Update GitHub actions (major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
actions/checkout	action	major	v6.0.3 → v7	v7.0.0
actions/checkout	action	major	v4.3.0 → v7	v7.0.0
jdx/mise-action	action	major	v2.4.4 → v4.2.0

---

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in #​2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in #​2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in #​2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in #​2459
• upgrade module to esm and update dependencies by @​aiqiaoy in #​2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​2462

v7

Compare Source

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in #​2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in #​2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in #​2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in #​2459
• upgrade module to esm and update dependencies by @​aiqiaoy in #​2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​2462

jdx/mise-action (jdx/mise-action)

v4.2.0: : Bootstrap mode & wget fallback

Compare Source

This release adds an opt-in bootstrap mode for projects that use mise bootstrap, and makes the action work on runner images that ship wget but not curl.

Added

Bootstrap mode (#​522) by @​jdx

Three new inputs let the action drive mise bootstrap instead of mise install:

- uses: jdx/mise-action@v4
  with:
    bootstrap: true
    bootstrap_skip: "tools,task"   # comma-separated parts to skip
    bootstrap_args: "--yes"        # extra args forwarded to mise bootstrap

• When bootstrap: true, the action runs mise bootstrap under the existing install gate and sets MISE_EXPERIMENTAL=1 automatically.
• If a repo mise lock file is present, it runs mise --locked bootstrap, matching the auto-lock behavior introduced for mise install in v4.1.0.
• install_args cannot be combined with bootstrap: true — the action fails fast and tells you to use bootstrap_skip / bootstrap_args instead, because full bootstrap doesn't support partial tool install args.
• A new {{bootstrap_hash}} template variable is included in the default cache key (and available in custom cache_key templates) so bootstrap and non-bootstrap configurations don't share caches.

bootstrap_skip relies on mise bootstrap --skip from jdx/mise#10497, so make sure you're on a recent mise version if you use it.

Fixed

• Fall back to wget when curl is unavailable (#​521) by @​risu729 — The action used to hard-code curl for fetching the mise binary, tar/zip archives, and the latest VERSION lookup, which broke on minimal runner images that only ship wget. It now prefers curl and transparently falls back to wget, preserving the streaming download | tar fast path for .tar.gz and .tar.zst installs on Linux/macOS. Proxy support is unchanged — both tools honor HTTP_PROXY/HTTPS_PROXY. Addresses jdx/mise#10488.

Documentation

• Link the known Rust cache interaction note from the README (#​496) by @​risu729.

Full Changelog: jdx/mise-action@v4.1.0...v4.2.0

v4.1.0: : automatic --locked installs

Compare Source

This release adds automatic locked installs when a mise.lock is present, and fixes a long-standing cache-key collision that could poison tool installs when workflows migrate between runner providers.

Added

Automatic --locked install when mise.lock exists (#​495) by @​zeitlinger

When a repo contains mise.lock, the action now automatically passes --locked to mise install (on mise versions that support it). This removes the need to manually set install_args: --locked and prevents mise install from silently mutating the lockfile in CI. Explicit install_args and older mise versions are still respected.

Note: workflows with a stale lockfile may now fail earlier and more explicitly instead of silently updating mise.lock mid-run — this surfaces lockfile drift rather than hiding it.

Fixed

• Cache key collisions across runner providers (#​456) — the default cache key now includes the runner image (e.g. macos15, ubuntu24 for GitHub-hosted runners; self-hosted otherwise). Previously, repos migrating between providers like github-hosted, namespace.so, BuildJet, and self-hosted runners with the same OS/arch could restore a peer provider's ~/.local/share/mise/installs/*, causing failures like does not have an executable named '…' or SIGILL crashes from binaries built against a different glibc/CPU featureset. Expect a one-time cache miss after upgrading; thereafter the cache stays scoped per image.
• mise-shim.exe missing on Windows (#​476) by @​risu729 — the action now installs mise-shim.exe alongside mise.exe and repairs restored caches that lack the shim. Fixes #​475.

Changed

• Migrated the bundled action build from ncc (CommonJS) to Rollup (ESM) (#​436). No user-facing behavior change.

Full Changelog: jdx/mise-action@v4.0.1...v4.1.0

v4.0.1: : Documentation and Internal Cleanup

Compare Source

A small maintenance release that updates the README documentation to reflect v4 and cleans up internal code. There are no functional changes to the action itself.

Changed

• Updated all README examples to reference jdx/mise-action@v4, actions/checkout@v6, and current tool versions by @​deining in #​407 and #​408
• Extracted getCwd() helper to deduplicate working directory resolution logic (internal refactor, no behavior change) by @​altendky in #​403

New Contributors

• @​deining made their first contribution in #​407

Full Changelog: jdx/mise-action@v4.0.0...v4.0.1

v4.0.0: : Node.js 24 Runtime

Compare Source

A major version bump that updates the action's runtime from Node.js 20 to Node.js 24. GitHub has deprecated Node.js 20 for Actions and will force Node.js 24 as the default starting June 2, 2026. This release proactively adopts the new runtime to eliminate deprecation warnings and ensure continued compatibility.

Breaking Changes

• The action now runs on the Node.js 24 runtime instead of Node.js 20. If your workflow pins jdx/mise-action@v3, you will continue to see deprecation warnings. Update to jdx/mise-action@v4 to resolve them:

  - uses: jdx/mise-action@v4

  This should be a seamless upgrade for the vast majority of users — no configuration changes are needed beyond updating the version reference.

Changed

• Updated GitHub Actions runtime from Node.js 20 to Node.js 24 by @​tumerorkun in #​395 (fixes #​394)

New Contributors

• @​tumerorkun made their first contribution in #​395

Full Changelog: jdx/mise-action@v3...v4.0.0

v4

Compare Source

v3.6.3

Compare Source

What's Changed

• fix: pass cwd to all exec calls in exportMiseEnv() by @​andrewthauer in #​390
• chore: release v3.6.3 by @​mise-en-dev in #​391

New Contributors

• @​andrewthauer made their first contribution in #​390

Full Changelog: jdx/mise-action@v3.6.2...v3.6.3

v3.6.2

Compare Source

What's Changed

• chore(deps): update dependency prettier to v3.8.1 by @​renovate[bot] in #​368
• chore(deps): update dependency @​types/node to v24.10.9 by @​renovate[bot] in #​367
• chore(deps): update github/codeql-action digest to 439137e by @​renovate[bot] in #​370
• chore(deps): lock file maintenance by @​renovate[bot] in #​372
• chore(deps): update autofix-ci/action digest to 7a166d7 by @​renovate[bot] in #​375
• chore(deps): update actions/checkout digest to de0fac2 by @​renovate[bot] in #​374
• chore(deps): lock file maintenance by @​renovate[bot] in #​377
• chore(deps): update github/codeql-action digest to b5ebac6 by @​renovate[bot] in #​378
• chore(deps): update dependency @​types/node to v24.10.13 by @​renovate[bot] in #​379
• chore(deps): update github/codeql-action digest to f5c2471 by @​renovate[bot] in #​380
• fix: move file_hash to end of cache key template to prevent prefix matching by @​altendky in #​384
• chore(deps): update dependency @​types/handlebars to v4.1.0 by @​renovate[bot] in #​381
• chore(deps): lock file maintenance by @​renovate[bot] in #​386
• chore(deps): update github/codeql-action digest to 4558047 by @​renovate[bot] in #​387
• chore(deps): lock file maintenance by @​renovate[bot] in #​389
• chore: release v3.6.2 by @​mise-en-dev in #​385

New Contributors

• @​altendky made their first contribution in #​384

Full Changelog: jdx/mise-action@v3.6.1...v3.6.2

v3.6.1

Compare Source

What's Changed

• Revert "fix(cache): isolate cache keys per working_directory in monorepos" by @​jdx in #​364
• chore: release v3.6.1 by @​mise-en-dev in #​365

Full Changelog: jdx/mise-action@v3.6.0...v3.6.1

v3.6.0

Compare Source

What's Changed

• chore(deps): update dependency prettier to v3.7.1 by @​renovate[bot] in #​331
• chore(deps): update github/codeql-action digest to 497990d by @​renovate[bot] in #​324
• chore(deps): update dependency typescript-eslint to v8.48.1 by @​renovate[bot] in #​332
• chore(deps): update dependency @​types/handlebars to v4.1.0 by @​renovate[bot] in #​314
• chore(deps): update dependency @​eslint/eslintrc to v3.3.3 by @​renovate[bot] in #​333
• chore(deps): lock file maintenance by @​renovate[bot] in #​336
• chore(deps): lock file maintenance by @​renovate[bot] in #​338
• fix: use mise_dir input when specified by @​jdx in #​339
• feat: add option to disable shims in PATH by @​jdx in #​340
• fix: pass environment variables to mise commands by @​jdx in #​341
• chore(deps): lock file maintenance by @​renovate[bot] in #​344
• chore(deps): update github/codeql-action digest to 45c3735 by @​renovate[bot] in #​346
• chore(deps): lock file maintenance by @​renovate[bot] in #​348
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in #​350
• chore(deps): lock file maintenance by @​renovate[bot] in #​352
• docs: fix description for mise_toml input by @​quad in #​351
• fix: make mise self-update output visible in logs by @​nikobockerman in #​355
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in #​356
• chore(deps): lock file maintenance by @​renovate[bot] in #​358
• chore(deps): update actions/setup-node digest to 6044e13 by @​renovate[bot] in #​361
• fix(cache): isolate cache keys per working_directory in monorepos by @​chadxz in #​360
• chore(deps): update github/codeql-action digest to 4bdb89f by @​renovate[bot] in #​362
• chore(deps): update dependency @​types/handlebars to v4.1.0 by @​renovate[bot] in #​349
• chore(deps): update actions/upload-artifact action to v6 by @​renovate[bot] in #​357
• chore: release v3.6.0 by @​mise-en-dev in #​342

New Contributors

• @​quad made their first contribution in #​351
• @​nikobockerman made their first contribution in #​355
• @​chadxz made their first contribution in #​360

Full Changelog: jdx/mise-action@v3.5.1...v3.6.0

v3.5.1

Compare Source

What's Changed

• chore(deps): lock file maintenance by @​renovate[bot] in #​328
• Revert "feat(action): moved save cache to post step" by @​jdx in #​329
• chore: release v3.5.1 by @​mise-en-dev in #​330

Full Changelog: jdx/mise-action@v3.5.0...v3.5.1

v3.5.0

Compare Source

What's Changed

• chore(deps): update github/codeql-action digest to f94c9be by @​renovate[bot] in #​319
• chore(deps): update dependency @​types/node to v24.10.1 by @​renovate[bot] in #​320
• feat(action): moved save cache to post step by @​aamkye in #​321
• chore(deps): update actions/checkout digest by @​renovate[bot] in #​323
• chore: release v3.5.0 by @​mise-en-dev in #​322

New Contributors

• @​aamkye made their first contribution in #​321

Full Changelog: jdx/mise-action@v3.4.1...v3.5.0

v3.4.1

Compare Source

What's Changed

• chore(deps): lock file maintenance by @​renovate[bot] in #​309
• chore(deps): lock file maintenance by @​renovate[bot] in #​310
• chore(deps): pin dependencies by @​renovate[bot] in #​311
• chore(deps): update eslint monorepo to v9.39.1 by @​renovate[bot] in #​313
• chore(deps): lock file maintenance by @​renovate[bot] in #​316
• fix: avoid github token downstream issue by @​acesyde in #​317
• chore: release v3.4.1 by @​mise-en-dev in #​318

