Skip to content

Bump pnpm/action-setup from 4.0.0 to 4.2.0 #19203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
GTFalcao merged 1 commit into from
Nov 24, 2025
Merged

Bump pnpm/action-setup from 4.0.0 to 4.2.0 #19203

GTFalcao merged 1 commit into from
Nov 24, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited by coderabbitai bot
Loading

Bumps pnpm/action-setup from 4.0.0 to 4.2.0.

Release notes

Sourced from pnpm/action-setup's releases.

v4.2.0

When there's a .npmrc file at the root of the repository, pnpm will be fetched from the registry that is specified in that .npmrc file #179

v4.1.0

Add support for package.yaml #156.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated GitHub Actions workflows: upgraded pnpm/action-setup from v4.0.0 to v4.2.0 across all continuous integration and deployment pipelines. This includes component verification jobs, package publishing workflows, marketplace content deployment, and pull request validation steps. Maintains build stability and ensures current tooling versions throughout the system.

✏️ Tip: You can customize this high-level summary in your review settings.

@dependabot
Bump pnpm/action-setup from 4.0.0 to 4.2.0
c20bfca 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4.0.0 to 4.2.0.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v4.0.0...v4.2.0)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Nov 24, 2025
@vercel
Copy link

vercel bot commented Nov 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Preview Comments Updated (UTC)
pipedream-docs Ignored Ignored Nov 24, 2025 11:05am
pipedream-docs-redirect-do-not-edit Ignored Ignored Nov 24, 2025 11:05am

@adolfo-pd adolfo-pd added the User submitted Submitted by a user label Nov 24, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 24, 2025
edited
Loading

Walkthrough

Updated the pnpm/action-setup GitHub Action from version v4.0.0 to v4.2.0 across eight workflow files. No changes to workflow logic, steps, or behavior beyond the version bump.

Changes

Cohort / File(s) Summary
pnpm/action-setup version upgrade
.github/workflows/components-pr.yaml, .github/workflows/pipedream-sdk-test.yaml, .github/workflows/publish-components.yaml, .github/workflows/publish-marketplace-content.yaml, .github/workflows/publish-packages.yaml, .github/workflows/publish-platform-package.yaml, .github/workflows/pull-request-checks.yaml, .github/workflows/push-registry-app-files-supabase.yaml, .github/workflows/scheduled-package-validation.yaml		 Updated pnpm/action-setup from v4.0.0 to v4.2.0 in setup steps across all workflows. No behavioral changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • All changes are identical version bumps of an external GitHub Action across multiple workflow files with no logic modifications
  • Verify the v4.2.0 release is stable and compatible with current pnpm usage patterns

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description check ⚠️ Warning The description is missing the required 'WHY' section from the template. It contains release notes and Dependabot metadata but lacks explanation of why this upgrade is necessary. Add a 'WHY' section explaining the motivation for upgrading (e.g., needed for custom registry support or package.yaml support).
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely summarizes the main change: upgrading pnpm/action-setup from version 4.0.0 to 4.2.0 across multiple workflow files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dependabot/github_actions/pnpm/action-setup-4.2.0
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 76d24db and c20bfca.

📒 Files selected for processing (9)
  • .github/workflows/components-pr.yaml (2 hunks)
  • .github/workflows/pipedream-sdk-test.yaml (1 hunks)
  • .github/workflows/publish-components.yaml (2 hunks)
  • .github/workflows/publish-marketplace-content.yaml (1 hunks)
  • .github/workflows/publish-packages.yaml (1 hunks)
  • .github/workflows/publish-platform-package.yaml (1 hunks)
  • .github/workflows/pull-request-checks.yaml (1 hunks)
  • .github/workflows/push-registry-app-files-supabase.yaml (1 hunks)
  • .github/workflows/scheduled-package-validation.yaml (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Lint Code Base
  • GitHub Check: pnpm publish
🔇 Additional comments (9)
.github/workflows/publish-packages.yaml (1)

24-24: Approved: Version bump is safe.

The pnpm/action-setup version bump from v4.0.0 to v4.2.0 is straightforward and appropriate. The workflow creates the .npmrc file (line 51) after pnpm is already installed (line 24), so the new v4.2.0 behavior of fetching pnpm from a custom registry in .npmrc does not apply here.

.github/workflows/push-registry-app-files-supabase.yaml (1)

25-25: Approved: Version bump is safe.

The pnpm/action-setup version bump to v4.2.0 is appropriate. This workflow does not manage .npmrc files, so no compatibility concerns.

.github/workflows/scheduled-package-validation.yaml (1)

19-19: Approved: Version bump is safe.

The pnpm/action-setup version bump to v4.2.0 is appropriate. This workflow does not interact with .npmrc files.

.github/workflows/publish-marketplace-content.yaml (1)

15-15: Approved: Version bump is safe.

The pnpm/action-setup version bump to v4.2.0 is appropriate. No .npmrc interactions in this workflow.

.github/workflows/pull-request-checks.yaml (1)

62-62: Approved: Version bump is safe.

The pnpm/action-setup version bump to v4.2.0 is appropriate. This lint/check workflow does not manage .npmrc files.

.github/workflows/components-pr.yaml (1)

52-52: Approved: Version bumps are safe.

The pnpm/action-setup version bumps to v4.2.0 in both the verify-typescript-components job (line 52) and the publish-typescript-components-dry-run job (line 141) are appropriate. This workflow does not manage .npmrc files, so no compatibility concerns.

Also applies to: 141-141

.github/workflows/publish-platform-package.yaml (1)

16-16: Approved: Version bump is safe.

The pnpm/action-setup version bump to v4.2.0 is appropriate. The .npmrc file is created after pnpm installation (line 30), so the new v4.2.0 .npmrc handling behavior does not affect pnpm fetching in this workflow.

.github/workflows/pipedream-sdk-test.yaml (1)

21-21: Approved: Version bump is safe.

The pnpm/action-setup version bump to v4.2.0 is appropriate. This SDK test workflow does not manage .npmrc files.

.github/workflows/publish-components.yaml (1)

15-15: Version bump to pnpm/action-setup@v4.2.0 approved.

v4.2.0 has no known security vulnerabilities or breaking changes. Verification confirms all 11 references across 9 workflow files are consistently updated to v4.2.0, and the explicit pnpm version pinning (9.14.2) mitigates any risk from future pnpm runtime CVEs. The new .npmrc registry support is backward-compatible and requires no workflow configuration changes.

Comment @coderabbitai help to get the list of available commands and usage tips.

@GTFalcao GTFalcao merged commit d993d66 into master Nov 24, 2025
7 checks passed
@GTFalcao GTFalcao deleted the dependabot/github_actions/pnpm/action-setup-4.2.0 branch November 24, 2025 16:23
@github-project-automation github-project-automation bot moved this from Ready for PR Review to Done in Component (Source and Action) Backlog Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GTFalcao GTFalcao GTFalcao approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code User submitted Submitted by a user

Projects

Component (Source and Action) Backlog
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@GTFalcao @adolfo-pd