Update GH Actions

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	major	v4 → v5
actions/checkout	action	major	v4 → v6
actions/checkout	action	major	v3 → v6
actions/download-artifact	action	major	v4 → v8
actions/upload-artifact	action	major	v4 → v7
aws-actions/configure-aws-credentials	action	major	v4 → v6
cachix/cachix-action	action	major	v14 → v17
cachix/install-nix-action	action	major	v26 → v31
ilammy/setup-nasm	action	patch	v1.5.1 → v1.5.2
macos	github-runner	major	13 → 26
microsoft/setup-msbuild	action	major	v1.0.2 → v3.0.0
mwilliamson/setup-wasmtime-action	action	major	v2 → v3
ubuntu	github-runner	major	22.04 → 24.04
windows	github-runner	major	2022 → 2025

---

Release Notes

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

Compare Source

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

v5

Compare Source

v4.3.0

Compare Source

What's Changed

• Add note on runner versions by @​GhadimiR in #​1642
• Prepare v4.3.0 release by @​Link- in #​1655

New Contributors

• @​GhadimiR made their first contribution in #​1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

Compare Source

What's Changed

• Update README.md by @​nebuk89 in #​1620
• Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @​Link- in #​1634
• Prepare release 4.2.4 by @​Link- in #​1636

New Contributors

• @​nebuk89 made their first contribution in #​1620

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

Compare Source

What's Changed

• Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in #​1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

• @​salmanmkc made their first contribution in #​1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.2 by @​robherley in #​1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• docs: GitHub is spelled incorrectly in caching-strategies.md by @​janco-absa in #​1526
• docs: Make the "always save prime numbers" example more clear by @​Tobbe in #​1525
• Update force deletion docs due a recent deprecation by @​sebbalex in #​1500
• Bump @​actions/cache to v4.0.1 by @​robherley in #​1554

New Contributors

• @​janco-absa made their first contribution in #​1526
• @​Tobbe made their first contribution in #​1525
• @​sebbalex made their first contribution in #​1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

v4.2.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

• @​actions/core: 1.11.1
• @​actions/io: 1.1.3
• @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v4.1.2...v4.2.0

v4.1.2

Compare Source

What's Changed

• Add Bun example by @​idleberg in #​1456
• Revise isGhes logic by @​jww3 in #​1474
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in #​1475
• Add dependabot.yml to enable automatic dependency upgrades by @​Link- in #​1476
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1478
• Bump actions/stale from 3 to 9 by @​dependabot in #​1479
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1483
• Bump actions/setup-node from 3 to 4 by @​dependabot in #​1481
• Prepare 4.1.2 release by @​Link- in #​1477

New Contributors

• @​idleberg made their first contribution in #​1456
• @​jww3 made their first contribution in #​1474
• @​Link- made their first contribution in #​1476

Full Changelog: actions/cache@v4.1.1...v4.1.2

v4.1.1

Compare Source

What's Changed

• Restore original behavior of cache-hit output by @​joshmgross in #​1467

Full Changelog: actions/cache@v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed

• Fix cache-hit output when cache missed by @​fchimpan in #​1404
• Deprecate save-always input by @​joshmgross in #​1452

New Contributors

• @​ottlinger made their first contribution in #​1437
• @​Olegt0rr made their first contribution in #​1377
• @​fchimpan made their first contribution in #​1404
• @​x612skm made their first contribution in #​1434
• @​todgru made their first contribution in #​1311
• @​Jcambass made their first contribution in #​1463
• @​mackey0225 made their first contribution in #​1462
• @​quatquatt made their first contribution in #​1445

Full Changelog: actions/cache@v4.0.2...v4.1.0

v4.0.2

Compare Source

What's Changed

• Fix fail-on-cache-miss not working by @​cdce8p in #​1327

Full Changelog: actions/cache@v4.0.1...v4.0.2

v4.0.1

Compare Source

What's Changed

• Update README.md by @​yacaovsnc in #​1304
• Update examples by @​yacaovsnc in #​1305
• Update actions/cache publish flow by @​bethanyj28 in #​1340
• Update @​actions/cache by @​bethanyj28 in #​1341

New Contributors

• @​yacaovsnc made their first contribution in #​1304

Full Changelog: actions/cache@v4...v4.0.1

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

v4.1.1

Compare Source

• Correct link to GitHub Docs by @​peterbe in #​1511
• Link to release page from what's new section by @​cory-miller in #​1514

v4.1.0

Compare Source

• Add support for partial checkout filters

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in #​471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in #​472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

Compare Source

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in #​460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in #​461

Full Changelog: actions/download-artifact@v7...v8.0.0

v8

Compare Source

v7.0.0

Compare Source

v7 - What's new

[!IMPORTANT]
actions/download-artifact@​v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in #​440
• Download Artifact Node24 support by @​salmanmkc in #​415
• fix: update @​actions/artifact to fix Node.js 24 punycode deprecation by @​salmanmkc in #​451
• prepare release v7.0.0 for Node.js 24 support by @​salmanmkc in #​452

New Contributors

• @​patrikpolyak made their first contribution in #​440
• @​salmanmkc made their first contribution in #​415

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v7

Compare Source

v6.0.0

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README for download-artifact v5 changes by @​yacaovsnc in #​417
• Update README with artifact extraction details by @​yacaovsnc in #​424
• Readme: spell out the first use of GHES by @​danwkennedy in #​431
• Bump @actions/artifact to v4.0.0
• Prepare v6.0.0 by @​danwkennedy in #​438

New Contributors

• @​danwkennedy made their first contribution in #​431

Full Changelog: actions/download-artifact@v5...v6.0.0

v6

Compare Source

v5.0.0

Compare Source

What's Changed

• Update README.md by @​nebuk89 in #​407
• BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @​GrantBirki in #​416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

• By name: name: my-artifact → extracted to path/ (direct)
• By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

• By name: name: my-artifact → extracted to path/ (unchanged)
• By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

• You download artifacts by name
• You download multiple artifacts by ID
• You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist

### Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

- uses: actions/download-artifact@v5
  with:
    artifact-ids: 12345
    path: dist/my-artifact  # Explicitly specify the nested path

New Contributors

• @​nebuk89 made their first contribution in #​407

Full Changelog: actions/download-artifact@v4...v5.0.0

v5

Compare Source

v4.3.0

Compare Source

What's Changed

• feat: implement new artifact-ids input by @​GrantBirki in #​401
• Fix workflow example for downloading by artifact ID by @​joshmgross in #​402
• Prep for v4.3.0 release by @​robherley in #​404

New Contributors

• @​GrantBirki made their first contribution in #​401

Full Changelog: actions/download-artifact@v4.2.1...v4.3.0

v4.2.1

Compare Source

What's Changed

• Add unit tests by @​GhadimiR in #​392
• Fix bug introduced in 4.2.0 by @​GhadimiR in #​391

Full Changelog: actions/download-artifact@v4.2.0...v4.2.1

v4.2.0

Compare Source

What's Changed

• Update README.md by @​lkfortuna in #​384
• Bump artifact version, do digest check by @​GhadimiR in #​383

New Contributors

• @​lkfortuna made their first contribution in #​384
• @​GhadimiR made their first contribution in #​383

Full Changelog: actions/download-artifact@v4.1.9...v4.2.0

v4.1.9

Compare Source

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​354
• docs: small migration fix by @​froblesmartin in #​370
• Update MIGRATION.md by @​andyfeller in #​372
• Update artifact package to 2.2.2 by @​yacaovsnc in #​380

New Contributors

• @​Jcambass made their first contribution in #​354
• @​froblesmartin made their first contribution in #​370
• @​andyfeller made their first contribution in #​372
• @​yacaovsnc made their first contribution in #​380

Full Changelog: actions/download-artifact@v4.1.8...v4.1.9

v4.1.8

Compare Source

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in #​341

Full Changelog: actions/download-artifact@v4.1.7...v4.1.8

v4.1.7

Compare Source

What's Changed

• Update @​actions/artifact dependency by @​bethanyj28 in #​325

Full Changelog: actions/download-artifact@v4.1.6...v4.1.7

v4.1.6

Compare Source

What's Changed

• updating @actions/artifact dependency to v2.1.6 by @​eggyhead in #​324

Full Changelog: actions/download-artifact@v4.1.5...v4.1.6

v4.1.5

Compare Source

What's Changed

• Update readme with v3/v2/v1 deprecation notice by @​robherley in #​322
• Update dependencies @actions/core to v1.10.1 and @actions/artifact to v2.1.5

Full Changelog: actions/download-artifact@v4.1.4...v4.1.5

v4.1.4

Compare Source

What's Changed

• Update @​actions/artifact by @​bethanyj28 in #​307

Full Changelog: actions/download-artifact@v4...v4.1.4

v4.1.3

Compare Source

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in #​292
• Update toolkit dependency with updated unzip logic by @​bethanyj28 in #​299
• Update @​actions/artifact by @​bethanyj28 in #​303