New Contributors

• @​acesyde made their first contribution in #​317

Full Changelog: jdx/mise-action@v3.4.0...v3.4.1

v3.4.0

Compare Source

What's Changed

• docs: update to v3 in README by @​pdecat in #​290
• chore(deps): update github/codeql-action digest to a8d1ac4 by @​renovate[bot] in #​293
• chore(deps): update github/codeql-action digest to 755f449 by @​renovate[bot] in #​296
• chore(deps): update dependency @​types/node to v24.8.1 by @​renovate[bot] in #​297
• chore(deps): update github/codeql-action digest to 4221315 by @​renovate[bot] in #​299
• chore(deps): update dependency @​types/node to v24.9.1 by @​renovate[bot] in #​300
• chore(deps): update github/codeql-action digest to 5d5cd55 by @​renovate[bot] in #​302
• chore(deps): update dependency @​types/node to v24.9.2 by @​renovate[bot] in #​303
• fix: add missing await to core.group calls by @​smorimoto in #​305
• fix: auto-update dist folder in Renovate PRs via GitHub Actions by @​jdx in #​306
• chore(deps): update dependency @​types/handlebars to v4.1.0 by @​renovate[bot] in #​294
• feat: use autofix.ci to auto-update dist/ on all PRs by @​jdx in #​308
• chore(deps): lock file maintenance by @​renovate[bot] in #​301
• chore: release v3.4.0 by @​mise-en-dev in #​291

New Contributors

• @​pdecat made their first contribution in #​290
• @​smorimoto made their first contribution in #​305

Full Changelog: jdx/mise-action@v3.3.1...v3.4.0

v3.3.1

Compare Source

What's Changed

• chore(deps): lock file maintenance by @​renovate[bot] in #​286
• fix: Fix update by @​zeitlinger in #​287
• chore: release v3.3.1 by @​mise-en-dev in #​288

Full Changelog: jdx/mise-action@v3.3.0...v3.3.1

v3.3.0

Compare Source

What's Changed

• chore(deps): update github/codeql-action digest to d3678e2 by @​renovate[bot] in #​259
• chore(deps): pin actions/checkout action to 08eba0b by @​renovate[bot] in #​258
• chore(config): migrate renovate config by @​renovate[bot] in #​263
• chore(deps): update dependency @​types/node to v24.3.1 by @​renovate[bot] in #​261
• chore(deps): update dependency globals to v16.4.0 by @​renovate[bot] in #​265
• chore(deps): update dependency jest to v30.1.3 by @​renovate[bot] in #​262
• chore(deps): update dependency typescript-eslint to v8.43.0 by @​renovate[bot] in #​266
• chore(deps): update github/codeql-action digest to 192325c by @​renovate[bot] in #​269
• chore(deps): update dependency @​vercel/ncc to v0.38.4 by @​renovate[bot] in #​270
• chore(deps): update dependency typescript-eslint to v8.44.0 by @​renovate[bot] in #​272
• chore(deps): update dependency @​types/node to v24.5.2 by @​renovate[bot] in #​271
• chore(deps): update github/codeql-action digest to 303c0ae by @​renovate[bot] in #​274
• chore(deps): update dependency typescript-eslint to v8.44.1 by @​renovate[bot] in #​275
• fix(cache): replace , in MISE_ENV with - by @​risu729 in #​278
• chore(deps): update github/codeql-action digest to 64d10c1 by @​renovate[bot] in #​279
• chore(deps): update dependency typescript to v5.9.3 by @​renovate[bot] in #​280
• feat: use self-update to modify version if mise is already installed by @​ImpSy in #​277
• chore(deps): update dependency @​types/handlebars to v4.1.0 by @​renovate[bot] in #​283
• chore(deps): lock file maintenance by @​renovate[bot] in #​268
• chore: release v3.3.0 by @​mise-en-dev in #​284

New Contributors

• @​ImpSy made their first contribution in #​277
• @​mise-en-dev made their first contribution in #​284

Full Changelog: jdx/mise-action@v3.2.0...v3.3.0

v3.2.0

Compare Source

What's Changed

• feat: add environment variable support to cache key templates by @​pepicrft in #​250
• chore(deps): update amannn/action-semantic-pull-request digest to e32d7e6 by @​renovate[bot] in #​249
• chore(deps): update actions/checkout digest to 08eba0b by @​renovate[bot] in #​248
• fix: redact secret values from env by @​jdx in #​252
• chore: release v3.2.0 by @​jdx in #​251

