/<code>buy_*</code>/<code>approve_*</code>/<code>mint_*</code> tool is never actively bait-called</li>
<li>A3 — content in a JSON-RPC error response is now scanned: <code>callToolArgs</code> carries <code>errorText</code>; probes 1.2, 1.3 run <code>scanInjection</code> on it, probe 3.1 runs <code>internalsLeak</code></li>
<li>A5 — MCP progress forwarding: <code>void sendNotification(…)</code> → <code>.catch(() =&gt; {})</code> so a client disconnect during a run can&rsquo;t kill the server process</li>
</ul>
<p><strong>Sandbox observability:</strong></p>
<ul>
<li>A4 — <code>selectedNetwork()</code> defaults to <code>base</code> (mainnet); <code>server.json</code> and the plugin <code>.mcp.json</code> now ship <code>NEXT_PUBLIC_POLYGRAPH_NETWORK=base</code></li>
<li>A6 — <code>removeHostDnat</code> emits a stderr warning on failure so dangling host iptables rules are visible in operator logs</li>
</ul>
<p><strong>Verify tools:</strong></p>
<ul>
<li>B6 — <code>verify_attestation</code> / <code>verify_skill_attestation</code>: found-but-null now surfaces as <code>lookup_failed</code> rather than <code>not_available</code> (a trusted index disagreeing with the chain is not unevaluated)</li>
<li>B7 — revoked attestations show <code>status:&quot;revoked&quot;</code>, expired ones <code>status:&quot;expired&quot;</code>; <code>expirationTime</code> included in the payload</li>
</ul>
<p><strong>Housekeeping:</strong></p>
<ul>
<li>B11 — dead <code>MINTER_PRIVATE_KEY</code> removed from <code>.env.example</code></li>
<li>B12 — <code>action.yml</code> default version pin updated; CONTRIBUTING release flow now documents all six steps including the <code>v1</code> retag</li>
</ul>
]]></content:encoded></item><item><title>Postman Onboarding Workspace Bootstrap</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/postman-onboarding-workspace-bootstrap/</link><pubDate>Thu, 02 Jul 2026 14:52:56 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/postman-onboarding-workspace-bootstrap/</guid><description>Version updated for https://github.com/postman-cs/postman-bootstrap-action to version v2.6.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-bootstrap-action/compare/v2...v2.6.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-bootstrap-action">https://github.com/postman-cs/postman-bootstrap-action</a></strong> to version <strong>v2.6.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-workspace-bootstrap">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-bootstrap-action/compare/v2...v2.6.0">https://github.com/postman-cs/postman-bootstrap-action/compare/v2...v2.6.0</a></p>
]]></content:encoded></item><item><title>Notify QA Wolf on Deploy</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/notify-qa-wolf-on-deploy/</link><pubDate>Thu, 02 Jul 2026 14:52:23 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/notify-qa-wolf-on-deploy/</guid><description>Version updated for https://github.com/qawolf/notify-qawolf-on-deploy-action to version v2.0.1.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.0.1 Fix the ephemeral-environment input being ignored. Ephemeral deployments are now notified as ephemeral instead of as a regular GitHub deployment, and deployment-url is required when ephemeral-environment is true. v2.0.0 The action now runs on Node 24. v1.2.1 Allow ephemeral-environment as a valid input param v1.2.0 Don’t guess a recent PR number based on SHA for non-PR events v1.1.5 Allow pull-request-number as a valid input param v1.1.4 Fix a problem where the sha passed in via merge_group events was wrong, causing commit checks to never complete v1.1.3 Update README.md to include deployment_type examples v1.1.2 Correct code sample in README where GITHUB_TOKEN is being passed as a secrets instead of an env v1.1.1 Improve logging to facilitate debugging v1.1.0 Expose an eventId on errors Output the environmentId on attemptNotifyDeploy v1.0.4 Extract information from Github Event and send it to attemptNotifyDeploy v1.0.3 Add qawolf-base-url optional input v1.0.2 Fix action name on documentation v1.0.1 Fix build problem and add branding v1.0.0 Initial version</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/qawolf/notify-qawolf-on-deploy-action">https://github.com/qawolf/notify-qawolf-on-deploy-action</a></strong> to version <strong>v2.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/notify-qa-wolf-on-deploy">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="v201">v2.0.1</h2>
<ul>
<li>Fix the <code>ephemeral-environment</code> input being ignored. Ephemeral deployments are now notified as ephemeral instead of as a regular GitHub deployment, and <code>deployment-url</code> is required when <code>ephemeral-environment</code> is <code>true</code>.</li>
</ul>
<h2 id="v200">v2.0.0</h2>
<ul>
<li>The action now runs on Node 24.</li>
</ul>
<h2 id="v121">v1.2.1</h2>
<ul>
<li>Allow <code>ephemeral-environment</code> as a valid input param</li>
</ul>
<h2 id="v120">v1.2.0</h2>
<ul>
<li>Don&rsquo;t guess a recent PR number based on SHA for non-PR events</li>
</ul>
<h2 id="v115">v1.1.5</h2>
<ul>
<li>Allow <code>pull-request-number</code> as a valid input param</li>
</ul>
<h2 id="v114">v1.1.4</h2>
<ul>
<li>Fix a problem where the <code>sha</code> passed in via <code>merge_group</code> events was wrong, causing commit checks to never complete</li>
</ul>
<h2 id="v113">v1.1.3</h2>
<ul>
<li>Update README.md to include <code>deployment_type</code> examples</li>
</ul>
<h2 id="v112">v1.1.2</h2>
<ul>
<li>Correct code sample in README where <code>GITHUB_TOKEN</code> is being passed as a <code>secrets</code> instead of an <code>env</code></li>
</ul>
<h2 id="v111">v1.1.1</h2>
<ul>
<li>Improve logging to facilitate debugging</li>
</ul>
<h2 id="v110">v1.1.0</h2>
<ul>
<li>Expose an <code>eventId</code> on errors</li>
<li>Output the <code>environmentId</code> on <code>attemptNotifyDeploy</code></li>
</ul>
<h2 id="v104">v1.0.4</h2>
<ul>
<li>Extract information from Github Event and send it to <code>attemptNotifyDeploy</code></li>
</ul>
<h2 id="v103">v1.0.3</h2>
<ul>
<li>Add <code>qawolf-base-url</code> optional input</li>
</ul>
<h2 id="v102">v1.0.2</h2>
<ul>
<li>Fix action name on documentation</li>
</ul>
<h2 id="v101">v1.0.1</h2>
<ul>
<li>Fix build problem and add branding</li>
</ul>
<h2 id="v100">v1.0.0</h2>
<ul>
<li>Initial version</li>
</ul>
]]></content:encoded></item><item><title>Build &amp; Push to Registry</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/build-push-to-registry/</link><pubDate>Thu, 02 Jul 2026 14:51:49 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/build-push-to-registry/</guid><description>Version updated for https://github.com/relybytes/actions-docker-build-push to version v1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Build &amp;amp; Push to Registry v1.0.0 First stable release of actions-docker-build-push, a GitHub Action for building Docker images and pushing them to container registries with a predictable naming convention.
Main features Build Docker images using Docker Buildx Push images to GitHub Container Registry by default Support any container registry, including Docker Hub, Harbor, OVHcloud Managed Private Registry, and custom registries Default authentication with GitHub actor and GITHUB_TOKEN Automatic image naming based on branch, tag, or pull request Environment suffixes such as prod, dev, staging, rc, hotfix, feat, and pr-{number} Auto-generated version tags using YYYY-MM-DD.shortsha Optional :latest tag on main/master builds Support for additional tags Support for multi-platform builds Support for build arguments Support for multi-stage Dockerfile targets Automatic OCI labels Optional local build validation with push: &amp;#34;false&amp;#34; Output image reference, repository, version, suffix, tags, digest, and build timestamp Default behavior With no registry credentials passed, the action defaults to GitHub Container Registry:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/relybytes/actions-docker-build-push">https://github.com/relybytes/actions-docker-build-push</a></strong> to version <strong>v1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/build-push-to-registry">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="build--push-to-registry-v100">Build &amp; Push to Registry v1.0.0</h2>
<p>First stable release of <code>actions-docker-build-push</code>, a GitHub Action for building Docker images and pushing them to container registries with a predictable naming convention.</p>
<h3 id="main-features">Main features</h3>
<ul>
<li>Build Docker images using Docker Buildx</li>
<li>Push images to GitHub Container Registry by default</li>
<li>Support any container registry, including Docker Hub, Harbor, OVHcloud Managed Private Registry, and custom registries</li>
<li>Default authentication with GitHub actor and <code>GITHUB_TOKEN</code></li>
<li>Automatic image naming based on branch, tag, or pull request</li>
<li>Environment suffixes such as <code>prod</code>, <code>dev</code>, <code>staging</code>, <code>rc</code>, <code>hotfix</code>, <code>feat</code>, and <code>pr-{number}</code></li>
<li>Auto-generated version tags using <code>YYYY-MM-DD.shortsha</code></li>
<li>Optional <code>:latest</code> tag on main/master builds</li>
<li>Support for additional tags</li>
<li>Support for multi-platform builds</li>
<li>Support for build arguments</li>
<li>Support for multi-stage Dockerfile targets</li>
<li>Automatic OCI labels</li>
<li>Optional local build validation with <code>push: &quot;false&quot;</code></li>
<li>Output image reference, repository, version, suffix, tags, digest, and build timestamp</li>
</ul>
<h3 id="default-behavior">Default behavior</h3>
<p>With no registry credentials passed, the action defaults to GitHub Container Registry:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>ghcr.io/{owner}/{repo}-{suffix}:YYYY-MM-DD.shortsha
</span></span></code></pre></div>]]></content:encoded></item><item><title>Remyx Outrider</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/remyx-outrider/</link><pubDate>Thu, 02 Jul 2026 14:51:16 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/remyx-outrider/</guid><description>Version updated for https://github.com/remyxai/outrider to version v1.7.6.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The v1.7.5 cocoindex install step ran ccc --version as a sanity check, but the typer app doesn’t expose a –version flag so it raised a red “No such option ‘–version’” error box in the Actions UI. The || true suppression meant the step still succeeded, but the visible error box was misleading.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/remyxai/outrider">https://github.com/remyxai/outrider</a></strong> to version <strong>v1.7.6</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/remyx-outrider">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>The v1.7.5 cocoindex install step ran <code>ccc --version</code> as a sanity check, but the typer app doesn&rsquo;t expose a &ndash;version flag so it raised a red &ldquo;No such option &lsquo;&ndash;version&rsquo;&rdquo; error box in the Actions UI. The <code>|| true</code> suppression meant the step still succeeded, but the visible error box was misleading.</p>
<p>Replaces with a quiet <code>command -v ccc</code> PATH check. No functional change.</p>
]]></content:encoded></item><item><title>Gated automerge</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/gated-automerge/</link><pubDate>Thu, 02 Jul 2026 14:50:43 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/gated-automerge/</guid><description>Version updated for https://github.com/run-action/automerge to version v1.2.3.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed docs: simplify description (#4) (46cd9d2) docs: rename action to gated automerge (d80ec1c) docs: add required checks read permissions (240cb58) feat: add option to disable require-checks (2362745) deps: bump nixpkgs in the dependencies group across 1 directory (#2) (77ebbe4) feat: add support for skip-labels (7cd48f4) Auto update internal actions (bb2e6d1) Add release workflow (6fc2ea8) Add linting and dependabot (499faef) Add action.yaml with examples (0f0d6da)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/run-action/automerge">https://github.com/run-action/automerge</a></strong> to version <strong>v1.2.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/gated-automerge">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>docs: simplify description (#4) (46cd9d2)</li>
<li>docs: rename action to gated automerge (d80ec1c)</li>
<li>docs: add required checks read permissions (240cb58)</li>
<li>feat: add option to disable require-checks (2362745)</li>
<li>deps: bump nixpkgs in the dependencies group across 1 directory (#2) (77ebbe4)</li>
<li>feat: add support for skip-labels (7cd48f4)</li>
<li>Auto update internal actions (bb2e6d1)</li>
<li>Add release workflow (6fc2ea8)</li>
<li>Add linting and dependabot (499faef)</li>
<li>Add action.yaml with examples (0f0d6da)</li>
</ul>
]]></content:encoded></item><item><title>runs-on/action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/runs-on/action/</link><pubDate>Thu, 02 Jul 2026 14:50:09 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/runs-on/action/</guid><description>Version updated for https://github.com/runs-on/action to version v2.2.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/runs-on/action/compare/v2.1.2...v2.2.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/runs-on/action">https://github.com/runs-on/action</a></strong> to version <strong>v2.2.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/runs-on-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/runs-on/action/compare/v2.1.2...v2.2.0">https://github.com/runs-on/action/compare/v2.1.2...v2.2.0</a></p>
]]></content:encoded></item><item><title>Bernstein — Multi-Agent Orchestration</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/bernstein-multi-agent-orchestration/</link><pubDate>Thu, 02 Jul 2026 14:49:36 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/bernstein-multi-agent-orchestration/</guid><description>Version updated for https://github.com/sipyourdrink-ltd/bernstein to version v2.11.0.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.11.0 Released 2026-07-02.
Features The openai_agents runner accepts optional sampling and endpoint parameters: temperature, top_p, top_k, base_url, and api_key_env on the runner manifest, flowing into the SDK client and model settings. Absent fields keep the previous behavior byte-identical. When base_url is set the runner switches to the chat-completions API and excludes the custom client from tracing, so a third-party key is never sent to the default tracing endpoint. Every effective parameter is logged in the runner start event, so runs stay self-describing. Design validated in daily runs by @shanemmattner (#2159). (#2173) api_key_env is fail-closed: it must name a known LLM provider key from the built-in allowlist; anything else requires the operator to allow it via BERNSTEIN_ALLOWED_API_KEY_ENVS on the host, which a repository cannot set. Requesting sampling parameters on an adapter without the new SUPPORTS_SAMPLING_PARAMS capability fails loudly instead of silently dropping them. (#2173) SDK runners now write heartbeats, so they are visible to the stall watchdog between spawn and exit. (#2173) Fixes The Docker sandbox path from v2.10.0 is hardened: each spawned agent gets its own sandbox session (one exec timeout no longer tears down every agent’s container), committed work is bundled out of the container and fetched into the host repo under sandbox/&amp;lt;session_id&amp;gt; refs, sandbox lifecycle events land in the HMAC-chained audit log with emissions serialized so concurrent lifecycles cannot fork the chain, and provisioning probes task-server reachability and warns on daemons without host networking. (#2162, #2172) The bernstein worker loop can spawn agents again: it constructed the spawner with arguments that never existed and raised TypeError on the first claimed task. The server URL now also reaches spawned agents through the environment allowlist. (#2163, #2171) Dependencies Routine CI action digest updates (github/codeql-action, docker/setup-buildx-action).</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/sipyourdrink-ltd/bernstein">https://github.com/sipyourdrink-ltd/bernstein</a></strong> to version <strong>v2.11.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>5</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/bernstein-multi-agent-orchestration">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="v2110">v2.11.0</h1>
<p>Released 2026-07-02.</p>
<h2 id="features">Features</h2>
<ul>
<li>The openai_agents runner accepts optional sampling and endpoint parameters: <code>temperature</code>, <code>top_p</code>, <code>top_k</code>, <code>base_url</code>, and <code>api_key_env</code> on the runner manifest, flowing into the SDK client and model settings. Absent fields keep the previous behavior byte-identical. When <code>base_url</code> is set the runner switches to the chat-completions API and excludes the custom client from tracing, so a third-party key is never sent to the default tracing endpoint. Every effective parameter is logged in the runner start event, so runs stay self-describing. Design validated in daily runs by @shanemmattner (#2159). (#2173)</li>
<li><code>api_key_env</code> is fail-closed: it must name a known LLM provider key from the built-in allowlist; anything else requires the operator to allow it via <code>BERNSTEIN_ALLOWED_API_KEY_ENVS</code> on the host, which a repository cannot set. Requesting sampling parameters on an adapter without the new <code>SUPPORTS_SAMPLING_PARAMS</code> capability fails loudly instead of silently dropping them. (#2173)</li>
<li>SDK runners now write heartbeats, so they are visible to the stall watchdog between spawn and exit. (#2173)</li>
</ul>
<h2 id="fixes">Fixes</h2>
<ul>
<li>The Docker sandbox path from v2.10.0 is hardened: each spawned agent gets its own sandbox session (one exec timeout no longer tears down every agent&rsquo;s container), committed work is bundled out of the container and fetched into the host repo under <code>sandbox/&lt;session_id&gt;</code> refs, sandbox lifecycle events land in the HMAC-chained audit log with emissions serialized so concurrent lifecycles cannot fork the chain, and provisioning probes task-server reachability and warns on daemons without host networking. (#2162, #2172)</li>
<li>The <code>bernstein worker</code> loop can spawn agents again: it constructed the spawner with arguments that never existed and raised <code>TypeError</code> on the first claimed task. The server URL now also reaches spawned agents through the environment allowlist. (#2163, #2171)</li>
</ul>
<h2 id="dependencies">Dependencies</h2>
<ul>
<li>Routine CI action digest updates (github/codeql-action, docker/setup-buildx-action).</li>
</ul>
]]></content:encoded></item><item><title>Skyhook Docker Multi-Registry Build Push</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/skyhook-docker-multi-registry-build-push/</link><pubDate>Thu, 02 Jul 2026 14:49:02 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/skyhook-docker-multi-registry-build-push/</guid><description>Version updated for https://github.com/skyhook-io/docker-build-push-action to version v1.5.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.5.3 (2026-07-02) Bug Fixes run bundled Docker actions on the Node 24 runtime (#8) (526d49e)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/skyhook-io/docker-build-push-action">https://github.com/skyhook-io/docker-build-push-action</a></strong> to version <strong>v1.5.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skyhook-docker-multi-registry-build-push">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="153-2026-07-02"><a href="https://github.com/skyhook-io/docker-build-push-action/compare/v1.5.2...v1.5.3">1.5.3</a> (2026-07-02)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>run bundled Docker actions on the Node 24 runtime (<a href="https://github.com/skyhook-io/docker-build-push-action/issues/8">#8</a>) (<a href="https://github.com/skyhook-io/docker-build-push-action/commit/526d49ec0ce798ebca2a01131f1686b202134316">526d49e</a>)</li>
</ul>
]]></content:encoded></item><item><title>Pipr Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/pipr-review/</link><pubDate>Thu, 02 Jul 2026 14:48:29 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/pipr-review/</guid><description>Version updated for https://github.com/somus/pipr to version v0.1.3.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.1.3 (2026-07-02) Bug Fixes gate releases on main ci (#7) (eb479e0)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/somus/pipr">https://github.com/somus/pipr</a></strong> to version <strong>v0.1.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/pipr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="013-2026-07-02"><a href="https://github.com/somus/pipr/compare/v0.1.2...v0.1.3">0.1.3</a> (2026-07-02)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>gate releases on main ci (<a href="https://github.com/somus/pipr/issues/7">#7</a>) (<a href="https://github.com/somus/pipr/commit/eb479e003990acbad3a30ca4f7c28f171f120a97">eb479e0</a>)</li>
</ul>
]]></content:encoded></item><item><title>DProvenanceKit regression gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/dprovenancekit-regression-gate/</link><pubDate>Thu, 02 Jul 2026 14:47:55 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/dprovenancekit-regression-gate/</guid><description>Version updated for https://github.com/Therealdk8890/dprovenancekit-action to version v1.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Patch over v1.1.0: the golden-context / candidate-context inputs now resolve through the runs subcommand (available in every 0.3.x SDK) instead of requiring gate CLI flags newer than the PyPI release. Caught by this repo’s smoke test before any user hit it. The v1 tag points here.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Therealdk8890/dprovenancekit-action">https://github.com/Therealdk8890/dprovenancekit-action</a></strong> to version <strong>v1.1.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/dprovenancekit-regression-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Patch over v1.1.0: the golden-context / candidate-context inputs now resolve through the runs subcommand (available in every 0.3.x SDK) instead of requiring gate CLI flags newer than the PyPI release. Caught by this repo&rsquo;s smoke test before any user hit it. The v1 tag points here.</p>
]]></content:encoded></item><item><title>Agents Shipgate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/agents-shipgate/</link><pubDate>Thu, 02 Jul 2026 14:47:21 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/agents-shipgate/</guid><description>Version updated for https://github.com/ThreeMoonsLab/agents-shipgate to version v0.14.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Agents Shipgate v0.14.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/ThreeMoonsLab/agents-shipgate">https://github.com/ThreeMoonsLab/agents-shipgate</a></strong> to version <strong>v0.14.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agents-shipgate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Agents Shipgate v0.14.0</p>
]]></content:encoded></item><item><title>Podcast Creator</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/podcast-creator/</link><pubDate>Thu, 02 Jul 2026 14:46:48 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/podcast-creator/</guid><description>Version updated for https://github.com/xDevMe/podcast-generator to version v1.0.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/xDevMe/podcast-generator/commits/v1.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/xDevMe/podcast-generator">https://github.com/xDevMe/podcast-generator</a></strong> to version <strong>v1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/podcast-creator">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/xDevMe/podcast-generator/commits/v1.0">https://github.com/xDevMe/podcast-generator/commits/v1.0</a></p>
]]></content:encoded></item><item><title>AI-Driven ADR Enforcer</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/ai-driven-adr-enforcer/</link><pubDate>Thu, 02 Jul 2026 14:46:15 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/ai-driven-adr-enforcer/</guid><description>Version updated for https://github.com/y-matsuo081991/ai-adr-enforcer to version v1.1.5.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/y-matsuo081991/ai-adr-enforcer/compare/v1.1.3...v1.1.5</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/y-matsuo081991/ai-adr-enforcer">https://github.com/y-matsuo081991/ai-adr-enforcer</a></strong> to version <strong>v1.1.5</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ai-driven-adr-enforcer">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/y-matsuo081991/ai-adr-enforcer/compare/v1.1.3...v1.1.5">https://github.com/y-matsuo081991/ai-adr-enforcer/compare/v1.1.3...v1.1.5</a></p>
]]></content:encoded></item><item><title>Setup Prolog</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/setup-prolog/</link><pubDate>Thu, 02 Jul 2026 06:52:01 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/setup-prolog/</guid><description>Version updated for https://github.com/fabasoad/setup-prolog-action to version v1.1.2.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(ci): bump actions/checkout from v6 to v7 by @fabasoad in https://github.com/fabasoad/setup-prolog-action/pull/9 Full Changelog: https://github.com/fabasoad/setup-prolog-action/compare/v1.1.1...v1.1.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/fabasoad/setup-prolog-action">https://github.com/fabasoad/setup-prolog-action</a></strong> to version <strong>v1.1.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>3</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-prolog">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(ci): bump actions/checkout from v6 to v7 by @fabasoad in <a href="https://github.com/fabasoad/setup-prolog-action/pull/9">https://github.com/fabasoad/setup-prolog-action/pull/9</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/fabasoad/setup-prolog-action/compare/v1.1.1...v1.1.2">https://github.com/fabasoad/setup-prolog-action/compare/v1.1.1...v1.1.2</a></p>
]]></content:encoded></item><item><title>Setup Uiua</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/setup-uiua/</link><pubDate>Thu, 02 Jul 2026 06:51:27 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/setup-uiua/</guid><description>Version updated for https://github.com/fabasoad/setup-uiua-action to version v0.1.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(ci): bump actions/checkout from v6 to v7 by @fabasoad in https://github.com/fabasoad/setup-uiua-action/pull/7 Full Changelog: https://github.com/fabasoad/setup-uiua-action/compare/v0.1.2...v0.1.3</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/fabasoad/setup-uiua-action">https://github.com/fabasoad/setup-uiua-action</a></strong> to version <strong>v0.1.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-uiua">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(ci): bump actions/checkout from v6 to v7 by @fabasoad in <a href="https://github.com/fabasoad/setup-uiua-action/pull/7">https://github.com/fabasoad/setup-uiua-action/pull/7</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/fabasoad/setup-uiua-action/compare/v0.1.2...v0.1.3">https://github.com/fabasoad/setup-uiua-action/compare/v0.1.2...v0.1.3</a></p>
]]></content:encoded></item><item><title>Fallow - Codebase Intelligence</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/fallow-codebase-intelligence/</link><pubDate>Thu, 02 Jul 2026 06:50:54 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/fallow-codebase-intelligence/</guid><description>Version updated for https://github.com/fallow-rs/fallow to version v2.104.0.
