ci(deps): bump the all-actions group across 1 directory with 2 updates

[dependabot]

Bumps the all-actions group with 2 updates in the / directory: jdx/mise-action and anomalyco/opencode.

Updates jdx/mise-action from 4.0.1 to 4.1.0

Release notes

Sourced from jdx/mise-action's releases.

v4.1.0: automatic --locked installs

This release adds automatic locked installs when a mise.lock is present, and fixes a long-standing cache-key collision that could poison tool installs when workflows migrate between runner providers.

Added

Automatic --locked install when mise.lock exists (#495) by @​zeitlinger

When a repo contains mise.lock, the action now automatically passes --locked to mise install (on mise versions that support it). This removes the need to manually set install_args: --locked and prevents mise install from silently mutating the lockfile in CI. Explicit install_args and older mise versions are still respected.

Note: workflows with a stale lockfile may now fail earlier and more explicitly instead of silently updating mise.lock mid-run — this surfaces lockfile drift rather than hiding it.

Fixed

• Cache key collisions across runner providers (#456) — the default cache key now includes the runner image (e.g. macos15, ubuntu24 for GitHub-hosted runners; self-hosted otherwise). Previously, repos migrating between providers like github-hosted, namespace.so, BuildJet, and self-hosted runners with the same OS/arch could restore a peer provider's ~/.local/share/mise/installs/*, causing failures like does not have an executable named '…' or SIGILL crashes from binaries built against a different glibc/CPU featureset. Expect a one-time cache miss after upgrading; thereafter the cache stays scoped per image.
• mise-shim.exe missing on Windows (#476) by @​risu729 — the action now installs mise-shim.exe alongside mise.exe and repairs restored caches that lack the shim. Fixes #475.

Changed

• Migrated the bundled action build from ncc (CommonJS) to Rollup (ESM) (#436). No user-facing behavior change.

Full Changelog: jdx/mise-action@v4.0.1...v4.1.0

Changelog

Sourced from jdx/mise-action's changelog.

Changelog

---

4.1.0 - 2026-06-04

🚀 Features

• add wings_enabled input (mise-wings cache integration) (#454) by @​jdx in #454
• lock install when mise.lock is present (#495) by @​zeitlinger in #495

🐛 Bug Fixes

• (ci) add gh auth setup-git to release-plz.sh (#473) by @​jdx in #473
• (ci) pin codeql-action with exact version comment (#481) by @​jdx in #481
• include runner image in cache key to prevent cross-provider collisions (#456) by @​jdx in #456
• install mise-shim.exe on Windows (#476) by @​risu729 in #476

⚙️ Miscellaneous Tasks

• (ci) use !cancelled() instead of always() for final job (#460) by @​jdx in #460
• (ci) remove autofix.ci workflow (#470) by @​jdx in #470
• (ci) add zizmor workflow for github actions security analysis (#471) by @​jdx in #471
• (ci) close failing or conflicted PRs sooner (#480) by @​jdx in #480
• add communique to enhance release notes (#411) by @​jdx in #411
• migrate from ncc (CJS) to rollup (ESM) (#436) by @​jdx in #436
• add final job to aggregate build-test results (#438) by @​jdx in #438
• migrate package manager from npm/pnpm/bun to aube (#455) by @​jdx in #455
• remove pull_request_target workflow (#469) by @​jdx in #469
• update aube tool version (#501) by @​jdx in #501

---

4.0.1 - 2026-03-22

🐛 Bug Fixes

• run npm install in pre-commit hook before build (#410) by @​jdx in #410

🚜 Refactor

• extract getCwd() helper to deduplicate working directory resolution (#403) by @​altendky in #403

📚 Documentation

• bump versions listed im README.md (#407) by @​deining in #407
• bump more versions listed in README.md (#408) by @​deining in #408

⚙️ Miscellaneous Tasks

• add workflow to auto-close stale PRs (#409) by @​jdx in #409

... (truncated)

Commits

• dba1968 chore: release v4.1.0 (#490)
• f91a09d fix(ci): resolve zizmor findings (#503)
• a9d72a2 chore(deps): update github/codeql-action action to v4.36.0 (#500)
• 1f56d95 chore(deps): update dependency @​actions/cache to v6.0.1 (#497)
• e47eed9 chore: update aube tool version (#501)
• 69c24ed chore(deps): update dependency aube to v1.15.0 (#498)
• 76f8407 chore(deps): update zizmorcore/zizmor-action action to v0.5.4 (#488)
• 4a84c91 chore(deps): update dependency eslint to v10.4.0 (#492)
• 4d5418b chore(deps): update dependency @​types/node to v24.12.4 (#485)
• e676099 chore(deps): update dependency typescript-eslint to v8.59.3 (#487)
• Additional commits viewable in compare view

Updates anomalyco/opencode from 1.14.30 to 1.15.13

Release notes

Sourced from anomalyco/opencode's releases.

v1.15.13

Core

Bugfixes

• Gateway Anthropic Opus 4.7+ adaptive reasoning now keeps summarized thinking instead of returning empty thinking blocks.

Improvements

• Sessions can now store custom metadata through the API and SDK. (@​shantur)
• Config now loads from the opened location upward, so directory-specific settings and provider policies apply more predictably.

TUI

Bugfixes

• Wrapped inline tool rows now stay aligned, and failed inline tools can expand their error details in place.

Thank you to 1 community contributor:

• @​shantur:
  • feat(core): add session metadata support (#23068)

v1.15.12

Core

Improvements

• ACP integrations can now send prompts, slash commands, and usage updates through acp-next
• Added WebSocket transport for OpenAI responses on supported channels (set OPENCODE_EXPERIMENTAL_WEBSOCKETS=true)

Bugfixes

• Enabled adaptive reasoning controls for Anthropic Opus 4.7+ models
• Allowed colons in passwords (@​neriousy)
• Sped up warm acp-next model and config switches
• Improved first-session acp-next startup time
• Kept OpenAI WebSocket response timeouts active
• Retried failed OpenAI WebSocket streams before falling back
• Handled acp-next permission prompts correctly
• Used the persisted session directory for existing-session requests
• Forwarded remote workspace request bodies correctly
• Supported custom base URLs for OpenAI WebSocket responses (@​Tarquinen)

TUI

Improvements

• Added a workspace management dialog

Bugfixes

• Kept session navigation working while prompt modes are open
• Restored the thinking spinner
• Surfaced subagent retry status
• Fixed opening editors from non-Git project paths (@​OpeOginni)

... (truncated)

Commits

• 385cb69 release: v1.15.13
• 30f9780 chore: update nix node_modules hashes
• 3070b0f fix(opencode): default display summarized for gateway opus 4.7+ adaptive reas...
• 52e288e chore: generate
• 9b915e7 v2: default agents
• ddc30cd feat(core): add session metadata support (#23068)
• ac8e686 zen: batch balance calculation
• 69b2784 chore: generate
• 6a2cd81 core: credit referral invites on first Lite checkout
• 04c4611 chore: generate
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: automated, ci. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.