ci(actions): update github actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
actions/create-github-app-token	action	minor	v3.1.1 → v3.2.0
actions/stale	action	minor	v10.2.0 → v10.3.0
docker/build-push-action	action	minor	v7.1.0 → v7.2.0
docker/login-action	action	minor	v4.1.0 → v4.2.0
docker/metadata-action (changelog)	action	digest	030e881 → 80c7e94
docker/setup-buildx-action (changelog)	action	digest	4d04d5d → d7f5e7f
eps1lon/actions-label-merge-conflict	action	minor	v3.0.3 → v3.1.0
github/codeql-action	action	minor	v4.35.4 → v4.36.0	v4.36.2 (+1)
mikepenz/action-junit-report	action	patch	v6.4.0 → v6.4.1
pnpm/action-setup	action	patch	v6.0.5 → v6.0.8
taiki-e/install-action	action	minor	v2.77.2 → v2.81.1	v2.81.7 (+5)

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v3.2.0

Compare Source

Features

• add support for enterprise-level GitHub Apps (#​263) (952a2a7)
• support full repository names in repositories input (#​372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#​364) (43e5c34)
• validate private-key input (#​376) (f24bbd8)

actions/stale (actions/stale)

v10.3.0

Compare Source

What's Changed

Bug Fix

• Enhancement: ignore stale labeling events by @​shamoon in #​1311

Dependency Updates

• Upgrade dependencies (@​actions/core, @​octokit/plugin-retry, @​typescript-eslint) by @​Copilot in #​1335

New Contributors

• @​shamoon made their first contribution in #​1311

Full Changelog: actions/stale@v10...v10.3.0

docker/build-push-action (docker/build-push-action)

v7.2.0

Compare Source

docker/login-action (docker/login-action)

v4.2.0

Compare Source

• Bump @​actions/core from 3.0.0 to 3.0.1 in #​976
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1050.0 in #​960
• Bump @​docker/actions-toolkit from 0.86.0 to 0.90.0 in #​970
• Bump brace-expansion from 2.0.1 to 5.0.6 in #​993
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in #​985
• Bump fast-xml-parser from 5.3.6 to 5.8.0 in #​963
• Bump http-proxy-agent and https-proxy-agent to 9.0.0 in #​961
• Bump postcss from 8.5.6 to 8.5.10 in #​979
• Bump tar from 6.2.1 to 7.5.15 in #​991
• Bump vite from 7.3.1 to 7.3.3 in #​986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

eps1lon/actions-label-merge-conflict (eps1lon/actions-label-merge-conflict)

v3.1.0

Compare Source

What's Changed

• Add better permissions defaults for the example by @​oliviertassinari in #​151
• Update Node.js to 24 by @​oliviertassinari in #​152
• release: 3.1.0 by @​eps1lon in #​153

New Contributors

• @​oliviertassinari made their first contribution in #​151

Full Changelog: eps1lon/actions-label-merge-conflict@v3.0.3...v3.1.0

github/codeql-action (github/codeql-action)

v4.36.0

Compare Source

• Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #​3894
• Add support for SHA-256 Git object IDs. #​3893
• Update default CodeQL bundle version to 2.25.5. #​3926

v4.35.5

Compare Source

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

mikepenz/action-junit-report (mikepenz/action-junit-report)

v6.4.1

Compare Source

💬 Other

• chore: simplify renovate config to extend shared convention
  • PR: #​1538
• ci: allow commit-dist to run for renovate-mike bot
  • PR: #​1541

📦 Dependencies

• chore(deps): update devdependency non-major updates to v8.58.0
  • PR: #​1535
• chore(deps): lock file maintenance
  • PR: #​1540
• chore(deps): update node devdependency non-major updates
  • PR: #​1539
• chore(deps): lock file maintenance
  • PR: #​1545
• chore(deps): update node devdependency non-major updates
  • PR: #​1543
• chore(deps): update dependency vite to v8.0.8
  • PR: #​1542
• fix(deps): update dependency @​actions/github to v9.1.0
  • PR: #​1544
• chore(deps): lock file maintenance
  • PR: #​1548
• chore(deps): update node devdependency non-major updates
  • PR: #​1547
• chore(deps): update mcr.microsoft.com/devcontainers/typescript-node:24-bullseye docker digest to 147a65f
  • PR: #​1546
• chore(deps): lock file maintenance
  • PR: #​1555
• fix(deps): update dependency @​actions/glob to v0.7.0
  • PR: #​1554
• chore(deps): update mikepenz/action-gh-release action to v3
  • PR: #​1556
• fix(deps): update dependency @​actions/github to v9.1.1
  • PR: #​1553
• chore(deps): update node devdependency non-major updates
  • PR: #​1551
• chore(deps): update dependency vite to v8.0.11
  • PR: #​1550
• fix(deps): update dependency @​actions/core to v3.0.1
  • PR: #​1552

Contributors:

• @​renovate-mike[bot], @​mikepenz

pnpm/action-setup (pnpm/action-setup)

v6.0.8

Compare Source

v6.0.7

Compare Source

v6.0.6

Compare Source

What's Changed

• fix: bin_dest output points to self-updated pnpm, not bootstrap by @​zkochan in #​249

Full Changelog: pnpm/action-setup@v6.0.5...v6.0.6

taiki-e/install-action (taiki-e/install-action)

v2.81.1: 2.81.1

Compare Source

• Update cargo-no-dev-deps@latest to 0.2.24.

• Update cargo-hack@latest to 0.6.45.

v2.81.0: 2.81.0

Compare Source

• Support convco. (#​1831, thanks @​graelo)

• Support docgarden (#​1830, thanks @​jesse-black)

• Update vacuum@latest to 0.28.0.

• Update cargo-binstall@latest to 1.19.1.

v2.80.0: 2.80.0

Compare Source

• Support kingfisher. (#​1874, thanks @​SAY-5)

v2.79.15: 2.79.15

Compare Source

• Update typos@latest to 1.47.0.

• Update wasm-tools@latest to 1.251.0.

• Update vacuum@latest to 0.27.2.

• Update uv@latest to 0.11.17.

• Update tombi@latest to 1.1.1.

• Update mise@latest to 2026.5.16.

v2.79.14: 2.79.14

Compare Source

• Update vacuum@latest to 0.27.0.

• Update cargo-deny@latest to 0.19.8.

v2.79.13: 2.79.13

Compare Source

• Update gungraun-runner@latest to 0.19.1.

• Update biome@latest to 2.4.16.

v2.79.12: 2.79.12

Compare Source

• Update prek@latest to 0.4.3.

• Remove uses of crates.io API, which potentially cases 403 error.

v2.79.11: 2.79.11

Compare Source

• Update vacuum@latest to 0.26.8.

• Update cargo-nextest@latest to 0.9.137.

v2.79.10: 2.79.10

Compare Source

• Update tombi@latest to 1.1.0.

• Update prek@latest to 0.4.2.

• Update editorconfig-checker@latest to 3.7.0.

v2.79.9: 2.79.9

Compare Source

• Update vacuum@latest to 0.26.7.

• Update tombi@latest to 1.0.0.

v2.79.8: 2.79.8

Compare Source

• Update parse-dockerfile@latest to 0.1.6.

• Update knope@latest to 0.23.0.

v2.79.7: 2.79.7

Compare Source

• Update typos@latest to 1.46.3.

• Update rclone@latest to 1.74.2.

• Update mise@latest to 2026.5.15.

• Update tombi@latest to 0.11.7.

v2.79.6: 2.79.6

Compare Source

• Update wasm-bindgen@latest to 0.2.122.

• Update mise@latest to 2026.5.14.

• Update cargo-deny@latest to 0.19.7.

• Update vacuum@latest to 0.26.6.

v2.79.5: 2.79.5

Compare Source

• Update jaq@latest to 3.0.0. (#​1861, thanks @​MusicalNinjaDad)

• Update wasmtime@latest to 45.0.0.

• Update wasm-tools@latest to 1.250.0.

• Update tombi@latest to 0.11.6.

• Update mise@latest to 2026.5.13.

v2.79.4: 2.79.4

Compare Source

• Update martin@latest to 1.10.1.

• Update prek@latest to 0.4.1.

• Update protoc@latest to 3.35.0.

• Update mdbook@latest to 0.5.3.

v2.79.3: 2.79.3

Compare Source

• Update mise@latest to 2026.5.12.

• Update martin@latest to 1.10.0.

• Update uv@latest to 0.11.15.

v2.79.2: 2.79.2

Compare Source

• Update mise@latest to 2026.5.11.

• Update vacuum@latest to 0.26.5.

• Update cargo-shear@latest to 1.12.4.

v2.79.1: 2.79.1

Compare Source

• Update tombi@latest to 0.11.5.

• Update cargo-nextest@latest to 0.9.136.

• Update typos@latest to 1.46.2.

• Update mise@latest to 2026.5.10.

v2.79.0: 2.79.0

Compare Source

• Support more host architectures. (#​1841, thanks @​Gelbpunkt)

• Deprecate mdbook-alerts because the feature now included in mdbook and the repository has been archived. (#​1844)

• Deprecate iai-callgrind-runner because it has been renamed to gungraun-runner. gungraun-runner is also supported by this action. (#​1844)

v2.78.3: 2.78.3

Compare Source

• Update zizmor@latest to 1.25.2.

• Update cargo-zigbuild@latest to 0.22.3. (#​1814, thanks @​simonhollingshead)

• Update wasm-tools@latest to 1.249.0.

• Update gungraun-runner@latest to 0.19.0.

v2.78.2: 2.78.2

Compare Source

• Update wasm-pack@latest to 0.15.0.

• Update zizmor@latest to 1.25.0.

• Update mise@latest to 2026.5.9.

• Update cargo-nextest@latest to 0.9.135.

• Update cyclonedx@latest to 0.32.0.

• Update prek@latest to 0.4.0.

v2.78.1: 2.78.1

Compare Source

• Update mise@latest to 2026.5.7.

• Diagnostic improvements.

v2.78.0: 2.78.0

Compare Source

• Support cargo-mutants. (#​1812, thanks @​jakewimmer)

• Update covgate@latest to 0.2.0.

• Update cargo-llvm-cov@latest to 0.8.7.

• Update uv@latest to 0.11.14.

• Update martin@latest to 1.9.1.

• Update tombi@latest to 0.11.4.

v2.77.7: 2.77.7

Compare Source

• Update mise@latest to 2026.5.6.

• Update cargo-deny@latest to 0.19.6.

v2.77.6: 2.77.6

Compare Source

• Fix wasm-pack installation failure.

• Update mise@latest to 2026.5.5.

• Update release-plz@latest to 0.3.158.

• Update just@latest to 1.51.0.

v2.77.5: 2.77.5

Compare Source

• Update biome@latest to 2.4.15.

• Update mise@latest to 2026.5.4.

• Update cargo-deny@latest to 0.19.5.

v2.77.4: 2.77.4

Compare Source

• Update tombi@latest to 0.11.1.

• Update cargo-llvm-cov@latest to 0.8.6.

• Update uv@latest to 0.11.12.

v2.77.3: 2.77.3

Compare Source

• Update typos@latest to 1.46.1.

• Update rclone@latest to 1.74.1.

• Update tombi@latest to 0.11.0.

• Update osv-scanner@latest to 2.3.8.

• Update mise@latest to 2026.5.3.

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cypress]

seerr    Run #3543

Run Properties:   Passed #3543  •  d502781ecf: ci(actions): update github actions

Project	seerr
Branch Review	renovate/github-actions
Run status	Passed #3543
Run duration	02m 11s
Commit	d502781ecf: ci(actions): update github actions
Committer	renovate[bot]
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	32
View all changes introduced in this branch ↗︎