chore(deps): bump the all-github-actions group across 1 directory with 19 updates

[dependabot]

Bumps the all-github-actions group with 19 updates in the / directory:

Package	From	To
github/gh-aw	0.47.0	0.67.1
actions/github-script	7	8
github/gh-aw-actions	03e31e064a68e8d5ad890c92f303cfb5a3536006	3922978bff4d7cf117e185580ad108da5a0134d8
actions/checkout	4	6
actions/upload-artifact	4	7
actions/setup-dotnet	5.1.0	5.2.0
actions/setup-go	5.4.0	6.4.0
actions/setup-node	4	6
actions/deploy-pages	4.0.5	5.0.0
lycheeverse/lychee-action	2.1.0	2.8.0
amannn/action-semantic-pull-request	5	6
docker/login-action	3.6.0	4.1.0
docker/setup-buildx-action	3.12.0	4.0.0
docker/setup-qemu-action	3.2.0	4.0.0
sigstore/cosign-installer	3.5.0	4.1.1
docker/build-push-action	5.4.0	7.0.0
anchore/sbom-action	0.22.2	0.24.0
softprops/action-gh-release	2.5.0	2.6.1
ruby/setup-ruby	1.288.0	1.300.0

Updates github/gh-aw from 0.47.0 to 0.67.1

Release notes

Sourced from github/gh-aw's releases.

v0.67.1

🌟 Release Highlights

This release delivers a major OpenTelemetry observability overhaul, a new report_incomplete safe output signal, Claude Code 1.0.0 compatibility, and a wave of security hardening — all driven in part by community-reported issues.

✨ What's New

🔭 OpenTelemetry Observability (Multiple PRs)

A substantial series of improvements makes distributed tracing production-ready:

• Accurate span names — job lifecycle spans now use the actual job name (e.g. gh-aw.agent.conclusion) instead of the generic gh-aw.job.conclusion, making traces immediately readable in Grafana/Honeycomb/Datadog.
• Real job duration — conclusion spans now record actual execution time (previously always reported 2–5 ms due to a missing startMs).
• OTLP payload sanitization — sensitive values (token, secret, key, auth, etc.) in span attributes are automatically redacted before sending to any OTLP collector.
• OTLP headers masking — OTEL_EXPORTER_OTLP_HEADERS is masked with ::add-mask:: in every job, preventing auth tokens from leaking in GitHub Actions debug logs.
• MCP Gateway OpenTelemetry — the MCP Gateway now receives opentelemetry config derived from observability.otlp frontmatter and the actions/setup trace IDs, correlating all MCP tool-call traces under the workflow root trace.
• New resource attributes — service.version, github.repository, github.run_id, github.event_name, github.ref, github.sha, github.actions.run_url, deployment.environment, gh-aw.staged, gh-aw.run.attempt enriching all spans.
• Observability job summary auto-enabled — the job summary step is now rendered automatically whenever OTLP is configured; the observability.job-summary opt-in field is removed (auto-detected).
• Real OTLP trace ID in the observability job summary (was incorrectly showing the workflow_call_id).
• GitHub API rate limit analytics — gh aw audit, gh aw logs, and gh aw audit diff now show GitHub API quota consumed per run, per resource.

🛡️ report_incomplete Safe Output

A new first-class signal for agents to surface infrastructure or tool failures without being misclassified as successful runs. When an agent emits report_incomplete, the safe-outputs handler activates failure handling regardless of agent exit code — preventing "tool-failure comment disguised as a success" scenarios. Can be configured with create-issue, title-prefix, and labels, just like missing_tool.

✅ checks as a First-Class MCP Tool

The checks tool is now registered in the gh-aw MCP server, returning a normalized CI verdict (success, failed, pending, no_checks, policy_blocked). Review workflows no longer need to shell out to gh aw checks.

🔐 Security Hardening

• Token/secret injection prevention — 422 instances of $\{\{ secrets.* }} interpolated directly into run: blocks have been moved to env: mappings across 181 lock files and hand-authored CI workflows, preventing shell injection if a token contains metacharacters.
• runner-guard added to static analysis — the static-analysis-report workflow now runs Vigilant-LLC's runner-guard scanner alongside zizmor, poutine, and actionlint.

🔍 Pre-Activation Visibility

When a workflow activation is denied (bot gate, role gate, stop-after, skip-if-match, etc.), the activation job now writes a $GITHUB_STEP_SUMMARY explaining the exact reason and providing remediation guidance — no more silently skipping PRs with no visible indicator.