This action is used across all versions by 235 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Highlights This release is heavy on CSS intelligence. fallow health --css now understands CSS-in-JS (styled-components, emotion, linaria, vanilla-extract, StyleX, Panda) as first-class, ships a second styling-health quality axis, and adds a design-token blast-radius index. Plus a staged human review walkthrough, an opt-in unused-prop exemption, and a batch of framework false-positive fixes.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/fallow-rs/fallow">https://github.com/fallow-rs/fallow</a></strong> to version <strong>v2.104.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>235</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/fallow-codebase-intelligence">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="highlights">Highlights</h2>
<p>This release is heavy on CSS intelligence. <code>fallow health --css</code> now understands CSS-in-JS (styled-components, emotion, linaria, vanilla-extract, StyleX, Panda) as first-class, ships a second styling-health quality axis, and adds a design-token blast-radius index. Plus a staged human review walkthrough, an opt-in unused-prop exemption, and a batch of framework false-positive fixes.</p>
<h2 id="css-intelligence-css-program-phases-3-4">CSS intelligence (CSS program, Phases 3-4)</h2>
<ul>
<li><strong>CSS-in-JS is first-class in <code>fallow health --css</code>.</strong> styled-components / emotion / linaria (tagged templates) and vanilla-extract / StyleX / Panda / emotion-object (object notation) previously produced <code>null</code> <code>css_analytics</code>. A lexical lifter now extracts the CSS body from both forms and feeds it through the same structural analytics and styling-health pipeline, so a CSS-in-JS app gets real duplicate-block, structural, and token-sprawl signals. Dep-gated on a declared CSS-in-JS library, so non-CSS-in-JS projects are byte-unchanged.</li>
<li><strong>Styling-health: a second CSS-quality axis, confidence-aware.</strong> <code>fallow health --css</code> reports a separate <code>styling_health</code> score (0-100) and A-F grade with a <code>Deductions:</code> breakdown across five capped penalty categories. It carries a <code>confidence</code> marker (<code>high</code> / <code>low</code>) so a thin authored-CSS surface (utility-first Tailwind app) renders dimmed with a caveat instead of an authoritative grade. Descriptive-only: no exit code, badge, or CI gating.</li>
<li><strong>Formula v3 weights value drift over exact repetition.</strong> Research is clear that exact CSS duplication is the least-harmful pattern while design-token inconsistency is the real maintenance harm, so the exact-block penalty is down-weighted to a soft hint and token-erosion gains a hardcoded-value-sprawl drift term (distinct un-tokenized <code>box-shadow</code> / <code>border-radius</code> / <code>line-height</code> values). <code>STYLING_HEALTH_FORMULA_VERSION</code> bumps to 3. If you diff <code>styling_health.score</code>/<code>grade</code> over time, re-baseline or gate on <code>formula_version</code>; the one-time step-change at this boundary is expected.</li>
<li><strong>Design-token blast-radius (<code>token_consumers</code>) for Tailwind v4 AND CSS-in-JS tokens.</strong> <code>fallow health --css --format json</code> now carries a reverse index of where each design token is consumed. Change <code>--color-brand</code> (Tailwind <code>@theme</code>) or a StyleX <code>defineVars</code> / vanilla-extract <code>createTheme</code> token and see a <code>consumer_count</code> plus located <code>consumers[]</code> before touching it. <code>consumer_count</code> is a static lower bound (descriptive context, not a deletion gate); the authoritative dead-token finding stays <code>unused_theme_tokens</code>.</li>
<li><strong>New <code>get_token_blast_radius</code> MCP tool.</strong> A focused, read-only tool that surfaces the token blast-radius directly without the agent needing to know the data hides inside <code>css_analytics</code>.</li>
<li><strong>Fuzzy CSS clones via value canonicalization.</strong> <code>fallow dupes</code> now canonicalizes CSS values on the stylesheet path (a zero-with-unit collapses to bare <code>0</code>, a hex color expands to its long lowercased form), so value-drifted clones (<code>0px</code> vs <code>0</code>, <code>#fff</code> vs <code>#ffffff</code>) hash equal and the same shadow / gradient / transition recipe re-implemented with drift finally matches. Scoped to CSS-family files and SFC/Astro <code>&lt;style&gt;</code> regions; JS/TS clone detection is unchanged.</li>
</ul>
<h2 id="review-and-configuration">Review and configuration</h2>
<ul>
<li><strong><code>fallow review --walkthrough</code>: a staged terminal tour.</strong> Renders the review walkthrough guide as an ordered, human-readable tour (Review Focus header, staged sections, per-file one-line facts and grounded badges, a collapsed &ldquo;cleared&rdquo; panel). <code>--format markdown</code> emits a paste-into-PR artifact; <code>--format json</code> is byte-identical to <code>--walkthrough-guide</code>. Per-file viewed state persists locally (<code>--mark-viewed</code>) and tolerates a moved tree. Always exits 0.</li>
<li><strong><code>unusedComponentProps.ignorePattern</code>: exempt intentionally-unused props.</strong> Set <code>&quot;unusedComponentProps&quot;: { &quot;ignorePattern&quot;: &quot;^_&quot; }</code> to exempt props whose local destructure binding matches the regex (the leading-underscore convention that TS <code>noUnusedParameters</code> and ESLint <code>varsIgnorePattern</code> honor). Applies to Vue, Svelte, Astro, and React/Preact. Opt-in; default behavior is unchanged. Thanks <a href="https://github.com/hniedner">@hniedner</a> for the request. (Closes <a href="https://github.com/fallow-rs/fallow/issues/1648">#1648</a>)</li>
</ul>
<h2 id="ci-coverage-and-architecture">CI, coverage, and architecture</h2>
<ul>
<li><strong>The GitLab CI template can reuse a pre-installed fallow binary.</strong> Set <code>FALLOW_SKIP_INSTALL: &quot;true&quot;</code> to skip <code>npm install -g fallow</code> and run a <code>fallow</code> already on <code>PATH</code> (for example a version pinned through a pnpm catalog), so CI runs the same binary as your local lint gate. The job fails fast when no <code>fallow</code> is found. Thanks <a href="https://github.com/Jerc92">@Jerc92</a> for the patch in <a href="https://github.com/fallow-rs/fallow/pull/1662">#1662</a>.</li>
<li><strong>Coverage upload enrichment.</strong> <code>fallow coverage --with-callers</code> uploads importer edges, and the inventory upload now emits per-function complexity and per-file churn.</li>
<li><strong>Typed architecture boundaries.</strong> <code>fallow-engine</code>, <code>fallow-output</code>, and <code>fallow-api</code> now own the command-neutral analysis runners, output contracts, and programmatic Rust boundary; LSP, MCP, and NAPI callers consume typed results and serialize JSON only at protocol boundaries. The old <code>fallow-programmatic-cli</code> compatibility crate has been removed.</li>
</ul>
<h2 id="bug-fixes">Bug fixes</h2>
<ul>
<li><strong>Iterating a typed class array no longer false-flags the class members as unused.</strong> A cluster of <code>unused-class-member</code> false positives where the class is only used through an iteration loop variable is now fixed across array-method callbacks (<code>.map</code> / <code>.forEach</code> / <code>.filter</code> / &hellip;), <code>for...of</code>, React/Preact JSX <code>.map</code>, Svelte <code>{#each}</code>, Vue <code>v-for</code> (including <code>props.&lt;field&gt;</code> sources), Angular <code>@for</code> / <code>*ngFor</code> inline templates, and Astro template <code>.map</code>. Over-credit only: a genuinely unused member still reports. Thanks <a href="https://github.com/Ericlm">@Ericlm</a> for the report and minimal reproduction. (Closes <a href="https://github.com/fallow-rs/fallow/issues/1707">#1707</a>, <a href="https://github.com/fallow-rs/fallow/issues/1711">#1711</a>, <a href="https://github.com/fallow-rs/fallow/issues/1712">#1712</a>, <a href="https://github.com/fallow-rs/fallow/issues/1713">#1713</a>)</li>
<li><strong><code>unused-files</code> no longer false-flags a Next.js <code>page.mdx</code> when <code>next.config</code> wraps its config object.</strong> <code>export default withMDX(nextConfig)</code> (the official <code>@next/mdx</code> idiom), <code>module.exports = createJestConfig(cfg)</code>, and nested/curried wrappers now resolve, which also fixes the same class for any wrapped Vite / Webpack / Jest config. Thanks <a href="https://github.com/AlonMiz">@AlonMiz</a> for the report. (Closes <a href="https://github.com/fallow-rs/fallow/issues/1642">#1642</a>)</li>
<li><strong><code>unused-files</code> no longer false-flags a <code>commit-and-tag-version</code> updater script.</strong> A new plugin (legacy enabler <code>standard-version</code>) credits each <code>bumpFiles[]</code> / <code>packageFiles[]</code> <code>updater</code> module and <code>filename</code> target, from both the package.json key and standalone <code>.versionrc</code> configs, gated on the file existing on disk. Thanks <a href="https://github.com/rbalet">@rbalet</a> for the report. (Closes <a href="https://github.com/fallow-rs/fallow/issues/1640">#1640</a>)</li>
<li><strong><code>unused-class-members</code> no longer false-flags framework-dispatched OpenLayers methods or a coercion-only <code>toString</code>.</strong> A <code>handleEvent</code> on an <code>ol/interaction/*</code> subclass and a <code>toString</code> used only through string coercion (template interpolation, <code>String(...)</code>, <code>+</code>) are now credited, with tight gating so genuinely-dead members still report. (Closes <a href="https://github.com/fallow-rs/fallow/issues/1638">#1638</a>)</li>
<li><strong>Telemetry <code>findings_present</code> is recorded again for <code>fallow flags</code>, <code>fallow watch</code>, and the <code>security</code> <code>survivors</code> / <code>blind-spots</code> subcommands.</strong> A debug-build invariant now fails fast if any finding-surfacing workflow records an event without noting its find-state, preventing the whole regression class. No change to the telemetry payload shape. (Closes <a href="https://github.com/fallow-rs/fallow/issues/1650">#1650</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/fallow-rs/fallow/compare/v2.103.0...v2.104.0">https://github.com/fallow-rs/fallow/compare/v2.103.0...v2.104.0</a></p>
]]></content:encoded></item><item><title>accessibility-scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/accessibility-scanner/</link><pubDate>Thu, 02 Jul 2026 06:50:21 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/accessibility-scanner/</guid><description>Version updated for https://github.com/github/accessibility-scanner to version v3.3.0.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 43 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed New Features Add group_by option to the accessibility scanner by @taarikashenafi in https://github.com/github/accessibility-scanner/pull/239 Add dry_run option to the accessibility scanner by @taarikashenafi in https://github.com/github/accessibility-scanner/pull/232 Distinguish wcag vs best practice by @kzhou314 in https://github.com/github/accessibility-scanner/pull/233 Match axe findings by rule and report all failing elements by @kzhou314 in https://github.com/github/accessibility-scanner/pull/240 Disable reopen wontfix by @kzhou314 in https://github.com/github/accessibility-scanner/pull/234 Update reflow-scan text to improve clarity and reference WCAG 2.2 by @taarikashenafi in https://github.com/github/accessibility-scanner/pull/231 Dependency/documentation updates chore(deps): Bump ruby/setup-ruby from 1.307.0 to 1.308.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/218 chore(deps-dev): Bump the npm-minor-and-patch group across 5 directories with 3 updates by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/219 chore(deps): Bump ruby/setup-ruby from 1.308.0 to 1.310.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/220 chore(deps): Bump puma from 8.0.1 to 8.0.2 in /sites/site-with-errors in the bundler-minor-and-patch group by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/221 chore(deps): Bump ruby/setup-ruby from 1.310.0 to 1.311.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/225 chore(deps): Bump ruby/setup-ruby from 1.311.0 to 1.313.0 in the github-actions group across 1 directory by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/227 chore(deps-dev): Bump vite from 8.0.12 to 8.0.16 by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/228 chore(deps-dev): Bump @types/node from 25.9.0 to 26.0.0 by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/236 chore(deps-dev): Bump undici from 6.24.1 to 6.27.0 by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/237 chore(deps): Bump the github-actions group across 4 directories with 2 updates by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/235 chore(deps): Bump concurrent-ruby from 1.3.5 to 1.3.7 in /sites/site-with-errors by @dependabot[bot] in https://github.com/github/accessibility-scanner/pull/238 New Contributors @taarikashenafi made their first contribution in https://github.com/github/accessibility-scanner/pull/231 @kzhou314 made their first contribution in https://github.com/github/accessibility-scanner/pull/234 Full Changelog: https://github.com/github/accessibility-scanner/compare/v3.2.0...v3.3.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/github/accessibility-scanner">https://github.com/github/accessibility-scanner</a></strong> to version <strong>v3.3.0</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>43</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/accessibility-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<h3 id="new-features">New Features</h3>
<ul>
<li>Add <code>group_by</code> option to the accessibility scanner by @taarikashenafi in <a href="https://github.com/github/accessibility-scanner/pull/239">https://github.com/github/accessibility-scanner/pull/239</a></li>
<li>Add <code>dry_run</code> option to the accessibility scanner by @taarikashenafi in <a href="https://github.com/github/accessibility-scanner/pull/232">https://github.com/github/accessibility-scanner/pull/232</a></li>
<li>Distinguish wcag vs best practice by @kzhou314 in <a href="https://github.com/github/accessibility-scanner/pull/233">https://github.com/github/accessibility-scanner/pull/233</a></li>
<li>Match axe findings by rule and report all failing elements by @kzhou314 in <a href="https://github.com/github/accessibility-scanner/pull/240">https://github.com/github/accessibility-scanner/pull/240</a></li>
<li>Disable reopen wontfix by @kzhou314 in <a href="https://github.com/github/accessibility-scanner/pull/234">https://github.com/github/accessibility-scanner/pull/234</a></li>
<li>Update reflow-scan text to improve clarity and reference WCAG 2.2 by @taarikashenafi in <a href="https://github.com/github/accessibility-scanner/pull/231">https://github.com/github/accessibility-scanner/pull/231</a></li>
</ul>
<h3 id="dependencydocumentation-updates">Dependency/documentation updates</h3>
<ul>
<li>chore(deps): Bump ruby/setup-ruby from 1.307.0 to 1.308.0 in the github-actions group across 1 directory by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/218">https://github.com/github/accessibility-scanner/pull/218</a></li>
<li>chore(deps-dev): Bump the npm-minor-and-patch group across 5 directories with 3 updates by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/219">https://github.com/github/accessibility-scanner/pull/219</a></li>
<li>chore(deps): Bump ruby/setup-ruby from 1.308.0 to 1.310.0 in the github-actions group across 1 directory by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/220">https://github.com/github/accessibility-scanner/pull/220</a></li>
<li>chore(deps): Bump puma from 8.0.1 to 8.0.2 in /sites/site-with-errors in the bundler-minor-and-patch group by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/221">https://github.com/github/accessibility-scanner/pull/221</a></li>
<li>chore(deps): Bump ruby/setup-ruby from 1.310.0 to 1.311.0 in the github-actions group across 1 directory by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/225">https://github.com/github/accessibility-scanner/pull/225</a></li>
<li>chore(deps): Bump ruby/setup-ruby from 1.311.0 to 1.313.0 in the github-actions group across 1 directory by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/227">https://github.com/github/accessibility-scanner/pull/227</a></li>
<li>chore(deps-dev): Bump vite from 8.0.12 to 8.0.16 by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/228">https://github.com/github/accessibility-scanner/pull/228</a></li>
<li>chore(deps-dev): Bump @types/node from 25.9.0 to 26.0.0 by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/236">https://github.com/github/accessibility-scanner/pull/236</a></li>
<li>chore(deps-dev): Bump undici from 6.24.1 to 6.27.0 by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/237">https://github.com/github/accessibility-scanner/pull/237</a></li>
<li>chore(deps): Bump the github-actions group across 4 directories with 2 updates by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/235">https://github.com/github/accessibility-scanner/pull/235</a></li>
<li>chore(deps): Bump concurrent-ruby from 1.3.5 to 1.3.7 in /sites/site-with-errors by @dependabot[bot] in <a href="https://github.com/github/accessibility-scanner/pull/238">https://github.com/github/accessibility-scanner/pull/238</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@taarikashenafi made their first contribution in <a href="https://github.com/github/accessibility-scanner/pull/231">https://github.com/github/accessibility-scanner/pull/231</a></li>
<li>@kzhou314 made their first contribution in <a href="https://github.com/github/accessibility-scanner/pull/234">https://github.com/github/accessibility-scanner/pull/234</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/github/accessibility-scanner/compare/v3.2.0...v3.3.0">https://github.com/github/accessibility-scanner/compare/v3.2.0...v3.3.0</a></p>
]]></content:encoded></item><item><title>TrustCheck Package Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/trustcheck-package-scanner/</link><pubDate>Thu, 02 Jul 2026 06:49:47 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/trustcheck-package-scanner/</guid><description>Version updated for https://github.com/Halfblood-Prince/trustcheck to version v2.1.2.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published from immutable commit e6660a53c73391a10e8e721e3a245b25e3289b4b. The release workflow publishes PyPI, GitHub Action, Snap Store, and GHCR Docker distributions after shared tag verification, QA, matrix, and coverage builds.
Release artifacts:
dist/* dist/SHA256SUMS.txt dist/*.cdx.json standalone trustcheck-*-windows-x86_64.exe with checksum unsigned trustcheck-*-store.msix for Microsoft Store submission GHCR Docker images for linux/amd64, linux/arm64, and linux/arm/v7 Verify the direct Windows executable before use:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Halfblood-Prince/trustcheck">https://github.com/Halfblood-Prince/trustcheck</a></strong> to version <strong>v2.1.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/trustcheck-package-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Published from immutable commit <code>e6660a53c73391a10e8e721e3a245b25e3289b4b</code>.
The release workflow publishes PyPI, GitHub Action, Snap Store, and
GHCR Docker distributions after shared tag verification, QA, matrix,
and coverage builds.</p>
<p>Release artifacts:</p>
<ul>
<li><code>dist/*</code></li>
<li><code>dist/SHA256SUMS.txt</code></li>
<li><code>dist/*.cdx.json</code></li>
<li>standalone <code>trustcheck-*-windows-x86_64.exe</code> with checksum</li>
<li>unsigned <code>trustcheck-*-store.msix</code> for Microsoft Store submission</li>
<li>GHCR Docker images for <code>linux/amd64</code>, <code>linux/arm64</code>, and <code>linux/arm/v7</code></li>
</ul>
<p>Verify the direct Windows executable before use:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span>Get-AuthenticodeSignature .\trustcheck-*-windows-x86_64.exe | Format-List
</span></span><span style="display:flex;"><span>Get-FileHash .\trustcheck-*-windows-x86_64.exe -Algorithm SHA256
</span></span></code></pre></div><p>The Authenticode status must be <code>Valid</code>, include a timestamp
certificate, and match the adjacent <code>.sha256</code> file. The Store signs
the MSIX during submission; the workflow tests its execution alias
with a disposable certificate before upload.</p>
<p>GitHub Action:</p>
<ul>
<li>Immutable: <code>uses: Halfblood-Prince/trustcheck@v2.1.2</code></li>
<li>Compatible major: <code>uses: Halfblood-Prince/trustcheck@v2</code></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/Halfblood-Prince/trustcheck/compare/v2.1.1...v2.1.2">https://github.com/Halfblood-Prince/trustcheck/compare/v2.1.1...v2.1.2</a></p>
]]></content:encoded></item><item><title>AI Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/ai-plugin-scanner/</link><pubDate>Thu, 02 Jul 2026 06:49:13 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/ai-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.366.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/320919c7979db097e4d0485e97a0a7675bc59620 with plugin-scanner 2.0.966.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.365...v1.2.366</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/ai-plugin-scanner-action">https://github.com/hashgraph-online/ai-plugin-scanner-action</a></strong> to version <strong>v1.2.366</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>17</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ai-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Published automatically from <a href="https://github.com/hashgraph-online/hol-guard/tree/320919c7979db097e4d0485e97a0a7675bc59620">https://github.com/hashgraph-online/hol-guard/tree/320919c7979db097e4d0485e97a0a7675bc59620</a> with plugin-scanner 2.0.966.</p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.365...v1.2.366">https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.365...v1.2.366</a></p>
]]></content:encoded></item><item><title>HOL Codex Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/hol-codex-plugin-scanner/</link><pubDate>Thu, 02 Jul 2026 06:48:39 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/hol-codex-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.366.
This action is used across all versions by 11 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.366</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action</a></strong> to version <strong>v1.2.366</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>11</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/hol-codex-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.366">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.366</a></p>
]]></content:encoded></item><item><title>Codex Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/codex-action/</link><pubDate>Thu, 02 Jul 2026 06:48:06 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/codex-action/</guid><description>Version updated for https://github.com/icoretech/codex-action to version v0.9.16.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.9.16 (2026-07-02) Bug Fixes deps: update codex-docker image to v0.142.5 (#46) (fc08eb8)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/icoretech/codex-action">https://github.com/icoretech/codex-action</a></strong> to version <strong>v0.9.16</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/codex-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="0916-2026-07-02"><a href="https://github.com/icoretech/codex-action/compare/v0.9.15...v0.9.16">0.9.16</a> (2026-07-02)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update codex-docker image to v0.142.5 (<a href="https://github.com/icoretech/codex-action/issues/46">#46</a>) (<a href="https://github.com/icoretech/codex-action/commit/fc08eb82683cc0e6b7aebcf8e76ff102511b6352">fc08eb8</a>)</li>
</ul>
]]></content:encoded></item><item><title>cibuild-action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/cibuild-action/</link><pubDate>Thu, 02 Jul 2026 06:47:32 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/cibuild-action/</guid><description>Version updated for https://github.com/invarnhq/cibuild to version v2.2.8.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Release v2.2.8</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/invarnhq/cibuild">https://github.com/invarnhq/cibuild</a></strong> to version <strong>v2.2.8</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/cibuild-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Release v2.2.8</p>
]]></content:encoded></item><item><title>AIGate AI Git Workflow Guard CLI</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/aigate-ai-git-workflow-guard-cli/</link><pubDate>Thu, 02 Jul 2026 06:46:59 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/aigate-ai-git-workflow-guard-cli/</guid><description>Version updated for https://github.com/LeeHueeng/aigate-ai-git-workflow-guard-cli to version v0.1.5.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Highlights Added aigate start guided setup routes for quickstart, AI setup, pre-push hooks, release readiness, and full project guard setup. Added aigate test for Git readiness plus detected project test command execution. Added aigate aitest for AI remediation prompt generation and optional Codex, Claude, Gemini, or custom agent execution with --apply. Added repository Claude Code instructions through CLAUDE.md and .aigate/integrations/claude.md. Updated multilingual README, usage, operations, roadmap, AI integration, GitHub Action, examples, and generated HTML overview docs. Extended the reusable GitHub Action to support test and safe aitest prompt generation. Validation npm run ci Release workflow dry run Tagged release workflow publish node src/cli.mjs release-check --npm --language ko Package npm: aigate-cli@0.1.5</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/LeeHueeng/aigate-ai-git-workflow-guard-cli">https://github.com/LeeHueeng/aigate-ai-git-workflow-guard-cli</a></strong> to version <strong>v0.1.5</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/aigate-ai-git-workflow-guard-cli">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="highlights">Highlights</h2>
<ul>
<li>Added <code>aigate start</code> guided setup routes for quickstart, AI setup, pre-push hooks, release readiness, and full project guard setup.</li>
<li>Added <code>aigate test</code> for Git readiness plus detected project test command execution.</li>
<li>Added <code>aigate aitest</code> for AI remediation prompt generation and optional Codex, Claude, Gemini, or custom agent execution with <code>--apply</code>.</li>
<li>Added repository Claude Code instructions through <code>CLAUDE.md</code> and <code>.aigate/integrations/claude.md</code>.</li>
<li>Updated multilingual README, usage, operations, roadmap, AI integration, GitHub Action, examples, and generated HTML overview docs.</li>
<li>Extended the reusable GitHub Action to support <code>test</code> and safe <code>aitest</code> prompt generation.</li>
</ul>
<h2 id="validation">Validation</h2>
<ul>
<li><code>npm run ci</code></li>
<li>Release workflow dry run</li>
<li>Tagged release workflow publish</li>
<li><code>node src/cli.mjs release-check --npm --language ko</code></li>
</ul>
<h2 id="package">Package</h2>
<ul>
<li>npm: <code>aigate-cli@0.1.5</code></li>
</ul>
]]></content:encoded></item><item><title>OSS Security Policy as Code</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/oss-security-policy-as-code/</link><pubDate>Thu, 02 Jul 2026 06:46:25 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/oss-security-policy-as-code/</guid><description>Version updated for https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit to version v9.0.3.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed OSS Security Policy as Code Starter Kit v9.0.3 This release is the v9.0.3 release of the OSS Security Policy as Code Starter Kit (refine this line before publishing).
Highlights No feature-level changes in this release. Improvements retitle SAST-OSV-068 — the kit ingests OSV verdicts, it is not reachability-aware honor SOURCE_DATE_EPOCH for every outcome-affecting clock read; freeze the suite clock formalize SELF_ATTESTED in the published reports/2.0 schema (9.0.3) build Gemara state maps from pairs to clear a Snyk Code false positive Notes release 9.0.3 (#110) ADR-030 amendment re-grounding the v10.0.0 surface; flip ADR-021 to accepted suppress reviewed Snyk Code false positive via .snyk; keep the gate strict make Snyk Code + Snyk Open Source advisory (continue-on-error) License: Apache-2.0.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit">https://github.com/lucashgrifoni/OSS-Security-Policy-as-Code-Starter-Kit</a></strong> to version <strong>v9.0.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/oss-security-policy-as-code">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="oss-security-policy-as-code-starter-kit-v903">OSS Security Policy as Code Starter Kit v9.0.3</h2>
<p>This release is the v9.0.3 release of the OSS Security Policy as Code Starter Kit (refine this line before publishing).</p>
<hr>
<h2 id="highlights">Highlights</h2>
<ul>
<li><em>No feature-level changes in this release.</em></li>
</ul>
<hr>
<h2 id="improvements">Improvements</h2>
<ul>
<li>retitle SAST-OSV-068 — the kit ingests OSV verdicts, it is not reachability-aware</li>
<li>honor SOURCE_DATE_EPOCH for every outcome-affecting clock read; freeze the suite clock</li>
<li>formalize SELF_ATTESTED in the published reports/2.0 schema (9.0.3)</li>
<li>build Gemara state maps from pairs to clear a Snyk Code false positive</li>
</ul>
<hr>
<h2 id="notes">Notes</h2>
<ul>
<li>release 9.0.3 (#110)</li>
<li>ADR-030 amendment re-grounding the v10.0.0 surface; flip ADR-021 to accepted</li>
<li>suppress reviewed Snyk Code false positive via .snyk; keep the gate strict</li>
<li>make Snyk Code + Snyk Open Source advisory (continue-on-error)</li>
</ul>
<hr>
<p><strong>License:</strong> Apache-2.0.</p>
]]></content:encoded></item><item><title>SnarkGirl</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/snarkgirl/</link><pubDate>Thu, 02 Jul 2026 06:45:52 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/snarkgirl/</guid><description>Version updated for https://github.com/mattkelly1991/SnarkGirl to version v1.15.3.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed SnarkGirl v1.15.3 — The Wiki Ledger + a Living Pitch 📖⚽ The World Cup tournament got two big upgrades: it now lives in your repo’s Wiki, and the pitch actually plays.
The tournament moved to the repo Wiki Standings + match reports are now human-readable, browsable wiki pages organized as World Cup → Season → Match: a Home index of seasons, a Season-{slug} standings page each, and one Season-{slug}-Match-{N} report per PR. No more base64 tokens to shuttle around. Every page carries a keyed HMAC signature footer — change a win from 3 to 4 in the wiki editor and wiki.py verify flags it INVALID. Export a private SGWC_SECRET for a real barrier. Resuming a season is just “clone the wiki.” The user names the season (and its duration) at kickoff. New helper wiki.py (render/verify/verify-all/load-season). Retired the old token.py. The live pitch is alive Players roam their formation and pass the ball, holding shape at each kickoff until someone takes it. A goal is scripted end-to-end: the ball is worked to the scorer, who drives at the net and buries it. A red card sets up a penalty kick — a code red is converted, an agent red is saved by the keeper. Sent-off players walk to a bench at the edge (home top-left, away top-right). The champion &amp;amp; awards now present on the wiki season page (the live arena ends on the standings). Full changelog: https://github.com/mattkelly1991/SnarkGirl/blob/main/CHANGELOG.md</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mattkelly1991/SnarkGirl">https://github.com/mattkelly1991/SnarkGirl</a></strong> to version <strong>v1.15.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/snarkgirl">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="snarkgirl-v1153--the-wiki-ledger--a-living-pitch-">SnarkGirl v1.15.3 — The Wiki Ledger + a Living Pitch 📖⚽</h2>
<p>The World Cup tournament got two big upgrades: it now lives in your repo&rsquo;s <strong>Wiki</strong>, and the pitch <strong>actually plays</strong>.</p>
<h3 id="the-tournament-moved-to-the-repo-wiki">The tournament moved to the repo Wiki</h3>
<ul>
<li>Standings + match reports are now <strong>human-readable, browsable wiki pages</strong> organized as <strong>World Cup → Season → Match</strong>: a <code>Home</code> index of seasons, a <code>Season-{slug}</code> standings page each, and one <code>Season-{slug}-Match-{N}</code> report per PR. No more base64 tokens to shuttle around.</li>
<li>Every page carries a keyed <strong>HMAC signature footer</strong> — change a win from 3 to 4 in the wiki editor and <code>wiki.py verify</code> flags it <strong>INVALID</strong>. Export a private <code>SGWC_SECRET</code> for a real barrier.</li>
<li>Resuming a season is just &ldquo;clone the wiki.&rdquo; The user names the season (and its duration) at kickoff.</li>
<li>New helper <code>wiki.py</code> (render/verify/verify-all/load-season). Retired the old <code>token.py</code>.</li>
</ul>
<h3 id="the-live-pitch-is-alive">The live pitch is alive</h3>
<ul>
<li>Players roam their formation and pass the ball, holding shape at each kickoff until someone takes it.</li>
<li>A goal is scripted end-to-end: the ball is worked to the scorer, who drives at the net and buries it.</li>
<li>A red card sets up a <strong>penalty kick</strong> — a code red is converted, an agent red is saved by the keeper.</li>
<li>Sent-off players walk to a <strong>bench</strong> at the edge (home top-left, away top-right).</li>
<li>The champion &amp; awards now present on the <strong>wiki season page</strong> (the live arena ends on the standings).</li>
</ul>
<p><strong>Full changelog:</strong> <a href="https://github.com/mattkelly1991/SnarkGirl/blob/main/CHANGELOG.md">https://github.com/mattkelly1991/SnarkGirl/blob/main/CHANGELOG.md</a></p>
]]></content:encoded></item><item><title>Claude Ralph Loop</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/claude-ralph-loop/</link><pubDate>Thu, 02 Jul 2026 06:45:19 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/claude-ralph-loop/</guid><description>Version updated for https://github.com/mdelapenya/claude-ralph-github-action to version v0.9.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changes docs: link sbx sandbox docs and document sandbox inputs @mdelapenya (#97) Contributors @mdelapenya</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mdelapenya/claude-ralph-github-action">https://github.com/mdelapenya/claude-ralph-github-action</a></strong> to version <strong>v0.9.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/claude-ralph-loop">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="changes">Changes</h2>
<ul>
<li>docs: link sbx sandbox docs and document sandbox inputs @mdelapenya (#97)</li>
</ul>
<h2 id="contributors">Contributors</h2>
<p>@mdelapenya</p>
]]></content:encoded></item><item><title>Synaptic PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/synaptic-pr-review/</link><pubDate>Thu, 02 Jul 2026 06:44:45 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/synaptic-pr-review/</guid><description>Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.1.1 Strip model preamble: remove leading text before ## PR Review heading in both OpenCode and direct engine paths OpenCode engine: post_inline.py now always updates summary comment when body changes (preamble or Key Issues stripped) Direct engine: sanitize_review() strips preamble before posting</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/minhphu102003/ai-pr-review-action">https://github.com/minhphu102003/ai-pr-review-action</a></strong> to version <strong>v0.1.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/synaptic-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="v011">v0.1.1</h2>
<ul>
<li>Strip model preamble: remove leading text before <code>## PR Review</code> heading in both OpenCode and direct engine paths</li>
<li>OpenCode engine: <code>post_inline.py</code> now always updates summary comment when body changes (preamble or Key Issues stripped)</li>
<li>Direct engine: <code>sanitize_review()</code> strips preamble before posting</li>
</ul>
]]></content:encoded></item><item><title>Totem Shield</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/totem-shield/</link><pubDate>Thu, 02 Jul 2026 06:44:12 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/totem-shield/</guid><description>Version updated for https://github.com/mmnto-ai/totem to version @mmnto/pack-rust-architecture@1.88.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mmnto-ai/totem">https://github.com/mmnto-ai/totem</a></strong> to version <strong>@mmnto/pack-rust-architecture@1.88.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/totem-shield">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><em>Cohort-link bump (no direct package changes). See <code>.changeset/config.json</code> for the fixed-cohort definition.</em></p>
]]></content:encoded></item><item><title>semvertag</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/semvertag/</link><pubDate>Thu, 02 Jul 2026 06:43:39 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/semvertag/</guid><description>Version updated for https://github.com/modern-python/semvertag to version 0.8.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed semvertag 0.8.2 — release pipeline on PyPI Trusted Publishing No library changes. The package is identical to 0.8.1; this release exercises the new publish path end-to-end.
CI Releases now authenticate to PyPI via Trusted Publishing (OIDC) instead of a long-lived PYPI_TOKEN secret. uv publish auto-detects the GitHub Actions id-token; the release job runs under a pypi environment that scopes the trusted publisher (#46). Downstream No action required. Nothing about the installed package changes.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/modern-python/semvertag">https://github.com/modern-python/semvertag</a></strong> to version <strong>0.8.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/semvertag">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="semvertag-082--release-pipeline-on-pypi-trusted-publishing">semvertag 0.8.2 — release pipeline on PyPI Trusted Publishing</h1>
<p>No library changes. The package is identical to 0.8.1; this release exercises the new publish path end-to-end.</p>
<h2 id="ci">CI</h2>
<ul>
<li>Releases now authenticate to PyPI via <strong>Trusted Publishing (OIDC)</strong> instead of a long-lived <code>PYPI_TOKEN</code> secret. <code>uv publish</code> auto-detects the GitHub Actions id-token; the release job runs under a <code>pypi</code> environment that scopes the trusted publisher (#46).</li>
</ul>
<h2 id="downstream">Downstream</h2>
<p>No action required. Nothing about the installed package changes.</p>
]]></content:encoded></item><item><title>Run AER Tests</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/run-aer-tests/</link><pubDate>Thu, 02 Jul 2026 06:43:05 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/run-aer-tests/</guid><description>Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.5.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.5
Support DataWeave reduce With A Default Accumulator</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/octoberswimmer/aer-dist">https://github.com/octoberswimmer/aer-dist</a></strong> to version <strong>v1.2.5</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>0</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/run-aer-tests">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Version v1.2.5</p>
<ul>
<li>Support DataWeave reduce With A Default Accumulator</li>
</ul>
]]></content:encoded></item><item><title>PatchFlow Security Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/patchflow-security-scan/</link><pubDate>Thu, 02 Jul 2026 06:42:31 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/patchflow-security-scan/</guid><description>Version updated for https://github.com/Patchflow-security/patchflow-cli to version v0.1.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed PatchFlow CLI v0.1.2 Benchmark Results (v1.0) 18 intentionally vulnerable repos: 100% recall, 918K LOC, 19 CWE categories 5 historical CVE repos: 100% recall, 387K LOC 10 clean repos: 0.094 HC/KLOC, 720K LOC See Benchmark Report v1.0 for details.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Patchflow-security/patchflow-cli">https://github.com/Patchflow-security/patchflow-cli</a></strong> to version <strong>v0.1.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/patchflow-security-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="patchflow-cli-v012">PatchFlow CLI v0.1.2</h2>
<h3 id="benchmark-results-v10">Benchmark Results (v1.0)</h3>
<ul>
<li>18 intentionally vulnerable repos: 100% recall, 918K LOC, 19 CWE categories</li>
<li>5 historical CVE repos: 100% recall, 387K LOC</li>
<li>10 clean repos: 0.094 HC/KLOC, 720K LOC</li>
</ul>
<p>See <a href="https://github.com/Patchflow-security/patchflow-benchmarks/blob/main/reports/BENCHMARK_REPORT_v1.0.md">Benchmark Report v1.0</a> for details.</p>
<h2 id="changelog">Changelog</h2>
<h3 id="other-changes">Other Changes</h3>
<ul>
<li>a071d0ab0a8732c375c1c99e4abed4ec5a984855: PatchFlow CLI v0.1.2 — security scanner with update notification (Ghertil Abdelmalek <a href="mailto:ghertilabdelmalek@outlook.fr">ghertilabdelmalek@outlook.fr</a>)</li>
</ul>
]]></content:encoded></item><item><title>Remyx Outrider</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/remyx-outrider/</link><pubDate>Thu, 02 Jul 2026 06:41:27 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/remyx-outrider/</guid><description>Version updated for https://github.com/remyxai/outrider to version v1.7.4.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed HF Hub checkpoint preflight for architecture-add Issues (REMYX-178) (8a70186) arxiv HTML retry: title-overlap threshold + project-page one-hop + README verification (c6c021f) README: add lerobot #9 (ECoT reasoning supervision) to Examples (85fa29b) Coding-agent prompt: guidance on auto-format scope (be8720d) README: drop the “Recommended” ENVIRONMENTS.md section (82b9549) Recommend ENVIRONMENTS.md + cocoindex as the default setup (9ca24e1) License detection: retry via arxiv HTML on unfavorable buckets (615af84) README: restore smellslikeml/peft #5 as the primary Outrider artifact (e8fb3a0) README: swap smellslikeml/peft #5 for the upstream draft huggingface/peft #3382 (28cfc14) README: add huggingface/peft #3382 (upstream draft) to Examples (bc70d94)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/remyxai/outrider">https://github.com/remyxai/outrider</a></strong> to version <strong>v1.7.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/remyx-outrider">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>HF Hub checkpoint preflight for architecture-add Issues (REMYX-178) (8a70186)</li>
<li>arxiv HTML retry: title-overlap threshold + project-page one-hop + README verification (c6c021f)</li>
<li>README: add lerobot #9 (ECoT reasoning supervision) to Examples (85fa29b)</li>
<li>Coding-agent prompt: guidance on auto-format scope (be8720d)</li>
<li>README: drop the &ldquo;Recommended&rdquo; ENVIRONMENTS.md section (82b9549)</li>
<li>Recommend ENVIRONMENTS.md + cocoindex as the default setup (9ca24e1)</li>
<li>License detection: retry via arxiv HTML on unfavorable buckets (615af84)</li>
<li>README: restore smellslikeml/peft #5 as the primary Outrider artifact (e8fb3a0)</li>
<li>README: swap smellslikeml/peft #5 for the upstream draft huggingface/peft #3382 (28cfc14)</li>
<li>README: add huggingface/peft #3382 (upstream draft) to Examples (bc70d94)</li>
</ul>
]]></content:encoded></item><item><title>nix init</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/nix-init/</link><pubDate>Thu, 02 Jul 2026 06:40:53 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/nix-init/</guid><description>Version updated for https://github.com/spotdemo4/nix-init to version v1.55.0.
This action is used across all versions by 4 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed feat: Update spotdemo4/better-checkout action to v0.13.0 (#154) (3fc7f0af893590575d0d65b8a2e3fbbdff95fdec) bump: v1.54.1 -&amp;gt; v1.55.0 (d2afabdda2558d6cf558962bbc7dce09ff5e9950) chore(deps): update github actions to v1.54.1 (#153) (4e0f684fbdfd7f3a0f78fe5cfe6702ef984c3370)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/spotdemo4/nix-init">https://github.com/spotdemo4/nix-init</a></strong> to version <strong>v1.55.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>4</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/nix-init">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>feat: Update spotdemo4/better-checkout action to v0.13.0 (#154) (3fc7f0af893590575d0d65b8a2e3fbbdff95fdec)</li>
<li>bump: v1.54.1 -&gt; v1.55.0 (d2afabdda2558d6cf558962bbc7dce09ff5e9950)</li>
<li>chore(deps): update github actions to v1.54.1 (#153) (4e0f684fbdfd7f3a0f78fe5cfe6702ef984c3370)</li>
</ul>
]]></content:encoded></item><item><title>Repository Create</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/repository-create/</link><pubDate>Thu, 02 Jul 2026 06:40:19 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/repository-create/</guid><description>Version updated for https://github.com/stairwaytowonderland/repository-create to version v1.72.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed chore(release): 1.72.0
1.72.0 (2026-07-02) ✨ Features updates (da42214) 📚 Documentation update .github/index.md (b643fff)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/stairwaytowonderland/repository-create">https://github.com/stairwaytowonderland/repository-create</a></strong> to version <strong>v1.72.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/repository-create">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>chore(release): 1.72.0</p>
<h2 id="1720-2026-07-02"><a href="https://github.com/stairwaytowonderland/repository-create/compare/v1.71.0...v1.72.0">1.72.0</a> (2026-07-02)</h2>
<h3 id="-features">✨ Features</h3>
<ul>
<li>updates (<a href="https://github.com/stairwaytowonderland/repository-create/commit/da422148562e64d9021965f8b79e0ff95e007668">da42214</a>)</li>
</ul>
<h3 id="-documentation">📚 Documentation</h3>
<ul>
<li>update .github/index.md (<a href="https://github.com/stairwaytowonderland/repository-create/commit/b643fff8d866570e23cc6d48bc367f96dfa2a3f0">b643fff</a>)</li>
</ul>
]]></content:encoded></item><item><title>Update Uclusion</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/update-uclusion/</link><pubDate>Thu, 02 Jul 2026 06:39:46 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/update-uclusion/</guid><description>Version updated for https://github.com/Uclusion/update-job to version v1.1.3.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed J-all-329 Only mark job complete when it has no open tasks (bd99322) T-all-2240 Make testPush a no-op smoke test (fixed no-code message) (deabf19) T-all-2238 Reconcile job deploy state on push; configurable pending label (de092bb) fix: Only extract job ids. (340d9bb) fix: move to node 24.x (a19c034) fix: move to node 24.x (ab6d493) fix: link doc (c83286a) fix: space in view name (ff4ac90) fix: space in view name (d0c570f) fix: urlencode (f66608d)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Uclusion/update-job">https://github.com/Uclusion/update-job</a></strong> to version <strong>v1.1.3</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/update-uclusion">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>J-all-329 Only mark job complete when it has no open tasks (bd99322)</li>
<li>T-all-2240 Make testPush a no-op smoke test (fixed no-code message) (deabf19)</li>
<li>T-all-2238 Reconcile job deploy state on push; configurable pending label (de092bb)</li>
<li>fix: Only extract job ids. (340d9bb)</li>
<li>fix: move to node 24.x (a19c034)</li>
<li>fix: move to node 24.x (ab6d493)</li>
<li>fix: link doc (c83286a)</li>
<li>fix: space in view name (ff4ac90)</li>
<li>fix: space in view name (d0c570f)</li>
<li>fix: urlencode (f66608d)</li>
</ul>
]]></content:encoded></item><item><title>Velda Run job</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/velda-run-job/</link><pubDate>Thu, 02 Jul 2026 06:39:12 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/velda-run-job/</guid><description>Version updated for https://github.com/velda-io/action to version v0.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/velda-io/action">https://github.com/velda-io/action</a></strong> to version <strong>v0.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/velda-run-job">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Initial release</p>
]]></content:encoded></item><item><title>install spaces</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/install-spaces/</link><pubDate>Thu, 02 Jul 2026 06:38:39 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/install-spaces/</guid><description>Version updated for https://github.com/work-spaces/install-spaces to version v0.17.1.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.1 by @tyler-gilbert in https://github.com/work-spaces/install-spaces/pull/32 Full Changelog: https://github.com/work-spaces/install-spaces/compare/v0.16.0...v0.17.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/work-spaces/install-spaces">https://github.com/work-spaces/install-spaces</a></strong> to version <strong>v0.17.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>5</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/install-spaces">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Bump version to v0.17.1 by @tyler-gilbert in <a href="https://github.com/work-spaces/install-spaces/pull/32">https://github.com/work-spaces/install-spaces/pull/32</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/work-spaces/install-spaces/compare/v0.16.0...v0.17.1">https://github.com/work-spaces/install-spaces/compare/v0.16.0...v0.17.1</a></p>
]]></content:encoded></item><item><title>Run PHP Scoper</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/run-php-scoper/</link><pubDate>Thu, 02 Jul 2026 06:38:05 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/02/run-php-scoper/</guid><description>Version updated for https://github.com/WPTechnix/run-php-scoper to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v1.0.0 Initial release of the PHP-Scoper Action, a composite GitHub Action for scoping PHP project dependencies using humbug/php-scoper.
What’s Included PHP version selection: Choose any PHP version using php-version (default: 8.2).
Flexible PHP-Scoper versions: Use a specific release tag, version constraint, or branch with scoper-version.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/WPTechnix/run-php-scoper">https://github.com/WPTechnix/run-php-scoper</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/run-php-scoper">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="v100">v1.0.0</h1>
<p>Initial release of the PHP-Scoper Action, a composite GitHub Action for scoping PHP project dependencies using <code>humbug/php-scoper</code>.</p>
<h2 id="whats-included">What&rsquo;s Included</h2>
<ul>
<li>
<p><strong>PHP version selection</strong>: Choose any PHP version using <code>php-version</code> (default: <code>8.2</code>).</p>
</li>
<li>
<p><strong>Flexible PHP-Scoper versions</strong>: Use a specific release tag, version constraint, or branch with <code>scoper-version</code>.</p>
</li>
<li>
<p><strong>Custom working directory</strong>: Run the action from any subdirectory within your repository.</p>
</li>
<li>
<p><strong>Configurable PHP-Scoper configuration</strong>: Specify the path to <code>scoper.inc.php</code> using a relative or absolute path.</p>
</li>
<li>
<p><strong>Optional Composer installation</strong>: Skip <code>composer install</code> when the <code>vendor/</code> directory already exists.</p>
</li>
<li>
<p><strong>Custom Composer arguments</strong>: Pass additional Composer options through <code>composer-args</code>.</p>
</li>
<li>
<p><strong>Early validation</strong>: Validate the working directory, configuration file, and PHP version before installing dependencies.</p>
</li>
<li>
<p><strong>Action outputs</strong>:</p>
<ul>
<li><code>output-path</code>: Absolute path to the generated scoped build.</li>
<li><code>scoped-files</code>: Total number of scoped PHP files.</li>
</ul>
</li>
</ul>
]]></content:encoded></item><item><title>ansede-static</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ansede-static/</link><pubDate>Wed, 01 Jul 2026 22:44:25 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ansede-static/</guid><description>Version updated for https://github.com/mattybellx/Ansede to version v5.2.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed [5.0.0] — 2026-06-27 Added Rust Pattern Engine — Native regex matching via PyO3 (ansede_rust_core), 3.6x faster on large files with graceful Python fallback Java Tree-Sitter AST Analyzer (java_ast_analyzer.py) — Replaces regex heuristics with accurate AST parsing. 9 checkers: CWE-89, CWE-78, CWE-328, CWE-918, CWE-601, CWE-79, CWE-798, CWE-22, CWE-862 4 New Detectors: CWE-942 (CORS wildcard), CWE-94 (Jinja2 SSTI), CWE-362 (TOCTOU), CWE-862 (Spring Actuator) Precision Benchmark Harness (benchmarks/precision_benchmark.py) — Multi-language, multi-repo precision tracking with per-CWE heatmaps is_framework_internal() context filter — Suppresses findings in framework/library internals (Flask src/, Express lib/) 21-repo scale proof — Validated across 7 languages with 99%+ precision on clean code Changed — Precision (99.4% FP Reduction) Calibration: Removed bare method names (exec, query, execute, raw) from callee sets to prevent Mongoose/ORM false positives Calibration: JS-023 regex anchored with (?&amp;lt;!\.) to prevent Browserify .require() false positives Calibration: Extended ambiguous callee guard to resolve/join for path traversal Calibration: JS-018 __proto__:null now recognized as defensive pattern, not prototype pollution Calibration: Java write() XSS check requires HTTP response receiver, not JSON writer Calibration: 9 CVE benchmark severity thresholds corrected (MEDIUM→MEDIUM, not HIGH) Calibration: CWE-295, CWE-502, CWE-532 added to test-file noise filter Changed — Performance (96% Faster) AST walk cache: Pre-computed per-function node lists shared across all 49 Python rules _rule_24 fix: Module-level AST walk moved outside per-function loop (20x → 1x) Lazy symbolic guards: Skip when no findings or conditionals present Lazy datascience rules: Skip for files without DS imports Java regex→AST: Always uses tree-sitter when available, eliminating regex overhead Fixed Windows path handling: \tests\, \examples\, \docs\ backslash patterns in triage filters Empty CWE display: PY-003 assigned CWE-252, PY-044 assigned CWE-1120 Test-file CWE-98 suppression: Dynamic require in test files correctly filtered CVE Recall: 92.7%→100% (164/164 across 5 languages) What’s New Since v4.1.0 100% CVE recall (164/164) — every known vulnerability detected 99.4% FP reduction on 5 clean repos (535→3 findings) 86% FP reduction on 21 repos across 7 languages 96% faster Python scanning (2,600→5,100 LOC/s) 3.6x faster JavaScript pattern matching via Rust engine Java AST analyzer replaces regex, PetClinic: 38→0 findings</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mattybellx/Ansede">https://github.com/mattybellx/Ansede</a></strong> to version <strong>v5.2.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ansede-static">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="500--2026-06-27">[5.0.0] — 2026-06-27</h2>
<h3 id="added">Added</h3>
<ul>
<li><strong>Rust Pattern Engine</strong> — Native regex matching via PyO3 (<code>ansede_rust_core</code>), 3.6x faster on large files with graceful Python fallback</li>
<li><strong>Java Tree-Sitter AST Analyzer</strong> (<code>java_ast_analyzer.py</code>) — Replaces regex heuristics with accurate AST parsing. 9 checkers: CWE-89, CWE-78, CWE-328, CWE-918, CWE-601, CWE-79, CWE-798, CWE-22, CWE-862</li>
<li><strong>4 New Detectors</strong>: CWE-942 (CORS wildcard), CWE-94 (Jinja2 SSTI), CWE-362 (TOCTOU), CWE-862 (Spring Actuator)</li>
<li><strong>Precision Benchmark Harness</strong> (<code>benchmarks/precision_benchmark.py</code>) — Multi-language, multi-repo precision tracking with per-CWE heatmaps</li>
<li><strong><code>is_framework_internal()</code> context filter</strong> — Suppresses findings in framework/library internals (Flask src/, Express lib/)</li>
<li><strong>21-repo scale proof</strong> — Validated across 7 languages with 99%+ precision on clean code</li>
</ul>
<h3 id="changed--precision-994-fp-reduction">Changed — Precision (99.4% FP Reduction)</h3>
<ul>
<li><strong>Calibration</strong>: Removed bare method names (<code>exec</code>, <code>query</code>, <code>execute</code>, <code>raw</code>) from callee sets to prevent Mongoose/ORM false positives</li>
<li><strong>Calibration</strong>: <code>JS-023</code> regex anchored with <code>(?&lt;!\.)</code> to prevent Browserify <code>.require()</code> false positives</li>
<li><strong>Calibration</strong>: Extended ambiguous callee guard to <code>resolve</code>/<code>join</code> for path traversal</li>
<li><strong>Calibration</strong>: <code>JS-018</code> <code>__proto__:null</code> now recognized as defensive pattern, not prototype pollution</li>
<li><strong>Calibration</strong>: Java <code>write()</code> XSS check requires HTTP response receiver, not JSON writer</li>
<li><strong>Calibration</strong>: 9 CVE benchmark severity thresholds corrected (MEDIUM→MEDIUM, not HIGH)</li>
<li><strong>Calibration</strong>: <code>CWE-295</code>, <code>CWE-502</code>, <code>CWE-532</code> added to test-file noise filter</li>
</ul>
<h3 id="changed--performance-96-faster">Changed — Performance (96% Faster)</h3>
<ul>
<li><strong>AST walk cache</strong>: Pre-computed per-function node lists shared across all 49 Python rules</li>
<li><strong><code>_rule_24</code> fix</strong>: Module-level AST walk moved outside per-function loop (20x → 1x)</li>
<li><strong>Lazy symbolic guards</strong>: Skip when no findings or conditionals present</li>
<li><strong>Lazy datascience rules</strong>: Skip for files without DS imports</li>
<li><strong>Java regex→AST</strong>: Always uses tree-sitter when available, eliminating regex overhead</li>
</ul>
<h3 id="fixed">Fixed</h3>
<ul>
<li><strong>Windows path handling</strong>: <code>\tests\</code>, <code>\examples\</code>, <code>\docs\</code> backslash patterns in triage filters</li>
<li><strong>Empty CWE display</strong>: <code>PY-003</code> assigned <code>CWE-252</code>, <code>PY-044</code> assigned <code>CWE-1120</code></li>
<li><strong>Test-file CWE-98 suppression</strong>: Dynamic require in test files correctly filtered</li>
<li><strong>CVE Recall</strong>: 92.7%→100% (164/164 across 5 languages)</li>
</ul>
<h3 id="whats-new-since-v410">What&rsquo;s New Since v4.1.0</h3>
<ul>
<li><strong>100% CVE recall</strong> (164/164) — every known vulnerability detected</li>
<li><strong>99.4% FP reduction</strong> on 5 clean repos (535→3 findings)</li>
<li><strong>86% FP reduction</strong> on 21 repos across 7 languages</li>
<li><strong>96% faster</strong> Python scanning (2,600→5,100 LOC/s)</li>
<li><strong>3.6x faster</strong> JavaScript pattern matching via Rust engine</li>
<li><strong>Java AST analyzer</strong> replaces regex, PetClinic: 38→0 findings</li>
</ul>
]]></content:encoded></item><item><title>Claude Ralph Loop</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/claude-ralph-loop/</link><pubDate>Wed, 01 Jul 2026 22:43:52 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/claude-ralph-loop/</guid><description>Version updated for https://github.com/mdelapenya/claude-ralph-github-action to version v0.8.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changes feat: wrap claude execution in Docker sbx sandbox @mdelapenya (#95) Contributors @mdelapenya</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mdelapenya/claude-ralph-github-action">https://github.com/mdelapenya/claude-ralph-github-action</a></strong> to version <strong>v0.8.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/claude-ralph-loop">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="changes">Changes</h2>
<ul>
<li>feat: wrap claude execution in Docker sbx sandbox @mdelapenya (#95)</li>
</ul>
<h2 id="contributors">Contributors</h2>
<p>@mdelapenya</p>
]]></content:encoded></item><item><title>FHIR Validator</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/fhir-validator/</link><pubDate>Wed, 01 Jul 2026 22:43:19 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/fhir-validator/</guid><description>Version updated for https://github.com/medvertical/records-fhir-validator to version validator-v0.4.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed npm tarball release for @records-fhir/validator@0.4.1. Synced from medvertical/records monorepo.
Install npm install @records-fhir/validator@0.4.1 What’s new in 0.4.1 Patch release for the standalone validator evidence lanes and MII reference workflow. Released with @records-fhir/validation-types 0.1.5.
Added Added validator claim summary generation for publishing the current HL7, MII reference, and FHIR Schema dual-path evidence in one machine-readable artifact. Added FHIR Schema dual-path action reporting so unconfirmed graph/reference buckets remain explicit follow-up work instead of hidden parity debt. Added package-backed terminology diagnostics and local terminology server helpers for deterministic MII/FHIR Schema quality lanes. Changed Hardened the MII reference triangulation workflow with reference-health probes, policy-rule extraction, skip taxonomy, and failed-profile prewarm details. Refreshed the public validator documentation around the 2026-07-01 evidence: 496/496 HL7 executable JSON comparisons, 231/231 measured MII reference parity, and 555-fixture FHIR Schema dual-path coverage. Tightened FHIR Schema graph slicing, reference-target extraction, and pattern diagnostics while keeping the graph path in parallel evidence mode. Fixed Fixed MII package relevance detection so package names containing substrings such as isik are not misclassified as Gematik ISiK packages. Fixed nested profile slice scoping and choice/FHIRPath edge cases uncovered by the MII and FHIR Schema dual-path lanes. Verification Verified with repository lint, stable tests, targeted validator Vitest suites, full affected conformance, MII reference gate, HL7 parity gate, and FHIR Schema dual-path report generation. Matched npm tarballs @records-fhir/validator@0.4.1 — also tagged validator-v0.4.1 @records-fhir/validation-types@0.1.5 The matching GitHub Action release (if any) is published separately under tag v0.4.1 and is not auto-synced; this release covers the npm package only.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/medvertical/records-fhir-validator">https://github.com/medvertical/records-fhir-validator</a></strong> to version <strong>validator-v0.4.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/fhir-validator">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>npm tarball release for <code>@records-fhir/validator@0.4.1</code>. Synced from medvertical/records monorepo.</p>
<h2 id="install">Install</h2>
<pre tabindex="0"><code>npm install @records-fhir/validator@0.4.1
</code></pre><h2 id="whats-new-in-041">What&rsquo;s new in 0.4.1</h2>
<p>Patch release for the standalone validator evidence lanes and MII reference
workflow. Released with <code>@records-fhir/validation-types</code> 0.1.5.</p>
<h3 id="added">Added</h3>
<ul>
<li>Added validator claim summary generation for publishing the current HL7,
MII reference, and FHIR Schema dual-path evidence in one machine-readable
artifact.</li>
<li>Added FHIR Schema dual-path action reporting so unconfirmed graph/reference
buckets remain explicit follow-up work instead of hidden parity debt.</li>
<li>Added package-backed terminology diagnostics and local terminology server
helpers for deterministic MII/FHIR Schema quality lanes.</li>
</ul>
<h3 id="changed">Changed</h3>
<ul>
<li>Hardened the MII reference triangulation workflow with reference-health
probes, policy-rule extraction, skip taxonomy, and failed-profile prewarm
details.</li>
<li>Refreshed the public validator documentation around the 2026-07-01 evidence:
496/496 HL7 executable JSON comparisons, 231/231 measured MII reference
parity, and 555-fixture FHIR Schema dual-path coverage.</li>
<li>Tightened FHIR Schema graph slicing, reference-target extraction, and pattern
diagnostics while keeping the graph path in parallel evidence mode.</li>
</ul>
<h3 id="fixed">Fixed</h3>
<ul>
<li>Fixed MII package relevance detection so package names containing substrings
such as <code>isik</code> are not misclassified as Gematik ISiK packages.</li>
<li>Fixed nested profile slice scoping and choice/FHIRPath edge cases uncovered
by the MII and FHIR Schema dual-path lanes.</li>
</ul>
<h3 id="verification">Verification</h3>
<ul>
<li>Verified with repository lint, stable tests, targeted validator Vitest
suites, full affected conformance, MII reference gate, HL7 parity gate, and
FHIR Schema dual-path report generation.</li>
</ul>
<h2 id="matched-npm-tarballs">Matched npm tarballs</h2>
<ul>
<li><code>@records-fhir/validator@0.4.1</code> — also tagged <code>validator-v0.4.1</code></li>
<li><code>@records-fhir/validation-types@0.1.5</code></li>
</ul>
<p>The matching GitHub Action release (if any) is published separately under tag <code>v0.4.1</code> and is not auto-synced; this release covers the npm package only.</p>
]]></content:encoded></item><item><title>Agent Security Harness</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/agent-security-harness/</link><pubDate>Wed, 01 Jul 2026 22:42:46 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/agent-security-harness/</guid><description>Version updated for https://github.com/msaleme/red-team-blue-team-agent-fabric to version v4.7.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The harness now tests all four layers of the agentic-payments stack. Since the last PyPI release (v4.5.0), two conformance layers landed — this release ships both.
Highlights (v4.5.0 → v4.7.0: 474 → 520 tests, 33 → 36 modules) Merchant-journey layer — NEW (UCP/ACP), #228 ucp_acp_harness.py — 12 tests, stdlib-only, fail-closed reference verifier.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/msaleme/red-team-blue-team-agent-fabric">https://github.com/msaleme/red-team-blue-team-agent-fabric</a></strong> to version <strong>v4.7.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agent-security-harness">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>The harness now tests all four layers of the agentic-payments stack.</strong> Since the last PyPI release (v4.5.0), two conformance layers landed — this release ships both.</p>
<h2 id="highlights-v450--v470-474--520-tests-33--36-modules">Highlights (v4.5.0 → v4.7.0: 474 → 520 tests, 33 → 36 modules)</h2>
<h3 id="merchant-journey-layer--new-ucpacp-228">Merchant-journey layer — NEW (UCP/ACP), #228</h3>
<p><code>ucp_acp_harness.py</code> — 12 tests, stdlib-only, fail-closed reference verifier.</p>
<ul>
<li><strong>UCP</strong> (Shopify Universal Cart): profile owner-key binding, cross-merchant line-item injection, journey step-order / skip-consent, quote integrity, cart-scope-vs-stated-intent, profile takeover.</li>
<li><strong>ACP</strong> (OpenAI/Stripe): checkout-session binding, SharedPaymentToken merchant + amount scope, order idempotency, product-feed authenticity, session expiry.</li>
</ul>
<h3 id="authorization--hardening-layer-ap2--fireblocks-x402-227">Authorization + hardening layer (AP2 + Fireblocks x402), #227</h3>
<p><code>ap2_harness.py</code> (17) + <code>x402_fireblocks_harness.py</code> (17) — AP2 mandate-chain authorization (FIDO-governed) and the Fireblocks x402 request-integrity / spend-governance / batch-settlement extension. Includes fixes to three fail-open verifier gaps (credential-release flag-trust, scope fail-open, SSRF range gap) surfaced by Bugbot, now guarded by negative tests.</p>
<h2 id="coverage-now-spans">Coverage now spans</h2>
<p>comms (MCP/A2A) → <strong>merchant journey (UCP/ACP)</strong> → authorization/trust (AP2/TAP) → settlement (x402/MPP/L402).</p>
<p>Full inventory: <code>docs/TEST-INVENTORY.md</code>. Verified by <code>scripts/count_tests.py</code> (definitive: 520).</p>
]]></content:encoded></item><item><title>PatchFlow Security Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/patchflow-security-scan/</link><pubDate>Wed, 01 Jul 2026 22:42:13 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/patchflow-security-scan/</guid><description>Version updated for https://github.com/Patchflow-security/patchflow-cli to version v0.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Patchflow-security/patchflow-cli">https://github.com/Patchflow-security/patchflow-cli</a></strong> to version <strong>v0.1.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/patchflow-security-scan">GitHub Marketplace</a> to find the latest changes.</p>
]]></content:encoded></item><item><title>Create and Configure Repository</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/create-and-configure-repository/</link><pubDate>Wed, 01 Jul 2026 22:41:39 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/create-and-configure-repository/</guid><description>Version updated for https://github.com/pdrodavi-group/create-configured-repo to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/pdrodavi-group/create-configured-repo/commits/v1.0.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/pdrodavi-group/create-configured-repo">https://github.com/pdrodavi-group/create-configured-repo</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/create-and-configure-repository">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/pdrodavi-group/create-configured-repo/commits/v1.0.0">https://github.com/pdrodavi-group/create-configured-repo/commits/v1.0.0</a></p>
]]></content:encoded></item><item><title>SkillTotal AI Component Security Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skilltotal-ai-component-security-scan/</link><pubDate>Wed, 01 Jul 2026 22:41:06 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skilltotal-ai-component-security-scan/</guid><description>Version updated for https://github.com/pezhik/skilltotal to version v0.24.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changed Prompt-injection/secret precision (ruleset 25): two more FPs on defensive/security content closed, recall-preserving. (1) A -----BEGIN PRIVATE KEY----- format marker held as a string constant (auth code building a PEM, e.g. @ai-sdk/google-vertex) no longer flags ST-SECRET-EMBEDDED — the pattern now requires actual base64 key material after the marker; a real multi-line key still fires. (2) A credential path cited inside a markdown inline-code span in a security guide (`write to ~/.ssh`, e.g. claude-blog) is routed to needs_review instead of ST-SENS-PATH — scoped to markdown, so a JS template literal in code and a bare path in prose still fire. Both removed spurious ST-COMBO-EXFIL escalations. New unit tests + negative corpus samples; FP floor and benign corpus stay at zero.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/pezhik/skilltotal">https://github.com/pezhik/skilltotal</a></strong> to version <strong>v0.24.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skilltotal-ai-component-security-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h3 id="changed">Changed</h3>
<ul>
<li><strong>Prompt-injection/secret precision (ruleset 25): two more FPs on defensive/security content
closed, recall-preserving.</strong> (1) A <code>-----BEGIN PRIVATE KEY-----</code> format marker held as a string
constant (auth code building a PEM, e.g. <code>@ai-sdk/google-vertex</code>) no longer flags
<code>ST-SECRET-EMBEDDED</code> — the pattern now requires actual base64 key material after the marker; a real
multi-line key still fires. (2) A credential path cited inside a markdown inline-code span in a
security guide (<code>`write to ~/.ssh`</code>, e.g. <code>claude-blog</code>) is routed to <code>needs_review</code> instead of
<code>ST-SENS-PATH</code> — scoped to markdown, so a JS template literal in code and a bare path in prose still
fire. Both removed spurious <code>ST-COMBO-EXFIL</code> escalations. New unit tests + negative corpus samples;
FP floor and benign corpus stay at zero.</li>
</ul>
]]></content:encoded></item><item><title>Sensez - Code Quality Feedback</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/sensez-code-quality-feedback/</link><pubDate>Wed, 01 Jul 2026 22:40:33 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/sensez-code-quality-feedback/</guid><description>Version updated for https://github.com/popov95s/sensez to version 0.1.6-alpha.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial release of the Sensez GitHub Action for pull request analysis.
What It Does Posts annotations and optional review comments on duplicated code blocks found in PR diffs. Fail-on-new thresholds let you gate merges on detected duplication. Language Support Python only in this initial release. JavaScript, TypeScript, and Rust support exist in the full CLI but are not yet shipped in the PyPI build used by the action. What Is Sensez? A structural maintainability tool that complements linters and type-checkers. It builds a graph representation of your code to detect structural duplication, dead code and code smell.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/popov95s/sensez">https://github.com/popov95s/sensez</a></strong> to version <strong>0.1.6-alpha</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/sensez-code-quality-feedback">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Initial release of the Sensez GitHub Action for pull request analysis.</p>
<h3 id="what-it-does">What It Does</h3>
<ul>
<li>Posts annotations and optional review comments on duplicated code blocks found in PR diffs. Fail-on-new thresholds let you gate merges on detected duplication.</li>
</ul>
<h3 id="language-support">Language Support</h3>
<ul>
<li>Python only in this initial release. JavaScript, TypeScript, and Rust support exist in the full CLI but are not yet shipped in the PyPI build used by the action.</li>
</ul>
<h3 id="what-is-sensez">What Is Sensez?</h3>
<p>A structural maintainability tool that complements linters and type-checkers. It builds a graph representation of your code to detect structural duplication, dead code and code smell.</p>
<h3 id="using-sensez-standalone-mcp--cli">Using Sensez Standalone (MCP / CLI)</h3>
<pre tabindex="0"><code>uv tool install sensez          # or: pip install sensez
sensez noze .                   # scan the current directory
</code></pre><p>For JS/TS:</p>
<pre tabindex="0"><code>npm install --dev sensez
npx sensez noze .
</code></pre><p>To use the MCP server (IDE integration):</p>
<pre tabindex="0"><code>sensez init
</code></pre><p>or</p>
<pre tabindex="0"><code>npx sensez init
</code></pre>]]></content:encoded></item><item><title>Postman Onboarding Workspace Bootstrap</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-workspace-bootstrap/</link><pubDate>Wed, 01 Jul 2026 22:39:59 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-workspace-bootstrap/</guid><description>Version updated for https://github.com/postman-cs/postman-bootstrap-action to version v2.1.2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-bootstrap-action/compare/v2.1.1...v2.1.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-bootstrap-action">https://github.com/postman-cs/postman-bootstrap-action</a></strong> to version <strong>v2.1.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-workspace-bootstrap">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-bootstrap-action/compare/v2.1.1...v2.1.2">https://github.com/postman-cs/postman-bootstrap-action/compare/v2.1.1...v2.1.2</a></p>
]]></content:encoded></item><item><title>Postman Onboarding Repo Sync</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-repo-sync/</link><pubDate>Wed, 01 Jul 2026 22:39:26 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-repo-sync/</guid><description>Version updated for https://github.com/postman-cs/postman-repo-sync-action to version v2.0.1.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-repo-sync-action/compare/v2.0.0...v2.0.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-repo-sync-action">https://github.com/postman-cs/postman-repo-sync-action</a></strong> to version <strong>v2.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-repo-sync">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-repo-sync-action/compare/v2.0.0...v2.0.1">https://github.com/postman-cs/postman-repo-sync-action/compare/v2.0.0...v2.0.1</a></p>
]]></content:encoded></item><item><title>Postman Onboarding Smoke Flow</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-smoke-flow/</link><pubDate>Wed, 01 Jul 2026 22:38:53 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-smoke-flow/</guid><description>Version updated for https://github.com/postman-cs/postman-smoke-flow-action to version v2.0.1.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/postman-cs/postman-smoke-flow-action/compare/v2.0.0...v2.0.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-smoke-flow-action">https://github.com/postman-cs/postman-smoke-flow-action</a></strong> to version <strong>v2.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-smoke-flow">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-smoke-flow-action/compare/v2.0.0...v2.0.1">https://github.com/postman-cs/postman-smoke-flow-action/compare/v2.0.0...v2.0.1</a></p>
]]></content:encoded></item><item><title>Rearm Build And Submit Release metadata action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rearm-build-and-submit-release-metadata-action/</link><pubDate>Wed, 01 Jul 2026 22:38:19 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rearm-build-and-submit-release-metadata-action/</guid><description>Version updated for https://github.com/relizaio/rearm-docker-action to version 1.13.4.
This action is used across all versions by 6 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Address zizmor findings Bump rearm-actions to v1.7.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/relizaio/rearm-docker-action">https://github.com/relizaio/rearm-docker-action</a></strong> to version <strong>1.13.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>6</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/rearm-build-and-submit-release-metadata-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>Address zizmor findings</li>
<li>Bump rearm-actions to v1.7.0</li>
</ul>
]]></content:encoded></item><item><title>ReARM Version and Publish Helm Chart Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rearm-version-and-publish-helm-chart-action/</link><pubDate>Wed, 01 Jul 2026 22:37:46 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rearm-version-and-publish-helm-chart-action/</guid><description>Version updated for https://github.com/relizaio/rearm-helm-action to version 1.10.2.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Address zizmor findings Bump rearm-actions to v1.7.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/relizaio/rearm-helm-action">https://github.com/relizaio/rearm-helm-action</a></strong> to version <strong>1.10.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>3</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/rearm-version-and-publish-helm-chart-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>Address zizmor findings</li>
<li>Bump rearm-actions to v1.7.0</li>
</ul>
]]></content:encoded></item><item><title>Remyx Outrider</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/remyx-outrider/</link><pubDate>Wed, 01 Jul 2026 22:37:13 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/remyx-outrider/</guid><description>Version updated for https://github.com/remyxai/outrider to version v1.7.0.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Behavior changes that replace categorical shape-label guards with measurement-based decisions, and give the selection stage access to workflow-attached tooling (ENVIRONMENTS.md).
Behavior changes Substitution guard removed. shape in (&amp;#34;replacement&amp;#34;, &amp;#34;simplification&amp;#34;) → auto-Issue short-circuit no longer fires before implementation. Replacement/simplification runs proceed; the path allowlist + check_integration() catch broken diffs on measured evidence. ENVIRONMENTS.md at selection. Loader runs early and threads the body into select_recommendation’s prompt, so the selection agent has workflow-attached tooling (AST-search skills, MCP servers) while verifying candidates. Empty ENVIRONMENTS.md = unchanged behavior. Self-review orphan surfaced, not vetoed. When is_orphan=true, the PR ships with a prominent warning in the body instead of being downgraded to Issue. Upstream measurement-based gates already catch scaffold-shaped diffs. Confabulation check. Extracts path-like tokens from selection_reasoning and verifies each against the workdir. Step-summary shows N of M verified; a 0 of N verified line surfaces confidently-wrong reasoning. Compatibility Backwards-compatible for runs without an ENVIRONMENTS.md file (loader no-ops). No config changes needed.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/remyxai/outrider">https://github.com/remyxai/outrider</a></strong> to version <strong>v1.7.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/remyx-outrider">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Behavior changes that replace categorical shape-label guards with measurement-based decisions, and give the selection stage access to workflow-attached tooling (ENVIRONMENTS.md).</p>
<h2 id="behavior-changes">Behavior changes</h2>
<ul>
<li><strong>Substitution guard removed.</strong> <code>shape in (&quot;replacement&quot;, &quot;simplification&quot;) → auto-Issue</code> short-circuit no longer fires before implementation. Replacement/simplification runs proceed; the path allowlist + <code>check_integration()</code> catch broken diffs on measured evidence.</li>
<li><strong>ENVIRONMENTS.md at selection.</strong> Loader runs early and threads the body into <code>select_recommendation</code>&rsquo;s prompt, so the selection agent has workflow-attached tooling (AST-search skills, MCP servers) while verifying candidates. Empty ENVIRONMENTS.md = unchanged behavior.</li>
<li><strong>Self-review orphan surfaced, not vetoed.</strong> When <code>is_orphan=true</code>, the PR ships with a prominent warning in the body instead of being downgraded to Issue. Upstream measurement-based gates already catch scaffold-shaped diffs.</li>
<li><strong>Confabulation check.</strong> Extracts path-like tokens from <code>selection_reasoning</code> and verifies each against the workdir. Step-summary shows <code>N of M verified</code>; a <code>0 of N verified</code> line surfaces confidently-wrong reasoning.</li>
</ul>
<h2 id="compatibility">Compatibility</h2>
<p>Backwards-compatible for runs without an ENVIRONMENTS.md file (loader no-ops). No config changes needed.</p>
<h2 id="motivating-cases">Motivating cases</h2>
<ul>
<li>opik SAFARI (this release, validated live) — full-chain reach-PR</li>
<li>agents Entity Binding — full-chain reach-PR</li>
<li>Prior misfires (unsloth-retry confabulation, opik LettuceDetect library-shape downgrade, unsloth+TokenPilot substitution-guard downgrade) — all catchable / preventable with this release</li>
</ul>
]]></content:encoded></item><item><title>Jira Sprint CalVer</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/jira-sprint-calver/</link><pubDate>Wed, 01 Jul 2026 22:36:40 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/jira-sprint-calver/</guid><description>Version updated for https://github.com/RuBAN-GT/jira-sprint-calver-action to version v1.0.2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.0.2 (2026-07-01) Bug Fixes Minor update (7402e43)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/RuBAN-GT/jira-sprint-calver-action">https://github.com/RuBAN-GT/jira-sprint-calver-action</a></strong> to version <strong>v1.0.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/jira-sprint-calver">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="102-2026-07-01"><a href="https://github.com/RuBAN-GT/jira-sprint-calver-action/compare/v1.0.1...v1.0.2">1.0.2</a> (2026-07-01)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>Minor update (<a href="https://github.com/RuBAN-GT/jira-sprint-calver-action/commit/7402e43549192938192dc8f83b81f7a0bd9b6d3b">7402e43</a>)</li>
</ul>
]]></content:encoded></item><item><title>Skyhook Cloud Login</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-cloud-login/</link><pubDate>Wed, 01 Jul 2026 22:36:07 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-cloud-login/</guid><description>Version updated for https://github.com/skyhook-io/cloud-login to version v1.11.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.11.1 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#2) (d64734d)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/skyhook-io/cloud-login">https://github.com/skyhook-io/cloud-login</a></strong> to version <strong>v1.11.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skyhook-cloud-login">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="1111-2026-07-01"><a href="https://github.com/skyhook-io/cloud-login/compare/v1.11.0...v1.11.1">1.11.1</a> (2026-07-01)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>upgrade GitHub Actions dependencies (<a href="https://github.com/skyhook-io/cloud-login/issues/2">#2</a>) (<a href="https://github.com/skyhook-io/cloud-login/commit/d64734dd2148b8f34f77853c34498b2c5fd3e830">d64734d</a>)</li>
</ul>
]]></content:encoded></item><item><title>Skyhook Docker Multi-Registry Build Push</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-docker-multi-registry-build-push/</link><pubDate>Wed, 01 Jul 2026 22:35:33 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-docker-multi-registry-build-push/</guid><description>Version updated for https://github.com/skyhook-io/docker-build-push-action to version v2.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 2.0.0 (2026-07-01) feat!: upgrade Docker actions and drop buildx_install input (#7) (09a68f8) BREAKING CHANGES removed the buildx_install input. docker/setup-buildx-action v4 removed its install input, so the composite no longer exposes buildx_install; the docker build -&amp;gt; docker buildx build alias it enabled is gone. Use the BUILDX_BUILDER env var if that behavior is needed. Claude-Session: https://claude.ai/code/session_011T9ASy4VmRoYrnuTsLd9oU</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/skyhook-io/docker-build-push-action">https://github.com/skyhook-io/docker-build-push-action</a></strong> to version <strong>v2.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skyhook-docker-multi-registry-build-push">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="200-2026-07-01"><a href="https://github.com/skyhook-io/docker-build-push-action/compare/v1.5.2...v2.0.0">2.0.0</a> (2026-07-01)</h1>
<ul>
<li>feat!: upgrade Docker actions and drop buildx_install input (<a href="https://github.com/skyhook-io/docker-build-push-action/issues/7">#7</a>) (<a href="https://github.com/skyhook-io/docker-build-push-action/commit/09a68f83b7508e143b63dc823259a2192bcc6d33">09a68f8</a>)</li>
</ul>
<h3 id="breaking-changes">BREAKING CHANGES</h3>
<ul>
<li>removed the buildx_install input. docker/setup-buildx-action v4 removed its install input, so the composite no longer exposes buildx_install; the docker build -&gt; docker buildx build alias it enabled is gone. Use the BUILDX_BUILDER env var if that behavior is needed.</li>
</ul>
<p>Claude-Session: <a href="https://claude.ai/code/session_011T9ASy4VmRoYrnuTsLd9oU">https://claude.ai/code/session_011T9ASy4VmRoYrnuTsLd9oU</a></p>
<ul>
<li>ci: add Dependabot for GitHub Actions</li>
</ul>
]]></content:encoded></item><item><title>Skyhook GitHub Auth Token</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-github-auth-token/</link><pubDate>Wed, 01 Jul 2026 22:35:00 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-github-auth-token/</guid><description>Version updated for https://github.com/skyhook-io/github-auth-token to version v1.1.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.1.1 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#1) (4d92bbc)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/skyhook-io/github-auth-token">https://github.com/skyhook-io/github-auth-token</a></strong> to version <strong>v1.1.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skyhook-github-auth-token">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="111-2026-07-01"><a href="https://github.com/skyhook-io/github-auth-token/compare/v1.1.0...v1.1.1">1.1.1</a> (2026-07-01)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>upgrade GitHub Actions dependencies (<a href="https://github.com/skyhook-io/github-auth-token/issues/1">#1</a>) (<a href="https://github.com/skyhook-io/github-auth-token/commit/4d92bbcfb92d7c074c4876d6321f86cd3746a2aa">4d92bbc</a>)</li>
</ul>
]]></content:encoded></item><item><title>Skyhook Login to AWS</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-login-to-aws/</link><pubDate>Wed, 01 Jul 2026 22:34:26 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-login-to-aws/</guid><description>Version updated for https://github.com/skyhook-io/login-aws to version v1.7.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.7.2 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#1) (d7837a6)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/skyhook-io/login-aws">https://github.com/skyhook-io/login-aws</a></strong> to version <strong>v1.7.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skyhook-login-to-aws">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="172-2026-07-01"><a href="https://github.com/skyhook-io/login-aws/compare/v1.7.1...v1.7.2">1.7.2</a> (2026-07-01)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>upgrade GitHub Actions dependencies (<a href="https://github.com/skyhook-io/login-aws/issues/1">#1</a>) (<a href="https://github.com/skyhook-io/login-aws/commit/d7837a673c237b66874c4a94abf965bf7380b45c">d7837a6</a>)</li>
</ul>
]]></content:encoded></item><item><title>Skyhook Login to Azure AKS</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-login-to-azure-aks/</link><pubDate>Wed, 01 Jul 2026 22:33:53 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-login-to-azure-aks/</guid><description>Version updated for https://github.com/skyhook-io/login-azure-aks to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.0.1 (2026-07-01) Bug Fixes update author from KoalaOps to Skyhook (92c7dc0) upgrade GitHub Actions dependencies (#1) (65c0a96)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/skyhook-io/login-azure-aks">https://github.com/skyhook-io/login-azure-aks</a></strong> to version <strong>v1.0.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skyhook-login-to-azure-aks">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="101-2026-07-01"><a href="https://github.com/skyhook-io/login-azure-aks/compare/v1.0.0...v1.0.1">1.0.1</a> (2026-07-01)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>update author from KoalaOps to Skyhook (<a href="https://github.com/skyhook-io/login-azure-aks/commit/92c7dc09169d27f1ed98f3395dde3bb9f0d6648e">92c7dc0</a>)</li>
<li>upgrade GitHub Actions dependencies (<a href="https://github.com/skyhook-io/login-azure-aks/issues/1">#1</a>) (<a href="https://github.com/skyhook-io/login-azure-aks/commit/65c0a96ab3580dd3840b90872c3b378c251f2678">65c0a96</a>)</li>
</ul>
]]></content:encoded></item><item><title>Skyhook Login to GCP GKE</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-login-to-gcp-gke/</link><pubDate>Wed, 01 Jul 2026 22:33:20 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/skyhook-login-to-gcp-gke/</guid><description>Version updated for https://github.com/skyhook-io/login-gcp-gke to version v1.2.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.2.2 (2026-07-01) Bug Fixes upgrade GitHub Actions dependencies (#2) (70f56db)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/skyhook-io/login-gcp-gke">https://github.com/skyhook-io/login-gcp-gke</a></strong> to version <strong>v1.2.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/skyhook-login-to-gcp-gke">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="122-2026-07-01"><a href="https://github.com/skyhook-io/login-gcp-gke/compare/v1.2.1...v1.2.2">1.2.2</a> (2026-07-01)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li>upgrade GitHub Actions dependencies (<a href="https://github.com/skyhook-io/login-gcp-gke/issues/2">#2</a>) (<a href="https://github.com/skyhook-io/login-gcp-gke/commit/70f56db3163c38b9cb412f11dd70fe785348fd9b">70f56db</a>)</li>
</ul>
]]></content:encoded></item><item><title>rsync action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rsync-action/</link><pubDate>Wed, 01 Jul 2026 22:32:47 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rsync-action/</guid><description>Version updated for https://github.com/spotdemo4/rsync-action to version v0.0.2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed bump: v0.0.1 -&amp;gt; v0.0.2 (48fa2b3) ci(release): replace flake-release and npm publish with gh/forgejo cli (f595fd4) chore(deps): update dependency rolldown to ^1.1.4 (#1) (aa20caf) ci(workflows): add rsync tag and release automation (d0abd20) fix(action): parse rsync TLS port with fallback and range checks (e825732) refactor(action): use static rsync releases for tool setup (7739f63) fix(flake): use pkgs.rsync instead of pkgs.pkgsStatic in overlay (9e2dc66) ci: run checks on amd64 and arm64 runner matrix (7eb0273) ci(check): pass rsync auth inputs to workflow step (3398413) build(flake): update inputs and skip rsync itemize test (0ba1338)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/spotdemo4/rsync-action">https://github.com/spotdemo4/rsync-action</a></strong> to version <strong>v0.0.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/rsync-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>bump: v0.0.1 -&gt; v0.0.2 (48fa2b3)</li>
<li>ci(release): replace flake-release and npm publish with gh/forgejo cli (f595fd4)</li>
<li>chore(deps): update dependency rolldown to ^1.1.4 (#1) (aa20caf)</li>
<li>ci(workflows): add rsync tag and release automation (d0abd20)</li>
<li>fix(action): parse rsync TLS port with fallback and range checks (e825732)</li>
<li>refactor(action): use static rsync releases for tool setup (7739f63)</li>
<li>fix(flake): use pkgs.rsync instead of pkgs.pkgsStatic in overlay (9e2dc66)</li>
<li>ci: run checks on amd64 and arm64 runner matrix (7eb0273)</li>
<li>ci(check): pass rsync auth inputs to workflow step (3398413)</li>
<li>build(flake): update inputs and skip rsync itemize test (0ba1338)</li>
</ul>
]]></content:encoded></item><item><title>Setup Tombi</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/setup-tombi/</link><pubDate>Wed, 01 Jul 2026 22:32:13 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/setup-tombi/</guid><description>Version updated for https://github.com/tombi-toml/setup-tombi to version v1.1.7.
This action is used across all versions by 130 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed This setup-tombi release matches tombi v1.1.7.
Full Changelog: https://github.com/tombi-toml/setup-tombi/compare/v1...v1.1.7</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/tombi-toml/setup-tombi">https://github.com/tombi-toml/setup-tombi</a></strong> to version <strong>v1.1.7</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>130</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-tombi">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>This setup-tombi release matches <a href="https://github.com/tombi-toml/tombi/releases/tag/v1.1.7">tombi v1.1.7</a>.</p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/tombi-toml/setup-tombi/compare/v1...v1.1.7">https://github.com/tombi-toml/setup-tombi/compare/v1...v1.1.7</a></p>
]]></content:encoded></item><item><title>Cloudflare Email Sending</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/cloudflare-email-sending/</link><pubDate>Wed, 01 Jul 2026 22:31:40 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/cloudflare-email-sending/</guid><description>Version updated for https://github.com/tourcoder/cloudflare-email-sending to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/tourcoder/cloudflare-email-sending/commits/v1.0.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/tourcoder/cloudflare-email-sending">https://github.com/tourcoder/cloudflare-email-sending</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/cloudflare-email-sending">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/tourcoder/cloudflare-email-sending/commits/v1.0.0">https://github.com/tourcoder/cloudflare-email-sending/commits/v1.0.0</a></p>
]]></content:encoded></item><item><title>spaces checkout run</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/spaces-checkout-run/</link><pubDate>Wed, 01 Jul 2026 22:31:06 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/spaces-checkout-run/</guid><description>Version updated for https://github.com/work-spaces/spaces-checkout-run to version v0.17.1.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Bump version to v0.17.1 by @tyler-gilbert in https://github.com/work-spaces/spaces-checkout-run/pull/26 Full Changelog: https://github.com/work-spaces/spaces-checkout-run/compare/v0.16.0...v0.17.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/work-spaces/spaces-checkout-run">https://github.com/work-spaces/spaces-checkout-run</a></strong> to version <strong>v0.17.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/spaces-checkout-run">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Bump version to v0.17.1 by @tyler-gilbert in <a href="https://github.com/work-spaces/spaces-checkout-run/pull/26">https://github.com/work-spaces/spaces-checkout-run/pull/26</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/work-spaces/spaces-checkout-run/compare/v0.16.0...v0.17.1">https://github.com/work-spaces/spaces-checkout-run/compare/v0.16.0...v0.17.1</a></p>
]]></content:encoded></item><item><title>RepoScope Security scanning + AI-code provenance</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/reposcope-security-scanning--ai-code-provenance/</link><pubDate>Wed, 01 Jul 2026 22:30:33 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/reposcope-security-scanning--ai-code-provenance/</guid><description>Version updated for https://github.com/xdun1698/reposcope-action to version v1.0.4.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Scan your codebase for security vulnerabilities and AI-code provenance on every push and pull request — inline PR comments, a build-gating security score, and a shareable HTML report.
New in 1.0.4 Listing name updated to “RepoScope Security scanning + AI-code provenance”. What it does 30 security detectors across 14 languages — secrets, SQL injection, XSS, command injection, TLS misconfigurations, permissive CORS, and weak crypto. AI-code provenance — flags which scanned files are attributed to AI coding tools (Copilot, Cursor, Claude, Codeium, Windsurf, Aider, Devin) in git history, and writes a machine-readable provenance.json record. Local and deterministic — no network, no LLM. Inline PR review comments — one per finding: file, line, severity badge, CWE ID, and a fix hint. GitHub Check run — PASS/FAIL against your score threshold, with annotations. HTML report artifact + build gating (fail-on, threshold) + # reposcope-ignore: suppression. Quickstart - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: xdun1698/reposcope-action@v1 with: token: ${{ secrets.GITHUB_TOKEN }} Source: https://github.com/xdun1698/reposcope-action · Website: https://reposcope.app</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/xdun1698/reposcope-action">https://github.com/xdun1698/reposcope-action</a></strong> to version <strong>v1.0.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/reposcope-security-scanning-ai-code-provenance">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Scan your codebase for security vulnerabilities <strong>and AI-code provenance</strong> on every push and pull request — inline PR comments, a build-gating security score, and a shareable HTML report.</p>
<h2 id="new-in-104">New in 1.0.4</h2>
<ul>
<li>Listing name updated to &ldquo;RepoScope Security scanning + AI-code provenance&rdquo;.</li>
</ul>
<h2 id="what-it-does">What it does</h2>
<ul>
<li><strong>30 security detectors across 14 languages</strong> — secrets, SQL injection, XSS, command injection, TLS misconfigurations, permissive CORS, and weak crypto.</li>
<li><strong>AI-code provenance</strong> — flags which scanned files are attributed to AI coding tools (Copilot, Cursor, Claude, Codeium, Windsurf, Aider, Devin) in git history, and writes a machine-readable <code>provenance.json</code> record. Local and deterministic — no network, no LLM.</li>
<li><strong>Inline PR review comments</strong> — one per finding: file, line, severity badge, CWE ID, and a fix hint.</li>
<li><strong>GitHub Check run</strong> — PASS/FAIL against your score threshold, with annotations.</li>
<li><strong>HTML report artifact</strong> + build gating (<code>fail-on</code>, <code>threshold</code>) + <code># reposcope-ignore:</code> suppression.</li>
</ul>
<h2 id="quickstart">Quickstart</h2>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v4</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">fetch-depth</span>: <span style="color:#ae81ff">0</span>
</span></span><span style="display:flex;"><span>- <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">xdun1698/reposcope-action@v1</span>
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">token</span>: <span style="color:#ae81ff">${{ secrets.GITHUB_TOKEN }}</span>
</span></span></code></pre></div><p><strong>Source:</strong> <a href="https://github.com/xdun1698/reposcope-action">https://github.com/xdun1698/reposcope-action</a> · <strong>Website:</strong> <a href="https://reposcope.app">https://reposcope.app</a></p>
]]></content:encoded></item><item><title>Setup poly CLI</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/setup-poly-cli/</link><pubDate>Wed, 01 Jul 2026 15:03:30 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/setup-poly-cli/</guid><description>Version updated for https://github.com/Goldziher/polylint to version v0.1.7.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Release v0.1.7</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Goldziher/polylint">https://github.com/Goldziher/polylint</a></strong> to version <strong>v0.1.7</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-poly-cli">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Release v0.1.7</p>
]]></content:encoded></item><item><title>ReleaseKit – Automated Versioning &amp; Release</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/releasekit-automated-versioning-release/</link><pubDate>Wed, 01 Jul 2026 15:02:58 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/releasekit-automated-versioning-release/</guid><description>Version updated for https://github.com/goosewobbler/releasekit to version v0.38.1.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed: Fixed independent-group members to be labeled as “bundled” instead of “coupled” in the release summary. (#513, #509) Fixed standing-PR changelog sections to use #### headings instead of bold text, restoring proper spacing within blockquotes. (#511, #508) Fixed bare #N issue references in changelog entry descriptions to be neutralized and deduplicated with appended ref labels. (#510, #507) Full Changelog: https://github.com/goosewobbler/releasekit/compare/0.38.0...0.38.1</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/goosewobbler/releasekit">https://github.com/goosewobbler/releasekit</a></strong> to version <strong>v0.38.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/releasekit-automated-versioning-release">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h3 id="fixed">Fixed:</h3>
<ul>
<li>Fixed independent-group members to be labeled as &ldquo;bundled&rdquo; instead of &ldquo;coupled&rdquo; in the release summary. (#513, #509)</li>
<li>Fixed standing-PR changelog sections to use #### headings instead of bold text, restoring proper spacing within blockquotes. (#511, #508)</li>
<li>Fixed bare #N issue references in changelog entry descriptions to be neutralized and deduplicated with appended ref labels. (#510, #507)</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/goosewobbler/releasekit/compare/0.38.0...0.38.1">https://github.com/goosewobbler/releasekit/compare/0.38.0...0.38.1</a></p>
]]></content:encoded></item><item><title>Vizb Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/vizb-action/</link><pubDate>Wed, 01 Jul 2026 15:02:25 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/vizb-action/</guid><description>Version updated for https://github.com/goptics/vizb to version v0.14.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix(action): preserve scatter settings on merge-deploy by @fahimfaisaal in https://github.com/goptics/vizb/pull/155 feat: add terminal logo banner to install scripts by @fahimfaisaal in https://github.com/goptics/vizb/pull/156 feat: green arrow logs, simplify messages by @fahimfaisaal in https://github.com/goptics/vizb/pull/158 fix(charts): tooltip legend layout and sigma math by @fahimfaisaal in https://github.com/goptics/vizb/pull/159 fix(stats): correct CI formula, zAxis drop, and edge guards by @fahimfaisaal in https://github.com/goptics/vizb/pull/160 docs(readme): add quick example with platform-specific install commands by @fahimfaisaal in https://github.com/goptics/vizb/pull/162 chore(docs): upgrade Astro 6 to Astro 7 with Rust compiler by @fahimfaisaal in https://github.com/goptics/vizb/pull/164 fix(charts): fit y-axis to data range for line and scatter charts by @fahimfaisaal in https://github.com/goptics/vizb/pull/163 fix(charts): size value 3D grid from category counts and cap camera distance by @fahimfaisaal in https://github.com/goptics/vizb/pull/161 chore(ui): upgrade vite 8 and vitest 4 by @fahimfaisaal in https://github.com/goptics/vizb/pull/165 feat(charts): add –symbol and –symbol-size flags for line and scatter by @fahimfaisaal in https://github.com/goptics/vizb/pull/166 feat(scatter): add –visualmap for 2D scatter gradient coloring by @fahimfaisaal in https://github.com/goptics/vizb/pull/169 feat: applicability-rule pipeline + config/ → internal/ move by @fahimfaisaal in https://github.com/goptics/vizb/pull/170 feat(dataset): add –id flag and ?id= URL dataset selection by @fahimfaisaal in https://github.com/goptics/vizb/pull/171 fix(scatter): apply visualMap on large datasets and add house-price example by @fahimfaisaal in https://github.com/goptics/vizb/pull/172 feat(select): solo –select axis mode, multi-stat, and mixed by @fahimfaisaal in https://github.com/goptics/vizb/pull/173 feat(ci): local ACT example, stable id links, and parser fixes by @fahimfaisaal in https://github.com/goptics/vizb/pull/174 fix(sort): apply sort to 1-axis charts by @fahimfaisaal in https://github.com/goptics/vizb/pull/175 docs(charts): add bar and line examples with screenshots by @fahimfaisaal in https://github.com/goptics/vizb/pull/168 Full Changelog: https://github.com/goptics/vizb/compare/v0.13.0...v0.14.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/goptics/vizb">https://github.com/goptics/vizb</a></strong> to version <strong>v0.14.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/vizb-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>fix(action): preserve scatter settings on merge-deploy by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/155">https://github.com/goptics/vizb/pull/155</a></li>
<li>feat: add terminal logo banner to install scripts by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/156">https://github.com/goptics/vizb/pull/156</a></li>
<li>feat: green arrow logs, simplify messages by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/158">https://github.com/goptics/vizb/pull/158</a></li>
<li>fix(charts): tooltip legend layout and sigma math by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/159">https://github.com/goptics/vizb/pull/159</a></li>
<li>fix(stats): correct CI formula, zAxis drop, and edge guards by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/160">https://github.com/goptics/vizb/pull/160</a></li>
<li>docs(readme): add quick example with platform-specific install commands by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/162">https://github.com/goptics/vizb/pull/162</a></li>
<li>chore(docs): upgrade Astro 6 to Astro 7 with Rust compiler by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/164">https://github.com/goptics/vizb/pull/164</a></li>
<li>fix(charts): fit y-axis to data range for line and scatter charts by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/163">https://github.com/goptics/vizb/pull/163</a></li>
<li>fix(charts): size value 3D grid from category counts and cap camera distance by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/161">https://github.com/goptics/vizb/pull/161</a></li>
<li>chore(ui): upgrade vite 8 and vitest 4 by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/165">https://github.com/goptics/vizb/pull/165</a></li>
<li>feat(charts): add &ndash;symbol and &ndash;symbol-size flags for line and scatter by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/166">https://github.com/goptics/vizb/pull/166</a></li>
<li>feat(scatter): add &ndash;visualmap for 2D scatter gradient coloring by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/169">https://github.com/goptics/vizb/pull/169</a></li>
<li>feat: applicability-rule pipeline + config/ → internal/ move by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/170">https://github.com/goptics/vizb/pull/170</a></li>
<li>feat(dataset): add &ndash;id flag and ?id= URL dataset selection by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/171">https://github.com/goptics/vizb/pull/171</a></li>
<li>fix(scatter): apply visualMap on large datasets and add house-price example by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/172">https://github.com/goptics/vizb/pull/172</a></li>
<li>feat(select): solo &ndash;select axis mode, multi-stat, and mixed by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/173">https://github.com/goptics/vizb/pull/173</a></li>
<li>feat(ci): local ACT example, stable <code>id</code> links, and parser fixes by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/174">https://github.com/goptics/vizb/pull/174</a></li>
<li>fix(sort): apply sort to 1-axis charts by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/175">https://github.com/goptics/vizb/pull/175</a></li>
<li>docs(charts): add bar and line examples with screenshots by @fahimfaisaal in <a href="https://github.com/goptics/vizb/pull/168">https://github.com/goptics/vizb/pull/168</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/goptics/vizb/compare/v0.13.0...v0.14.0">https://github.com/goptics/vizb/compare/v0.13.0...v0.14.0</a></p>
]]></content:encoded></item><item><title>AI Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ai-plugin-scanner/</link><pubDate>Wed, 01 Jul 2026 15:01:51 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ai-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/ai-plugin-scanner-action to version v1.2.357.
This action is used across all versions by 17 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Published automatically from https://github.com/hashgraph-online/hol-guard/tree/869275bc9c3ab57804fbc0b168b6a98e91c39a3a with plugin-scanner 2.0.957.
Full Changelog: https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.356...v1.2.357</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/ai-plugin-scanner-action">https://github.com/hashgraph-online/ai-plugin-scanner-action</a></strong> to version <strong>v1.2.357</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>17</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ai-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Published automatically from <a href="https://github.com/hashgraph-online/hol-guard/tree/869275bc9c3ab57804fbc0b168b6a98e91c39a3a">https://github.com/hashgraph-online/hol-guard/tree/869275bc9c3ab57804fbc0b168b6a98e91c39a3a</a> with plugin-scanner 2.0.957.</p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.356...v1.2.357">https://github.com/hashgraph-online/ai-plugin-scanner-action/compare/v1.2.356...v1.2.357</a></p>
]]></content:encoded></item><item><title>HOL Codex Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/hol-codex-plugin-scanner/</link><pubDate>Wed, 01 Jul 2026 15:01:18 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/hol-codex-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.357.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.357</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action</a></strong> to version <strong>v1.2.357</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>10</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/hol-codex-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.357">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.357</a></p>
]]></content:encoded></item><item><title>PDPL Compliance Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/pdpl-compliance-scan/</link><pubDate>Wed, 01 Jul 2026 15:00:45 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/pdpl-compliance-scan/</guid><description>Version updated for https://github.com/imohad/pdpl-scanner to version v1.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Builds on v1.0.0 with broader detection, fewer false positives, suppression, and a bilingual HTML report. 32 tests; CI green on Python 3.8/3.11/3.12.
New detection PDPL-CB-02 — personal data sent to a foreign third-party processor (analytics, email, CRM, AI, observability, payments: mixpanel, segment, sendgrid, twilio, openai, stripe, datadog, …). Entity-aware severity like CB-01. PDPL-SEC-02 — database/transport TLS disabled (sslmode=disable, ssl_mode=&amp;#34;disable&amp;#34;, ssl=false). Assisted controls now run in the engine as high-recall LEADs: DSR-02 (soft-delete erasure), SEN-01 (sensitive data without visible encryption), and repo-wide DSR-01 / RET-01 / LB-01. Leads never fail the gate on their own. Accuracy PDPL-SEC-03 placeholder/low-entropy triage: defaults like changeme / your_password downgrade to a medium LEAD; real-format secrets stay critical. Suppression Inline # pdpl-ignore[CONTROL,…], a .pdplignore file (gitignore-style globs), and glob support in --exclude. Reporting &amp;amp; DX Standalone bilingual HTML report (--html); SARIF partialFingerprints for stable code-scanning dedup; --show-pass + passed_controls in JSON. .pre-commit-hooks.yaml, PyPI publish workflow (OIDC), README badges, and community files. Upgrade: uses: imohad/pdpl-scanner@v1 now resolves to v1.1.0.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/imohad/pdpl-scanner">https://github.com/imohad/pdpl-scanner</a></strong> to version <strong>v1.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/pdpl-compliance-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Builds on v1.0.0 with broader detection, fewer false positives, suppression, and a bilingual HTML report. 32 tests; CI green on Python 3.8/3.11/3.12.</p>
<h3 id="new-detection">New detection</h3>
<ul>
<li><strong><code>PDPL-CB-02</code></strong> — personal data sent to a foreign third-party processor (analytics, email, CRM, AI, observability, payments: mixpanel, segment, sendgrid, twilio, openai, stripe, datadog, …). Entity-aware severity like <code>CB-01</code>.</li>
<li><strong><code>PDPL-SEC-02</code></strong> — database/transport TLS disabled (<code>sslmode=disable</code>, <code>ssl_mode=&quot;disable&quot;</code>, <code>ssl=false</code>).</li>
<li><strong>Assisted controls now run in the engine</strong> as high-recall <code>LEAD</code>s: <code>DSR-02</code> (soft-delete erasure), <code>SEN-01</code> (sensitive data without visible encryption), and repo-wide <code>DSR-01</code> / <code>RET-01</code> / <code>LB-01</code>. Leads never fail the gate on their own.</li>
</ul>
<h3 id="accuracy">Accuracy</h3>
<ul>
<li><code>PDPL-SEC-03</code> placeholder/low-entropy triage: defaults like <code>changeme</code> / <code>your_password</code> downgrade to a medium <code>LEAD</code>; real-format secrets stay critical.</li>
</ul>
<h3 id="suppression">Suppression</h3>
<ul>
<li>Inline <code># pdpl-ignore[CONTROL,…]</code>, a <code>.pdplignore</code> file (gitignore-style globs), and glob support in <code>--exclude</code>.</li>
</ul>
<h3 id="reporting--dx">Reporting &amp; DX</h3>
<ul>
<li>Standalone bilingual <strong>HTML report</strong> (<code>--html</code>); SARIF <code>partialFingerprints</code> for stable code-scanning dedup; <code>--show-pass</code> + <code>passed_controls</code> in JSON.</li>
<li><code>.pre-commit-hooks.yaml</code>, PyPI publish workflow (OIDC), README badges, and community files.</li>
</ul>
<p><strong>Upgrade:</strong> <code>uses: imohad/pdpl-scanner@v1</code> now resolves to v1.1.0.</p>
<p>Full notes: <a href="https://github.com/imohad/pdpl-scanner/blob/main/CHANGELOG.md">CHANGELOG.md</a></p>
]]></content:encoded></item><item><title>Agent Guard Secret Guardrails</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/agent-guard-secret-guardrails/</link><pubDate>Wed, 01 Jul 2026 15:00:12 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/agent-guard-secret-guardrails/</guid><description>Version updated for https://github.com/JeongJaeSoon/agent-guard to version v1.5.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat(detection): broaden output secret recall (JWT, bearer, more env keys) by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/85 feat(shell): mask ! shell-escape output via agent-guard exec + shell-init by @JeongJaeSoon in https://github.com/JeongJaeSoon/agent-guard/pull/86 release: v1.5.0 by @github-actions[bot] in https://github.com/JeongJaeSoon/agent-guard/pull/88 Full Changelog: https://github.com/JeongJaeSoon/agent-guard/compare/v1.4.0...v1.5.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/JeongJaeSoon/agent-guard">https://github.com/JeongJaeSoon/agent-guard</a></strong> to version <strong>v1.5.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agent-guard-secret-guardrails">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat(detection): broaden output secret recall (JWT, bearer, more env keys) by @JeongJaeSoon in <a href="https://github.com/JeongJaeSoon/agent-guard/pull/85">https://github.com/JeongJaeSoon/agent-guard/pull/85</a></li>
<li>feat(shell): mask ! shell-escape output via agent-guard exec + shell-init by @JeongJaeSoon in <a href="https://github.com/JeongJaeSoon/agent-guard/pull/86">https://github.com/JeongJaeSoon/agent-guard/pull/86</a></li>
<li>release: v1.5.0 by @github-actions[bot] in <a href="https://github.com/JeongJaeSoon/agent-guard/pull/88">https://github.com/JeongJaeSoon/agent-guard/pull/88</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/JeongJaeSoon/agent-guard/compare/v1.4.0...v1.5.0">https://github.com/JeongJaeSoon/agent-guard/compare/v1.4.0...v1.5.0</a></p>
]]></content:encoded></item><item><title>datamodel-code-generator</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/datamodel-code-generator/</link><pubDate>Wed, 01 Jul 2026 14:59:39 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/datamodel-code-generator/</guid><description>Version updated for https://github.com/koxudaxi/datamodel-code-generator to version 0.66.2.
This action is used across all versions by 3,234 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Update CHANGELOG for 0.66.1 by @dcg-generated-docs[bot] in https://github.com/koxudaxi/datamodel-code-generator/pull/3507 Update release benchmark data by @dcg-generated-docs[bot] in https://github.com/koxudaxi/datamodel-code-generator/pull/3508 Add Modular to Used by list by @koxudaxi in https://github.com/koxudaxi/datamodel-code-generator/pull/3509 Add Pydantic missing sentinel option by @koxudaxi in https://github.com/koxudaxi/datamodel-code-generator/pull/3510 Full Changelog: https://github.com/koxudaxi/datamodel-code-generator/compare/0.66.1...0.66.2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/koxudaxi/datamodel-code-generator">https://github.com/koxudaxi/datamodel-code-generator</a></strong> to version <strong>0.66.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>3,234</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/datamodel-code-generator">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>Update CHANGELOG for 0.66.1 by @dcg-generated-docs[bot] in <a href="https://github.com/koxudaxi/datamodel-code-generator/pull/3507">https://github.com/koxudaxi/datamodel-code-generator/pull/3507</a></li>
<li>Update release benchmark data by @dcg-generated-docs[bot] in <a href="https://github.com/koxudaxi/datamodel-code-generator/pull/3508">https://github.com/koxudaxi/datamodel-code-generator/pull/3508</a></li>
<li>Add Modular to Used by list by @koxudaxi in <a href="https://github.com/koxudaxi/datamodel-code-generator/pull/3509">https://github.com/koxudaxi/datamodel-code-generator/pull/3509</a></li>
<li>Add Pydantic missing sentinel option by @koxudaxi in <a href="https://github.com/koxudaxi/datamodel-code-generator/pull/3510">https://github.com/koxudaxi/datamodel-code-generator/pull/3510</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/koxudaxi/datamodel-code-generator/compare/0.66.1...0.66.2">https://github.com/koxudaxi/datamodel-code-generator/compare/0.66.1...0.66.2</a></p>
]]></content:encoded></item><item><title>AI Commit Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ai-commit-review/</link><pubDate>Wed, 01 Jul 2026 14:59:06 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ai-commit-review/</guid><description>Version updated for https://github.com/leek/ai-commit-review to version v1.1.6.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Allow AI commit review to continue when at least one selected provider produces a valid review. Failed providers are still reported through provider-failures and logged as warnings; the action now fails only when no selected provider completes successfully.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/leek/ai-commit-review">https://github.com/leek/ai-commit-review</a></strong> to version <strong>v1.1.6</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ai-commit-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Allow AI commit review to continue when at least one selected provider produces a valid review. Failed providers are still reported through provider-failures and logged as warnings; the action now fails only when no selected provider completes successfully.</p>
]]></content:encoded></item><item><title>Git Velocity Analyser</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/git-velocity-analyser/</link><pubDate>Wed, 01 Jul 2026 14:58:31 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/git-velocity-analyser/</guid><description>Version updated for https://github.com/lukaszraczylo/git-velocity to version v1.0.9.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/lukaszraczylo/git-velocity">https://github.com/lukaszraczylo/git-velocity</a></strong> to version <strong>v1.0.9</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/git-velocity-analyser">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="changelog">Changelog</h2>
]]></content:encoded></item><item><title>lgtmaybe</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/lgtmaybe/</link><pubDate>Wed, 01 Jul 2026 14:57:58 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/lgtmaybe/</guid><description>Version updated for https://github.com/MattJColes/lgtmaybe to version lgtmaybe-v0.9.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.9.2 (2026-07-01) Bug Fixes provider: fail fast on expired cloud credentials (#162) (c56fa7d)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/MattJColes/lgtmaybe">https://github.com/MattJColes/lgtmaybe</a></strong> to version <strong>lgtmaybe-v0.9.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/lgtmaybe">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="092-2026-07-01"><a href="https://github.com/MattJColes/lgtmaybe/compare/lgtmaybe-v0.9.1...lgtmaybe-v0.9.2">0.9.2</a> (2026-07-01)</h2>
<h3 id="bug-fixes">Bug Fixes</h3>
<ul>
<li><strong>provider:</strong> fail fast on expired cloud credentials (<a href="https://github.com/MattJColes/lgtmaybe/issues/162">#162</a>) (<a href="https://github.com/MattJColes/lgtmaybe/commit/c56fa7d39a8468127b55c9288926befa9d5c9eb8">c56fa7d</a>)</li>
</ul>
]]></content:encoded></item><item><title>Synaptic PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/synaptic-pr-review/</link><pubDate>Wed, 01 Jul 2026 14:57:25 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/synaptic-pr-review/</guid><description>Version updated for https://github.com/minhphu102003/ai-pr-review-action to version v0.0.19.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.0.19 Context Files Support Auto-detect architecture docs, CLAUDE.md, AGENTS.md, SOUL.md, MEMORY.md, README as review context User can specify custom context files via context_files input (comma-separated paths) Smart budget: context files only fetched when diff &amp;lt; 70K chars (15K budget for context) LLM receives context in &amp;lt;context&amp;gt; block alongside the diff for better-informed reviews Inline Comments for OpenCode Engine OpenCode engine now posts inline resolvable review comments via post-processing step post_inline.py extracts issues JSON from OpenCode review and posts as PR review comments Summary comment updated to remove duplicate key issues section Improvements Only warn for user-specified context paths, not auto-detect Diff size check for OpenCode engine before fetching context files</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/minhphu102003/ai-pr-review-action">https://github.com/minhphu102003/ai-pr-review-action</a></strong> to version <strong>v0.0.19</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/synaptic-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="v0019">v0.0.19</h2>
<h3 id="context-files-support">Context Files Support</h3>
<ul>
<li>Auto-detect architecture docs, CLAUDE.md, AGENTS.md, SOUL.md, MEMORY.md, README as review context</li>
<li>User can specify custom context files via <code>context_files</code> input (comma-separated paths)</li>
<li>Smart budget: context files only fetched when diff &lt; 70K chars (15K budget for context)</li>
<li>LLM receives context in <code>&lt;context&gt;</code> block alongside the diff for better-informed reviews</li>
</ul>
<h3 id="inline-comments-for-opencode-engine">Inline Comments for OpenCode Engine</h3>
<ul>
<li>OpenCode engine now posts inline resolvable review comments via post-processing step</li>
<li><code>post_inline.py</code> extracts issues JSON from OpenCode review and posts as PR review comments</li>
<li>Summary comment updated to remove duplicate key issues section</li>
</ul>
<h3 id="improvements">Improvements</h3>
<ul>
<li>Only warn for user-specified context paths, not auto-detect</li>
<li>Diff size check for OpenCode engine before fetching context files</li>
</ul>
]]></content:encoded></item><item><title>Totem Shield</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/totem-shield/</link><pubDate>Wed, 01 Jul 2026 14:56:52 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/totem-shield/</guid><description>Version updated for https://github.com/mmnto-ai/totem to version @mmnto/pack-rust-architecture@1.87.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mmnto-ai/totem">https://github.com/mmnto-ai/totem</a></strong> to version <strong>@mmnto/pack-rust-architecture@1.87.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/totem-shield">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><em>Cohort-link bump (no direct package changes). See <code>.changeset/config.json</code> for the fixed-cohort definition.</em></p>
]]></content:encoded></item><item><title>Suppress Ratchet</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/suppress-ratchet/</link><pubDate>Wed, 01 Jul 2026 14:56:18 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/suppress-ratchet/</guid><description>Version updated for https://github.com/motchalini-llc/suppress-ratchet to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed feat: initial Suppress Ratchet action — gate linter suppressions (Python + TS) (7d9b6e0)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/motchalini-llc/suppress-ratchet">https://github.com/motchalini-llc/suppress-ratchet</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/suppress-ratchet">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>feat: initial Suppress Ratchet action — gate linter suppressions (Python + TS) (7d9b6e0)</li>
</ul>
]]></content:encoded></item><item><title>Themis PR Gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/themis-pr-gate/</link><pubDate>Wed, 01 Jul 2026 14:55:44 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/themis-pr-gate/</guid><description>Version updated for https://github.com/Pheoxy/themis to version v1.0.2.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Summary Themis v1.0.2 is a patch release for GitHub Marketplace publication metadata.
Changed GitHub Action Marketplace display name changed from Themis to Themis PR Gate so it satisfies GitHub Marketplace’s global action-name uniqueness requirement. Stable GitHub Action examples now reference Pheoxy/themis@v1.0.2. Documentation now explains why the Marketplace display name differs from the project name. Verification Completed before tagging:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Pheoxy/themis">https://github.com/Pheoxy/themis</a></strong> to version <strong>v1.0.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/themis-pr-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="summary">Summary</h2>
<p>Themis v1.0.2 is a patch release for GitHub Marketplace publication metadata.</p>
<h2 id="changed">Changed</h2>
<ul>
<li>GitHub Action Marketplace display name changed from <code>Themis</code> to <code>Themis PR Gate</code> so it satisfies GitHub Marketplace&rsquo;s global action-name uniqueness requirement.</li>
<li>Stable GitHub Action examples now reference <code>Pheoxy/themis@v1.0.2</code>.</li>
<li>Documentation now explains why the Marketplace display name differs from the project name.</li>
</ul>
<h2 id="verification">Verification</h2>
<p>Completed before tagging:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nix flake check
</span></span><span style="display:flex;"><span>nix run . -- release check
</span></span><span style="display:flex;"><span>nix run . -- release audit --history --format markdown
</span></span><span style="display:flex;"><span>nix run . -- self-check --repo . --base HEAD~1 --body-file examples/pr-body.md --evidence <span style="color:#e6db74">&#34;nix flake check passed&#34;</span> --human --run-checks
</span></span><span style="display:flex;"><span>git tag -v v1.0.2
</span></span></code></pre></div><p>Results:</p>
<ul>
<li><code>nix flake check</code>: pass</li>
<li><code>release check</code>: pass</li>
<li><code>release audit --history</code>: pass</li>
<li><code>self-check</code>: pass</li>
<li>signed tag verification: pass</li>
</ul>
<h2 id="github-action-smoke-test">GitHub Action Smoke Test</h2>
<ul>
<li>Workflow: <code>Themis Smoke</code></li>
<li>Run: <a href="https://github.com/Pheoxy/themis/actions/runs/28502185507">https://github.com/Pheoxy/themis/actions/runs/28502185507</a></li>
<li>Result: success</li>
<li>Commit tested: <code>a338cab9ca7afc7c450db79ca82e391c86f30655</code></li>
</ul>
<h2 id="tag-release-workflow">Tag Release Workflow</h2>
<ul>
<li>Workflow: <code>Release</code></li>
<li>Run: <a href="https://github.com/Pheoxy/themis/actions/runs/28502309852">https://github.com/Pheoxy/themis/actions/runs/28502309852</a></li>
<li>Result: success</li>
<li>Tag: <code>v1.0.2</code></li>
</ul>
<h2 id="upgrade-notes">Upgrade Notes</h2>
<p>Use <code>Pheoxy/themis@v1.0.2</code> in GitHub workflows for stable action pinning.</p>
<h2 id="marketplace-notes">Marketplace Notes</h2>
<p>Publish this release to the GitHub Marketplace using the display name <code>Themis PR Gate</code>.</p>
<h2 id="non-guarantees">Non-Guarantees</h2>
<p>Themis is a pre-upstream readiness gate. Passing Themis or this release&rsquo;s checks does not certify code correctness, security, licensing, legal compliance, or upstream acceptance.</p>
<h2 id="links">Links</h2>
<ul>
<li>Changelog: <a href="https://github.com/Pheoxy/themis/blob/v1.0.2/CHANGELOG.md">https://github.com/Pheoxy/themis/blob/v1.0.2/CHANGELOG.md</a></li>
<li>Documentation: <a href="https://github.com/Pheoxy/themis#readme">https://github.com/Pheoxy/themis#readme</a></li>
<li>Release tag: <a href="https://github.com/Pheoxy/themis/releases/tag/v1.0.2">https://github.com/Pheoxy/themis/releases/tag/v1.0.2</a></li>
</ul>
]]></content:encoded></item><item><title>Polygraph MCP gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/polygraph-mcp-gate/</link><pubDate>Wed, 01 Jul 2026 14:55:11 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/polygraph-mcp-gate/</guid><description>Version updated for https://github.com/polygraphso/litmus to version litmus-v0.22.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Minor release shipping two changes from a false-positive review of the harness:
#78 fix(c02) — the C-02 egress D rationale is now actionable: it names the undeclared host(s) and points authors at polygraph.egress, and the CLI itemizes them. Messaging only — every server’s letter grade is byte-identical. #79 feat(sandbox) — pypi/uvx MCP servers are now gradeable under the Docker sandbox. They stage wheels-only into a venv (no target code runs during staging; fails closed on sdist), resolve offline, and launch with the venv python. Both the connect and C-02 egress paths support pypi; gVisor runtime parity preserved. methodologyVersion is unchanged (litmus-v10) — a pypi server is graded by the same rubric as an npm one.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/polygraphso/litmus">https://github.com/polygraphso/litmus</a></strong> to version <strong>litmus-v0.22.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/polygraph-mcp-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Minor release shipping two changes from a false-positive review of the harness:</p>
<ul>
<li><strong>#78 <code>fix(c02)</code></strong> — the C-02 egress <strong>D</strong> rationale is now actionable: it names the undeclared host(s) and points authors at <code>polygraph.egress</code>, and the CLI itemizes them. Messaging only — every server&rsquo;s letter grade is byte-identical.</li>
<li><strong>#79 <code>feat(sandbox)</code></strong> — <strong>pypi/uvx MCP servers are now gradeable under the Docker sandbox</strong>. They stage wheels-only into a venv (no target code runs during staging; fails closed on sdist), resolve offline, and launch with the venv python. Both the connect and C-02 egress paths support pypi; gVisor runtime parity preserved.</li>
</ul>
<p><code>methodologyVersion</code> is unchanged (<code>litmus-v10</code>) — a pypi server is graded by the same rubric as an npm one.</p>
]]></content:encoded></item><item><title>Remyx Outrider</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/remyx-outrider/</link><pubDate>Wed, 01 Jul 2026 14:54:38 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/remyx-outrider/</guid><description>Version updated for https://github.com/remyxai/outrider to version v1.6.34.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed When the agentic selection call fails (429, timeout, unparseable output), Outrider’s fallback picks the highest-relevance candidate. Ties on relevance were previously broken by list position — Python’s max() returns the first element at the max value.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/remyxai/outrider">https://github.com/remyxai/outrider</a></strong> to version <strong>v1.6.34</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/remyx-outrider">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>When the agentic selection call fails (429, timeout, unparseable output), Outrider&rsquo;s fallback picks the highest-relevance candidate. Ties on relevance were previously broken by list position — Python&rsquo;s <code>max()</code> returns the first element at the max value.</p>
<h2 id="fix">Fix</h2>
<p>Ties now break by <code>license_compat</code>. A permissive candidate with a code link (compat=1.00) beats a no-code-link candidate (compat=0.30) at the same relevance.</p>
<h2 id="motivating-case">Motivating case</h2>
<p>GLM C-arm study batch, 2026-06-30: unsloth run hit a selection 429 and the fallback picked a no-code-link candidate over a permissive alternative at the same relevance. Fires exactly when we least want it — the fallback path is where the primary reasoning is unavailable and the safer default matters most.</p>
<p>Fixes REMYX-169.</p>
]]></content:encoded></item><item><title>MaintainerOps AI</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/maintainerops-ai/</link><pubDate>Wed, 01 Jul 2026 14:54:05 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/maintainerops-ai/</guid><description>Version updated for https://github.com/rtonf/maintainerops-ai to version v0.1.11.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.1.11 npm Provenance Metadata Repair MaintainerOps AI v0.1.11 is a publishing metadata repair release after v0.1.10 reached npm Trusted Publishing but failed provenance validation.
Fix Adds package.json repository.url with https://github.com/rtonf/maintainerops-ai. Keeps the npm Trusted Publishing workflow tokenless and provenance-backed. Preserves the v0.1.10 model-backed eval, label normalization, and release workflow changes. Verification Plan npm run verify GitHub PR checks and post-merge CodeQL Publish GitHub Release v0.1.11 Confirm the npm Trusted Publishing workflow publishes maintainerops-ai@0.1.11 Verify: npm view maintainerops-ai version dist-tags time --json npm exec --yes --package maintainerops-ai@latest -- maintainerops --help</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/rtonf/maintainerops-ai">https://github.com/rtonf/maintainerops-ai</a></strong> to version <strong>v0.1.11</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/maintainerops-ai">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h1 id="v0111-npm-provenance-metadata-repair">v0.1.11 npm Provenance Metadata Repair</h1>
<p>MaintainerOps AI <code>v0.1.11</code> is a publishing metadata repair release after <code>v0.1.10</code> reached npm Trusted Publishing but failed provenance validation.</p>
<h2 id="fix">Fix</h2>
<ul>
<li>Adds <code>package.json</code> <code>repository.url</code> with <code>https://github.com/rtonf/maintainerops-ai</code>.</li>
<li>Keeps the npm Trusted Publishing workflow tokenless and provenance-backed.</li>
<li>Preserves the <code>v0.1.10</code> model-backed eval, label normalization, and release workflow changes.</li>
</ul>
<h2 id="verification-plan">Verification Plan</h2>
<ul>
<li><code>npm run verify</code></li>
<li>GitHub PR checks and post-merge CodeQL</li>
<li>Publish GitHub Release <code>v0.1.11</code></li>
<li>Confirm the npm Trusted Publishing workflow publishes <code>maintainerops-ai@0.1.11</code></li>
<li>Verify:</li>
</ul>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>npm view maintainerops-ai version dist-tags time --json
</span></span><span style="display:flex;"><span>npm exec --yes --package maintainerops-ai@latest -- maintainerops --help
</span></span></code></pre></div>]]></content:encoded></item><item><title>RsMetaCheck</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rsmetacheck/</link><pubDate>Wed, 01 Jul 2026 14:53:31 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rsmetacheck/</guid><description>Version updated for https://github.com/SoftwareUnderstanding/rs-metacheck-action to version 0.3.4.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed entry point typo to use the latest RSMetaCheck version by @francoto</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/SoftwareUnderstanding/rs-metacheck-action">https://github.com/SoftwareUnderstanding/rs-metacheck-action</a></strong> to version <strong>0.3.4</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/rsmetacheck">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>Fixed entry point typo to use the latest RSMetaCheck version by @francoto</li>
</ul>
]]></content:encoded></item><item><title>danger-ruby-action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/danger-ruby-action/</link><pubDate>Wed, 01 Jul 2026 14:52:56 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/danger-ruby-action/</guid><description>Version updated for https://github.com/tdrk18/danger-action to version v1.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed New Inputs Added 6 new inputs to expose missing Danger CLI options:
fail-on-errors — Always fail the build when Danger reports errors (--fail-on-errors) fail-if-no-pr — Fail the build if no PR is found (--fail-if-no-pr) new-comment — Post a new comment instead of editing the previous one (--new-comment) remove-previous-comments — Remove all previous comments and post a new one (--remove-previous-comments) base — Branch/tag/commit to use as the base of the diff (--base) head — Branch/tag/commit to use as the head of the diff (--head) All new inputs are optional and default to their Danger defaults, so existing workflows are unaffected.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/tdrk18/danger-action">https://github.com/tdrk18/danger-action</a></strong> to version <strong>v1.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/danger-ruby-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<h3 id="new-inputs">New Inputs</h3>
<p>Added 6 new inputs to expose missing Danger CLI options:</p>
<ul>
<li><code>fail-on-errors</code> — Always fail the build when Danger reports errors (<code>--fail-on-errors</code>)</li>
<li><code>fail-if-no-pr</code> — Fail the build if no PR is found (<code>--fail-if-no-pr</code>)</li>
<li><code>new-comment</code> — Post a new comment instead of editing the previous one (<code>--new-comment</code>)</li>
<li><code>remove-previous-comments</code> — Remove all previous comments and post a new one (<code>--remove-previous-comments</code>)</li>
<li><code>base</code> — Branch/tag/commit to use as the base of the diff (<code>--base</code>)</li>
<li><code>head</code> — Branch/tag/commit to use as the head of the diff (<code>--head</code>)</li>
</ul>
<p>All new inputs are optional and default to their Danger defaults, so existing workflows are unaffected.</p>
]]></content:encoded></item><item><title>Crosspost Action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/crosspost-action/</link><pubDate>Wed, 01 Jul 2026 14:52:23 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/crosspost-action/</guid><description>Version updated for https://github.com/tgagor/action-crosspost to version v1.6.5.
This action is used across all versions by 3 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 1.6.5 (2026-07-01)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/tgagor/action-crosspost">https://github.com/tgagor/action-crosspost</a></strong> to version <strong>v1.6.5</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>3</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/crosspost-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h3 id="165-2026-07-01"><a href="https://github.com/tgagor/action-crosspost/compare/v1.6.4...v1.6.5">1.6.5</a> (2026-07-01)</h3>
]]></content:encoded></item><item><title>Polder Drift — Design System Drift Alerts</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/polder-drift-design-system-drift-alerts/</link><pubDate>Wed, 01 Jul 2026 14:51:50 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/polder-drift-design-system-drift-alerts/</guid><description>Version updated for https://github.com/usepolder/drift to version v1.0.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed fix: review findings — shallow-checkout false-new (#8) + hardening by @jongjesse in https://github.com/usepolder/drift/pull/2 test: re-home Carbon/MUI integration tests (vendored fixtures + DS devDeps) by @jongjesse in https://github.com/usepolder/drift/pull/3 chore: repo polish (CodeRabbit config, CONTRIBUTING, badges) by @jongjesse in https://github.com/usepolder/drift/pull/1 Fix glob translation: leading/embedded **/ matches zero or more dirs by @jongjesse in https://github.com/usepolder/drift/pull/4 Fix unit-inconsistent adoption metric: count drifted components, not findings by @jongjesse in https://github.com/usepolder/drift/pull/5 fix: surface comment-post failures instead of swallowing them by @jongjesse in https://github.com/usepolder/drift/pull/6 chore: prep v1 for GitHub Marketplace publish by @jongjesse in https://github.com/usepolder/drift/pull/8 fix: paginate GitHub issue-comment lookup to avoid duplicate comments by @jongjesse in https://github.com/usepolder/drift/pull/7 New Contributors @jongjesse made their first contribution in https://github.com/usepolder/drift/pull/2 Full Changelog: https://github.com/usepolder/drift/commits/v1.0.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/usepolder/drift">https://github.com/usepolder/drift</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/polder-drift-design-system-drift-alerts">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>fix: review findings — shallow-checkout false-new (#8) + hardening by @jongjesse in <a href="https://github.com/usepolder/drift/pull/2">https://github.com/usepolder/drift/pull/2</a></li>
<li>test: re-home Carbon/MUI integration tests (vendored fixtures + DS devDeps) by @jongjesse in <a href="https://github.com/usepolder/drift/pull/3">https://github.com/usepolder/drift/pull/3</a></li>
<li>chore: repo polish (CodeRabbit config, CONTRIBUTING, badges) by @jongjesse in <a href="https://github.com/usepolder/drift/pull/1">https://github.com/usepolder/drift/pull/1</a></li>
<li>Fix glob translation: leading/embedded <code>**/</code> matches zero or more dirs by @jongjesse in <a href="https://github.com/usepolder/drift/pull/4">https://github.com/usepolder/drift/pull/4</a></li>
<li>Fix unit-inconsistent adoption metric: count drifted components, not findings by @jongjesse in <a href="https://github.com/usepolder/drift/pull/5">https://github.com/usepolder/drift/pull/5</a></li>
<li>fix: surface comment-post failures instead of swallowing them by @jongjesse in <a href="https://github.com/usepolder/drift/pull/6">https://github.com/usepolder/drift/pull/6</a></li>
<li>chore: prep v1 for GitHub Marketplace publish by @jongjesse in <a href="https://github.com/usepolder/drift/pull/8">https://github.com/usepolder/drift/pull/8</a></li>
<li>fix: paginate GitHub issue-comment lookup to avoid duplicate comments by @jongjesse in <a href="https://github.com/usepolder/drift/pull/7">https://github.com/usepolder/drift/pull/7</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@jongjesse made their first contribution in <a href="https://github.com/usepolder/drift/pull/2">https://github.com/usepolder/drift/pull/2</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/usepolder/drift/commits/v1.0.0">https://github.com/usepolder/drift/commits/v1.0.0</a></p>
]]></content:encoded></item><item><title>RepoScope Security &amp; Compliance Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/reposcope-security-compliance-scanner/</link><pubDate>Wed, 01 Jul 2026 14:51:16 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/reposcope-security-compliance-scanner/</guid><description>Version updated for https://github.com/xdun1698/reposcope-action to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed RepoScope Security &amp;amp; Compliance Scanner v1.0.0 First public release — run RepoScope’s scanner in CI to catch security issues and generate audit-ready compliance evidence on every push and pull request.
What’s included 44 security detectors across 14 languages — hardcoded secrets, SQL injection, XSS, command injection, TLS misconfigs, weak crypto, permissive CORS Inline PR review comments — one per finding with file, line, severity, CWE ID, and fix hint GitHub Check run — PASS/FAIL with a configurable score threshold and annotations on high/critical findings Compliance report artifact — HTML report mapping findings to OWASP Top 10, SOC 2 Type II, PCI-DSS v4.0, EU AI Act Article 12, and ISO/IEC 42001 Configurable build gate — fail-on severity and score threshold Inline suppression via reposcope-ignore comments Setup instructions and all inputs/outputs are in the README.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/xdun1698/reposcope-action">https://github.com/xdun1698/reposcope-action</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/reposcope-security-compliance-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="reposcope-security--compliance-scanner-v100">RepoScope Security &amp; Compliance Scanner v1.0.0</h2>
<p>First public release — run RepoScope&rsquo;s scanner in CI to catch security issues and generate audit-ready compliance evidence on every push and pull request.</p>
<h3 id="whats-included">What&rsquo;s included</h3>
<ul>
<li><strong>44 security detectors across 14 languages</strong> — hardcoded secrets, SQL injection, XSS, command injection, TLS misconfigs, weak crypto, permissive CORS</li>
<li><strong>Inline PR review comments</strong> — one per finding with file, line, severity, CWE ID, and fix hint</li>
<li><strong>GitHub Check run</strong> — PASS/FAIL with a configurable score threshold and annotations on high/critical findings</li>
<li><strong>Compliance report artifact</strong> — HTML report mapping findings to OWASP Top 10, SOC 2 Type II, PCI-DSS v4.0, EU AI Act Article 12, and ISO/IEC 42001</li>
<li><strong>Configurable build gate</strong> — <code>fail-on</code> severity and score <code>threshold</code></li>
<li><strong>Inline suppression</strong> via <code>reposcope-ignore</code> comments</li>
</ul>
<p>Setup instructions and all inputs/outputs are in the <a href="https://github.com/xdun1698/reposcope-action#readme">README</a>.</p>
<hr>
<p><em>By <a href="https://reposcope.app">NxGen Tech Solutions</a>. Code-level controls only — a development aid, not a certification tool.</em></p>
]]></content:encoded></item><item><title>gmc — Google Merchant Center CLI</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/gmc-google-merchant-center-cli/</link><pubDate>Wed, 01 Jul 2026 14:50:10 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/gmc-google-merchant-center-cli/</guid><description>Version updated for https://github.com/yasserstudio/gmc to version v1.0.16.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed gmc ordertracking — Order Tracking sub-API (ordertracking/v1) Adds gmc ordertracking — the Order Tracking sub-API (accounts.orderTrackingSignals). This was the last remaining GA (v1) Merchant API sub-API, so the stable v1 surface is now fully covered (12 GA sub-APIs).</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/yasserstudio/gmc">https://github.com/yasserstudio/gmc</a></strong> to version <strong>v1.0.16</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/gmc-google-merchant-center-cli">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="gmc-ordertracking--order-tracking-sub-api-ordertrackingv1"><code>gmc ordertracking</code> — Order Tracking sub-API (<code>ordertracking/v1</code>)</h2>
<p>Adds <code>gmc ordertracking</code> — the <strong>Order Tracking</strong> sub-API (<code>accounts.orderTrackingSignals</code>). This was the last remaining GA (<code>v1</code>) Merchant API sub-API, so <strong>the stable v1 surface is now fully covered (12 GA sub-APIs).</strong></p>
<p>Order tracking signals report completed shipments so Google can show accurate delivery estimates. The sub-API is <strong>write-only</strong> — a signal is immutable once created (no get/list/update/delete).</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>gmc ordertracking create --file signal.json
</span></span><span style="display:flex;"><span>cat signal.json | gmc ordertracking create        <span style="color:#75715e"># or via stdin</span>
</span></span><span style="display:flex;"><span>gmc ordertracking create --file signal.json --merchant-id <span style="color:#ae81ff">555</span>
</span></span></code></pre></div><ul>
<li>Reads the <code>OrderTrackingSignal</code> from <code>--file</code>/stdin, validates the required fields (<code>orderId</code>, non-empty <code>shippingInfo</code>, non-empty <code>lineItems</code>) <strong>offline by shape</strong> so malformed input fails fast instead of as an opaque 400.</li>
<li>Strips the output-only <code>orderTrackingSignalId</code>; supports <code>--merchant-id</code> to attribute a signal on behalf of another business.</li>
<li>Wire shape verified against the <code>ordertracking/v1</code> proto (<code>POST .../orderTrackingSignals</code>, signal as the body, no <code>dataSource</code>).</li>
</ul>
<p><code>reviews</code>, <code>productstudio</code>, and <code>youtube</code> remain pre-GA (<code>v1beta</code>/<code>v1alpha</code>) and are deferred until they graduate to <code>v1</code>.</p>
<p><strong>Packages:</strong> <code>@gmc-cli/cli</code> 1.0.16 · <code>@gmc-cli/api</code> 0.9.21 · <code>@gmc-cli/auth</code> 0.7.3</p>
]]></content:encoded></item><item><title>EcoTrace Carbon Gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ecotrace-carbon-gate/</link><pubDate>Wed, 01 Jul 2026 14:49:37 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ecotrace-carbon-gate/</guid><description>Version updated for https://github.com/Zwony/ecotrace to version v1.4.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed EcoTrace v1.4.0 Released: 2026-07-01 Type: Feature Release — 6 new features, 4 bug fixes, zero breaking changes
New Features Pausable Tracking API (pause() / esume()) Pause and resume carbon tracking to isolate your code’s emissions from setup/teardown overhead.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Zwony/ecotrace">https://github.com/Zwony/ecotrace</a></strong> to version <strong>v1.4.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ecotrace-carbon-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="ecotrace-v140">EcoTrace v1.4.0</h2>
<p><strong>Released:</strong> 2026-07-01
<strong>Type:</strong> Feature Release — 6 new features, 4 bug fixes, zero breaking changes</p>
<hr>
<h2 id="new-features">New Features</h2>
<h3 id="pausable-tracking-api-pause-">Pausable Tracking API (pause() /</h3>
<p>esume())
Pause and resume carbon tracking to isolate your code&rsquo;s emissions from setup/teardown overhead.</p>
<p>\\python
eco.pause()
expensive_setup_io()
eco.resume()
\\</p>
<h3 id="side-by-side-run-comparisons-ecotrace-diff">Side-by-Side Run Comparisons (ecotrace diff)</h3>
<p>Compare any two tracking runs directly from the terminal.</p>
<p>\\ash
ecotrace diff abc123def456 789012abc345
ecotrace diff &ndash;latest
\\</p>
<h3 id="webhook-observability-exporter-webhookexporter">Webhook Observability Exporter (WebhookExporter)</h3>
<p>Stream carbon data to Slack, MS Teams, Discord, or any custom API in real-time.</p>
<p>\\python
from ecotrace.exporters.webhook import WebhookExporter
WebhookExporter(eco, url=&lsquo;<a href="https://hooks.slack.com/services/...'">https://hooks.slack.com/services/...'</a>)
\\</p>
<h3 id="filtered-csv-exporting">Filtered CSV Exporting</h3>
<p>Extended \ecotrace export\ with --csv\ format and --run/--func\ filters.</p>
<p>\\ash
ecotrace export &ndash;csv -o filtered.csv &ndash;run abc123
\\</p>
<h3 id="log-maintenance-ecotrace-clean--ecotrace-reset">Log Maintenance (ecotrace clean &amp; ecotrace reset)</h3>
<p>\\ash
ecotrace clean &ndash;keep-runs 10
ecotrace clean &ndash;before 2026-06-01
ecotrace reset &ndash;yes
\\</p>
<hr>
<h2 id="bug-fixes">Bug Fixes</h2>
<ul>
<li><strong>ML Callbacks Carbon Calculation:</strong> Fixed duplicate carbon calculation in Keras and PyTorch callbacks</li>
<li><strong>Empty GPU monitoring crash:</strong> Guarded \EcoTraceML\ shutdown against empty GPU monitor histories</li>
<li><strong>Async Hotspots:</strong> Restored file path and line number tracking in \measure_async()\</li>
<li><strong>CPU caching performance:</strong> Eliminated duplicate \cpuinfo\ calls in \get_cpu_info\</li>
</ul>
<hr>
<h2 id="install--upgrade">Install / Upgrade</h2>
<p>\\ash
pip install &ndash;upgrade ecotrace
\\</p>
<p>Full documentation: <a href="https://github.com/Zwony/ecotrace">https://github.com/Zwony/ecotrace</a></p>
]]></content:encoded></item><item><title>HOL Codex Plugin Scanner</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/hol-codex-plugin-scanner/</link><pubDate>Wed, 01 Jul 2026 07:02:48 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/hol-codex-plugin-scanner/</guid><description>Version updated for https://github.com/hashgraph-online/hol-codex-plugin-scanner-action to version v1.2.355.
This action is used across all versions by 10 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.355</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action</a></strong> to version <strong>v1.2.355</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>10</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/hol-codex-plugin-scanner">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.355">https://github.com/hashgraph-online/hol-codex-plugin-scanner-action/compare/v1...v1.2.355</a></p>
]]></content:encoded></item><item><title>Holon Solve</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/holon-solve/</link><pubDate>Wed, 01 Jul 2026 07:02:15 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/holon-solve/</guid><description>Version updated for https://github.com/holon-run/holon to version v0.25.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Runtime line Holon v0.25.0 is part of the Rust runtime line. The Rust runtime is now the main holon binary.
This release adds a Bing Web Search provider with managed WebSearch tool kept alongside native search, an external trigger token-only storage model with reset-callback API, and trigger revocation on agent stop. It also fixes max_turns counting, coerce_string JSON-string parsing for tool arguments, callback_base_url/advertise_url decoupling, and skill install for non-flat catalog layouts. The memory indexer is redesigned as a single daemon with outbox cleanup, and SQLite connection init gains PRAGMA tuning for better performance.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/holon-run/holon">https://github.com/holon-run/holon</a></strong> to version <strong>v0.25.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/holon-solve">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="runtime-line">Runtime line</h2>
<p>Holon v0.25.0 is part of the Rust runtime line. The Rust runtime is now the main <code>holon</code> binary.</p>
<p>This release adds a Bing Web Search provider with managed WebSearch tool kept alongside native search, an external trigger token-only storage model with reset-callback API, and trigger revocation on agent stop. It also fixes max_turns counting, coerce_string JSON-string parsing for tool arguments, callback_base_url/advertise_url decoupling, and skill install for non-flat catalog layouts. The memory indexer is redesigned as a single daemon with outbox cleanup, and SQLite connection init gains PRAGMA tuning for better performance.</p>
<p>Supported binary assets for this release are Linux amd64, macOS amd64, and macOS arm64.</p>
<h2 id="changes">Changes</h2>
<ul>
<li>Add Bing Web Search provider and keep managed WebSearch alongside native search (<a href="https://github.com/holon-run/holon/pull/2075">#2075</a>).</li>
<li>Store external trigger token only, add reset-callback API (<a href="https://github.com/holon-run/holon/pull/2072">#2072</a>).</li>
<li>Revoke external triggers when agent is stopped (<a href="https://github.com/holon-run/holon/pull/2074">#2074</a>).</li>
<li>Parse JSON-string arrays/objects in coerce_string for tool arguments (<a href="https://github.com/holon-run/holon/pull/2073">#2073</a>).</li>
<li>Fix max_turns counter to use turn_index instead of total_model_rounds (<a href="https://github.com/holon-run/holon/pull/2070">#2070</a>).</li>
<li>Emit first-run intro when provider is configured (<a href="https://github.com/holon-run/holon/pull/2069">#2069</a>).</li>
<li>Decouple callback_base_url from advertise_url (<a href="https://github.com/holon-run/holon/pull/2068">#2068</a>).</li>
<li>Support non-flat catalog layouts and non-main default branches in skill install (<a href="https://github.com/holon-run/holon/pull/2067">#2067</a>).</li>
<li>Redesign memory indexer to single daemon with outbox cleanup (<a href="https://github.com/holon-run/holon/pull/2061">#2061</a>).</li>
<li>Add SQLite PRAGMA tuning to connection init for performance (<a href="https://github.com/holon-run/holon/pull/2063">#2063</a>).</li>
</ul>
<h2 id="install">Install</h2>
<p>Homebrew:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>brew tap holon-run/tap
</span></span><span style="display:flex;"><span>brew install holon
</span></span></code></pre></div><p>Direct binary:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -L <span style="color:#e6db74">&#34;https://github.com/holon-run/holon/releases/download/v0.25.0/holon-linux-amd64.tar.gz&#34;</span> | tar -xz
</span></span><span style="display:flex;"><span>chmod +x holon
</span></span><span style="display:flex;"><span>./holon --help
</span></span></code></pre></div><p>Replace <code>holon-linux-amd64.tar.gz</code> with <code>holon-darwin-amd64.tar.gz</code> or <code>holon-darwin-arm64.tar.gz</code> on macOS.</p>
]]></content:encoded></item><item><title>lgtmaybe</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/lgtmaybe/</link><pubDate>Wed, 01 Jul 2026 07:01:43 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/lgtmaybe/</guid><description>Version updated for https://github.com/MattJColes/lgtmaybe to version lgtmaybe-v0.9.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.9.1 (2026-07-01) Documentation streamline install + local-model guides (#160) (6425ad3)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/MattJColes/lgtmaybe">https://github.com/MattJColes/lgtmaybe</a></strong> to version <strong>lgtmaybe-v0.9.1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/lgtmaybe">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="091-2026-07-01"><a href="https://github.com/MattJColes/lgtmaybe/compare/lgtmaybe-v0.9.0...lgtmaybe-v0.9.1">0.9.1</a> (2026-07-01)</h2>
<h3 id="documentation">Documentation</h3>
<ul>
<li>streamline install + local-model guides (<a href="https://github.com/MattJColes/lgtmaybe/issues/160">#160</a>) (<a href="https://github.com/MattJColes/lgtmaybe/commit/6425ad30e2adc866fb5001d4a8a0c3ae791ecea4">6425ad3</a>)</li>
</ul>
]]></content:encoded></item><item><title>Totem Shield</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/totem-shield/</link><pubDate>Wed, 01 Jul 2026 07:01:09 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/totem-shield/</guid><description>Version updated for https://github.com/mmnto-ai/totem to version @mmnto/pack-rust-architecture@1.86.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Cohort-link bump (no direct package changes). See .changeset/config.json for the fixed-cohort definition.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/mmnto-ai/totem">https://github.com/mmnto-ai/totem</a></strong> to version <strong>@mmnto/pack-rust-architecture@1.86.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/totem-shield">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><em>Cohort-link bump (no direct package changes). See <code>.changeset/config.json</code> for the fixed-cohort definition.</em></p>
]]></content:encoded></item><item><title>agent-bom Scan</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/agent-bom-scan/</link><pubDate>Wed, 01 Jul 2026 07:00:36 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/agent-bom-scan/</guid><description>Version updated for https://github.com/msaad00/agent-bom to version v0.91.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed docs(release): 0.90.1 hygiene — soften SCA framing, fix stale pins, README callouts by @msaad00 in https://github.com/msaad00/agent-bom/pull/3314 fix(sca): honor NVD CPE inclusive/exclusive version bounds exactly by @msaad00 in https://github.com/msaad00/agent-bom/pull/3315 fix(output): surface match_confidence_tier across SARIF, JSON, HTML by @msaad00 in https://github.com/msaad00/agent-bom/pull/3317 fix(release): harden post-0.90 audit findings by @msaad00 in https://github.com/msaad00/agent-bom/pull/3316 fix(output): carry match_confidence_tier on the JSON blast_radius rollup by @msaad00 in https://github.com/msaad00/agent-bom/pull/3319 fix(ui): fail fast offline and polish README how-it-works diagram by @msaad00 in https://github.com/msaad00/agent-bom/pull/3318 fix(sca): make NVD capped sync ingest its unsynced tail across runs by @msaad00 in https://github.com/msaad00/agent-bom/pull/3320 fix(version): correct post-release regex and prerelease ordering in version compare by @msaad00 in https://github.com/msaad00/agent-bom/pull/3330 fix(graph): keep cross-page attack paths in filtered /graph by @msaad00 in https://github.com/msaad00/agent-bom/pull/3321 fix(cli): fail-close –fail-on-severity on unknown/none findings by @msaad00 in https://github.com/msaad00/agent-bom/pull/3322 fix(mcp): emit canonical OWASP codes from tool-abuse rules by @msaad00 in https://github.com/msaad00/agent-bom/pull/3323 fix(sarif): de-duplicate cloud CIS failures in SARIF output by @msaad00 in https://github.com/msaad00/agent-bom/pull/3324 fix(inventory): keep distinct MCP servers distinct across identity, enrichment, and Cortex audit by @msaad00 in https://github.com/msaad00/agent-bom/pull/3325 chore(deps): combine UI dependency updates by @msaad00 in https://github.com/msaad00/agent-bom/pull/3337 fix(model-scan): close pickle-scan size gate and memo evasion by @msaad00 in https://github.com/msaad00/agent-bom/pull/3326 fix(version): honor tagged bounds for Go pseudo-versions by @msaad00 in https://github.com/msaad00/agent-bom/pull/3327 fix(image): warn on legacy rpmdb instead of silent zero coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/3328 fix(mcp): block SSRF in repo scan and offload clone off the event loop by @msaad00 in https://github.com/msaad00/agent-bom/pull/3329 feat(ui): design-system foundation — Collapsible, Card/Section, entity icons, vendor logos, state primitives by @msaad00 in https://github.com/msaad00/agent-bom/pull/3338 fix(sca): harden OSV/NVD/KEV/GHSA sync + SQLite concurrency (availability) by @msaad00 in https://github.com/msaad00/agent-bom/pull/3339 feat(ui): real connections experience — vendor logos + connector cards wired to backend by @msaad00 in https://github.com/msaad00/agent-bom/pull/3340 fix(api): bind audit tenant server-side, harden rate-limit identity + global ceiling by @msaad00 in https://github.com/msaad00/agent-bom/pull/3341 fix(output): dedup CycloneDX components + scope finding id by package by @msaad00 in https://github.com/msaad00/agent-bom/pull/3342 fix(ui): align connections screenshot spec with redesigned headings by @msaad00 in https://github.com/msaad00/agent-bom/pull/3344 feat: capability-depth — reachability→CVE, perf, identity owner-binding, FinOps rates, SBOM attestation/SPDX2 by @msaad00 in https://github.com/msaad00/agent-bom/pull/3346 feat(ui): declutter, capability-driven IA, interaction-state fixes, real trust stack by @msaad00 in https://github.com/msaad00/agent-bom/pull/3347 feat(gateway): OAuth 2.1 AS conformance + inline A2A mutual-auth enforcement + per-tool-call scope/DLP by @msaad00 in https://github.com/msaad00/agent-bom/pull/3348 chore(release): v0.91.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/3349 Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.90.0...v0.91.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/msaad00/agent-bom">https://github.com/msaad00/agent-bom</a></strong> to version <strong>v0.91.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/agent-bom-scan">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>docs(release): 0.90.1 hygiene — soften SCA framing, fix stale pins, README callouts by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3314">https://github.com/msaad00/agent-bom/pull/3314</a></li>
<li>fix(sca): honor NVD CPE inclusive/exclusive version bounds exactly by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3315">https://github.com/msaad00/agent-bom/pull/3315</a></li>
<li>fix(output): surface match_confidence_tier across SARIF, JSON, HTML by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3317">https://github.com/msaad00/agent-bom/pull/3317</a></li>
<li>fix(release): harden post-0.90 audit findings by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3316">https://github.com/msaad00/agent-bom/pull/3316</a></li>
<li>fix(output): carry match_confidence_tier on the JSON blast_radius rollup by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3319">https://github.com/msaad00/agent-bom/pull/3319</a></li>
<li>fix(ui): fail fast offline and polish README how-it-works diagram by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3318">https://github.com/msaad00/agent-bom/pull/3318</a></li>
<li>fix(sca): make NVD capped sync ingest its unsynced tail across runs by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3320">https://github.com/msaad00/agent-bom/pull/3320</a></li>
<li>fix(version): correct post-release regex and prerelease ordering in version compare by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3330">https://github.com/msaad00/agent-bom/pull/3330</a></li>
<li>fix(graph): keep cross-page attack paths in filtered /graph by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3321">https://github.com/msaad00/agent-bom/pull/3321</a></li>
<li>fix(cli): fail-close &ndash;fail-on-severity on unknown/none findings by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3322">https://github.com/msaad00/agent-bom/pull/3322</a></li>
<li>fix(mcp): emit canonical OWASP codes from tool-abuse rules by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3323">https://github.com/msaad00/agent-bom/pull/3323</a></li>
<li>fix(sarif): de-duplicate cloud CIS failures in SARIF output by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3324">https://github.com/msaad00/agent-bom/pull/3324</a></li>
<li>fix(inventory): keep distinct MCP servers distinct across identity, enrichment, and Cortex audit by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3325">https://github.com/msaad00/agent-bom/pull/3325</a></li>
<li>chore(deps): combine UI dependency updates by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3337">https://github.com/msaad00/agent-bom/pull/3337</a></li>
<li>fix(model-scan): close pickle-scan size gate and memo evasion by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3326">https://github.com/msaad00/agent-bom/pull/3326</a></li>
<li>fix(version): honor tagged bounds for Go pseudo-versions by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3327">https://github.com/msaad00/agent-bom/pull/3327</a></li>
<li>fix(image): warn on legacy rpmdb instead of silent zero coverage by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3328">https://github.com/msaad00/agent-bom/pull/3328</a></li>
<li>fix(mcp): block SSRF in repo scan and offload clone off the event loop by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3329">https://github.com/msaad00/agent-bom/pull/3329</a></li>
<li>feat(ui): design-system foundation — Collapsible, Card/Section, entity icons, vendor logos, state primitives by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3338">https://github.com/msaad00/agent-bom/pull/3338</a></li>
<li>fix(sca): harden OSV/NVD/KEV/GHSA sync + SQLite concurrency (availability) by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3339">https://github.com/msaad00/agent-bom/pull/3339</a></li>
<li>feat(ui): real connections experience — vendor logos + connector cards wired to backend by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3340">https://github.com/msaad00/agent-bom/pull/3340</a></li>
<li>fix(api): bind audit tenant server-side, harden rate-limit identity + global ceiling by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3341">https://github.com/msaad00/agent-bom/pull/3341</a></li>
<li>fix(output): dedup CycloneDX components + scope finding id by package by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3342">https://github.com/msaad00/agent-bom/pull/3342</a></li>
<li>fix(ui): align connections screenshot spec with redesigned headings by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3344">https://github.com/msaad00/agent-bom/pull/3344</a></li>
<li>feat: capability-depth — reachability→CVE, perf, identity owner-binding, FinOps rates, SBOM attestation/SPDX2 by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3346">https://github.com/msaad00/agent-bom/pull/3346</a></li>
<li>feat(ui): declutter, capability-driven IA, interaction-state fixes, real trust stack by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3347">https://github.com/msaad00/agent-bom/pull/3347</a></li>
<li>feat(gateway): OAuth 2.1 AS conformance + inline A2A mutual-auth enforcement + per-tool-call scope/DLP by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3348">https://github.com/msaad00/agent-bom/pull/3348</a></li>
<li>chore(release): v0.91.0 by @msaad00 in <a href="https://github.com/msaad00/agent-bom/pull/3349">https://github.com/msaad00/agent-bom/pull/3349</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/msaad00/agent-bom/compare/v0.90.0...v0.91.0">https://github.com/msaad00/agent-bom/compare/v0.90.0...v0.91.0</a></p>
]]></content:encoded></item><item><title>Codeowners Plus</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/codeowners-plus/</link><pubDate>Wed, 01 Jul 2026 07:00:04 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/codeowners-plus/</guid><description>Version updated for https://github.com/multimediallc/codeowners-plus to version v1.10.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed v1.9.1 by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/133 Add gomodUpdateImportPaths to renovate config by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/135 dev: Update module github.com/google/go-github/v85 to v86 by @mm-renovate-bot[bot] in https://github.com/multimediallc/codeowners-plus/pull/125 Fully support sha pinning + remove docker from runtime. by @Icantjuddle in https://github.com/multimediallc/codeowners-plus/pull/143 Fix goreleaser trigger by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/146 ci: trigger goreleaser on tag push, create draft release by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/148 fix: action path has infixed ./ for local action runs by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/149 Bump the gomod group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/multimediallc/codeowners-plus/pull/151 dev: Update actions/checkout action to v7 by @mm-renovate-bot[bot] in https://github.com/multimediallc/codeowners-plus/pull/153 dev: Update golangci/golangci-lint-action action to v9.2.1 by @mm-renovate-bot[bot] in https://github.com/multimediallc/codeowners-plus/pull/140 Example workflow fixes by @kolayne in https://github.com/multimediallc/codeowners-plus/pull/150 Add the config.disable_review_status_comments config option by @kolayne in https://github.com/multimediallc/codeowners-plus/pull/160 Bump the github-actions group with 2 updates by @dependabot[bot] in https://github.com/multimediallc/codeowners-plus/pull/156 Bump the gomod group with 2 updates by @dependabot[bot] in https://github.com/multimediallc/codeowners-plus/pull/157 fix: Make sort order deterministic by @BakerNet in https://github.com/multimediallc/codeowners-plus/pull/162 New Contributors @kolayne made their first contribution in https://github.com/multimediallc/codeowners-plus/pull/150 Full Changelog: https://github.com/multimediallc/codeowners-plus/compare/v1.9.1...v1.10.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/multimediallc/codeowners-plus">https://github.com/multimediallc/codeowners-plus</a></strong> to version <strong>v1.10.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/codeowners-plus">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>v1.9.1 by @BakerNet in <a href="https://github.com/multimediallc/codeowners-plus/pull/133">https://github.com/multimediallc/codeowners-plus/pull/133</a></li>
<li>Add gomodUpdateImportPaths to renovate config by @BakerNet in <a href="https://github.com/multimediallc/codeowners-plus/pull/135">https://github.com/multimediallc/codeowners-plus/pull/135</a></li>
<li>dev: Update module github.com/google/go-github/v85 to v86 by @mm-renovate-bot[bot] in <a href="https://github.com/multimediallc/codeowners-plus/pull/125">https://github.com/multimediallc/codeowners-plus/pull/125</a></li>
<li>Fully support sha pinning + remove docker from runtime.  by @Icantjuddle in <a href="https://github.com/multimediallc/codeowners-plus/pull/143">https://github.com/multimediallc/codeowners-plus/pull/143</a></li>
<li>Fix goreleaser trigger by @BakerNet in <a href="https://github.com/multimediallc/codeowners-plus/pull/146">https://github.com/multimediallc/codeowners-plus/pull/146</a></li>
<li>ci: trigger goreleaser on tag push, create draft release by @BakerNet in <a href="https://github.com/multimediallc/codeowners-plus/pull/148">https://github.com/multimediallc/codeowners-plus/pull/148</a></li>
<li>fix: action path has infixed <code>./</code> for local action runs by @BakerNet in <a href="https://github.com/multimediallc/codeowners-plus/pull/149">https://github.com/multimediallc/codeowners-plus/pull/149</a></li>
<li>Bump the gomod group across 1 directory with 2 updates by @dependabot[bot] in <a href="https://github.com/multimediallc/codeowners-plus/pull/151">https://github.com/multimediallc/codeowners-plus/pull/151</a></li>
<li>dev: Update actions/checkout action to v7 by @mm-renovate-bot[bot] in <a href="https://github.com/multimediallc/codeowners-plus/pull/153">https://github.com/multimediallc/codeowners-plus/pull/153</a></li>
<li>dev: Update golangci/golangci-lint-action action to v9.2.1 by @mm-renovate-bot[bot] in <a href="https://github.com/multimediallc/codeowners-plus/pull/140">https://github.com/multimediallc/codeowners-plus/pull/140</a></li>
<li>Example workflow fixes by @kolayne in <a href="https://github.com/multimediallc/codeowners-plus/pull/150">https://github.com/multimediallc/codeowners-plus/pull/150</a></li>
<li>Add the <code>config.disable_review_status_comments</code> config option by @kolayne in <a href="https://github.com/multimediallc/codeowners-plus/pull/160">https://github.com/multimediallc/codeowners-plus/pull/160</a></li>
<li>Bump the github-actions group with 2 updates by @dependabot[bot] in <a href="https://github.com/multimediallc/codeowners-plus/pull/156">https://github.com/multimediallc/codeowners-plus/pull/156</a></li>
<li>Bump the gomod group with 2 updates by @dependabot[bot] in <a href="https://github.com/multimediallc/codeowners-plus/pull/157">https://github.com/multimediallc/codeowners-plus/pull/157</a></li>
<li>fix: Make sort order deterministic by @BakerNet in <a href="https://github.com/multimediallc/codeowners-plus/pull/162">https://github.com/multimediallc/codeowners-plus/pull/162</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@kolayne made their first contribution in <a href="https://github.com/multimediallc/codeowners-plus/pull/150">https://github.com/multimediallc/codeowners-plus/pull/150</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/multimediallc/codeowners-plus/compare/v1.9.1...v1.10.0">https://github.com/multimediallc/codeowners-plus/compare/v1.9.1...v1.10.0</a></p>
]]></content:encoded></item><item><title>AI Cost Receipt</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ai-cost-receipt/</link><pubDate>Wed, 01 Jul 2026 06:59:31 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/ai-cost-receipt/</guid><description>Version updated for https://github.com/noah-thing/receipt to version v0.5.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Builds on 0.4.0’s session health with automation, history, and a reviewer-facing note.
receipt guard — a Claude Code hook entrypoint. Stays silent until a session crosses your gate, then prints the single most important move where the agent sees it. With --notify it exits 2 so Claude Code feeds the nudge back to the model — strongest on the PreCompact hook, right before lossy auto-compaction. receipt health --json / --quiet --gate — machine-readable output and severity exit codes (0 / 10 watch / 20 degrading / 30 critical) for hooks and CI. receipt health --all — scores every past session and learns your personal pattern (“you tend to drift around turn ~12; X% of sessions compacted too late”). Context tax — shows how much of a session is just re-sending itself (the quadratic cost behind both rising spend and fading quality). PR-comment health note — a collapsed, reviewer-facing &amp;lt;details&amp;gt; block when the work ran under degrading conditions; silent otherwise; opt out with &amp;#34;health&amp;#34;: false. It never claims the code is wrong — only points to where to look. Honest constraint: the token-only ledger cannot detect redundant file reads, identical-command loops, or semantic issues (hallucinations, drift) — those need data Receipt deliberately never stores. Features only ever flag “conditions correlated with drift,” documented in docs/SESSION-HEALTH.md.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/noah-thing/receipt">https://github.com/noah-thing/receipt</a></strong> to version <strong>v0.5.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/ai-cost-receipt">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Builds on 0.4.0&rsquo;s session health with automation, history, and a reviewer-facing note.</p>
<ul>
<li><strong><code>receipt guard</code></strong> — a Claude Code hook entrypoint. Stays silent until a session crosses your gate, then prints the single most important move where the agent sees it. With <code>--notify</code> it exits 2 so Claude Code feeds the nudge back to the model — strongest on the <code>PreCompact</code> hook, right before lossy auto-compaction.</li>
<li><strong><code>receipt health --json</code> / <code>--quiet --gate</code></strong> — machine-readable output and severity exit codes (0 / 10 watch / 20 degrading / 30 critical) for hooks and CI.</li>
<li><strong><code>receipt health --all</code></strong> — scores every past session and learns your personal pattern (&ldquo;you tend to drift around turn ~12; X% of sessions compacted too late&rdquo;).</li>
<li><strong>Context tax</strong> — shows how much of a session is just re-sending itself (the quadratic cost behind both rising spend and fading quality).</li>
<li><strong>PR-comment health note</strong> — a collapsed, reviewer-facing <code>&lt;details&gt;</code> block when the work ran under degrading conditions; silent otherwise; opt out with <code>&quot;health&quot;: false</code>. It never claims the code is wrong — only points to where to look.</li>
</ul>
<p><strong>Honest constraint:</strong> the token-only ledger cannot detect redundant file reads, identical-command loops, or semantic issues (hallucinations, drift) — those need data Receipt deliberately never stores. Features only ever flag &ldquo;conditions correlated with drift,&rdquo; documented in docs/SESSION-HEALTH.md.</p>
<p>Still deterministic and local. 104 tests, typecheck clean. MIT.</p>
]]></content:encoded></item><item><title>Run AER Tests</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/run-aer-tests/</link><pubDate>Wed, 01 Jul 2026 06:58:57 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/run-aer-tests/</guid><description>Version updated for https://github.com/octoberswimmer/aer-dist to version v1.2.3.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 0 repositories.
Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Version v1.2.3
Add Downloaded aer To Integrated Terminal PATH
Publish Platform Events Created By Flows And Stamp Generated-Code Line Numbers
Fix Flow Line-Info Backfill And Skip Time-Based Scheduled Paths In Tests</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/octoberswimmer/aer-dist">https://github.com/octoberswimmer/aer-dist</a></strong> to version <strong>v1.2.3</strong>.</p>
<ul>
<li>
<p>This publisher is shown as &lsquo;verified&rsquo; by GitHub.</p>
</li>
<li>
<p>This action is used across all versions by <strong>0</strong> repositories.</p>
</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/run-aer-tests">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Version v1.2.3</p>
<ul>
<li>
<p>Add Downloaded aer To Integrated Terminal PATH</p>
</li>
<li>
<p>Publish Platform Events Created By Flows And Stamp Generated-Code Line Numbers</p>
</li>
<li>
<p>Fix Flow Line-Info Backfill And Skip Time-Based Scheduled Paths In Tests</p>
</li>
</ul>
]]></content:encoded></item><item><title>Postman API Onboarding</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-api-onboarding/</link><pubDate>Wed, 01 Jul 2026 06:58:24 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-api-onboarding/</guid><description>Version updated for https://github.com/postman-cs/postman-api-onboarding-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: skip+warn built-in tests without api key + access-token-primary docs by @jaredboynton in https://github.com/postman-cs/postman-api-onboarding-action/pull/56 Full Changelog: https://github.com/postman-cs/postman-api-onboarding-action/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-api-onboarding-action">https://github.com/postman-cs/postman-api-onboarding-action</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-api-onboarding">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>feat: skip+warn built-in tests without api key + access-token-primary docs by @jaredboynton in <a href="https://github.com/postman-cs/postman-api-onboarding-action/pull/56">https://github.com/postman-cs/postman-api-onboarding-action/pull/56</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-api-onboarding-action/compare/v1...v2">https://github.com/postman-cs/postman-api-onboarding-action/compare/v1...v2</a></p>
]]></content:encoded></item><item><title>Postman Onboarding AWS Spec Discovery</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-aws-spec-discovery/</link><pubDate>Wed, 01 Jul 2026 06:57:51 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-aws-spec-discovery/</guid><description>Version updated for https://github.com/postman-cs/postman-aws-spec-discovery-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13 chore(deps): bump the npm-minor-patch group across 1 directory with 21 updates by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/10 chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/9 chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/12 feat: optional access-token telemetry account_type by @jaredboynton in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/23 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13 Full Changelog: https://github.com/postman-cs/postman-aws-spec-discovery-action/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-aws-spec-discovery-action">https://github.com/postman-cs/postman-aws-spec-discovery-action</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-aws-spec-discovery">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13">https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13</a></li>
<li>chore(deps): bump the npm-minor-patch group across 1 directory with 21 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/10">https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/10</a></li>
<li>chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/9">https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/9</a></li>
<li>chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/12">https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/12</a></li>
<li>feat: optional access-token telemetry account_type by @jaredboynton in <a href="https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/23">https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/23</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@dependabot[bot] made their first contribution in <a href="https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13">https://github.com/postman-cs/postman-aws-spec-discovery-action/pull/13</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-aws-spec-discovery-action/compare/v1...v2">https://github.com/postman-cs/postman-aws-spec-discovery-action/compare/v1...v2</a></p>
]]></content:encoded></item><item><title>Postman Onboarding Workspace Bootstrap</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-workspace-bootstrap/</link><pubDate>Wed, 01 Jul 2026 06:57:18 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-workspace-bootstrap/</guid><description>Version updated for https://github.com/postman-cs/postman-bootstrap-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-bootstrap-action/pull/48 chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-bootstrap-action/pull/44 chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-bootstrap-action/pull/46 chore: add workflow_dispatch trigger to CI workflow by @andrewpostymt in https://github.com/postman-cs/postman-bootstrap-action/pull/36 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-bootstrap-action/pull/59 feat: sync additional local collections by @andrewpostymt in https://github.com/postman-cs/postman-bootstrap-action/pull/61 feat: access-token gateway migration + EC v3 multiprotocol collections by @jaredboynton in https://github.com/postman-cs/postman-bootstrap-action/pull/64 Full Changelog: https://github.com/postman-cs/postman-bootstrap-action/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-bootstrap-action">https://github.com/postman-cs/postman-bootstrap-action</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-workspace-bootstrap">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-bootstrap-action/pull/48">https://github.com/postman-cs/postman-bootstrap-action/pull/48</a></li>
<li>chore(deps): bump the actions group across 1 directory with 3 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-bootstrap-action/pull/44">https://github.com/postman-cs/postman-bootstrap-action/pull/44</a></li>
<li>chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-bootstrap-action/pull/46">https://github.com/postman-cs/postman-bootstrap-action/pull/46</a></li>
<li>chore: add workflow_dispatch trigger to CI workflow by @andrewpostymt in <a href="https://github.com/postman-cs/postman-bootstrap-action/pull/36">https://github.com/postman-cs/postman-bootstrap-action/pull/36</a></li>
<li>ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in <a href="https://github.com/postman-cs/postman-bootstrap-action/pull/59">https://github.com/postman-cs/postman-bootstrap-action/pull/59</a></li>
<li>feat: sync additional local collections by @andrewpostymt in <a href="https://github.com/postman-cs/postman-bootstrap-action/pull/61">https://github.com/postman-cs/postman-bootstrap-action/pull/61</a></li>
<li>feat: access-token gateway migration + EC v3 multiprotocol collections by @jaredboynton in <a href="https://github.com/postman-cs/postman-bootstrap-action/pull/64">https://github.com/postman-cs/postman-bootstrap-action/pull/64</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-bootstrap-action/compare/v1...v2">https://github.com/postman-cs/postman-bootstrap-action/compare/v1...v2</a></p>
]]></content:encoded></item><item><title>Postman Onboarding Insights Linking</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-insights-linking/</link><pubDate>Wed, 01 Jul 2026 06:56:45 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-insights-linking/</guid><description>Version updated for https://github.com/postman-cs/postman-insights-onboarding-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/26 chore(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/24 chore(deps): bump the actions group with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/23 chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-insights-onboarding-action/pull/25 fix: implement support for xray key matching by @hiqbal-postman in https://github.com/postman-cs/postman-insights-onboarding-action/pull/10 feat: thread access-token re-mint through Bifrost catalog client by @jaredboynton in https://github.com/postman-cs/postman-insights-onboarding-action/pull/36 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-insights-onboarding-action/pull/26 @hiqbal-postman made their first contribution in https://github.com/postman-cs/postman-insights-onboarding-action/pull/10 Full Changelog: https://github.com/postman-cs/postman-insights-onboarding-action/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-insights-onboarding-action">https://github.com/postman-cs/postman-insights-onboarding-action</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-insights-linking">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/26">https://github.com/postman-cs/postman-insights-onboarding-action/pull/26</a></li>
<li>chore(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/24">https://github.com/postman-cs/postman-insights-onboarding-action/pull/24</a></li>
<li>chore(deps): bump the actions group with 3 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/23">https://github.com/postman-cs/postman-insights-onboarding-action/pull/23</a></li>
<li>chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/25">https://github.com/postman-cs/postman-insights-onboarding-action/pull/25</a></li>
<li>fix: implement support for xray key matching by @hiqbal-postman in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/10">https://github.com/postman-cs/postman-insights-onboarding-action/pull/10</a></li>
<li>feat: thread access-token re-mint through Bifrost catalog client by @jaredboynton in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/36">https://github.com/postman-cs/postman-insights-onboarding-action/pull/36</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@dependabot[bot] made their first contribution in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/26">https://github.com/postman-cs/postman-insights-onboarding-action/pull/26</a></li>
<li>@hiqbal-postman made their first contribution in <a href="https://github.com/postman-cs/postman-insights-onboarding-action/pull/10">https://github.com/postman-cs/postman-insights-onboarding-action/pull/10</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-insights-onboarding-action/compare/v1...v2">https://github.com/postman-cs/postman-insights-onboarding-action/compare/v1...v2</a></p>
]]></content:encoded></item><item><title>Postman Onboarding Repo Sync</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-repo-sync/</link><pubDate>Wed, 01 Jul 2026 06:56:08 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-repo-sync/</guid><description>Version updated for https://github.com/postman-cs/postman-repo-sync-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-repo-sync-action/pull/40 chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in https://github.com/postman-cs/postman-repo-sync-action/pull/39 fix: pass CI_ENVIRONMENT key to postman collection run env-var flag by @jaredboynton in https://github.com/postman-cs/postman-repo-sync-action/pull/49 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-repo-sync-action/pull/54 feat: add Azure DevOps repo sync support by @andrewpostymt in https://github.com/postman-cs/postman-repo-sync-action/pull/58 feat: access-token gateway routing + @postman v3 converter cutover by @jaredboynton in https://github.com/postman-cs/postman-repo-sync-action/pull/61 New Contributors @andrewpostymt made their first contribution in https://github.com/postman-cs/postman-repo-sync-action/pull/58 Full Changelog: https://github.com/postman-cs/postman-repo-sync-action/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-repo-sync-action">https://github.com/postman-cs/postman-repo-sync-action</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-repo-sync">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps-dev): bump @commitlint/config-conventional from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-repo-sync-action/pull/40">https://github.com/postman-cs/postman-repo-sync-action/pull/40</a></li>
<li>chore(deps-dev): bump @commitlint/cli from 20.5.3 to 21.0.2 by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-repo-sync-action/pull/39">https://github.com/postman-cs/postman-repo-sync-action/pull/39</a></li>
<li>fix: pass CI_ENVIRONMENT key to postman collection run env-var flag by @jaredboynton in <a href="https://github.com/postman-cs/postman-repo-sync-action/pull/49">https://github.com/postman-cs/postman-repo-sync-action/pull/49</a></li>
<li>ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in <a href="https://github.com/postman-cs/postman-repo-sync-action/pull/54">https://github.com/postman-cs/postman-repo-sync-action/pull/54</a></li>
<li>feat: add Azure DevOps repo sync support by @andrewpostymt in <a href="https://github.com/postman-cs/postman-repo-sync-action/pull/58">https://github.com/postman-cs/postman-repo-sync-action/pull/58</a></li>
<li>feat: access-token gateway routing + @postman v3 converter cutover by @jaredboynton in <a href="https://github.com/postman-cs/postman-repo-sync-action/pull/61">https://github.com/postman-cs/postman-repo-sync-action/pull/61</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@andrewpostymt made their first contribution in <a href="https://github.com/postman-cs/postman-repo-sync-action/pull/58">https://github.com/postman-cs/postman-repo-sync-action/pull/58</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-repo-sync-action/compare/v1...v2">https://github.com/postman-cs/postman-repo-sync-action/compare/v1...v2</a></p>
]]></content:encoded></item><item><title>Postman Onboarding Service Token</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-service-token/</link><pubDate>Wed, 01 Jul 2026 06:55:35 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-service-token/</guid><description>Version updated for https://github.com/postman-cs/postman-resolve-service-token-action to version v2.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/postman-cs/postman-resolve-service-token-action/pull/10 chore(deps): bump the actions group with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-resolve-service-token-action/pull/9 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-resolve-service-token-action/pull/17 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-resolve-service-token-action/pull/10 Full Changelog: https://github.com/postman-cs/postman-resolve-service-token-action/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-resolve-service-token-action">https://github.com/postman-cs/postman-resolve-service-token-action</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-service-token">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-resolve-service-token-action/pull/10">https://github.com/postman-cs/postman-resolve-service-token-action/pull/10</a></li>
<li>chore(deps): bump the actions group with 3 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-resolve-service-token-action/pull/9">https://github.com/postman-cs/postman-resolve-service-token-action/pull/9</a></li>
<li>ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in <a href="https://github.com/postman-cs/postman-resolve-service-token-action/pull/17">https://github.com/postman-cs/postman-resolve-service-token-action/pull/17</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@dependabot[bot] made their first contribution in <a href="https://github.com/postman-cs/postman-resolve-service-token-action/pull/10">https://github.com/postman-cs/postman-resolve-service-token-action/pull/10</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-resolve-service-token-action/compare/v1...v2">https://github.com/postman-cs/postman-resolve-service-token-action/compare/v1...v2</a></p>
]]></content:encoded></item><item><title>Postman Onboarding Smoke Flow</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-smoke-flow/</link><pubDate>Wed, 01 Jul 2026 06:55:02 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/postman-onboarding-smoke-flow/</guid><description>Version updated for https://github.com/postman-cs/postman-smoke-flow-action to version v2.0.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed build(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/postman-cs/postman-smoke-flow-action/pull/16 build(deps): bump the actions group with 3 updates by @dependabot[bot] in https://github.com/postman-cs/postman-smoke-flow-action/pull/15 ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in https://github.com/postman-cs/postman-smoke-flow-action/pull/23 feat: access-token-only Smoke reshape via v3 gateway by @jaredboynton in https://github.com/postman-cs/postman-smoke-flow-action/pull/28 New Contributors @dependabot[bot] made their first contribution in https://github.com/postman-cs/postman-smoke-flow-action/pull/16 Full Changelog: https://github.com/postman-cs/postman-smoke-flow-action/compare/v1...v2.0.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/postman-cs/postman-smoke-flow-action">https://github.com/postman-cs/postman-smoke-flow-action</a></strong> to version <strong>v2.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/postman-onboarding-smoke-flow">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>build(deps-dev): bump the npm-minor-patch group across 1 directory with 2 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-smoke-flow-action/pull/16">https://github.com/postman-cs/postman-smoke-flow-action/pull/16</a></li>
<li>build(deps): bump the actions group with 3 updates by @dependabot[bot] in <a href="https://github.com/postman-cs/postman-smoke-flow-action/pull/15">https://github.com/postman-cs/postman-smoke-flow-action/pull/15</a></li>
<li>ci: harden e2e gate waiter against transient GitHub API failures by @jaredboynton in <a href="https://github.com/postman-cs/postman-smoke-flow-action/pull/23">https://github.com/postman-cs/postman-smoke-flow-action/pull/23</a></li>
<li>feat: access-token-only Smoke reshape via v3 gateway by @jaredboynton in <a href="https://github.com/postman-cs/postman-smoke-flow-action/pull/28">https://github.com/postman-cs/postman-smoke-flow-action/pull/28</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@dependabot[bot] made their first contribution in <a href="https://github.com/postman-cs/postman-smoke-flow-action/pull/16">https://github.com/postman-cs/postman-smoke-flow-action/pull/16</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/postman-cs/postman-smoke-flow-action/compare/v1...v2.0.0">https://github.com/postman-cs/postman-smoke-flow-action/compare/v1...v2.0.0</a></p>
]]></content:encoded></item><item><title>Remyx Outrider</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/remyx-outrider/</link><pubDate>Wed, 01 Jul 2026 06:54:29 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/remyx-outrider/</guid><description>Version updated for https://github.com/remyxai/outrider to version v1.6.31.
This action is used across all versions by 2 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed The self-review call now honors the claude-timeout workflow input — completing the per-stage timeout consolidation begun in v1.6.28 (preflight), v1.6.29 (audit), v1.6.30 (selection). After this release, claude-timeout is the single budget knob across every Claude-Code stage in the chain.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/remyxai/outrider">https://github.com/remyxai/outrider</a></strong> to version <strong>v1.6.31</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>2</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/remyx-outrider">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>The self-review call now honors the <code>claude-timeout</code> workflow input — completing the per-stage timeout consolidation begun in v1.6.28 (preflight), v1.6.29 (audit), v1.6.30 (selection). After this release, <code>claude-timeout</code> is the single budget knob across every Claude-Code stage in the chain.</p>
<p><strong>What changed</strong></p>
<ul>
<li><code>self_review_diff</code> production call site in <code>process_target</code> now passes <code>target.claude_timeout_s</code> (was hardcoded 180s default).</li>
<li>Direct callers (tests, ad-hoc invocations) that don&rsquo;t pass an explicit <code>timeout_s</code> keep the 180s default for backwards compatibility.</li>
</ul>
<p><strong>Why it matters</strong></p>
<p>Self-review detects orphan code (new code not reachable from any production path) and downgrades a drafted PR back to Issue. On heavy diffs in large monorepos or on slower non-Anthropic backends, the previous 180s ceiling caused the pass to time out — and the chain would ship the PR without the safety-net check.</p>
<p>PR: <a href="https://github.com/remyxai/outrider/pull/79">#79</a></p>
]]></content:encoded></item><item><title>rumdl-action</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rumdl-action/</link><pubDate>Wed, 01 Jul 2026 06:53:56 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/rumdl-action/</guid><description>Version updated for https://github.com/rvben/rumdl to version v0.2.27.
This action is used across all versions by 6 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Fixed MD077: detect latent list markers past an unstable heading (05d273e) MD013: keep reference-style links atomic when reflowing (a991a71) Downloads File Platform Checksum rumdl-v0.2.27-x86_64-unknown-linux-gnu.tar.gz Linux x86_64 checksum rumdl-v0.2.27-x86_64-unknown-linux-musl.tar.gz Linux x86_64 (musl) checksum rumdl-v0.2.27-aarch64-unknown-linux-gnu.tar.gz Linux ARM64 checksum rumdl-v0.2.27-aarch64-unknown-linux-musl.tar.gz Linux ARM64 (musl) checksum rumdl-v0.2.27-x86_64-apple-darwin.tar.gz macOS x86_64 checksum rumdl-v0.2.27-aarch64-apple-darwin.tar.gz macOS ARM64 (Apple Silicon) checksum rumdl-v0.2.27-x86_64-pc-windows-msvc.zip Windows x86_64 checksum Installation Using uv (Recommended) uv tool install rumdl Using pip pip install rumdl Using pipx pipx install rumdl Direct Download Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/rvben/rumdl">https://github.com/rvben/rumdl</a></strong> to version <strong>v0.2.27</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>6</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/rumdl-action">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h3 id="fixed">Fixed</h3>
<ul>
<li><strong>MD077</strong>: detect latent list markers past an unstable heading (<a href="https://github.com/rvben/rumdl/commit/05d273eae5636d400f97f7186eb6cabda140ecd3">05d273e</a>)</li>
<li><strong>MD013</strong>: keep reference-style links atomic when reflowing (<a href="https://github.com/rvben/rumdl/commit/a991a71c2b05a1f83cb95de95e4b96cf3c4227e8">a991a71</a>)</li>
</ul>
<h2 id="downloads">Downloads</h2>
<table>
  <thead>
      <tr>
          <th>File</th>
          <th>Platform</th>
          <th>Checksum</th>
      </tr>
  </thead>
  <tbody>
      <tr>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-unknown-linux-gnu.tar.gz">rumdl-v0.2.27-x86_64-unknown-linux-gnu.tar.gz</a></td>
          <td>Linux x86_64</td>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-unknown-linux-gnu.tar.gz.sha256">checksum</a></td>
      </tr>
      <tr>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-unknown-linux-musl.tar.gz">rumdl-v0.2.27-x86_64-unknown-linux-musl.tar.gz</a></td>
          <td>Linux x86_64 (musl)</td>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-unknown-linux-musl.tar.gz.sha256">checksum</a></td>
      </tr>
      <tr>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-aarch64-unknown-linux-gnu.tar.gz">rumdl-v0.2.27-aarch64-unknown-linux-gnu.tar.gz</a></td>
          <td>Linux ARM64</td>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-aarch64-unknown-linux-gnu.tar.gz.sha256">checksum</a></td>
      </tr>
      <tr>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-aarch64-unknown-linux-musl.tar.gz">rumdl-v0.2.27-aarch64-unknown-linux-musl.tar.gz</a></td>
          <td>Linux ARM64 (musl)</td>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-aarch64-unknown-linux-musl.tar.gz.sha256">checksum</a></td>
      </tr>
      <tr>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-apple-darwin.tar.gz">rumdl-v0.2.27-x86_64-apple-darwin.tar.gz</a></td>
          <td>macOS x86_64</td>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-apple-darwin.tar.gz.sha256">checksum</a></td>
      </tr>
      <tr>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-aarch64-apple-darwin.tar.gz">rumdl-v0.2.27-aarch64-apple-darwin.tar.gz</a></td>
          <td>macOS ARM64 (Apple Silicon)</td>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-aarch64-apple-darwin.tar.gz.sha256">checksum</a></td>
      </tr>
      <tr>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-pc-windows-msvc.zip">rumdl-v0.2.27-x86_64-pc-windows-msvc.zip</a></td>
          <td>Windows x86_64</td>
          <td><a href="https://github.com/rvben/rumdl/releases/download/v0.2.27/rumdl-v0.2.27-x86_64-pc-windows-msvc.zip.sha256">checksum</a></td>
      </tr>
  </tbody>
</table>
<h2 id="installation">Installation</h2>
<h3 id="using-uv-recommended">Using uv (Recommended)</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>uv tool install rumdl
</span></span></code></pre></div><h3 id="using-pip">Using pip</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>pip install rumdl
</span></span></code></pre></div><h3 id="using-pipx">Using pipx</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>pipx install rumdl
</span></span></code></pre></div><h3 id="direct-download">Direct Download</h3>
<p>Download the appropriate binary for your platform from the table above, extract it, and add it to your PATH.</p>
]]></content:encoded></item><item><title>Docker Compose Cache</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/docker-compose-cache/</link><pubDate>Wed, 01 Jul 2026 06:53:23 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/docker-compose-cache/</guid><description>Version updated for https://github.com/seijikohara/docker-compose-cache-action to version v1.8.15.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed ci: fail summary jobs when upstream jobs do not succeed by @seijikohara in https://github.com/seijikohara/docker-compose-cache-action/pull/301 chore(deps): update actions/checkout action to v7 by @renovate[bot] in https://github.com/seijikohara/docker-compose-cache-action/pull/297 chore(deps): lock file maintenance by @renovate[bot] in https://github.com/seijikohara/docker-compose-cache-action/pull/302 Full Changelog: https://github.com/seijikohara/docker-compose-cache-action/compare/v1.8.14...v1.8.15</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/seijikohara/docker-compose-cache-action">https://github.com/seijikohara/docker-compose-cache-action</a></strong> to version <strong>v1.8.15</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/docker-compose-cache">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>ci: fail summary jobs when upstream jobs do not succeed by @seijikohara in <a href="https://github.com/seijikohara/docker-compose-cache-action/pull/301">https://github.com/seijikohara/docker-compose-cache-action/pull/301</a></li>
<li>chore(deps): update actions/checkout action to v7 by @renovate[bot] in <a href="https://github.com/seijikohara/docker-compose-cache-action/pull/297">https://github.com/seijikohara/docker-compose-cache-action/pull/297</a></li>
<li>chore(deps): lock file maintenance by @renovate[bot] in <a href="https://github.com/seijikohara/docker-compose-cache-action/pull/302">https://github.com/seijikohara/docker-compose-cache-action/pull/302</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/seijikohara/docker-compose-cache-action/compare/v1.8.14...v1.8.15">https://github.com/seijikohara/docker-compose-cache-action/compare/v1.8.14...v1.8.15</a></p>
]]></content:encoded></item><item><title>Satellite Deploy</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/satellite-deploy/</link><pubDate>Wed, 01 Jul 2026 06:52:50 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/satellite-deploy/</guid><description>Version updated for https://github.com/snakenet-org/satellite-deploy to version v1.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Initial first release of GitHub action for the Satellite Auto-Deployment feature</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/snakenet-org/satellite-deploy">https://github.com/snakenet-org/satellite-deploy</a></strong> to version <strong>v1</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>20</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/satellite-deploy">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>Initial first release of GitHub action for the Satellite Auto-Deployment feature</p>
]]></content:encoded></item><item><title>Difftron Delta Coverage Gate</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/difftron-delta-coverage-gate/</link><pubDate>Wed, 01 Jul 2026 06:52:17 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/difftron-delta-coverage-gate/</guid><description>Version updated for https://github.com/swantron/difftron to version v1.0.0.
This action is used across all versions by 1 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First public release.
Fail a pull request when newly changed lines aren’t tested — language-agnostic delta/patch coverage for LCOV, Cobertura, and Go coverage, in a few lines of YAML.
Composite Action, builds from source — no external binary to trust</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/swantron/difftron">https://github.com/swantron/difftron</a></strong> to version <strong>v1.0.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/difftron-delta-coverage-gate">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p>First public release.</p>
<p>Fail a pull request when newly changed lines aren&rsquo;t tested — language-agnostic delta/patch coverage for LCOV, Cobertura, and Go coverage, in a few lines of YAML.</p>
<ul>
<li>
<p>Composite Action, builds from source — no external binary to trust</p>
</li>
<li>
<p>Auto-detects the PR/push diff range</p>
</li>
<li>
<p>Posts a sticky delta-coverage comment on the PR</p>
</li>
<li>
<p>Files with no coverage data (docs/config) are skipped, not failed</p>
<p>Quickstart: see examples/quickstart.yml</p>
</li>
</ul>
]]></content:encoded></item><item><title>Release Uclusion</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/release-uclusion/</link><pubDate>Wed, 01 Jul 2026 06:51:13 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/release-uclusion/</guid><description>Version updated for https://github.com/Uclusion/release-job to version v1.1.0.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed T-all-2238 Mark a job deployed only when its latest commits are on the env (ce28b48) fix: move to node 24.x (497b508) fix: link doc (92f76e8) Merge remote-tracking branch ‘origin/main’ (bcadebe) fix: space in view name (3677e82) Update README.md (e9f6d6c) feat: label releases (80fdfc6) feat: label releases (24faaeb) feat: label releases (1274acb) feat: label releases - untested (bed25f2)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Uclusion/release-job">https://github.com/Uclusion/release-job</a></strong> to version <strong>v1.1.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/release-uclusion">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>T-all-2238 Mark a job deployed only when its latest commits are on the env (ce28b48)</li>
<li>fix: move to node 24.x (497b508)</li>
<li>fix: link doc (92f76e8)</li>
<li>Merge remote-tracking branch &lsquo;origin/main&rsquo; (bcadebe)</li>
<li>fix: space in view name (3677e82)</li>
<li>Update README.md (e9f6d6c)</li>
<li>feat: label releases (80fdfc6)</li>
<li>feat: label releases (24faaeb)</li>
<li>feat: label releases (1274acb)</li>
<li>feat: label releases - untested (bed25f2)</li>
</ul>
]]></content:encoded></item><item><title>Update Uclusion</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/update-uclusion/</link><pubDate>Wed, 01 Jul 2026 06:50:40 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/update-uclusion/</guid><description>Version updated for https://github.com/Uclusion/update-job to version v1.1.2.
This action is used across all versions by 1 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed T-all-2240 Make testPush a no-op smoke test (fixed no-code message) (deabf19) T-all-2238 Reconcile job deploy state on push; configurable pending label (de092bb) fix: Only extract job ids. (340d9bb) fix: move to node 24.x (a19c034) fix: move to node 24.x (ab6d493) fix: link doc (c83286a) fix: space in view name (ff4ac90) fix: space in view name (d0c570f) fix: urlencode (f66608d) fix: cleanup (93a64c0)</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/Uclusion/update-job">https://github.com/Uclusion/update-job</a></strong> to version <strong>v1.1.2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>1</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Docker</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/update-uclusion">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<ul>
<li>T-all-2240 Make testPush a no-op smoke test (fixed no-code message) (deabf19)</li>
<li>T-all-2238 Reconcile job deploy state on push; configurable pending label (de092bb)</li>
<li>fix: Only extract job ids. (340d9bb)</li>
<li>fix: move to node 24.x (a19c034)</li>
<li>fix: move to node 24.x (ab6d493)</li>
<li>fix: link doc (c83286a)</li>
<li>fix: space in view name (ff4ac90)</li>
<li>fix: space in view name (d0c570f)</li>
<li>fix: urlencode (f66608d)</li>
<li>fix: cleanup (93a64c0)</li>
</ul>
]]></content:encoded></item><item><title>MIU PR Review</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/miu-pr-review/</link><pubDate>Wed, 01 Jul 2026 06:50:06 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/miu-pr-review/</guid><description>Version updated for https://github.com/vanducng/miu-cr to version v0.81.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed miu-cr v0.81.0 AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.
Install curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.81.0 brew install vanducng/tap/miucr go install github.com/vanducng/miu-cr/cmd/miucr@v0.81.0 GitHub Action:</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/vanducng/miu-cr">https://github.com/vanducng/miu-cr</a></strong> to version <strong>v0.81.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Composite</strong> action.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/miu-pr-review">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="miu-cr-v0810">miu-cr v0.81.0</h2>
<p>AI code review for local changes and GitHub pull requests. Use it as a CLI, CI gate, or GitHub Action with your own LLM key.</p>
<h3 id="install">Install</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>curl -fsSL https://cr.miu.sh/install.sh | sh -s -- v0.81.0
</span></span><span style="display:flex;"><span>brew install vanducng/tap/miucr
</span></span><span style="display:flex;"><span>go install github.com/vanducng/miu-cr/cmd/miucr@v0.81.0
</span></span></code></pre></div><p>GitHub Action:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">permissions</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#f92672">pull-requests</span>: <span style="color:#ae81ff">write</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">steps</span>:
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v6</span>
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">vanducng/miu-cr@v0.81.0</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">with</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">api-key</span>: <span style="color:#ae81ff">${{ secrets.ANTHROPIC_API_KEY }}</span>
</span></span></code></pre></div><h3 id="common-commands">Common commands</h3>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>miucr login --provider openai
</span></span><span style="display:flex;"><span>miucr review --staged
</span></span><span style="display:flex;"><span>miucr review --from main --to HEAD --gate high
</span></span><span style="display:flex;"><span>miucr review --pr owner/repo#123 --post
</span></span><span style="display:flex;"><span>miucr upgrade
</span></span></code></pre></div><p>Docs: <a href="https://cr.miu.sh">https://cr.miu.sh</a></p>
]]></content:encoded></item><item><title>Setup vp</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/setup-vp/</link><pubDate>Wed, 01 Jul 2026 06:49:33 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/setup-vp/</guid><description>Version updated for https://github.com/voidzero-dev/setup-vp to version v1.13.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed chore(deps): update dependency vite-plus to v0.1.24 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/78 chore(deps): update vite+ to v0.1.24 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/79 chore(deps): update github actions to v3.24 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/80 test: add Node 20 to node-version matrix (expected red until Vite+ supports it) by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/84 chore(deps): upgrade vite-plus to 0.2.1 by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/85 docs: update shared agent guidance by @jong-kyung in https://github.com/voidzero-dev/setup-vp/pull/89 chore: switch input schemas to zod mini by @jong-kyung in https://github.com/voidzero-dev/setup-vp/pull/98 chore(deps): update dependency @actions/cache to v6.1.0 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/86 chore(deps): update pnpm to v11.9.0 by @renovate[bot] in https://github.com/voidzero-dev/setup-vp/pull/99 fix: install pkg.pr.new preview builds via VP_PR_VERSION by @fengmk2 in https://github.com/voidzero-dev/setup-vp/pull/100 New Contributors @jong-kyung made their first contribution in https://github.com/voidzero-dev/setup-vp/pull/89 Full Changelog: https://github.com/voidzero-dev/setup-vp/compare/v1.12.0...v1.13.0</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/voidzero-dev/setup-vp">https://github.com/voidzero-dev/setup-vp</a></strong> to version <strong>v1.13.0</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>0</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/setup-vp">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<h2 id="whats-changed-1">What&rsquo;s Changed</h2>
<ul>
<li>chore(deps): update dependency vite-plus to v0.1.24 by @renovate[bot] in <a href="https://github.com/voidzero-dev/setup-vp/pull/78">https://github.com/voidzero-dev/setup-vp/pull/78</a></li>
<li>chore(deps): update vite+ to v0.1.24 by @renovate[bot] in <a href="https://github.com/voidzero-dev/setup-vp/pull/79">https://github.com/voidzero-dev/setup-vp/pull/79</a></li>
<li>chore(deps): update github actions to v3.24 by @renovate[bot] in <a href="https://github.com/voidzero-dev/setup-vp/pull/80">https://github.com/voidzero-dev/setup-vp/pull/80</a></li>
<li>test: add Node 20 to node-version matrix (expected red until Vite+ supports it) by @fengmk2 in <a href="https://github.com/voidzero-dev/setup-vp/pull/84">https://github.com/voidzero-dev/setup-vp/pull/84</a></li>
<li>chore(deps): upgrade vite-plus to 0.2.1 by @fengmk2 in <a href="https://github.com/voidzero-dev/setup-vp/pull/85">https://github.com/voidzero-dev/setup-vp/pull/85</a></li>
<li>docs: update shared agent guidance by @jong-kyung in <a href="https://github.com/voidzero-dev/setup-vp/pull/89">https://github.com/voidzero-dev/setup-vp/pull/89</a></li>
<li>chore: switch input schemas to zod mini by @jong-kyung in <a href="https://github.com/voidzero-dev/setup-vp/pull/98">https://github.com/voidzero-dev/setup-vp/pull/98</a></li>
<li>chore(deps): update dependency @actions/cache to v6.1.0 by @renovate[bot] in <a href="https://github.com/voidzero-dev/setup-vp/pull/86">https://github.com/voidzero-dev/setup-vp/pull/86</a></li>
<li>chore(deps): update pnpm to v11.9.0 by @renovate[bot] in <a href="https://github.com/voidzero-dev/setup-vp/pull/99">https://github.com/voidzero-dev/setup-vp/pull/99</a></li>
<li>fix: install pkg.pr.new preview builds via VP_PR_VERSION by @fengmk2 in <a href="https://github.com/voidzero-dev/setup-vp/pull/100">https://github.com/voidzero-dev/setup-vp/pull/100</a></li>
</ul>
<h2 id="new-contributors">New Contributors</h2>
<ul>
<li>@jong-kyung made their first contribution in <a href="https://github.com/voidzero-dev/setup-vp/pull/89">https://github.com/voidzero-dev/setup-vp/pull/89</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/voidzero-dev/setup-vp/compare/v1.12.0...v1.13.0">https://github.com/voidzero-dev/setup-vp/compare/v1.12.0...v1.13.0</a></p>
]]></content:encoded></item><item><title>docs-version-deploy</title><link>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/docs-version-deploy/</link><pubDate>Wed, 01 Jul 2026 06:49:00 +0000</pubDate><guid>https://devops-actions.github.io/github-actions-marketplace-news/blog/2026/07/01/docs-version-deploy/</guid><description>Version updated for https://github.com/yukiakai212/docs-version-deploy to version v2.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/yukiakai212/docs-version-deploy/compare/v1...v2</description><content:encoded><![CDATA[<p>Version updated for <strong><a href="https://github.com/yukiakai212/docs-version-deploy">https://github.com/yukiakai212/docs-version-deploy</a></strong> to version <strong>v2</strong>.</p>
<ul>
<li>This action is used across all versions by <strong>?</strong> repositories.</li>
</ul>
<h2 id="action-type">Action Type</h2>
<p>This is a <strong>Node</strong> action using Node version <strong>24</strong>.</p>
<p>Go to the <a href="https://github.com/marketplace/actions/docs-version-deploy">GitHub Marketplace</a> to find the latest changes.</p>
<h2 id="whats-changed">What&rsquo;s Changed</h2>
<p><strong>Full Changelog</strong>: <a href="https://github.com/yukiakai212/docs-version-deploy/compare/v1...v2">https://github.com/yukiakai212/docs-version-deploy/compare/v1...v2</a></p>
]]></content:encoded></item></channel></rss>