Update GH Actions by renovate[bot] · Pull Request #5 · https-quantumblockchainai-atlassian-net/crystal-ai

renovate · 2025-08-06T05:51:45Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	major	`v4` → `v6`
actions/checkout	action	major	`v4` → `v7`
actions/checkout	action	major	`v3` → `v7`
actions/download-artifact	action	major	`v4` → `v8`
actions/upload-artifact	action	major	`v4` → `v7`
aws-actions/configure-aws-credentials	action	major	`v4` → `v6`
cachix/cachix-action	action	major	`v14` → `v17`
cachix/install-nix-action	action	major	`v26` → `v31`
ilammy/setup-nasm	action	patch	`v1.5.1` → `v1.5.2`
macos	github-runner	major	`13` → `26`
microsoft/setup-msbuild	action	major	`v1.0.2` → `v3.0.0`
mwilliamson/setup-wasmtime-action	action	major	`v2` → `v3`
ubuntu	github-runner	major	`22.04` → `24.04`
windows	github-runner	major	`2022` → `2025`

Release Notes

actions/cache (actions/cache)

`v6.0.0`

Compare Source

What's Changed

Update packages, migrate to ESM by @Samirat in #1760

Full Changelog: actions/cache@v5...v6.0.0

`v6`

Compare Source

`v5.0.5`

Compare Source

What's Changed

Update ts-http-runtime dependency by @yacaovsnc in #1747

Full Changelog: actions/cache@v5...v5.0.5

`v5.0.4`

Compare Source

What's Changed

Add release instructions and update maintainer docs by @Link- in #1696
Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @Link- in #1697
Fix workflow permissions and cleanup workflow names / formatting by @Link- in #1699
docs: Update examples to use the latest version by @XZTDean in #1690
Fix proxy integration tests by @Link- in #1701
Fix cache key in examples.md for bun.lock by @RyPeck in #1722
Update dependencies & patch security vulnerabilities by @Link- in #1738

New Contributors

@XZTDean made their first contribution in #1690
@RyPeck made their first contribution in #1722

Full Changelog: actions/cache@v5...v5.0.4

`v5.0.3`

Compare Source

What's Changed

Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

`v5.0.2`: v.5.0.2

Compare Source

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

`v5.0.1`

Compare Source

[!IMPORTANT]
actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

What's Changed

fix: update @actions/cache for Node.js 24 punycode deprecation by @salmanmkc in #1685
prepare release v5.0.1 by @salmanmkc in #1686

v5.0.0

What's Changed

Upgrade to use node24 by @salmanmkc in #1630
Prepare v5.0.0 release by @salmanmkc in #1684

Full Changelog: actions/cache@v5...v5.0.1

`v5.0.0`

Compare Source

[!IMPORTANT]
actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Upgrade to use node24 by @salmanmkc in #1630
Prepare v5.0.0 release by @salmanmkc in #1684

Full Changelog: actions/cache@v4.3.0...v5.0.0

`v5`

Compare Source

actions/checkout (actions/checkout)

`v7.0.0`

Compare Source

Block checking out fork PR for pull_request_target and workflow_run by @aiqiaoy in #2454
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in #2458
Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in #2460
Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in #2461
Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in #2459
upgrade module to esm and update dependencies by @aiqiaoy in #2463
Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #2462

`v7`

Compare Source

Block checking out fork PR for pull_request_target and workflow_run by @aiqiaoy in #2454
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in #2458
Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in #2460
Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in #2461
Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in #2459
upgrade module to esm and update dependencies by @aiqiaoy in #2463
Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #2462

`v6.0.3`

Compare Source

Fix checkout init for SHA-256 repositories by @yaananth in #2439
fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in #2414

`v6.0.2`

Compare Source

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in #2356

`v6.0.1`

Compare Source

Add worktree support for persist-credentials includeIf by @ericsciple in #2327

`v6.0.0`

Compare Source

Persist creds to a separate file by @ericsciple in #2286
Update README to include Node.js 24 support details and requirements by @salmanmkc in #2248

`v6`

Compare Source

Fix checkout init for SHA-256 repositories by @yaananth in #2439
fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in #2414

`v5.0.1`

Compare Source

Port v6 cleanup to v5 by @ericsciple in #2301

`v5.0.0`

Compare Source

Update actions checkout to use node 24 by @salmanmkc in #2226

`v5`

Compare Source

Port v6 cleanup to v5 by @ericsciple in #2301

actions/download-artifact (actions/download-artifact)

`v8.0.1`

Compare Source

What's Changed

Support for CJK characters in the artifact name by @danwkennedy in #471
Add a regression test for artifact name + content-type mismatches by @danwkennedy in #472

Full Changelog: actions/download-artifact@v8...v8.0.1

`v8.0.0`

Compare Source

v8 - What's new

[!IMPORTANT]
actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT]
Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Don't attempt to un-zip non-zipped downloads by @danwkennedy in #460
Add a setting to specify what to do on hash mismatch and default it to error by @danwkennedy in #461

Full Changelog: actions/download-artifact@v7...v8.0.0

`v8`

Compare Source

`v7.0.0`

Compare Source

v7 - What's new

[!IMPORTANT]
actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in #440
Download Artifact Node24 support by @salmanmkc in #415
fix: update @actions/artifact to fix Node.js 24 punycode deprecation by @salmanmkc in #451
prepare release v7.0.0 for Node.js 24 support by @salmanmkc in #452

New Contributors

@patrikpolyak made their first contribution in #440
@salmanmkc made their first contribution in #415

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

`v7`

Compare Source

`v6.0.0`

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README for download-artifact v5 changes by @yacaovsnc in #417
Update README with artifact extraction details by @yacaovsnc in #424
Readme: spell out the first use of GHES by @danwkennedy in #431
Bump @actions/artifact to v4.0.0
Prepare v6.0.0 by @danwkennedy in #438

New Contributors

@danwkennedy made their first contribution in #431

Full Changelog: actions/download-artifact@v5...v6.0.0

`v6`

Compare Source

`v5.0.0`

Compare Source

What's Changed

Update README.md by @nebuk89 in #407
BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @GrantBirki in #416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

By name: name: my-artifact → extracted to path/ (direct)
By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

By name: name: my-artifact → extracted to path/ (unchanged)
By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

You download artifacts by name
You download multiple artifacts by ID
You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist

# Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

- uses: actions/download-artifact@v5
  with:
    artifact-ids: 12345
    path: dist/my-artifact  # Explicitly specify the nested path

New Contributors

@nebuk89 made their first contribution in #407

Full Changelog: actions/download-artifact@v4...v5.0.0

`v5`

Compare Source

actions/upload-artifact (actions/upload-artifact)

`v7.0.1`

Compare Source

What's Changed

Update the readme with direct upload details by @danwkennedy in #795
Readme: bump all the example versions to v7 by @danwkennedy in #796
Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in #797

Full Changelog: actions/upload-artifact@v7...v7.0.1

`v7.0.0`

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in #754
Upgrade the module to ESM and bump dependencies by @danwkennedy in #762
Support direct file uploads by @danwkennedy in #764

New Contributors

@Link- made their first contribution in #754

Full Changelog: actions/upload-artifact@v6...v7.0.0

`v7`

Compare Source

`v6.0.0`

Compare Source

v6 - What's new

[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in #719
fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in #744
prepare release v6.0.0 for Node.js 24 support by @salmanmkc in #745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

`v6`

Compare Source

`v5.0.0`

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in #681
Update README.md by @nebuk89 in #712
Readme: spell out the first use of GHES by @danwkennedy in #727
Update GHES guidance to include reference to Node 20 version by @patrikpolyak in #725
Bump @actions/artifact to v4.0.0
Prepare v5.0.0 by @danwkennedy in #734

New Contributors

@GhadimiR made their first contribution in #681
@nebuk89 made their first contribution in #712
@danwkennedy made their first contribution in #727
@patrikpolyak made their first contribution in #725

Full Changelog: actions/upload-artifact@v4...v5.0.0

`v5`

Compare Source

aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)

`v6.2.0`

Compare Source

Features

add additional session tags by default (#1775) (e0ba768)
add more retry logic and better logging (#1764) (540d0c1)
add regex validation to role-session-name (#1765) (e354499)
Allow custom session tags to be passed when assuming a role (#1759) (61f50f6)
expose run id in STS client user-agent (#1774) (29d1be3)
support custom STS endpoints (#1762) (8d52d05)

Bug Fixes

skip credential check on output-env-credentials: false (#1778) (58e7c47)
assumeRole failing from session tag size too large (#1808) (d6f5dc3)

`v6.1.3`

Compare Source

Bug Fixes

fix: allow kubelet token symlink in #1805

`v6.1.2`

Compare Source

Bug Fixes

additional filesystem checks (#1799) (c39f282)

`v6.1.1`

Compare Source

What's Changed

chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @dependabot[bot] in #1722
chore(deps-dev): bump @types/node from 25.5.0 to 25.5.2 by @dependabot[bot] in #1723
chore(deps-dev): bump @smithy/property-provider from 4.2.12 to 4.2.13 by @dependabot[bot] in #1724
chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by @dependabot[bot] in #1726
chore(deps): bump @smithy/node-http-handler from 4.5.1 to 4.5.2 by @dependabot[bot] in #1725
chore(deps): bump @aws-sdk/client-sts from 3.1020.0 to 3.1025.0 by @dependabot[bot] in #1727
chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by @dependabot[bot] in #1728
chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by @dependabot[bot] in #1729
chore(deps-dev): bump @types/node from 25.5.2 to 25.6.0 by @dependabot[bot] in #1730
chore(deps-dev): bump @aws-sdk/credential-provider-env from 3.972.24 to 3.972.25 by @dependabot[bot] in #1733
chore(deps): bump @aws-sdk/client-sts from 3.1025.0 to 3.1030.0 by @dependabot[bot] in #1732
chore(deps-dev): bump @biomejs/biome from 2.4.10 to 2.4.11 by @dependabot[bot] in #1734
chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by @dependabot[bot] in #1736
chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by @dependabot[bot] in #1737
chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @dependabot[bot] in #1740
chore(deps-dev): bump @smithy/property-provider from 4.2.13 to 4.2.14 by @dependabot[bot] in #1741
chore(deps-dev): bump @aws-sdk/credential-provider-env from 3.972.25 to 3.972.28 by @dependabot[bot] in #1742
chore(deps): bump @aws-sdk/client-sts from 3.1030.0 to 3.1033.0 by @dependabot[bot] in #1743
chore(deps-dev): bump @biomejs/biome from 2.4.11 to 2.4.12 by @dependabot[bot] in #1739
chore(deps-dev): bump @biomejs/biome from 2.4.12 to 2.4.13 by @dependabot[bot] in #1747
chore(deps): bump postcss from 8.5.6 to 8.5.12 by @dependabot[bot] in #1752
chore(deps): bump @smithy/node-http-handler from 4.6.0 to 4.6.1 by @dependabot[bot] in #1750
chore(deps-dev): bump @aws-sdk/credential-provider-env from 3.972.28 to 3.972.32 by @dependabot[bot] in #1751
chore(deps): bump @aws-sdk/client-sts from 3.1033.0 to 3.1038.0 by @dependabot[bot] in #1749
chore: release 6.1.1 by @lehmanmj in #1757

Full Changelog: aws-actions/configure-aws-credentials@v6...v6.1.1

`v6.1.0`

Compare Source

Features

add skip cleanup option (#1716) (11b1c58), closes #1545
Support usage of AWS Profiles (#1696) (a7f0c82)

`v6.0.0`

Compare Source

⚠ BREAKING CHANGES

Update action to use node24 Note this requires GitHub action runner version v2.327.1 or later (#1632) (a7a2c11)

Features

add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

`v6`

Compare Source

`v5.1.1`

Compare Source

Miscellaneous Chores

release 5.1.1 (56d6a58)
various dependency updates

`v5.1.0`

Compare Source

Features

Add global timeout support (#1487) (1584b8b)
add no-proxy support (#1482) (dde9b22)
Improve debug logging in retry logic (#1485) (97ef425)

Bug Fixes

properly expose getProxyForUrl (introduced in #1482) (#1486) (cea4298)

`v5.0.0`

Compare Source

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)
Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)
support account id allowlist (#1456) (c4be498)

`v5`

Compare Source

cachix/cachix-action (cachix/cachix-action)

`v17`

Compare Source

What's Changed

Breaking changes

Upgrade action to use Node 24 by @sandydoo in #212
https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

Bug fixes

Harden the post-build daemon hook against failing. Caching issues should not prevent builds from continuing.
Await main functions so that errors bubble up properly.

Full Changelog: cachix/cachix-action@v16...v17

`v16`

Compare Source

What's Changed

Fall back to os.tmpdir when the daemon socket path becomes too long by @sandydoo in #209
Added a small delay to allow post-build hooks to flush through by @sandydoo in #196
Upgraded dependencies

Full Changelog: cachix/cachix-action@v15...v16

`v15`: cachix-action-v15

Compare Source

What's Changed

Pass cachixArgs to the daemon by @sandydoo in #177
Support path filtering when using the daemon by @sandydoo in #182
Skip prep steps if using pathsToPush by @sandydoo in #180
store-scan: improve error handling when listing the store fails by @sandydoo in #183

Full Changelog: cachix/cachix-action@v14...v15

cachix/install-nix-action (cachix/install-nix-action)

`v31.10.6`

Compare Source

What's Changed

nix: 2.34.6 -> 2.34.7 by @github-actions[bot] in #275
GHSA-vh5x-56v6-4368: Fixes a coroutine stack-to-heap overflow via unbounded recursion in the NAR directory parser. Severity: High.
GHSA-gr92-w2r5-qw5p: Fixes an absolute path traversal vulnerability when unpacking archives to disk. Severity: Moderate.

Full Changelog: cachix/install-nix-action@v31...v31.10.6

`v31.10.5`

Compare Source

What's Changed

nix: 2.34.5 -> 2.34.6 by @github-actions[bot] in #274

Full Changelog: cachix/install-nix-action@v31...v31.10.5

`v31.10.4`

Compare Source

What's Changed

nix: 2.34.4 -> 2.34.5 by @github-actions[bot] in #273
[SECURITY] Fixes a root privilege escalation vulnerability via sandbox escape GHSA-g3g9-5vj6-r3gj

Full Changelog: cachix/install-nix-action@v31.10.3...v31.10.4

`v31.10.3`

Compare Source

What's Changed

nix: 2.34.2 -> 2.34.4 by @github-actions[bot] in #271

Full Changelog: cachix/install-nix-action@v31...v31.10.3

`v31.10.2`

Compare Source

What's Changed

nix: 2.34.1 -> 2.34.2 by @github-actions[bot] in #270

Full Changelog: cachix/install-nix-action@v31...v31.10.2

`v31.10.1`

Compare Source

What's Changed

nix: 2.34.0 -> 2.34.1 by @github-actions[bot] in #269
Fixes a bug introduced in 2.34.0 that made the Nix daemon fail to load authentication keys configured by cachix-action.

Full Changelog: cachix/install-nix-action@v31.10.0...v31.10.1

`v31.10.0`

Compare Source

What's Changed

nix: 2.33.3 -> 2.34.0 by @github-actions[bot] in #267
Release notes: https://discourse.nixos.org/t/nix-2-34-0-released/75818

⚠️ Nix 2.34.0 contains a regression that, under certain scenarios (a trusted-user + a client-side netrc-file), breaks authentication with private caches that rely on netrc files. This regression affects cachix/cachix-action.

UPD: 2.34.1 has been released with a patch for the authentication issue

Full Changelog: cachix/install-nix-action@v31.9.1...v31.10.0

`v31.9.1`

Compare Source

What's Changed

nix: 2.33.0 -> 2.33.3 by @github-actions[bot] in #266

Full Changelog: cachix/install-nix-action@v31...v31.9.1

`v31.9.0`

Compare Source

What's Changed

nix: 2.32.4 -> 2.33.0 by @github-actions[bot] in #264
chore(deps): bump peter-evans/create-pull-request from 7 to 8 by @dependabot[bot] in #263
chore(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #262

Full Changelog: cachix/install-nix-action@v31.8.4...v31.9.0

`v31.8.4`

Compare Source

What's Changed

nix: 2.32.3 -> 2.32.4 by @github-actions[bot] in #261

Full Changelog: cachix/install-nix-action@v31.8.3...v31.8.4

`v31.8.3`

Compare Source

What's Changed

nix: 2.32.2 -> 2.32.3 by @github-actions[bot] in #260

Full Changelog: cachix/install-nix-action@v31.8.2...v31.8.3

`v31.8.2`

Compare Source

What's Changed

nix: 2.32.1 -> 2.32.2 by @github-actions[bot] in #259

Full Changelog: cachix/install-nix-action@v31.8.1...v31.8.2

`v31.8.1`

Compare Source

What's Changed

nix: 2.32.0 -> 2.32.1 by @github-actions[bot] in #258

Full Changelog: cachix/install-nix-action@v31...v31.8.1

`v31.8.0`

Compare Source

What's Changed

nix: 2.31.2 -> 2.32.0 by @github-actions[bot] in [#257](https://redirect.

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- "after 5am and before 8am on Wednesday"
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

entelligence-ai-pr-reviews · 2026-03-31T10:42:42Z

Confidence Score: 5/5 - Safe to Merge

Safe to merge — this PR performs straightforward CI infrastructure version bumps across 13 GitHub Actions workflow files with no logic changes to the actual build or test processes. The upgrades to actions/checkout v6, actions/upload-artifact v7, actions/download-artifact v8, and actions/cache v5 are mechanical dependency updates that follow standard GitHub Actions versioning patterns. No review comments were generated and no heuristic issues were identified, making this a low-risk maintenance PR that improves the CI pipeline's use of current, supported action versions.

Key Findings:

All changes are version number bumps to well-known, officially maintained GitHub Actions (checkout, upload-artifact, download-artifact, cache) with no changes to workflow logic, job steps, or environment configuration.
The version jumps (e.g., actions/checkout to v6, actions/download-artifact to v8) are large increments that could in theory introduce behavioral changes in edge cases, but GitHub Actions major versions are designed to be backwards-compatible for standard use cases and these actions are widely used across the ecosystem.
No review comments, no heuristic flags, and zero coverage gaps were identified — the automated analysis found nothing actionable across all 13 changed files.
This PR reduces technical debt by moving away from older action versions (v3/v4) that may receive reduced support or security updates from GitHub.

Files requiring special attention

aarch64.yml
win.yml
interpreter.yml

entelligence-ai-pr-reviews · 2026-04-30T04:04:15Z

EntelligenceAI PR Summary

This PR modernizes CI infrastructure by upgrading runner OS images and GitHub Actions versions across three workflow files.

Upgrades LLVM workflow runner from ubuntu-22.04 to ubuntu-24.04
Upgrades Windows workflow runners from windows-2022 to windows-2025 in both win.yml and win_build_portable.yml
Bumps actions/checkout from v4 to v7 across all three workflows
Bumps actions/cache and actions/cache/restore from v4 to v6 across all three workflows
Bumps actions/upload-artifact from v4 to v7 in win.yml and win_build_portable.yml
Bumps actions/download-artifact from v4 to v8 in win.yml
Bumps ilammy/setup-nasm from v1.5.1 to v1.5.2 with updated pin hash in win.yml

Confidence Score: 2/5 - Changes Needed

Not safe to merge — this PR upgrades CI infrastructure across multiple workflows but introduces at least two breaking issues that will cause immediate workflow failures. In .github/workflows/wasm32.yml, the bump to mwilliamson/setup-wasmtime-action@v3 references a tag that does not exist on that repository (which only has a v1.0 release from 2022), meaning the WASM CI job will hard-fail on checkout. Additionally, a pre-existing unresolved concern about the upgrade to ubuntu-24.04 in llvm.yml remains open: libtinfo5 (referenced at line 51) was removed in Ubuntu 24.04 Noble and replaced by libtinfo6, so the LLVM setup step will also fail. The goal of modernizing runner images and action versions is sound, but both of these defects need to be corrected before merge.

Key Findings:

In .github/workflows/wasm32.yml, mwilliamson/setup-wasmtime-action@v3 points to a non-existent tag — the action's last release is v1.0 (December 2022) — so any workflow run using this file will fail immediately at the action resolution step with a 'tag not found' error.
In .github/workflows/llvm.yml, upgrading the runner from ubuntu-22.04 to ubuntu-24.04 breaks the Set up LLVM step because libtinfo5 is not available in Ubuntu 24.04 (noble); the package was replaced by libtinfo6, meaning the apt-get install command will error out and the entire LLVM workflow will be broken.
Both failures are hard CI breakages, not degraded behavior — neither affected workflow will successfully complete any run after this PR merges, making this a blocking problem for the repository's CI pipeline.

Files requiring special attention

.github/workflows/wasm32.yml
.github/workflows/llvm.yml

entelligence-ai-pr-reviews · 2026-05-13T04:16:28Z

 jobs:
  llvm_test:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04


⚠️ Major: Upgrade to ubuntu-24.04 breaks libtinfo5 installation — libtinfo5 (line 51) is not available in Ubuntu 24.04 (noble) — it was replaced by libtinfo6. The Set up LLVM step will fail with a package-not-found error on every matrix job because apt-get install -y libtinfo5 has no candidate in the noble repository.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In .github/workflows/llvm.yml at line 51, the command `sudo apt-get install -y libtinfo5` will fail on the newly upgraded `ubuntu-24.04` runner (line 14) because `libtinfo5` does not exist in Ubuntu 24.04's package repositories (it was replaced by `libtinfo6`). Change line 51 from `sudo apt-get install -y libtinfo5` to `sudo apt-get install -y libtinfo6` to match what is available in Ubuntu 24.04 (noble).

entelligence-ai-pr-reviews · 2026-05-13T04:16:28Z

 jobs:
  x86_64-darwin-test:
-    runs-on: macos-13
+    runs-on: macos-15


⚠️ Major: x86_64 test job now runs on ARM runner (macos-15 is Apple Silicon) — macos-13 was an Intel x86_64 runner; macos-15 is ARM (Apple Silicon M-series). The job is explicitly named x86_64-darwin-test, so the architecture switch means x86_64-specific tests are now executed on the wrong ISA. GitHub's own changelog notes that users requiring x86_64 must use a dedicated label (e.g. macos-13-xlarge or a future macos-15-x86_64 label), not macos-15.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In `.github/workflows/macos.yml` at line 15, the runner was changed from `macos-13` to `macos-15`. However, `macos-15` is an ARM (Apple Silicon) runner, while the job is named `x86_64-darwin-test` and requires an Intel x86_64 runner. `macos-13` was the x86_64 runner. Since GitHub is closing down macos-13, check the current GitHub-provided label for x86_64 macOS (likely `macos-13-xlarge` or a new x86_64-specific label as documented in https://github.blog/changelog/2025-09-19-github-actions-macos-13-runner-image-is-closing-down/) and use that label instead of `macos-15`.

entelligence-ai-pr-reviews · 2026-05-13T04:16:30Z

File: .github/workflows/win_build_portable.yml (Lines 91-104)

⚠️ Major: LLVM caches built on windows-2022 silently reused on windows-2025 — win.yml saves LLVM caches with keys llvm-libs-18.1.1-msvc (line 178) and llvm-dlls-18.1.1-...-msvc (line 211) — neither key includes the runner OS or a hash of win.yml. After this PR upgrades the runner from windows-2022 to windows-2025, any existing LLVM cache entry built on the old runner will still match those keys and be silently restored on the new runner. win_build_portable.yml (lines 91–104) restores both LLVM caches with fail-on-cache-miss: true, which means they WILL be used if present. Windows-2025 ships with a newer MSVC toolchain (v14.4x vs v14.3x on windows-2022); LLVM static libs compiled against the old CRT may cause linker errors or ABI mismatches when linked into a Crystal binary on the new runner. By contrast, the other lib caches (win-libs, win-dlls) include hashFiles('.github/workflows/win.yml', ...) in their keys (win.yml line 40, 121; win_build_portable.yml line 45, 78), so they are automatically invalidated by this PR's change to win.yml — the LLVM caches have no equivalent safety net.