🤖 Claude Code 1.0.0 Compatibility

The --disable-slash-commands flag has been removed from the Claude CLI args builder. Claude Code 1.0.0 dropped this flag as a breaking change; the compiler was unconditionally injecting it, causing all Claude-engine workflows to fail at startup.

🐛 Bug Fixes & Improvements

• Fix Octokit .endpoint proxy — pre_activation check scripts were failing with route.endpoint is not a function due to the rate-limit-aware github proxy stripping Octokit's .endpoint decorator; fixed with a Proxy wrapper.
• Fix OTLP span kind — job lifecycle spans now use SPAN_KIND_INTERNAL (was SPAN_KIND_SERVER), preventing false RED-metric pollution in observability backends.
• Error message quality — duplicate permission scope hints suppressed, redundant path prefix stripped from single-failure messages, and YAML parse error fallbacks now emit proper IDE-navigable positions.
• Fix daily-issues-report — switched from codex to copilot engine after OpenAI API access restrictions blocked Codex since Mar 24.
• Fix runner-guard v2 module path — corrected go install path to include /v2/ suffix for Go major version convention compliance.
• Fix docs breadcrumb config — removed unrecognized breadcrumbs: true key that was breaking Starlight config.

... (truncated)

Changelog

Sourced from github/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Move from githubnext/gh-aw to github/gh-aw

If you were a former user of the githubnext Agentic Workflows you might have to re-register the extension to reflect the new location. As the gh-aw project moved from githubnext to github please delete the old channel and register the new one.

Example:

gh extension list
NAME   REPO              VERSION
gh aw  githubnext/gh-aw  v0.36.0
gh extension upgrade --all
[aw]: already up to date
gh extension remove gh-aw
gh extension install github/gh-aw
✓ Installed extension github/gh-aw
gh extension list
NAME   REPO          VERSION
gh aw  github/gh-aw  v0.40.1

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

... (truncated)

Commits

• 13ac7de fix: normalize INPUT_JOB_NAME hyphen form in OTLP span scripts (#24823)
• d67c9c3 fix: remove unrecognized breadcrumbs key from Starlight config (#24821)
• e9da712 fix: update TestMCPServer_ToolIcons and tool list to include checks tool (#24...
• 7a6faba fix lint: use require.NoError for error assertion in gitutil_test.go (#24817)
• 563ec89 Configure MCP gateway OpenTelemetry from observability.otlp and actions/setup...
• 5bcb428 Remove --disable-slash-commands flag for Claude Code 1.0.0 compatibility (#24...
• dcae774 Add report_incomplete safe output type to prevent tool-failure comments from ...
• 44233cc Surface pre-activation denial reason in job summary (#24792)
• 1de4eba feat: add-mask OTLP telemetry header value to prevent log leakage (#24805)
• 3f32757 feat(otel): add github.ref and github.sha to span resource attributes (#24786)
• Additional commits viewable in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

• Update Node.js version support to 24.x by @​salmanmkc in actions/github-script#637
• README for updating actions/github-script from v7 to v8 by @​sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

• @​salmanmkc made their first contribution in actions/github-script#637
• @​sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

• Upgrade husky to v9 by @​benelan in actions/github-script#482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/github-script#485
• Upgrade IA Publish by @​Jcambass in actions/github-script#486
• Fix workflow status badges by @​joshmgross in actions/github-script#497
• Update usage of actions/upload-artifact by @​joshmgross in actions/github-script#512
• Clear up package name confusion by @​joshmgross in actions/github-script#514
• Update dependencies with npm audit fix by @​joshmgross in actions/github-script#515
• Specify that the used script is JavaScript by @​timotk in actions/github-script#478
• chore: Add Dependabot for NPM and Actions by @​nschonni in actions/github-script#472
• Define permissions in workflows and update actions by @​joshmgross in actions/github-script#531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in actions/github-script#532
• chore: Remove .vscode settings by @​nschonni in actions/github-script#533
• ci: Use github/setup-licensed by @​nschonni in actions/github-script#473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in actions/github-script#508
• Remove octokit README updates for v7 by @​joshmgross in actions/github-script#557
• docs: add "exec" usage examples by @​neilime in actions/github-script#546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in actions/github-script#563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in actions/github-script#575
• Clearly document passing inputs to the script by @​joshmgross in actions/github-script#603
• Update README.md by @​nebuk89 in actions/github-script#610

New Contributors

• @​benelan made their first contribution in actions/github-script#482
• @​Jcambass made their first contribution in actions/github-script#485
• @​timotk made their first contribution in actions/github-script#478
• @​iamstarkov made their first contribution in actions/github-script#508
• @​neilime made their first contribution in actions/github-script#546
• @​nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

• ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
• 2dc352e Bold minimum Actions Runner version in README
• 01e118c Update README for Node 24 runtime requirements
• 8b222ac Apply suggestion from @​salmanmkc
• adc0eea README for updating actions/github-script from v7 to v8
• 20fe497 Merge pull request #637 from actions/node24
• e7b7f22 update licenses
• 2c81ba0 Update Node.js version support to 24.x
• See full diff in compare view

Updates github/gh-aw-actions from 03e31e064a68e8d5ad890c92f303cfb5a3536006 to 3922978bff4d7cf117e185580ad108da5a0134d8

Changelog

Sourced from github/gh-aw-actions's changelog.

Changelog

See https://github.com/github/gh-aw/blob/main/CHANGELOG.md for the changelog of the main gh-aw repository, which includes changes to this repository as well.

Commits

• See full diff in compare view

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

... (truncated)

Commits

• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• Additional commits viewable in compare view

Updates actions/setup-dotnet from 5.1.0 to 5.2.0

Release notes

Sourced from actions/setup-dotnet's releases.

v5.2.0

What's changed

Enhancements

• Add support for workloads input by @​gowridurgad in actions/setup-dotnet#693
• Add support for optional architecture input for cross-architecture .NET installs by @​priya-kinthali in actions/setup-dotnet#700

Dependency Updates

• Upgrade fast-xml-parser from 4.4.1 to 5.3.6 by @​dependabot in actions/setup-dotnet#671
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in actions/setup-dotnet#705

Full Changelog: actions/setup-dotnet@v5...v5.2.0

Commits

• c2fa09f Bump minimatch from 3.1.2 to 3.1.5 (#705)
• 02574b1 Add support for optional architecture input for cross-architecture .NET insta...
• 16c7b3c Bump fast-xml-parser from 4.4.1 to 5.3.6 (#671)
• 131b410 Add support for workloads input (#693)
• See full diff in compare view

Updates actions/setup-go from 5.4.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

• Add go-download-base-url input for custom Go distributions by @​gdams in actions/setup-go#721

Dependency update

• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in actions/setup-go#727

Documentation update

• Rearrange README.md, add advanced-usage.md by @​priyagupta108 in actions/setup-go#724
• Fix Microsoft build of Go link by @​gdams in actions/setup-go#734

New Contributors

• @​gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

• Update default Go module caching to use go.mod by @​priyagupta108 in actions/setup-go#705
• Fix golang download url to go.dev by @​178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

• Example for restore-only cache in documentation by @​aparnajyothi-y in actions/setup-go#696
• Update Node.js version in action.yml by @​ccoVeille in actions/setup-go#691
• Documentation update of actions/checkout by @​deining in actions/setup-go#683

Dependency updates

• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot in actions/setup-go#682
• Upgrade @​actions/cache to v5 by @​salmanmkc in actions/setup-go#695
• Upgrade actions/checkout from 5 to 6 by @​dependabot in actions/setup-go#686
• Upgrade qs from 6.14.0 to 6.14.1 by @​dependabot in actions/setup-go#703

New Contributors

• @​ccoVeille made their first contribution in actions/setup-go#691
• @​deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​nicholasngai in actions/setup-go#665
• Add support for .tool-versions file and update workflow by @​priya-kinthali in actions/setup-go#673
• Add comprehensive breaking changes documentation for v6 by @​mahabaleshwars in actions/setup-go#674

... (truncated)

Commits

• 4a36011 docs: fix Microsoft build of Go link (#734)
• 8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
• 27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
• def8c39 Rearrange README.md, add advanced-usage.md (#724)
• 4b73464 Fix golang download url to go.dev (#469)
• a5f9b05 Update default Go module caching to use go.mod (#705)
• 7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
• b9adafd Bump actions/checkout from 5 to 6 (#686)
• d73f6bc README.md: correct to actions/checkout@v6 (#683)
• ae252ee Bump @​actions/cache to v5 (#695)
• Additional commits viewable in compare view

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in actions/setup-node#1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in actions/setup-node#1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in actions/setup-node#1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-node#1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-node#1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-node#1345

New Contributors

• @​priya-kinthali made their first contribution in actions/setup-node#1348
• @​salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

• 53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
• 54045ab Scope test lockfiles by package manager and update cache tests (#1495)
• c882bff Replace uuid with crypto.randomUUID() (#1378)
• 774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
• efcb663 fix: remove hardcoded bearer (#1467)
• d02c89d Fix npm audit issues (#1491)
• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• 621ac41 README.md: bump to latest released checkout version v6 (#1446)
• 2951748 Bump @​actions/cache to v5.0.1 (#1449)
• Additional commits viewable in compare view

Updates actions/deploy-pages from 4.0.5 to 5.0.0

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

• Update Node.js version to 24.x @​salmanmkc (#404)
• Add workflow file for publishing releases to immutable action package @​Jcambass (#374)
• Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @​dependabot (#360)
• Make the rebuild dist workflow work nicer with Dependabot @​yoannchaudet (#361)
• Bump the non-breaking-changes group across 1 directory with 3 updates @​dependabot (#358)
• Delete repeated sentence @​garethsb (#359)
• Update README.md @​tsusdere (#348)
• Bump the non-breaking-changes group with 4 updates @​dependabot (#341)
• Remove error message for file permissions @​TooManyBees (#340)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

• cd2ce8f Merge pull request #404 from salmanmkc/node24
• bbe2a95 Update Node.js version to 24.x
• 854d7aa Merge pull request #374 from actions/Jcambass-patch-1
• 306bb81 Add workflow file for publishing releases to immutable action package
• b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
• 7273294 Bump braces in the npm_and_yarn group across 1 directory
• 963791f Merge pull request #361 from actions/dependabot-friendly
• 51bb29d Make the rebuild dist workflow safer for Dependabot
• 89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
• bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
• Additional commits viewable in compare view

Updates lycheeverse/lychee-action from 2.1.0 to 2.8.0

Release notes

Sourced from lycheeverse/lychee-action's releases.

v2.8.0

What's Changed

• Update lycheeVersion to v0.23.0 by @​github-actions[bot] in lycheeverse/lychee-action#324
• Update args for lychee-action to use root-dir by @​mre in lycheeverse/lychee-action#314
• Update test to use --root-dir instead of the deprecated --base by @​mre in lycheeverse/lychee-action#315
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in lycheeverse/lychee-action#316
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in lycheeverse/lychee-action#319
• Bump peter-evans/create-pull-request from 7 to 8 by @​dependabot[bot] in lycheeverse/lychee-action#318
• Add message with Summary report URL by @​atteggiani in lycheeverse/lychee-action#326

New Contributors

• @​atteggiani made their first contribution in lycheeverse/lychee-action#326

Full Changelog: lycheeverse/lychee-action@v2.7.0...v2.8.0

Version 2.7.0

Breaking changes

If you're using --base, you must now provide either a URL (with scheme) or an absolute local path. See lychee --help for more information. If you want to resolve root-relative links in local files, also see --root-dir.

What's Changed

• Bump peter-evans/create-issue-from-file from 5 to 6 by @​dependabot[bot] in lycheeverse/lychee-action#307
• Upgrade checkout action from v4 to v5 by @​jacobdalamb in lycheeverse/lychee-action#310
• Update lycheeVersion to v0.21.0 by @​github-actions[bot] in lycheeverse/lychee-action#312 See https://github.com/lycheeverse/lychee/releases/tag/lychee-v0.21.0 for the lychee changelog.

Full Changelog: lycheeverse/lychee-action@v2...v2.7.0

Version 2.6.1

What's Changed

• Update lycheeVersion to v0.20.1 by @​github-actions[bot] in lycheeverse/lychee-action#306, which contains a hotfix for lycheeverse/lychee-action#305.

Full Changelog:

[github-actions]

Documentation Preview

Documentation build failed for this PR. View logs.

Built from commit 8ffb567

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	86.20%	86.29%	📈 +0.09%
Statements	86.07%	86.16%	📈 +0.09%
Functions	87.41%	87.41%	➡️ +0.00%
Branches	78.56%	78.61%	📈 +0.05%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	86.6% → 87.0% (+0.39%)	86.1% → 86.5% (+0.38%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts