Skip to content

chore(deps)(deps): bump the github-actions group with 9 updates#37

Merged
alihaskar merged 1 commit into
masterfrom
dependabot/github_actions/github-actions-51e8aece48
Jun 25, 2026
Merged

chore(deps)(deps): bump the github-actions group with 9 updates#37
alihaskar merged 1 commit into
masterfrom
dependabot/github_actions/github-actions-51e8aece48

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 9 updates:

Package From To
jebel-quant/rhiza/.github/workflows/rhiza_benchmark.yml 0.18.7 0.19.1
jebel-quant/rhiza/.github/workflows/rhiza_book.yml 0.18.7 0.19.1
jebel-quant/rhiza/.github/workflows/rhiza_ci.yml 0.18.7 0.19.1
jebel-quant/rhiza/.github/workflows/rhiza_codeql.yml 0.18.7 0.19.1
jebel-quant/rhiza/.github/workflows/rhiza_marimo.yml 0.18.7 0.19.1
actions/checkout 6.0.2 6.0.3
jebel-quant/rhiza 0.15.2 0.19.1
jebel-quant/rhiza/.github/workflows/rhiza_sync.yml 0.18.4 0.19.1
jebel-quant/rhiza/.github/workflows/rhiza_weekly.yml 0.18.4 0.19.1

Updates jebel-quant/rhiza/.github/workflows/rhiza_benchmark.yml from 0.18.7 to 0.19.1

Release notes

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_benchmark.yml's releases.

v0.19.1

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)
  • Bump version 0.19.0 → 0.19.1

v0.19.0

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)

... (truncated)

Changelog

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_benchmark.yml's changelog.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)
  • Add strict mypy as a second typecheck cross-check (#1208)
  • Streamline release: single always-bumping make release (#1203)
  • Revisit release: collapse publish into release, drop redundant changelog job, bump rhiza-tools floor (#1213)
  • Add README/bundle sync test and template-bundles schema validation (#1216, #1217) (#1218)
  • Add direct unit coverage for utility scripts (#1223)
  • Gate docstring coverage for .rhiza/utils in pre-commit and docs-coverage (#1224)
  • Restore typecheck + docs-coverage in /quality command (#1227)
  • Make security fail closed on missing src (#1226)
  • Rename the /quality command to /rhiza (#1229)
  • Sign releases: stage SBOM Sigstore attestation as a release signature asset (#1231)
  • Silence deptry "Assuming module name" warnings via package_module_name_map (#1233)
  • Move synced utils' tests into .rhiza/tests so they travel downstream (#1230)
  • Skip pre-commit hook install when core.hooksPath is set (#1234)
  • Move fuzz harnesses from root fuzz/ to tests/fuzz/ (#1232)
  • Extend docs-coverage to the test packages (tests/, .rhiza/tests/) (#1235)
  • Add rhiza-test and validate gates to the /rhiza command (#1236)
  • Remove make validate from the /rhiza command (#1237)
  • Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • Ship a downstream /rhiza quality command in the core bundle (#1238)

... (truncated)

Commits
  • a1ed3df Chore: bump version 0.19.0 → 0.19.1
  • f455ccf Fix: repair reusable-workflow caller stubs (concurrency deadlock + mutation p...
  • c08b7e9 Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • abb249e chore(deps): lock file maintenance (#1243)
  • 9b491f2 Chore: bump version 0.18.10 → 0.19.0
  • 6008005 Fix: strip SLSA provenance from dist/ before PyPI publish (#1240)
  • 0250b9c chore(deps): update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)
  • f016339 Ship a downstream /rhiza quality command in the core bundle (#1238)
  • c7122df Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • 26cf4dd Remove make validate from the /rhiza command (#1237)
  • Additional commits viewable in compare view

Updates jebel-quant/rhiza/.github/workflows/rhiza_book.yml from 0.18.7 to 0.19.1

Release notes

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_book.yml's releases.

v0.19.1

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)
  • Bump version 0.19.0 → 0.19.1

v0.19.0

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)

... (truncated)

Changelog

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_book.yml's changelog.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)
  • Add strict mypy as a second typecheck cross-check (#1208)
  • Streamline release: single always-bumping make release (#1203)
  • Revisit release: collapse publish into release, drop redundant changelog job, bump rhiza-tools floor (#1213)
  • Add README/bundle sync test and template-bundles schema validation (#1216, #1217) (#1218)
  • Add direct unit coverage for utility scripts (#1223)
  • Gate docstring coverage for .rhiza/utils in pre-commit and docs-coverage (#1224)
  • Restore typecheck + docs-coverage in /quality command (#1227)
  • Make security fail closed on missing src (#1226)
  • Rename the /quality command to /rhiza (#1229)
  • Sign releases: stage SBOM Sigstore attestation as a release signature asset (#1231)
  • Silence deptry "Assuming module name" warnings via package_module_name_map (#1233)
  • Move synced utils' tests into .rhiza/tests so they travel downstream (#1230)
  • Skip pre-commit hook install when core.hooksPath is set (#1234)
  • Move fuzz harnesses from root fuzz/ to tests/fuzz/ (#1232)
  • Extend docs-coverage to the test packages (tests/, .rhiza/tests/) (#1235)
  • Add rhiza-test and validate gates to the /rhiza command (#1236)
  • Remove make validate from the /rhiza command (#1237)
  • Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • Ship a downstream /rhiza quality command in the core bundle (#1238)

... (truncated)

Commits
  • a1ed3df Chore: bump version 0.19.0 → 0.19.1
  • f455ccf Fix: repair reusable-workflow caller stubs (concurrency deadlock + mutation p...
  • c08b7e9 Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • abb249e chore(deps): lock file maintenance (#1243)
  • 9b491f2 Chore: bump version 0.18.10 → 0.19.0
  • 6008005 Fix: strip SLSA provenance from dist/ before PyPI publish (#1240)
  • 0250b9c chore(deps): update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)
  • f016339 Ship a downstream /rhiza quality command in the core bundle (#1238)
  • c7122df Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • 26cf4dd Remove make validate from the /rhiza command (#1237)
  • Additional commits viewable in compare view

Updates jebel-quant/rhiza/.github/workflows/rhiza_ci.yml from 0.18.7 to 0.19.1

Release notes

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_ci.yml's releases.

v0.19.1

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)
  • Bump version 0.19.0 → 0.19.1

v0.19.0

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)

... (truncated)

Changelog

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_ci.yml's changelog.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)
  • Add strict mypy as a second typecheck cross-check (#1208)
  • Streamline release: single always-bumping make release (#1203)
  • Revisit release: collapse publish into release, drop redundant changelog job, bump rhiza-tools floor (#1213)
  • Add README/bundle sync test and template-bundles schema validation (#1216, #1217) (#1218)
  • Add direct unit coverage for utility scripts (#1223)
  • Gate docstring coverage for .rhiza/utils in pre-commit and docs-coverage (#1224)
  • Restore typecheck + docs-coverage in /quality command (#1227)
  • Make security fail closed on missing src (#1226)
  • Rename the /quality command to /rhiza (#1229)
  • Sign releases: stage SBOM Sigstore attestation as a release signature asset (#1231)
  • Silence deptry "Assuming module name" warnings via package_module_name_map (#1233)
  • Move synced utils' tests into .rhiza/tests so they travel downstream (#1230)
  • Skip pre-commit hook install when core.hooksPath is set (#1234)
  • Move fuzz harnesses from root fuzz/ to tests/fuzz/ (#1232)
  • Extend docs-coverage to the test packages (tests/, .rhiza/tests/) (#1235)
  • Add rhiza-test and validate gates to the /rhiza command (#1236)
  • Remove make validate from the /rhiza command (#1237)
  • Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • Ship a downstream /rhiza quality command in the core bundle (#1238)

... (truncated)

Commits
  • a1ed3df Chore: bump version 0.19.0 → 0.19.1
  • f455ccf Fix: repair reusable-workflow caller stubs (concurrency deadlock + mutation p...
  • c08b7e9 Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • abb249e chore(deps): lock file maintenance (#1243)
  • 9b491f2 Chore: bump version 0.18.10 → 0.19.0
  • 6008005 Fix: strip SLSA provenance from dist/ before PyPI publish (#1240)
  • 0250b9c chore(deps): update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)
  • f016339 Ship a downstream /rhiza quality command in the core bundle (#1238)
  • c7122df Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • 26cf4dd Remove make validate from the /rhiza command (#1237)
  • Additional commits viewable in compare view

Updates jebel-quant/rhiza/.github/workflows/rhiza_codeql.yml from 0.18.7 to 0.19.1

Release notes

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_codeql.yml's releases.

v0.19.1

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)
  • Bump version 0.19.0 → 0.19.1

v0.19.0

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)

... (truncated)

Changelog

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_codeql.yml's changelog.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)
  • Add strict mypy as a second typecheck cross-check (#1208)
  • Streamline release: single always-bumping make release (#1203)
  • Revisit release: collapse publish into release, drop redundant changelog job, bump rhiza-tools floor (#1213)
  • Add README/bundle sync test and template-bundles schema validation (#1216, #1217) (#1218)
  • Add direct unit coverage for utility scripts (#1223)
  • Gate docstring coverage for .rhiza/utils in pre-commit and docs-coverage (#1224)
  • Restore typecheck + docs-coverage in /quality command (#1227)
  • Make security fail closed on missing src (#1226)
  • Rename the /quality command to /rhiza (#1229)
  • Sign releases: stage SBOM Sigstore attestation as a release signature asset (#1231)
  • Silence deptry "Assuming module name" warnings via package_module_name_map (#1233)
  • Move synced utils' tests into .rhiza/tests so they travel downstream (#1230)
  • Skip pre-commit hook install when core.hooksPath is set (#1234)
  • Move fuzz harnesses from root fuzz/ to tests/fuzz/ (#1232)
  • Extend docs-coverage to the test packages (tests/, .rhiza/tests/) (#1235)
  • Add rhiza-test and validate gates to the /rhiza command (#1236)
  • Remove make validate from the /rhiza command (#1237)
  • Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • Ship a downstream /rhiza quality command in the core bundle (#1238)

... (truncated)

Commits
  • a1ed3df Chore: bump version 0.19.0 → 0.19.1
  • f455ccf Fix: repair reusable-workflow caller stubs (concurrency deadlock + mutation p...
  • c08b7e9 Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • abb249e chore(deps): lock file maintenance (#1243)
  • 9b491f2 Chore: bump version 0.18.10 → 0.19.0
  • 6008005 Fix: strip SLSA provenance from dist/ before PyPI publish (#1240)
  • 0250b9c chore(deps): update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)
  • f016339 Ship a downstream /rhiza quality command in the core bundle (#1238)
  • c7122df Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • 26cf4dd Remove make validate from the /rhiza command (#1237)
  • Additional commits viewable in compare view

Updates jebel-quant/rhiza/.github/workflows/rhiza_marimo.yml from 0.18.7 to 0.19.1

Release notes

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_marimo.yml's releases.

v0.19.1

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)
  • Bump version 0.19.0 → 0.19.1

v0.19.0

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and entries are generated from Conventional Commits.

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)

... (truncated)

Changelog

Sourced from jebel-quant/rhiza/.github/workflows/rhiza_marimo.yml's changelog.

[0.19.1] - 2026-06-15

Dependencies

  • (deps) Lock file maintenance (#1243)

Other Changes

  • Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • Repair reusable-workflow caller stubs (concurrency deadlock + mutation perms) (#1244)

[0.19.0] - 2026-06-14

New Features

  • (github-tests) Add opt-in mutation-testing workflow (#1198)
  • (github) Stub remaining rhiza_* workflows and auto-pin stub versions (#1202)

Dependencies

  • (deps) Update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)

Maintenance

  • Install all extras in the lowest-deps compatibility job (#1199)
  • Enforce mutation testing gate on pull requests (#1209)

Other Changes

  • Document Private :: Do Not Upload as release workflow PyPI kill-switch (#1194)
  • Document classifier-driven CI Python matrix source of truth (#1195)
  • Sync cliff.toml downstream and improve changelog signal quality (#1196)
  • Disable noisy pytest live logging by default in shipped tests template (#1197)
  • Enable Ruff ANN coverage in shipped template config (#1201)
  • Add clean-tree verification to reusable CI test job (#1211)
  • Publish computed mutation-score badge from rhiza_mutation.yml (#1210)
  • Add /quality slash command for running quality gates (#1212)
  • Add strict mypy as a second typecheck cross-check (#1208)
  • Streamline release: single always-bumping make release (#1203)
  • Revisit release: collapse publish into release, drop redundant changelog job, bump rhiza-tools floor (#1213)
  • Add README/bundle sync test and template-bundles schema validation (#1216, #1217) (#1218)
  • Add direct unit coverage for utility scripts (#1223)
  • Gate docstring coverage for .rhiza/utils in pre-commit and docs-coverage (#1224)
  • Restore typecheck + docs-coverage in /quality command (#1227)
  • Make security fail closed on missing src (#1226)
  • Rename the /quality command to /rhiza (#1229)
  • Sign releases: stage SBOM Sigstore attestation as a release signature asset (#1231)
  • Silence deptry "Assuming module name" warnings via package_module_name_map (#1233)
  • Move synced utils' tests into .rhiza/tests so they travel downstream (#1230)
  • Skip pre-commit hook install when core.hooksPath is set (#1234)
  • Move fuzz harnesses from root fuzz/ to tests/fuzz/ (#1232)
  • Extend docs-coverage to the test packages (tests/, .rhiza/tests/) (#1235)
  • Add rhiza-test and validate gates to the /rhiza command (#1236)
  • Remove make validate from the /rhiza command (#1237)
  • Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • Ship a downstream /rhiza quality command in the core bundle (#1238)

... (truncated)

Commits
  • a1ed3df Chore: bump version 0.19.0 → 0.19.1
  • f455ccf Fix: repair reusable-workflow caller stubs (concurrency deadlock + mutation p...
  • c08b7e9 Switch pre-commit secret scanner from gitleaks to betterleaks (#1242)
  • abb249e chore(deps): lock file maintenance (#1243)
  • 9b491f2 Chore: bump version 0.18.10 → 0.19.0
  • 6008005 Fix: strip SLSA provenance from dist/ before PyPI publish (#1240)
  • 0250b9c chore(deps): update pre-commit hook jebel-quant/rhiza-hooks to v0.6.2 (#1239)
  • f016339 Ship a downstream /rhiza quality command in the core bundle (#1238)
  • c7122df Fix validation job failure by updating typecheck dry-run assertions (#1228)
  • 26cf4dd Remove make validate from the /rhiza command (#1237)
  • Additional commits viewable in compare view

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

v6.0.3

Commits
  • df4cb1c Update changelog for v...

    Description has been truncated

Bumps the github-actions group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [jebel-quant/rhiza/.github/workflows/rhiza_benchmark.yml](https://github.com/jebel-quant/rhiza) | `0.18.7` | `0.19.1` |
| [jebel-quant/rhiza/.github/workflows/rhiza_book.yml](https://github.com/jebel-quant/rhiza) | `0.18.7` | `0.19.1` |
| [jebel-quant/rhiza/.github/workflows/rhiza_ci.yml](https://github.com/jebel-quant/rhiza) | `0.18.7` | `0.19.1` |
| [jebel-quant/rhiza/.github/workflows/rhiza_codeql.yml](https://github.com/jebel-quant/rhiza) | `0.18.7` | `0.19.1` |
| [jebel-quant/rhiza/.github/workflows/rhiza_marimo.yml](https://github.com/jebel-quant/rhiza) | `0.18.7` | `0.19.1` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [jebel-quant/rhiza](https://github.com/jebel-quant/rhiza) | `0.15.2` | `0.19.1` |
| [jebel-quant/rhiza/.github/workflows/rhiza_sync.yml](https://github.com/jebel-quant/rhiza) | `0.18.4` | `0.19.1` |
| [jebel-quant/rhiza/.github/workflows/rhiza_weekly.yml](https://github.com/jebel-quant/rhiza) | `0.18.4` | `0.19.1` |


Updates `jebel-quant/rhiza/.github/workflows/rhiza_benchmark.yml` from 0.18.7 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.18.7...v0.19.1)

Updates `jebel-quant/rhiza/.github/workflows/rhiza_book.yml` from 0.18.7 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.18.7...v0.19.1)

Updates `jebel-quant/rhiza/.github/workflows/rhiza_ci.yml` from 0.18.7 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.18.7...v0.19.1)

Updates `jebel-quant/rhiza/.github/workflows/rhiza_codeql.yml` from 0.18.7 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.18.7...v0.19.1)

Updates `jebel-quant/rhiza/.github/workflows/rhiza_marimo.yml` from 0.18.7 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.18.7...v0.19.1)

Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6.0.2...v6.0.3)

Updates `jebel-quant/rhiza` from 0.15.2 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.15.2...v0.19.1)

Updates `jebel-quant/rhiza/.github/workflows/rhiza_sync.yml` from 0.18.4 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.18.4...v0.19.1)

Updates `jebel-quant/rhiza/.github/workflows/rhiza_weekly.yml` from 0.18.4 to 0.19.1
- [Release notes](https://github.com/jebel-quant/rhiza/releases)
- [Changelog](https://github.com/Jebel-Quant/rhiza/blob/main/CHANGELOG.md)
- [Commits](Jebel-Quant/rhiza@v0.18.4...v0.19.1)

---
updated-dependencies:
- dependency-name: jebel-quant/rhiza/.github/workflows/rhiza_benchmark.yml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: jebel-quant/rhiza/.github/workflows/rhiza_book.yml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: jebel-quant/rhiza/.github/workflows/rhiza_ci.yml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: jebel-quant/rhiza/.github/workflows/rhiza_codeql.yml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: jebel-quant/rhiza/.github/workflows/rhiza_marimo.yml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: jebel-quant/rhiza
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: jebel-quant/rhiza/.github/workflows/rhiza_sync.yml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: jebel-quant/rhiza/.github/workflows/rhiza_weekly.yml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@alihaskar alihaskar merged commit 5c69e67 into master Jun 25, 2026
45 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-51e8aece48 branch June 25, 2026 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant