chore(deps): bump actions/setup-node from 4.1.0 to 6.4.0#151
chore(deps): bump actions/setup-node from 4.1.0 to 6.4.0#151dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.1.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4.1.0...v6.4.0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
FrancesCoronel
left a comment
There was a problem hiding this comment.
This is a major version bump (actions/setup-node 4.1.0 → 6.4.0, spanning two major versions), so flagging for manual review before merge per policy.
No security advisories or deprecation warnings noted in the PR body — mostly dependency upgrades and enhancements (e.g. devEngines support, uuid → crypto.randomUUID()). Worth a quick check that no workflow inputs/outputs changed across the v4→v6 jump before merging.
Generated by Claude Code
|
This is a major version bump for No security advisories or deprecation warnings are called out in the Dependabot PR body for this update. Generated by Claude Code |
Dependabot PR ReviewSummary: Major version bump — CI Status
Not auto-approving/enabling auto-merge given the major version bump and the failing security-audit gate. Recommend manual review. Generated by Claude Code |
Dependabot PR ReviewSummary:
|
Dependabot PR ReviewSummary:
No breaking changes called out in the v5/v6 release notes for this action; it's used in a straightforward way in this repo's workflows (node-version + npm cache), which should be unaffected. CI StatusAlso not clean: Not approving or enabling auto-merge — requesting manual review given the major version bump, though this one looks low-risk. Generated by Claude Code |
📸 Visual snapshotsScreenshots captured for this PR — view all artifacts.
|
Bumps actions/setup-node from 4.1.0 to 6.4.0.
Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
48b55a0Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)ab72c7eUpgrade@actionsdependencies (#1525)53b8394Bump minimatch from 3.1.2 to 3.1.5 (#1498)54045abScope test lockfiles by package manager and update cache tests (#1495)c882bffReplace uuid with crypto.randomUUID() (#1378)774c1d6feat(node-version-file): support parsingdevEnginesfield (#1283)efcb663fix: remove hardcoded bearer (#1467)d02c89dFix npm audit issues (#1491)6044e13Docs: bump actions/checkout from v5 to v6 (#1468)8e49463Fix README typo (#1226)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)