Skip to content

Bump @octokit/request-error and @actions/github #1227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 18, 2025
Merged

Bump @octokit/request-error and @actions/github #1227

merged 2 commits into from
Jun 18, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 14, 2025
edited
Loading

Bumps @octokit/request-error to 5.1.1 and updates ancestor dependency @actions/github. These dependencies need to be updated together.

Updates @octokit/request-error from 2.1.0 to 5.1.1

Release notes

Sourced from @​octokit/request-error's releases.

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

  • upgrade @octokit/types to v13 (3af20bd)

Features

v5.0.1

5.0.1 (2023-09-23)

Bug Fixes

  • deps: update dependency @​octokit/types to v12 (#366) (590fc39)

v5.0.0

5.0.0 (2023-07-07)

Bug Fixes

  • deps: update dependency @​octokit/types to v11 (#348) (372097e)

BREAKING CHANGES

  • deps: upgrade @octokit/types to v11

v4.0.2

4.0.2 (2023-06-16)

Bug Fixes

  • deps: update dependency @​octokit/types to v10 (#343) (28b1958)

... (truncated)

Commits
  • b51ed27 test: ReDos regex vulnerability, reported by @​dayshift
  • 12a14f0 fix: ReDos regex vulnerability, reported by @​dayshift
  • 3af20bd fix: upgrade @octokit/types to v13
  • 94147e8 feat(security): Add provenance (#416)
  • 590fc39 fix(deps): update dependency @​octokit/types to v12 (#366)
  • 4b9c57e ci(action): update peter-evans/create-or-update-comment digest to 46da6c0
  • 710afc3 ci(action): update peter-evans/create-or-update-comment digest to 1f6c514
  • c82c8ce ci(action): update peter-evans/create-or-update-comment digest to 223779b
  • ec24ead ci(action): update peter-evans/create-or-update-comment digest to 46846e5 (#362)
  • 365f18d ci(action): update actions/checkout action to v4
  • Additional commits viewable in compare view

Updates @actions/github from 5.1.1 to 6.0.0

Changelog

Sourced from @​actions/github's changelog.

6.0.0

  • Support the latest Octokit in @​actions/github #1553
    • Drop support of NodeJS v14, v16
Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot requested a review from a team as a code owner February 14, 2025 23:52
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 14, 2025
@gowridurgad
Copy link
Contributor

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 12, 2025

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@gowridurgad
Copy link
Contributor

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-939339bafa branch from 6e41730 to 7465f29 Compare March 12, 2025 07:11
@aparnajyothi-y
Copy link
Contributor

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-939339bafa branch from 7465f29 to bbaa6e6 Compare March 12, 2025 09:47
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 12, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

priya-kinthali
priya-kinthali previously approved these changes Mar 12, 2025
View reviewed changes
@HarithaVattikuti
Copy link
Contributor

@dependabot recreate

@dependabot
Bump @octokit/request-error and @actions/github
cfc4208 
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together.


Updates `@octokit/request-error` from 2.1.0 to 5.1.1
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v2.1.0...v5.1.1)

Updates `@actions/github` from 5.1.1 to 6.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: indirect
- dependency-name: "@actions/github"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-939339bafa branch from 05962ea to cfc4208 Compare June 10, 2025 20:39
@HarithaVattikuti HarithaVattikuti merged commit 08f58d1 into main Jun 18, 2025
200 checks passed
@HarithaVattikuti HarithaVattikuti deleted the dependabot/npm_and_yarn/multi-939339bafa branch June 18, 2025 22:00
mmatl added a commit to ambi-robotics/setup-node that referenced this pull request Jul 23, 2025
@mmatl @HarithaVattikuti
@dependabot @suyashgaonkar @suyashrg18 @priyagupta108 @Jcambass @fulldecent @aparnajyothi-y @jww3 @pengx17 @gowridurgad @FloEdelmann @fregante @marco-ippolito
fix: vulnerabilities (#6)
afc4f39 
* Fix macos latest check failures (actions#1041)

* Update latest node versions

* Update latest node versions

* Update test data

* Update test data

* Update test data

* Update test data

* Update test data

* macos lts failure fix

* Update macos-13

* Bump braces from 3.0.2 to 3.0.3 (actions#1087)

* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.3 to 5.28.4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>

* Documentation update in the README file (actions#1106)

* first commit on using setup node

* Delete .github/workflows/helloWorld.yml

* Create main.yml

* Rename main.yml to helloworld.yml

* goodbye world added

* name changed to goodbye

* updated README

---------

Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com>

* Fix: windows arm64 setup (actions#1126)

* Add condition to ensure ZIP extraction targets only Windows ARM64 official archives

* Bumps micromatch from 4.0.5 to 4.0.8

* Create publish-immutable-action.yml

* Upgrade IA Publish

* Correct version string (actions#1124)

* Resolve High Security Alerts by upgrading Dependencies (actions#1132)

* db-alerts-fix

* npm run format

* db-alert-fix

* failure check fix

* check- filaure fix

* Revise `isGhes` logic (actions#1148)

* Revise `isGhes` logic

* ran 'npm run format'

* added unit test

* fix: add arch to cached path (actions#843)

* fix: add arch to cached path

* fix: change from using env to os module

* fix: use process.env.RUNNER_OS instead of os.platform()

* fix: remove unused var

* Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0 (actions#1174)

* Update versions.yml

* Update versions.yml

* ubuntu-24, macos-13 updates

* check -failure fix

* Update README.md (actions#1193)

* Create dependabot.yml (actions#1192)

* Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (actions#1191)

* upgrade `@actions/cache` to `^4.0.0`

* Review licenses & update types

* updated package-lock.json

* Bump pnpm/action-setup from 2 to 4 (actions#1194)

Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v2...v4)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (actions#1195)

Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/actions/publish-immutable-action/releases)
- [Commits](actions/publish-immutable-action@0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump semver from 7.6.0 to 7.6.3 (actions#1196)

* Bump semver from 7.6.0 to 7.6.3

Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.6.0...v7.6.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist & license check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Bump @types/jest from 29.5.12 to 29.5.14 (actions#1201)

Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump undici from 5.28.4 to 5.28.5 (actions#1205)

* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist and license failures

* npm run updates

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Bump @actions/glob from 0.4.0 to 0.5.0 (actions#1200)

* Bump @actions/glob from 0.4.0 to 0.5.0

Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob)

---
updated-dependencies:
- dependency-name: "@actions/glob"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist and license failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* actions/cache upgrade (actions#1251)

Co-authored-by: “gowridurgad” <“hgowridurgad@github.com>

* Bump @vercel/ncc from 0.38.1 to 0.38.3 (actions#1203)

* Bump @vercel/ncc from 0.38.1 to 0.38.3

Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](vercel/ncc@0.38.1...0.38.3)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Bump @actions/tool-cache from 2.0.1 to 2.0.2 (actions#1220)

* Bump @actions/tool-cache from 2.0.1 to 2.0.2

Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache)

---
updated-dependencies:
- dependency-name: "@actions/tool-cache"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* check failures fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Make eslint-compact matcher compatible with Stylelint (actions#98)

* Add support for indented eslint output (actions#1245)

* feat: support private mirrors (actions#1240)

* feat: support private mirrors

* chore: change fallback message with mirrors

* Bump @action/cache from 4.0.2 to 4.0.3 (actions#1262)

* Update versions.yml

* Update versions.yml

* actions/cache upgrade to 4.0.3

* events update

* npm audit fix revert

* npm adit fix revert

* Bump @octokit/request-error and @actions/github (actions#1227)

* Bump @octokit/request-error and @actions/github

Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together.


Updates `@octokit/request-error` from 2.1.0 to 5.1.1
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v2.1.0...v5.1.1)

Updates `@actions/github` from 5.1.1 to 6.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: indirect
- dependency-name: "@actions/github"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>

* Bump uuid from 9.0.1 to 11.1.0 (actions#1273)

* Bump uuid from 9.0.1 to 11.1.0

Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v11.1.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump uuid from 9.0.1 to 11.1.0

Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v11.1.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>

* fix: build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: suyashgaonkar <suyashgaonkar@github.com>
Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com>
Co-authored-by: Priya Gupta <147705955+priyagupta108@users.noreply.github.com>
Co-authored-by: Joel Ambass <Jcambass@users.noreply.github.com>
Co-authored-by: William Entriken <github.com@phor.net>
Co-authored-by: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com>
Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com>
Co-authored-by: Peng Xiao <pengxiao@outlook.com>
Co-authored-by: Ben Wells <benwells@github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Co-authored-by: “gowridurgad” <“hgowridurgad@github.com>
Co-authored-by: Flo Edelmann <git@flo-edelmann.de>
Co-authored-by: fregante <me@fregante.com>
Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
@github-actions github-actions bot mentioned this pull request Sep 4, 2025
Open
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Sep 5, 2025
@renovate
Update actions/setup-node action to v5
508a2bb 
| datasource  | package            | from   | to     |
| ----------- | ------------------ | ------ | ------ |
| github-tags | actions/setup-node | v4.0.3 | v5.0.0 |


## [vv5.0.0](https://github.com/actions/setup-node/releases/tag/v5.0.0)

#### What's Changed

##### Breaking Changes

- Upgrade action to use node24 by [@salmanmkc](https://github.com/salmanmkc) in [#1325](actions/setup-node#1325)

Make sure your runner is updated to this version or newer to use this release. v2.327.1 [Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)

##### Dependency Upgrades

- Upgrade [@octokit/request-error](https://github.com/octokit/request-error) and [@actions/github](https://github.com/actions/github) by [@dependabot](https://github.com/dependabot)\[bot] in [#1227](actions/setup-node#1227)
- Upgrade uuid from 9.0.1 to 11.1.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1273](actions/setup-node#1273)
- Upgrade undici from 5.28.5 to 5.29.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1295](actions/setup-node#1295)
- Upgrade form-data to bring in fix for critical vulnerability by [@gowridurgad](https://github.com/gowridurgad) in [#1332](actions/setup-node#1332)
- Upgrade actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#1345](actions/setup-node#1345)

##### Enhancement:

- Enhance caching in setup-node with automatic package manager detection by [@priya-kinthali](https://github.com/priya-kinthali) in [#1348](actions/setup-node#1348)

#### New Contributors

- [@priya-kinthali](https://github.com/priya-kinthali) made their first contribution in [#1348](actions/setup-node#1348)
- [@salmanmkc](https://github.com/salmanmkc) made their first contribution in [#1325](actions/setup-node#1325)

**Full Changelog**: <actions/setup-node@v4...v5.0.0>


## [vv4.4.0](https://github.com/actions/setup-node/releases/tag/v4.4.0)

##### What's Changed

##### Bug fixes:

- Make eslint-compact matcher compatible with Stylelint by [@FloEdelmann](https://github.com/FloEdelmann) in [#98](actions/setup-node#98)
- Add support for indented eslint output by [@fregante](https://github.com/fregante) in [#1245](actions/setup-node#1245)

##### Enhancement:

- Support private mirrors by [@marco-ippolito](https://github.com/marco-ippolito) in [#1240](actions/setup-node#1240)

##### Dependency update:

- Upgrade [@action/cache](https://github.com/action/cache) from 4.0.2 to 4.0.3 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1262](actions/setup-node#1262)

##### New Contributors

- [@FloEdelmann](https://github.com/FloEdelmann) made their first contribution in [#98](actions/setup-node#98)
- [@fregante](https://github.com/fregante) made their first contribution in [#1245](actions/setup-node#1245)
- [@marco-ippolito](https://github.com/marco-ippolito) made their first contribution in [#1240](actions/setup-node#1240)

**Full Changelog**: <actions/setup-node@v4...v4.4.0>


## [vv4.3.0](https://github.com/actions/setup-node/releases/tag/v4.3.0)

#### What's Changed

##### Dependency updates

- Upgrade [@actions/glob](https://github.com/actions/glob) from 0.4.0 to 0.5.0 by [@dependabot](https://github.com/dependabot) in [#1200](actions/setup-node#1200)
- Upgrade [@action/cache](https://github.com/action/cache) from 4.0.0 to 4.0.2 by [@gowridurgad](https://github.com/gowridurgad) in [#1251](actions/setup-node#1251)
- Upgrade [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3 by [@dependabot](https://github.com/dependabot) in [#1203](actions/setup-node#1203)
- Upgrade [@actions/tool-cache](https://github.com/actions/tool-cache) from 2.0.1 to 2.0.2 by [@dependabot](https://github.com/dependabot) in [#1220](actions/setup-node#1220)

#### New Contributors

- [@gowridurgad](https://github.com/gowridurgad) made their first contribution in [#1251](actions/setup-node#1251)

**Full Changelog**: <actions/setup-node@v4...v4.3.0>


## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0)

#### What's Changed

- Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1174](actions/setup-node#1174)
- Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in [#1193](actions/setup-node#1193)
- Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in [#1192](actions/setup-node#1192)
- Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in [#1191](actions/setup-node#1191)
- Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in [#1194](actions/setup-node#1194)
- Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in [#1195](actions/setup-node#1195)
- Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in [#1196](actions/setup-node#1196)
- Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in [#1201](actions/setup-node#1201)
- Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in [#1205](actions/setup-node#1205)

#### New Contributors

- [@benwells](https://github.com/benwells) made their first contribution in [#1193](actions/setup-node#1193)

**Full Changelog**: <actions/setup-node@v4...v4.2.0>


## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0)

#### What's Changed

- Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1132](actions/setup-node#1132)
- Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in [#1134](actions/setup-node#1134)
- Revise `isGhes` logic by [@jww3](https://github.com/jww3) in [#1148](actions/setup-node#1148)
- Add architecture to cache key by [@pengx17](https://github.com/pengx17) in [#843](actions/setup-node#843)
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.

#### New Contributors

- [@jww3](https://github.com/jww3) made their first contribution in [#1148](actions/setup-node#1148)
- [@pengx17](https://github.com/pengx17) made their first contribution in [#843](actions/setup-node#843)

**Full Changelog**: <actions/setup-node@v4...v4.1.0>


## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4)

##### What's Changed

- Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in [#1125](actions/setup-node#1125)
- Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in [#1126](actions/setup-node#1126)

##### Documentation changes:

- Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in [#1106](actions/setup-node#1106)
- Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in [#1124](actions/setup-node#1124)

##### New Contributors

- [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in [#1106](actions/setup-node#1106)
- [@priyagupta108](https://github.com/priyagupta108) made their first contribution in [#1126](actions/setup-node#1126)
- [@Jcambass](https://github.com/Jcambass) made their first contribution in [#1125](actions/setup-node#1125)
- [@fulldecent](https://github.com/fulldecent) made their first contribution in [#1124](actions/setup-node#1124)

**Full Changelog**: <actions/setup-node@v4...v4.0.4>
mergify bot added a commit to ArcadeData/arcadedb that referenced this pull request Sep 8, 2025
@mergify
chore(deps): bump actions/setup-node from 4.4.0 to 5.0.0 [skip ci]
43a08f3 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 5.0.0.
Release notes

*Sourced from [actions/setup-node's releases](https://github.com/actions/setup-node/releases).*

> v5.0.0
> ------
>
> What's Changed
> --------------
>
> ### Breaking Changes
>
> * Enhance caching in setup-node with automatic package manager detection by [`@​priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-node#1348](https://redirect.github.com/actions/setup-node/pull/1348)
>
> This update, introduces automatic caching when a valid `packageManager` field is present in your `package.json`. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching,
> set `package-manager-cache: false`
>
> ```
> steps:
> - uses: actions/checkout@v5
> - uses: actions/setup-node@v5
>   with:
>     package-manager-cache: false
> ```
>
> * Upgrade action to use node24 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/setup-node#1325](https://redirect.github.com/actions/setup-node/pull/1325)
>
> Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)
>
> ### Dependency Upgrades
>
> * Upgrade `@​octokit/request-error` and `@​actions/github` by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1227](https://redirect.github.com/actions/setup-node/pull/1227)
> * Upgrade uuid from 9.0.1 to 11.1.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1273](https://redirect.github.com/actions/setup-node/pull/1273)
> * Upgrade undici from 5.28.5 to 5.29.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1295](https://redirect.github.com/actions/setup-node/pull/1295)
> * Upgrade form-data to bring in fix for critical vulnerability by [`@​gowridurgad`](https://github.com/gowridurgad) in [actions/setup-node#1332](https://redirect.github.com/actions/setup-node/pull/1332)
> * Upgrade actions/checkout from 4 to 5 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1345](https://redirect.github.com/actions/setup-node/pull/1345)
>
> New Contributors
> ----------------
>
> * [`@​priya-kinthali`](https://github.com/priya-kinthali) made their first contribution in [actions/setup-node#1348](https://redirect.github.com/actions/setup-node/pull/1348)
> * [`@​salmanmkc`](https://github.com/salmanmkc) made their first contribution in [actions/setup-node#1325](https://redirect.github.com/actions/setup-node/pull/1325)
>
> **Full Changelog**: <actions/setup-node@v4...v5.0.0>