New Contributors

• @​bethanyj28 made their first contribution in #​299

Full Changelog: actions/download-artifact@v4...v4.1.3

v4.1.2

Compare Source

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.1.1

Compare Source

• Fix transient request timeouts #​249
• Bump @actions/artifacts to latest version

v4.1.0

Compare Source

What's Changed

• Some cleanup by @​robherley in #​247
• Fix default for run-id by @​stchr in #​252
• Support pattern matching to filter artifacts & merge to same directory by @​robherley in #​259

New Contributors

• @​stchr made their first contribution in #​252

Full Changelog: actions/download-artifact@v4...v4.1.0

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

• Update the readme with direct upload details by @​danwkennedy in #​795
• Readme: bump all the example versions to v7 by @​danwkennedy in #​796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in #​797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v7

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.0

Compare Source

v5

Compare Source

v4.6.2

Compare Source

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in #​685

New Contributors

• @​salmanmkc made their first contribution in #​685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

Compare Source

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in #​673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

Compare Source

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in #​662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in #​578
• Add new artifact-digest output by @​bdehamer in #​656

New Contributors

• @​hamirmahal made their first contribution in #​578
• @​bdehamer made their first contribution in #​656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

Compare Source

What's Changed

• Undo indirect dependency updates from #​627 by @​joshmgross in #​632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

Compare Source

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in #​627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

Compare Source

What's Changed

• Add a section about hidden files by @​joshmgross in #​607
• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​621
• Update @​actions/artifact to latest version, includes symlink and timeout fixes by @​robherley in #​625

New Contributors

• @​Jcambass made their first contribution in #​621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Compare Source

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

• Exclude hidden files by default by @​joshmgross in #​598

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

v4.3.6

Compare Source

What's Changed

• Revert to @​actions/artifact 2.1.8 by @​robherley in [#​594](https://redirect.github.

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "after 5am and before 8am on Wednesday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[entelligence-ai-pr-reviews]

---

Confidence Score: 5/5 - Safe to Merge

Safe to merge — this PR performs straightforward CI infrastructure version bumps across 13 GitHub Actions workflow files with no logic changes to the actual build or test processes. The upgrades to actions/checkout v6, actions/upload-artifact v7, actions/download-artifact v8, and actions/cache v5 are mechanical dependency updates that follow standard GitHub Actions versioning patterns. No review comments were generated and no heuristic issues were identified, making this a low-risk maintenance PR that improves the CI pipeline's use of current, supported action versions.

Key Findings:

• All changes are version number bumps to well-known, officially maintained GitHub Actions (checkout, upload-artifact, download-artifact, cache) with no changes to workflow logic, job steps, or environment configuration.
• The version jumps (e.g., actions/checkout to v6, actions/download-artifact to v8) are large increments that could in theory introduce behavioral changes in edge cases, but GitHub Actions major versions are designed to be backwards-compatible for standard use cases and these actions are widely used across the ecosystem.
• No review comments, no heuristic flags, and zero coverage gaps were identified — the automated analysis found nothing actionable across all 13 changed files.
• This PR reduces technical debt by moving away from older action versions (v3/v4) that may receive reduced support or security updates from GitHub.

Files requiring special attention

• aarch64.yml
• win.yml
• interpreter.yml

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

Bulk dependency and runner upgrades across all 13 GitHub Actions CI workflow files.

• actions/checkout bumped from v3/v4 → v6 in all workflows
• actions/upload-artifact bumped v4 → v7 in aarch64.yml, interpreter.yml, win.yml, win_build_portable.yml
• actions/download-artifact bumped v4 → v8 in aarch64.yml, interpreter.yml, win.yml
• actions/cache / actions/cache/restore bumped v4 → v5 in llvm.yml, win.yml, win_build_portable.yml
• Runner OS upgrades: Ubuntu 22.04 → 24.04 (interpreter.yml, llvm.yml), macOS 13 → 26 (macos.yml), Windows 2022 → 2025 (win.yml, win_build_portable.yml)
• Third-party action upgrades: aws-actions/configure-aws-credentials v4→v6, cachix/install-nix-action v26→v31, cachix/cachix-action v14→v17, mwilliamson/setup-wasmtime-action v2→v3, microsoft/setup-msbuild v1.0.2→v3.0.0, ilammy/setup-nasm v1.5.1→v1.5.2

---

Confidence Score: 2/5 - Changes Needed

Not safe to merge — while this PR achieves a well-intentioned bulk upgrade of GitHub Actions dependencies across all 13 workflow files, an unresolved pre-existing concern in .github/workflows/llvm.yml represents a genuine build-breaking issue: the runner upgrade to ubuntu-24.04 is incompatible with the libtinfo5 package installation on line 51, since Ubuntu 24.04 (Noble) replaced libtinfo5 with libtinfo6, causing the Set up LLVM step to fail. This is not a cosmetic issue — it will break CI for LLVM-dependent workflows and block builds. The PR should not be merged until libtinfo5 is either replaced with libtinfo6 or the dependency is handled conditionally based on the OS version.

Key Findings:

• The runner upgrade to ubuntu-24.04 in llvm.yml breaks the libtinfo5 apt package installation (line 51) — this package was dropped in Ubuntu 24.04 Noble in favor of libtinfo6, meaning the LLVM setup step will error out on package installation and fail CI.
• The version jumps for actions/checkout (v3/v4 → v6), actions/upload-artifact (v4 → v7), actions/download-artifact (v4 → v8), and actions/cache (v4 → v5) are unusually large leaps that skip multiple major versions — these should be verified against the official action changelogs for breaking interface changes, though no new review comments flag specific incompatibilities beyond the libtinfo5 issue.
• The bulk nature of the upgrade (13 files simultaneously) increases blast radius — if any single workflow breaks, diagnosing which combination of runner OS upgrade + action version bump caused the regression becomes harder to isolate.

Files requiring special attention

• .github/workflows/llvm.yml
• .github/workflows/aarch64.yml
• .github/workflows/win.yml

[entelligence-ai-pr-reviews]

⚠️ Major: Upgrade to ubuntu-24.04 breaks libtinfo5 installation — libtinfo5 (line 51) is not available in Ubuntu 24.04 (noble) — it was replaced by libtinfo6. The Set up LLVM step will fail with a package-not-found error on every matrix job because apt-get install -y libtinfo5 has no candidate in the noble repository.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In .github/workflows/llvm.yml at line 51, the command `sudo apt-get install -y libtinfo5` will fail on the newly upgraded `ubuntu-24.04` runner (line 14) because `libtinfo5` does not exist in Ubuntu 24.04's package repositories (it was replaced by `libtinfo6`). Change line 51 from `sudo apt-get install -y libtinfo5` to `sudo apt-get install -y libtinfo6` to match what is available in Ubuntu 24.04 (noble).

[entelligence-ai-pr-reviews]

⚠️ Major: x86_64 test job now runs on ARM runner (macos-15 is Apple Silicon) — macos-13 was an Intel x86_64 runner; macos-15 is ARM (Apple Silicon M-series). The job is explicitly named x86_64-darwin-test, so the architecture switch means x86_64-specific tests are now executed on the wrong ISA. GitHub's own changelog notes that users requiring x86_64 must use a dedicated label (e.g. macos-13-xlarge or a future macos-15-x86_64 label), not macos-15.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In `.github/workflows/macos.yml` at line 15, the runner was changed from `macos-13` to `macos-15`. However, `macos-15` is an ARM (Apple Silicon) runner, while the job is named `x86_64-darwin-test` and requires an Intel x86_64 runner. `macos-13` was the x86_64 runner. Since GitHub is closing down macos-13, check the current GitHub-provided label for x86_64 macOS (likely `macos-13-xlarge` or a new x86_64-specific label as documented in https://github.blog/changelog/2025-09-19-github-actions-macos-13-runner-image-is-closing-down/) and use that label instead of `macos-15`.

[entelligence-ai-pr-reviews]

File: .github/workflows/win_build_portable.yml (Lines 91-104)

⚠️ Major: LLVM caches built on windows-2022 silently reused on windows-2025 — win.yml saves LLVM caches with keys llvm-libs-18.1.1-msvc (line 178) and llvm-dlls-18.1.1-...-msvc (line 211) — neither key includes the runner OS or a hash of win.yml. After this PR upgrades the runner from windows-2022 to windows-2025, any existing LLVM cache entry built on the old runner will still match those keys and be silently restored on the new runner. win_build_portable.yml (lines 91–104) restores both LLVM caches with fail-on-cache-miss: true, which means they WILL be used if present. Windows-2025 ships with a newer MSVC toolchain (v14.4x vs v14.3x on windows-2022); LLVM static libs compiled against the old CRT may cause linker errors or ABI mismatches when linked into a Crystal binary on the new runner. By contrast, the other lib caches (win-libs, win-dlls) include hashFiles('.github/workflows/win.yml', ...) in their keys (win.yml line 40, 121; win_build_portable.yml line 45, 78), so they are automatically invalidated by this PR's change to win.yml — the LLVM caches have no equivalent safety net.

---

Note: This comment was posted as a general PR comment because the specific line could not be resolved in the diff.