chore(deps): update github actions (major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v4 -> v5
actions/create-github-app-token	action	major	v1 -> v2
actions/download-artifact	action	major	v4 -> v5
actions/setup-node	action	major	v5 -> v6
actions/setup-python	action	major	v5 -> v6

---

Release Notes

actions/checkout (actions/checkout)

v5

Compare Source

actions/create-github-app-token (actions/create-github-app-token)

v2

Compare Source

actions/download-artifact (actions/download-artifact)

v5

Compare Source

actions/setup-node (actions/setup-node)

v6

Compare Source

actions/setup-python (actions/setup-python)

v6

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Summary by CodeRabbit

• Chores
  • Updated continuous integration and release workflows to use newer action versions.
  • Improves pipeline reliability, security, and maintainability with no changes to product behavior.
  • Streamlines build, test, and release steps while keeping their flow unchanged.
  • No user-facing impact; application functionality remains the same.

[coderabbitai]

📝 Walkthrough

Walkthrough

Pins and updates GitHub Actions references across multiple workflow files by changing action commit SHAs and minor versions. Changes include: actions/checkout bumped from v4 to a pinned v5 SHA in build, ci, check-release, check_links, and update-integration-tests workflows; actions/setup-python and actions/download-artifact pinned to newer SHAs in build/test_isolated; actions/setup-node pinned in check-release; actions/create-github-app-token upgraded to a v2 pinned SHA in publish-release. No control-flow, step sequencing, or step inputs were modified.

Possibly related PRs

• fix(ci): Bump action versions python-lsp-server#3 — Similar workflow YAML updates that bump and pin GitHub Actions versions (actions/checkout, setup-python).
• deepnote/deepnote-internal#18370 — Renovate/config changes that enable and pin GitHub Actions digests, likely the source of these bumps.
• deepnote/deepnote-toolkit#158 — Earlier workflow changes introducing the same action usages that are being re-pinned here.

Suggested reviewers

• Artmann
• saltenasl

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly follows conventional commit guidelines, clearly stating a chore for dependency updates and specifying major version bumps for GitHub Actions. It directly matches the changeset’s focus on upgrading multiple action workflows without including extraneous details.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.50%. Comparing base (5b55216) to head (a235728).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #21   +/-   ##
=======================================
  Coverage   18.50%   18.50%           
=======================================
  Files          13       13           
  Lines         200      200           
  Branches       27       27           
=======================================
  Hits           37       37           
  Misses        163      163           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ea1a32b and a235728.

📒 Files selected for processing (5)

• .github/workflows/build.yml (3 hunks)
• .github/workflows/check-release.yml (1 hunks)
• .github/workflows/ci.yml (4 hunks)
• .github/workflows/publish-release.yml (1 hunks)
• .github/workflows/update-integration-tests.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/workflows/ci.yml

[warning] 43-43: too few spaces before comment: expected 2

(comments)

---

[warning] 67-67: too few spaces before comment: expected 2

(comments)

---

[warning] 91-91: too few spaces before comment: expected 2

(comments)

---

[warning] 114-114: too few spaces before comment: expected 2

(comments)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: check_release