Note: This comment was posted as a general PR comment because the specific line could not be resolved in the diff.

entelligence-ai-pr-reviews · 2026-06-24T08:15:32Z


      - name: Install wasmtime
-        uses: mwilliamson/setup-wasmtime-action@v2
+        uses: mwilliamson/setup-wasmtime-action@v3


setup-wasmtime-action@v3 tag does not exist, workflow will fail

mwilliamson/setup-wasmtime-action was last pushed December 2022 and has only a v1.0 release — no v3 tag exists, so this step will fail with a reference-not-found error on every run.

renovate Bot added the topic:infrastructure/ci label Aug 6, 2025

renovate Bot force-pushed the renovate/gh-actions branch from f6e35db to fbd4a96 Compare August 14, 2025 00:09

renovate Bot force-pushed the renovate/gh-actions branch from fbd4a96 to cf2c2b2 Compare September 4, 2025 11:51

renovate Bot force-pushed the renovate/gh-actions branch from cf2c2b2 to 9eda4b6 Compare September 26, 2025 19:36

renovate Bot force-pushed the renovate/gh-actions branch from 9eda4b6 to c2fd7d2 Compare October 25, 2025 03:58

renovate Bot force-pushed the renovate/gh-actions branch from c2fd7d2 to c2b3ce8 Compare November 22, 2025 03:54

renovate Bot force-pushed the renovate/gh-actions branch from c2b3ce8 to 62e3597 Compare December 13, 2025 07:59

renovate Bot force-pushed the renovate/gh-actions branch from 62e3597 to 1da9aa1 Compare February 5, 2026 20:09

renovate Bot force-pushed the renovate/gh-actions branch from 1da9aa1 to 33b4121 Compare March 1, 2026 11:52

renovate Bot force-pushed the renovate/gh-actions branch from 33b4121 to 59d2d19 Compare March 31, 2026 10:41

renovate Bot force-pushed the renovate/gh-actions branch from 59d2d19 to e8db317 Compare April 30, 2026 04:01

renovate Bot force-pushed the renovate/gh-actions branch from e8db317 to 3275755 Compare May 13, 2026 04:10

entelligence-ai-pr-reviews Bot reviewed May 13, 2026

View reviewed changes

renovate Bot force-pushed the renovate/gh-actions branch from 3275755 to 0291e6e Compare May 14, 2026 19:53

renovate Bot force-pushed the renovate/gh-actions branch from 0291e6e to ef0e624 Compare June 20, 2026 23:44

Update GH Actions

3fa33e8

renovate Bot force-pushed the renovate/gh-actions branch from ef0e624 to 3fa33e8 Compare June 24, 2026 08:11

entelligence-ai-pr-reviews Bot reviewed Jun 24, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update GH Actions#5

Update GH Actions#5
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/gh-actions

renovate Bot commented Aug 6, 2025 •

edited

Loading

Uh oh!

entelligence-ai-pr-reviews Bot commented Mar 31, 2026

Uh oh!

entelligence-ai-pr-reviews Bot commented Apr 30, 2026 •

edited

Loading

Uh oh!

entelligence-ai-pr-reviews Bot May 13, 2026

Uh oh!

entelligence-ai-pr-reviews Bot May 13, 2026

Uh oh!

entelligence-ai-pr-reviews Bot commented May 13, 2026

Uh oh!

entelligence-ai-pr-reviews Bot Jun 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

renovate Bot commented Aug 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

v5.0.2: v.5.0.2

v5.0.2

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

What's Changed

What's Changed

v8 - What's new

Direct downloads

Enforced checks (breaking)

ESM

What's Changed

v7 - What's new

Node.js 24

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

v5.0.0

🚨 Breaking Change

What Changed

Migration Guide

✅ No Action Needed If:

⚠️ Action Required If:

New Contributors

What's Changed

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

v6 - What's new

Node.js 24

What's Changed

What's Changed

New Contributors

Features

Bug Fixes

Bug Fixes

Bug Fixes

What's Changed

Features

⚠ BREAKING CHANGES

Features

Bug Fixes

Miscellaneous Chores

Features

Bug Fixes

⚠ BREAKING CHANGES

Features

What's Changed

Breaking changes

Bug fixes

What's Changed

v15: cachix-action-v15

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

renovate Bot commented Aug 6, 2025 •

edited

Loading

`v5.0.2`: v.5.0.2

`v15`: cachix-action-v15