Full Changelog: jdx/mise-action@v3.1.0...v3.2.0

v3.1.0

Compare Source

What's Changed

• feat: add configurable cache key with template variable support by @​pepicrft in #​246
• chore: release v3.1.0 by @​jdx in #​247

New Contributors

• @​pepicrft made their first contribution in #​246

Full Changelog: jdx/mise-action@v3.0.2...v3.1.0

v3.0.2

Compare Source

What's Changed

• chore: release v3.0.2 by @​jdx in #​245

Full Changelog: jdx/mise-action@v3.0.1...v3.0.2

v3.0.1

Compare Source

What's Changed

• chore: updated deps by @​jdx in #​244
• chore: release v3.0.1 by @​jdx in #​243

Full Changelog: jdx/mise-action@v3.0.0...v3.0.1

v3.0.0

Compare Source

What's Changed

• chore(deps): update jdx/mise-action digest to c37c932 by @​renovate[bot] in #​234
• chore(deps): update github/codeql-action digest to 51f7732 by @​renovate[bot] in #​233
• feat: export env vars from mise.toml by @​maelp in #​241
• chore: release v3.0.0 by @​jdx in #​242

New Contributors

• @​maelp made their first contribution in #​241

Full Changelog: jdx/mise-action@v2...v3.0.0

v3

Compare Source

🚀 Features

• use autofix.ci to auto-update dist/ on all PRs by @​jdx in 16e9fd5
• use autofix.ci to auto-update dist/ on all PRs (#​308) by @​jdx in #​308

🐛 Bug Fixes

• add missing await to core.group calls (#​305) by @​smorimoto in #​305
• auto-update dist folder in Renovate PRs via GitHub Actions (#​306) by @​jdx in #​306
• configure Renovate to ignore github-actions[bot] commits by @​jdx in 993e7d0
• run auto-update-dist workflow on all PRs by @​jdx in 6d0fd75

📚 Documentation

• update to v3 in README (#​290) by @​pdecat in #​290

⚙️ Miscellaneous Tasks

• upgrade all workflows to Node 24 by @​jdx in c7b5f37
• remove unused workflow by @​jdx in aecb23d

New Contributors

• @​smorimoto made their first contribution in #​305
• @​pdecat made their first contribution in #​290

---

---

Configuration

📅 Schedule: (in timezone Europe/Paris)

• Branch creation
  • "after 7am every weekday,before 8pm every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined

Post-upgrade command 'pre-commit autoupdate --freeze || true' has not been added to the allowed list in allowedCommands

[sonar-review-alpha]

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

This PR updates two GitHub Actions to major versions in .github/workflows/build.yml:

• actions/checkout: v4.3.0 → v6.0.2
• jdx/mise-action: v2.4.4 → v4.0.1

Both actions are updated in two workflow jobs (build and deploy jobs). Changes include both version tags and verified commit SHAs.

Why it matters: checkout v6 requires GitHub runner v2.327.1 or newer. mise-action v4.0.1 is a maintenance release with no functional changes.

What reviewers should know

What to verify:

1. Runner compatibility — checkout v6.0.2 requires GitHub runner v2.327.1+. Ensure your organization's runners are at or above this version before merging.

2. Workflow functionality — The changes are straightforward version bumps, but run a test build to confirm the workflow executes without issues with the new action versions.

3. Release notes summary:

   • checkout v6 includes infrastructure updates but no breaking changes to common usage
   • mise-action v4.0.1 is documentation/cleanup only; no functional impact

Note: The author's description mentions gh-action_release v7, but it doesn't appear in the actual changes — only checkout and mise-action were updated in this PR.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonar-review-alpha]

LGTM! ✅

Clean version bump — no logic changes, just updated SHA pins and version comments. Both actions are updated consistently across both jobs. The author's description mentions a third action (SonarSource/gh-action_release v6→v7) but it is not present in the actual diff; the release workflow likely lives in a separate file not touched here.

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud