chore(deps): bump the actions-all group across 1 directory with 2 updates

[dependabot]

Bumps the actions-all group with 2 updates in the / directory: github/gh-aw and dorny/paths-filter.

Updates github/gh-aw from 0.73.0 to 0.76.1

Release notes

Sourced from github/gh-aw's releases.

v0.76.1

🌟 Release Highlights

This release brings a new replay command for timeline log visualization, inline skill support, improved safe-outputs reliability, and Codex model updates.

✨ What's New

• replay command — Render and stream unified timeline logs directly in your terminal for faster post-run analysis (#34835)
• Inline skill extraction/runtime — Define and run skills inline within workflows, mirroring the inline sub-agent syntax for a more consistent authoring experience (#34874)
• Codex default model updated to gpt-5.4 — Workflows using Codex now use the latest model by default; lockfiles have been regenerated (#34804)
• tracker-id frontmatter documented — The tracker-id field is now fully documented in the reference, making it easier to correlate workflow runs with external tracking systems (#34799)

🐛 Bug Fixes & Improvements

• safe-outputs push_to_pull_request_branch — Documented as append-only and now auto-linearizes merge commits before a signed push, preventing push failures on branches with merge history (#34834)
• Codex threat-detection — Response-event logs from Codex are now correctly parsed in threat-detection result processing (#34850)
• Step name alignment stabilized — Direct manifest reads are now permitted and agent guidance tightened to prevent step name drift (#34873)
• Reduced duplicate frontmatter scanning — ParseWorkflow no longer scans frontmatter twice, improving compilation performance (#34819)
• Build & test reliability — Integration-tagged builds and CGO fuzz jobs now correctly share test helpers, eliminating spurious CI failures (#34841, #34816)

---

For complete details, see CHANGELOG.

Generated by 🚀 Release · sonnet46 838.6K

---

What's Changed

• Enforce //go:build !integration on untagged unit test files by @​Copilot in github/gh-aw#34798
• doc: document tracker-id frontmatter field in main reference by @​Copilot in github/gh-aw#34799
• Set Codex default fallback model to gpt-5.4 and regenerate lockfiles by @​Copilot in github/gh-aw#34804
• Fix CGO fuzz job compile failure by exposing shared test helpers to integration-tagged builds by @​Copilot in github/gh-aw#34816
• Fix failing unit test: align Metrics Trends row labels with test expectations by @​Copilot in github/gh-aw#34833
• Reduce duplicate frontmatter scanning in ParseWorkflow by @​Copilot in github/gh-aw#34819
• Fix integration-tag test build by making initTestGitRepo helper available to all test variants by @​Copilot in github/gh-aw#34841
• [compiler-threat-spec] chore(spec): daily threat spec optimizer 2026-05-26 — bump to v1.0.12 by @​github-actions[bot] in github/gh-aw#34845
• [community] Update community contributions in README by @​github-actions[bot] in github/gh-aw#34846
• Route Antigravity AWF target through Gemini provider key by @​Copilot in github/gh-aw#34839
• Handle Codex response-event logs in threat-detection result parsing by @​Copilot in github/gh-aw#34850
• fix(safe-outputs): document push_to_pull_request_branch as append-only; auto-linearize merge commits before signed push by @​Copilot in github/gh-aw#34834
• feat: add replay command for rendering unified timeline logs by @​Copilot in github/gh-aw#34835
• [code-simplifier] Reuse gatewayTimestampToTime in agentEntryToTimelineEvent by @​github-actions[bot] in github/gh-aw#34864
• Stabilize Step Name Alignment by permitting direct manifest reads and tightening agent guidance by @​Copilot in github/gh-aw#34873
• [jsweep] Clean add_comment.cjs by @​github-actions[bot] in github/gh-aw#34866
• Add inline skill extraction/runtime support mirroring inline sub-agents by @​Copilot in github/gh-aw#34874

Full Changelog: github/gh-aw@v0.76.0...v0.76.1

... (truncated)

Commits

• 58d1bed Add inline skill extraction/runtime support mirroring inline sub-agents (#34874)
• ccf77c4 jsweep: clean add_comment.cjs (#34866)
• cc2e15f Stabilize Step Name Alignment by permitting direct manifest reads and tighten...
• 1aa3c80 refactor: reuse gatewayTimestampToTime in agentEntryToTimelineEvent (#34864)
• acaccd7 feat: add replay command for rendering unified timeline logs (#34835)
• 796f583 fix(safe-outputs): document push_to_pull_request_branch as append-only; auto-...
• 56207e9 Handle Codex response-event logs in threat-detection result parsing (#34850)
• 88fa3ba Route Antigravity AWF target through Gemini provider key (#34839)
• c948db9 [community] Update community contributions in README (#34846)
• cdbeed6 chore(spec): daily threat spec optimizer 2026-05-26 — bump to 1.0.12 (#34845)
• Additional commits viewable in compare view

Updates dorny/paths-filter from 3.0.2 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.1

What's Changed

• Support merge queue by @​masaru-iritani in dorny/paths-filter#255

New Contributors

• @​masaru-iritani made their first contribution in dorny/paths-filter#255

Full Changelog: dorny/paths-filter@v4.0.0...v4.0.1

v4.0.0

What's Changed

• feat: update action runtime to node24 by @​saschabratton in dorny/paths-filter#294

New Contributors

• @​saschabratton made their first contribution in dorny/paths-filter#294

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

• Add missing predicate-quantifier by @​wardpeet in dorny/paths-filter#279

New Contributors

• @​wardpeet made their first contribution in dorny/paths-filter#279

Full Changelog: dorny/paths-filter@v3...v3.0.3

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

• Update action runtime to node24

v3.0.3

• Add missing predicate-quantifier

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

• fbd0ab8 feat: add merge_group event support
• efb1da7 feat: add dist/ freshness check to PR workflow
• d8f7b06 Merge pull request #302 from dorny/issue-299
• addbc14 Update README for v4
• 9d7afb8 Update CHANGELOG for v4.0.0
• 782470c Merge branch 'releases/v3'
• d1c1ffe Update CHANGELOG for v3.0.3
• ce10459 Merge pull request #294 from saschabratton/master
• 5f40380 feat: update action runtime to node24
• 668c092 Merge pull request #279 from wardpeet/patch-1
• Additional commits viewable in compare view

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/github/gh-aw/actions/setup	58d1bedbb7200f59c2d224151339e38fd8687d05	Unknown	Unknown
actions/github/gh-aw/actions/setup	58d1bedbb7200f59c2d224151339e38fd8687d05	Unknown	Unknown

Scanned Files

• .github/workflows/daily-test-improver.lock.yml
• .github/workflows/issue-triage.lock.yml