Skip to content

build(deps): Bump the actions group across 1 directory with 2 updates #767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): Bump the actions group across 1 directory with 2 updates #767

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2025
edited by ellipsis-dev bot
Loading

Bumps the actions group with 2 updates in the / directory: actions/checkout and actions/setup-node.

Updates actions/checkout from 4.2.2 to 5.0.0

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

Updates actions/setup-node from 4.4.0 to 5.0.0

Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Important

Update actions/checkout and actions/setup-node to v5.0.0 across multiple GitHub Actions workflows.

  • Dependencies:
    • Update actions/checkout from v4.2.2 to v5.0.0 in autofix.yml, ci.yml, pkg-pr-new.yml, and release.yml.
    • Update actions/setup-node from v4.4.0 to v5.0.0 in autofix.yml, ci.yml, pkg-pr-new.yml, and release.yml.

This description was created by Ellipsis for 3037604. You can customize this summary. It will automatically update as commits are pushed.

@dependabot
build(deps): Bump the actions group across 1 directory with 2 updates
3037604 
Bumps the actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-node](https://github.com/actions/setup-node).


Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...08c6903)

Updates `actions/setup-node` from 4.4.0 to 5.0.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@49933ea...a0853c2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Oct 1, 2025
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 1, 2025

⚠️ No Changeset found

Latest commit: 3037604

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Oct 1, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Oct 1, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/eslint-plugin-prettier@767

commit: 3037604

ellipsis-dev[bot]
ellipsis-dev bot reviewed Oct 1, 2025
View reviewed changes
Copy link

@ellipsis-dev ellipsis-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important

Looks good to me! 👍

Reviewed everything up to 3037604 in 1 minute and 5 seconds. Click for details.
  • Reviewed 80 lines of code in 4 files
  • Skipped 0 files when reviewing.
  • Skipped posting 8 draft comments. View those below.
  • Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. .github/workflows/autofix.yml:19
  • Draft comment:
    Checkout action is updated to v5.0.0 using commit 08c6903... Ensure your runner meets the minimum version (v2.327.1+).
  • Reason this comment was not posted:
    Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically the version update of a checkout action. It advises ensuring the runner meets a minimum version requirement, which falls under the category of asking the PR author to ensure compatibility or verify something. This violates the rule against making comments that ask the author to ensure or verify things.
2. .github/workflows/autofix.yml:25
  • Draft comment:
    Setup Node.js action is updated to v5.0.0. Verify that the 'cache: pnpm' input behaves as expected with the new version.
  • Reason this comment was not posted:
    Confidence changes required: 50% <= threshold 50% None
3. .github/workflows/ci.yml:35
  • Draft comment:
    CI workflow: Checkout action updated to v5.0.0. Confirm runner compatibility with the new version.
  • Reason this comment was not posted:
    Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to confirm compatibility with a new version of a CI workflow action. This falls under asking the author to ensure behavior is intended or to double-check things, which is against the rules.
4. .github/workflows/ci.yml:41
  • Draft comment:
    CI workflow: Setup Node.js action updated to v5.0.0. Check that caching with 'pnpm' remains effective.
  • Reason this comment was not posted:
    Confidence changes required: 50% <= threshold 50% None
5. .github/workflows/pkg-pr-new.yml:16
  • Draft comment:
    Publish workflow: Checkout action updated to v5.0.0. Verify that the runner meets the new version’s requirements.
  • Reason this comment was not posted:
    Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to verify the runner's compatibility with the new version of a dependency, which is against the rules. It doesn't provide a specific suggestion or point out a specific issue with the code.
6. .github/workflows/pkg-pr-new.yml:22
  • Draft comment:
    Publish workflow: Setup Node.js action updated to v5.0.0; ensure that caching behavior ('cache: pnpm') operates correctly.
  • Reason this comment was not posted:
    Confidence changes required: 50% <= threshold 50% None
7. .github/workflows/release.yml:23
  • Draft comment:
    Release workflow: Checkout action is updated to v5.0.0. Ensure the runner version is compatible with the new update.
  • Reason this comment was not posted:
    Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically the version update of a GitHub Action. The comment asks the author to ensure compatibility, which is against the rules. It doesn't provide a specific suggestion or point out a specific issue with the code.
8. .github/workflows/release.yml:29
  • Draft comment:
    Release workflow: Setup Node.js action is updated to v5.0.0. Verify that the 'cache: pnpm' input continues to work as intended.
  • Reason this comment was not posted:
    Confidence changes required: 50% <= threshold 50% None

Workflow ID: wflow_6sWibzyxg4lMQCYe

You can customize Ellipsis by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants