build(deps): Bump actions/setup-node from 4 to 6#4
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Contributor
|
@dependabot rebase |
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/setup-node-6
branch
from
065a1c1 to
0bb8087
Compare
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
Superseded by direct edit in main (commit applies the same bump). Closing to keep PR queue clean. |
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
9 tasks
trentas
added a commit
that referenced
this pull request
May 13, 2026
…ot absent
Re-probed the DORA endpoints with POST (not GET). POST returns 401
Unauthorized for unauthenticated requests, meaning the endpoints exist
and are real read endpoints — Datadog just uses POST-with-body to carry
the filter object instead of URL query params (a known non-REST pattern
for complex list filters).
Previous §8 incorrectly concluded the DORA API was write-only based on
GET 404s. That was wrong — GET on those paths 404s because there's no
GET handler, not because the resource doesn't exist.
Walks back the §8 revision:
- The original §1 "DORA Metrics API v2 (read endpoints)" was
directionally correct. Replace the §8 body with: list = POST with
body, single record = GET /{id}.
- The 4 endpoints documented in detail (with field list: service,
team, env, version, repository_id, change_failure, recovery_time,
avg_change_lead_time, lead-time stages).
- Drop decision #6 (A/B/C) — no longer applicable; we go raw events.
- §1, §3 schemas, §4 PR breakdown, §7 decision #4: unchanged.
- New caveat captured: DORA event retention is 2 years; backfill must
cap at 24 months.
Validation status: 401 confirms endpoints exist; happy-path response
shape still needs working keys before slice 3.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
trentas
added a commit
that referenced
this pull request
May 13, 2026
…oach proposed (#38) * docs(integrations): revise PLAN — DORA API is write-only, switch to Metrics + Events + Incidents Empirical probe against Datadog US1 (after slice 1 landed but before slice 2 started) showed every DORA read endpoint candidate returns 404: /api/v2/dora/deployment, /deployments, /incident, /incidents, /failure, /failures, /metrics. Datadog's DORA API is POST-only — callers submit events to populate the DORA dashboard; there is no GET surface for reading raw events. Original §1 picked "DORA Metrics API v2 (read endpoints)" as the data source. That was wrong. Adds §8 to PLAN-datadog.md documenting: - What probes were run and what Datadog returned - What surfaces actually exist for reading: Metrics API (`dora.*` time-series), Events API (deployments via integration), Incidents API (with Datadog Incident Management) - Three revised options (A: aggregates only, B: raw events, C: hybrid) with explicit tradeoffs - Recommended path: hybrid, surfacing per-source availability as a checklist on the connect detail page - Concrete impact on slices 2-5 (slice 1 unaffected) - New decision #6 added to §7 (surface preference) - Why none of §8 is endpoint-validated: dev keys didn't authenticate; the 404s are enough evidence the DORA reads don't exist, but the positive claims about Metrics / Events / Incidents need working keys before slice 3 starts Slice 1 (already on main) ships independent of all of this. Slice 2 now waits on user decision #6 and on a fresh key pair that authenticates. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(integrations): correct §8 — list endpoints are POST-with-body, not absent Re-probed the DORA endpoints with POST (not GET). POST returns 401 Unauthorized for unauthenticated requests, meaning the endpoints exist and are real read endpoints — Datadog just uses POST-with-body to carry the filter object instead of URL query params (a known non-REST pattern for complex list filters). Previous §8 incorrectly concluded the DORA API was write-only based on GET 404s. That was wrong — GET on those paths 404s because there's no GET handler, not because the resource doesn't exist. Walks back the §8 revision: - The original §1 "DORA Metrics API v2 (read endpoints)" was directionally correct. Replace the §8 body with: list = POST with body, single record = GET /{id}. - The 4 endpoints documented in detail (with field list: service, team, env, version, repository_id, change_failure, recovery_time, avg_change_lead_time, lead-time stages). - Drop decision #6 (A/B/C) — no longer applicable; we go raw events. - §1, §3 schemas, §4 PR breakdown, §7 decision #4: unchanged. - New caveat captured: DORA event retention is 2 years; backfill must cap at 24 months. Validation status: 401 confirms endpoints exist; happy-path response shape still needs working keys before slice 3. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-node from 4 to 6.
Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
48b55a0Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)ab72c7eUpgrade@actionsdependencies (#1525)53b8394Bump minimatch from 3.1.2 to 3.1.5 (#1498)54045abScope test lockfiles by package manager and update cache tests (#1495)c882bffReplace uuid with crypto.randomUUID() (#1378)774c1d6feat(node-version-file): support parsingdevEnginesfield (#1283)efcb663fix: remove hardcoded bearer (#1467)d02c89dFix npm audit issues (#1491)6044e13Docs: bump actions/checkout from v5 to v6 (#1468)8e49463Fix README typo (#1226)