chore(deps): Update compatible (actions)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
EmbarkStudios/cargo-deny-action	action	patch	v2.0.15 → v2.0.20
crate-ci/typos	action	minor	v1.46.0 → v1.47.0
github/codeql-action	action	minor	v4.35.1 → v4.36.0
j178/prek-action	action	patch	v2.0.1 → v2.0.4
taiki-e/install-action	action	minor	v2.75.4 → v2.81.1
zizmorcore/zizmor-action	action	patch	v0.5.2 → v0.5.6

---

Release Notes

EmbarkStudios/cargo-deny-action (EmbarkStudios/cargo-deny-action)

v2.0.20: Release 2.0.20 - cargo-deny 0.19.8

Compare Source

Fixed

• PR#864 fixed matching of ^ and ~ with on prerelease versions for when checking if a crate is affected by an advisory. As of the time of the PR, this literally affected none of published versions of any crate with an advisory, but this just ensures such a case will be handled in the future.

v2.0.19: Release 2.0.19 - cargo-deny 0.19.7

Compare Source

Changed

• PR#860 updated crates, resolving krates#111.

v2.0.18: Release 2.0.18 - cargo-deny 0.19.5

Compare Source

Fixed

• PR#857 fixed a segfault reported in #​855.

v2.0.17: Release 2.0.17 - cargo-deny 0.19.2

Compare Source

Fixed

• PR#845 fixed structural issues with SARIF output, resolving #​818. Thanks @​KyleChamberlin!

v2.0.16: Release 2.0.16 - cargo-deny 0.19.1

Compare Source

Fixed

• PR#833 fixed an issue where the maximum advisory database staleness was over 14 years instead of the intended 90 days.
• PR#839 fixed an issue where unsound advisories would appear for transitive dependencies despite requesting them only for workspace dependencies, resolving #​829.
• PR#840 resolved #​797 by passing --filter-platform when collecting cargo metadata if only a single target was requested either in the config or via the command line.
• PR#841 fixed an issue where --frozen would not disable fetching of the advisory DB, resolving #​759.
• PR#842 and PR#844 updated crates. Notably krates was updated to resolve two issues with crates being pruned from the graph used when running checks. Resolving these two issues may mean that updating cargo-deny may highlight issues that were previously hidden.
  • EmbarkStudios/krates#106 would fail to pull in crates brought in via a feature if that crate had its lib target renamed by the package author.
  • EmbarkStudios/krates#109 would fail to bring in optional dependencies if they were brought in by a weak feature in a crate also brought in by a weak feature.

Changed

• PR#830 removed gix in favor of shelling out to git. This massively improves build times and eases maintenance as gix bumps minor versions quite frequently. If cargo-deny is used in an environment that for some reason allows internet access but doesn't have git available, the advisory database would need to be updated before calling cargo-deny.
• PR#838 removed rustsec in favor of manually implemented advisory parsing and checking, with a nightly cron job that checks that the implementation exactly matches rustsec on the official rustsec advisory db.

crate-ci/typos (crate-ci/typos)

v1.47.0

Compare Source

[1.47.0] - 2026-05-29

Features

• Updated the dictionary with the May 2026 changes

v1.46.3

Compare Source

[1.46.3] - 2026-05-23

Fixes

• Don't correct to sequentials
• Don't correct to subdolder

v1.46.2

Compare Source

[1.46.2] - 2026-05-16

Fixes

• Don't correct to criterias
• Don't correct to replaceables

v1.46.1

Compare Source

[1.46.1] - 2026-05-08

Fixes

• Don't correct to confidentials

github/codeql-action (github/codeql-action)

v4.36.0

Compare Source

• Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #​3894
• Add support for SHA-256 Git object IDs. #​3893
• Update default CodeQL bundle version to 2.25.5. #​3926

v4.35.5

Compare Source

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

v4.35.4

Compare Source

• Update default CodeQL bundle version to 2.25.4. #​3881

v4.35.3

Compare Source

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #​3837
• Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #​3850
• Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #​3853
• Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #​3852
• Update default CodeQL bundle version to 2.25.3. #​3865

v4.35.2

Compare Source

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #​3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #​3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #​3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #​3807
• Update default CodeQL bundle version to 2.25.2. #​3823

j178/prek-action (j178/prek-action)

v2.0.4

Compare Source

What's Changed

• Update known versions for prek 0.3.12 by @​j178 in #​131
• Update known versions for prek 0.3.13 by @​j178 in #​132
• Update known versions for prek 0.4.0 by @​j178 in #​133

Full Changelog: j178/prek-action@v2...v2.0.4

v2.0.3

Compare Source

What's Changed

• Use single action entrypoint by @​j178 in #​128
• Update known versions for prek 0.3.10 by @​j178 in #​123
• Update known versions for prek 0.3.11 by @​j178 in #​124

Full Changelog: j178/prek-action@v2...v2.0.3

v2.0.2

Compare Source

What's Changed

• Reduce missing checksum log noise by @​j178 in #​117
• Update zizmorcore/zizmor-action action to v0.5.2 by @​renovate[bot] in #​118
• Update known versions for prek 0.3.9 by @​j178 in #​119

Full Changelog: j178/prek-action@v2...v2.0.2

taiki-e/install-action (taiki-e/install-action)

v2.81.1: 2.81.1

Compare Source

• Update cargo-no-dev-deps@latest to 0.2.24.

• Update cargo-hack@latest to 0.6.45.

v2.81.0: 2.81.0

Compare Source

• Support convco. (#​1831, thanks @​graelo)

• Support docgarden (#​1830, thanks @​jesse-black)

• Update vacuum@latest to 0.28.0.

• Update cargo-binstall@latest to 1.19.1.

v2.80.0: 2.80.0

Compare Source

• Support kingfisher. (#​1874, thanks @​SAY-5)

v2.79.15: 2.79.15

Compare Source

• Update typos@latest to 1.47.0.

• Update wasm-tools@latest to 1.251.0.

• Update vacuum@latest to 0.27.2.

• Update uv@latest to 0.11.17.

• Update tombi@latest to 1.1.1.

• Update mise@latest to 2026.5.16.

v2.79.14: 2.79.14

Compare Source

• Update vacuum@latest to 0.27.0.

• Update cargo-deny@latest to 0.19.8.

v2.79.13: 2.79.13

Compare Source

• Update gungraun-runner@latest to 0.19.1.

• Update biome@latest to 2.4.16.

v2.79.12: 2.79.12

Compare Source

• Update prek@latest to 0.4.3.

• Remove uses of crates.io API, which potentially cases 403 error.

v2.79.11: 2.79.11

Compare Source

• Update vacuum@latest to 0.26.8.

• Update cargo-nextest@latest to 0.9.137.

v2.79.10: 2.79.10

Compare Source

• Update tombi@latest to 1.1.0.

• Update prek@latest to 0.4.2.

• Update editorconfig-checker@latest to 3.7.0.

v2.79.9: 2.79.9

Compare Source

• Update vacuum@latest to 0.26.7.

• Update tombi@latest to 1.0.0.

v2.79.8: 2.79.8

Compare Source

• Update parse-dockerfile@latest to 0.1.6.

• Update knope@latest to 0.23.0.

v2.79.7: 2.79.7

Compare Source

• Update typos@latest to 1.46.3.

• Update rclone@latest to 1.74.2.

• Update mise@latest to 2026.5.15.

• Update tombi@latest to 0.11.7.

v2.79.6: 2.79.6

Compare Source

• Update wasm-bindgen@latest to 0.2.122.

• Update mise@latest to 2026.5.14.

• Update cargo-deny@latest to 0.19.7.

• Update vacuum@latest to 0.26.6.

v2.79.5: 2.79.5

Compare Source

• Update jaq@latest to 3.0.0. (#​1861, thanks @​MusicalNinjaDad)

• Update wasmtime@latest to 45.0.0.

• Update wasm-tools@latest to 1.250.0.

• Update tombi@latest to 0.11.6.

• Update mise@latest to 2026.5.13.

v2.79.4: 2.79.4

Compare Source

• Update martin@latest to 1.10.1.

• Update prek@latest to 0.4.1.

• Update protoc@latest to 3.35.0.

• Update mdbook@latest to 0.5.3.

v2.79.3: 2.79.3

Compare Source

• Update mise@latest to 2026.5.12.

• Update martin@latest to 1.10.0.

• Update uv@latest to 0.11.15.

v2.79.2: 2.79.2

Compare Source

• Update mise@latest to 2026.5.11.

• Update vacuum@latest to 0.26.5.

• Update cargo-shear@latest to 1.12.4.

v2.79.1: 2.79.1

Compare Source

• Update tombi@latest to 0.11.5.

• Update cargo-nextest@latest to 0.9.136.

• Update typos@latest to 1.46.2.

• Update mise@latest to 2026.5.10.

v2.79.0: 2.79.0

Compare Source

• Support more host architectures. (#​1841, thanks @​Gelbpunkt)

• Deprecate mdbook-alerts because the feature now included in mdbook and the repository has been archived. (#​1844)

• Deprecate iai-callgrind-runner because it has been renamed to gungraun-runner. gungraun-runner is also supported by this action. (#​1844)

v2.78.3: 2.78.3

Compare Source

• Update zizmor@latest to 1.25.2.

• Update cargo-zigbuild@latest to 0.22.3. (#​1814, thanks @​simonhollingshead)

• Update wasm-tools@latest to 1.249.0.

• Update gungraun-runner@latest to 0.19.0.

v2.78.2: 2.78.2

Compare Source

• Update wasm-pack@latest to 0.15.0.

• Update zizmor@latest to 1.25.0.

• Update mise@latest to 2026.5.9.

• Update cargo-nextest@latest to 0.9.135.

• Update cyclonedx@latest to 0.32.0.

• Update prek@latest to 0.4.0.

v2.78.1: 2.78.1

Compare Source

• Update mise@latest to 2026.5.7.

• Diagnostic improvements.

v2.78.0: 2.78.0

Compare Source

• Support cargo-mutants. (#​1812, thanks @​jakewimmer)

• Update covgate@latest to 0.2.0.

• Update cargo-llvm-cov@latest to 0.8.7.

• Update uv@latest to 0.11.14.

• Update martin@latest to 1.9.1.

• Update tombi@latest to 0.11.4.

v2.77.7: 2.77.7

Compare Source

• Update mise@latest to 2026.5.6.

• Update cargo-deny@latest to 0.19.6.

v2.77.6: 2.77.6

Compare Source

• Fix wasm-pack installation failure.

• Update mise@latest to 2026.5.5.

• Update release-plz@latest to 0.3.158.

• Update just@latest to 1.51.0.

v2.77.5: 2.77.5

Compare Source

• Update biome@latest to 2.4.15.

• Update mise@latest to 2026.5.4.

• Update cargo-deny@latest to 0.19.5.

v2.77.4: 2.77.4

Compare Source

• Update tombi@latest to 0.11.1.

• Update cargo-llvm-cov@latest to 0.8.6.

• Update uv@latest to 0.11.12.

v2.77.3: 2.77.3

Compare Source

• Update typos@latest to 1.46.1.

• Update rclone@latest to 1.74.1.

• Update tombi@latest to 0.11.0.

• Update osv-scanner@latest to 2.3.8.

• Update mise@latest to 2026.5.3.

v2.77.2: 2.77.2

Compare Source

• Update martin@latest to 1.9.0.

• Update wasm-bindgen@latest to 0.2.121.

• Update uv@latest to 0.11.11.

• Update mise@latest to 2026.5.1.

• Update prek@latest to 0.3.13.

• Update tombi@latest to 0.10.6.

v2.77.1: 2.77.1

Compare Source

• Support taiki-e/install-action@rust tag.

• Update tombi@latest to 0.10.3.

• Update martin@latest to 1.8.2.

v2.77.0: 2.77.0

Compare Source

• Support rust. (#​1779)

  This installs rust using rustup.

  If rustup is not yet installed, this action downloads rustup-init for the current platform using HTTPS with tlsv1.2+, verifies SHA256 checksum, and then installs rustup using it.

  This also supports installing additional components at the same time by +<additional> syntax:

  - uses: taiki-e/install-action@v2
    with:
      # Install rust stable with rustfmt component and wasm32-wasip1 target.
      tool: rust+rustfmt+wasm32-wasip1
      # When installing another rust version:
      # tool: rust@nightly + rustfmt + wasm32-wasip1

• Fix issue where x86_64 binary will be installed on AArch64 Windows even when AArch64 Windows binary available.

• Update mise@latest to 2026.5.0.

• Diagnostic improvements.

v2.76.0: 2.76.0

Compare Source

• Support mdbook-d2. (#​1737, thanks @​nhu)

• Support cargo-apple-runner. (#​1731, thanks @​madsmtm)

• Support cargo-binstall on riscv64 Linux.

• Update cargo-deb@latest to 3.7.0.

• Update tombi@latest to 0.10.2.

v2.75.30: 2.75.30

Compare Source

• Support cargo-spellcheck on AArch64 Linux/Windows.

• Update cargo-spellcheck@latest to 0.15.7.

• Update biome@latest to 2.4.14.

v2.75.29: 2.75.29

Compare Source

• Update syft@latest to 1.44.0.

• Update rclone@latest to 1.74.0.

• Update osv-scanner@latest to 2.3.6.

v2.75.28: 2.75.28

Compare Source

• Update wasmtime@latest to 44.0.1.

• Update typos@latest to 1.46.0.

• Update tombi@latest to 0.10.1.

• Update sccache@latest to 0.15.0.

• Update mise@latest to 2026.4.28.

• Update gungraun-runner@latest to 0.18.2.

• Update cyclonedx@latest to 0.31.0.

v2.75.27: 2.75.27

Compare Source

• Update cargo-udeps@latest to 0.1.61.

• Update wasm-tools@latest to 1.248.0.

• Update cargo-deb@latest to 3.6.4.

v2.75.26: 2.75.26

Compare Source

• Update wasm-bindgen@latest to 0.2.120.

• Update mise@latest to 2026.4.25.

• Update martin@latest to 1.8.0.

• Update vacuum@latest to 0.26.4.

v2.75.25: 2.75.25

Compare Source

• Update uv@latest to 0.11.8.

• Update typos@latest to 1.45.2.

• Update tombi@latest to 0.9.25.

• Update mise@latest to 2026.4.24.

v2.75.24: 2.75.24

Compare Source

• Update prek@latest to 0.3.11.

• Update mise@latest to 2026.4.23.

• Update vacuum@latest to 0.26.3.

v2.75.23: 2.75.23

Compare Source

• Update vacuum@latest to 0.26.2.

• Update tombi@latest to 0.9.24.

• Update mise@latest to 2026.4.22.

• Update martin@latest to 1.7.0.

• Update git-cliff@latest to 2.13.1.

• Update cargo-tarpaulin@latest to 0.35.4.

• Update cargo-sort@latest to 2.1.4.

v2.75.22: 2.75.22

Compare Source

• Update tombi@latest to 0.9.22.

• Update biome@latest to 2.4.13.

v2.75.21: 2.75.21

Compare Source

• Update mise@latest to 2026.4.19.

• Update tombi@latest to 0.9.21.

• Update syft@latest to 1.43.0.

v2.75.20: 2.75.20

Compare Source

• Update prek@latest to 0.3.10.

• Update cargo-xwin@latest to 0.22.0.

v2.75.19: 2.75.19

Compare Source

• Update wasmtime@latest to 44.0.0.

• Update tombi@latest to 0.9.20.

• Update martin@latest to 1.6.0.

• Update just@latest to 1.50.0.

• Update mise@latest to 2026.4.18.

• Update rclone@latest to 1.73.5.

v2.75.18: 2.75.18

Compare Source

• Update vacuum@latest to 0.26.1.

• Update wasm-tools@latest to 1.247.0.

• Update mise@latest to 2026.4.16.

• Update espup@latest to 0.17.1.

• Update trivy@latest to 0.70.0.

v2.75.17

Compare Source

Initial release

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 5am on the first day of the month"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.