Commits

* [`a0853c2`](actions/setup-node@a0853c2) Bump actions/checkout from 4 to 5 ([#1345](https://redirect.github.com/actions/setup-node/issues/1345))
* [`b7234cc`](actions/setup-node@b7234cc) Upgrade action to use node24 ([#1325](https://redirect.github.com/actions/setup-node/issues/1325))
* [`d7a1131`](actions/setup-node@d7a1131) Enhance caching in setup-node with automatic package manager detection ([#1348](https://redirect.github.com/actions/setup-node/issues/1348))
* [`5e2628c`](actions/setup-node@5e2628c) Bumps form-data ([#1332](https://redirect.github.com/actions/setup-node/issues/1332))
* [`65becef`](actions/setup-node@65becef) Bump undici from 5.28.5 to 5.29.0 ([#1295](https://redirect.github.com/actions/setup-node/issues/1295))
* [`7e24a65`](actions/setup-node@7e24a65) Bump uuid from 9.0.1 to 11.1.0 ([#1273](https://redirect.github.com/actions/setup-node/issues/1273))
* [`08f58d1`](actions/setup-node@08f58d1) Bump `@​octokit/request-error` and `@​actions/github` ([#1227](https://redirect.github.com/actions/setup-node/issues/1227))
* See full diff in [compare view](actions/setup-node@49933ea...a0853c2)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=actions/setup-node&package-manager=github\_actions&previous-version=4.4.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
mergify bot added a commit to robfrank/linklift that referenced this pull request Sep 8, 2025
@mergify
chore(deps): bump actions/setup-node from 4 to 5 [skip ci]
8d07597 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
Release notes

*Sourced from [actions/setup-node's releases](https://github.com/actions/setup-node/releases).*

> v5.0.0
> ------
>
> What's Changed
> --------------
>
> ### Breaking Changes
>
> * Enhance caching in setup-node with automatic package manager detection by [`@​priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-node#1348](https://redirect.github.com/actions/setup-node/pull/1348)
>
> This update, introduces automatic caching when a valid `packageManager` field is present in your `package.json`. This aims to improve workflow performance and make dependency management more seamless.
> To disable this automatic caching, set `package-manager-cache: false`
>
> ```
> steps:
> - uses: actions/checkout@v5
> - uses: actions/setup-node@v5
>   with:
>     package-manager-cache: false
> ```
>
> * Upgrade action to use node24 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/setup-node#1325](https://redirect.github.com/actions/setup-node/pull/1325)
>
> Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)
>
> ### Dependency Upgrades
>
> * Upgrade `@​octokit/request-error` and `@​actions/github` by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1227](https://redirect.github.com/actions/setup-node/pull/1227)
> * Upgrade uuid from 9.0.1 to 11.1.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1273](https://redirect.github.com/actions/setup-node/pull/1273)
> * Upgrade undici from 5.28.5 to 5.29.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1295](https://redirect.github.com/actions/setup-node/pull/1295)
> * Upgrade form-data to bring in fix for critical vulnerability by [`@​gowridurgad`](https://github.com/gowridurgad) in [actions/setup-node#1332](https://redirect.github.com/actions/setup-node/pull/1332)
> * Upgrade actions/checkout from 4 to 5 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-node#1345](https://redirect.github.com/actions/setup-node/pull/1345)
>
> New Contributors
> ----------------
>
> * [`@​priya-kinthali`](https://github.com/priya-kinthali) made their first contribution in [actions/setup-node#1348](https://redirect.github.com/actions/setup-node/pull/1348)
> * [`@​salmanmkc`](https://github.com/salmanmkc) made their first contribution in [actions/setup-node#1325](https://redirect.github.com/actions/setup-node/pull/1325)
>
> **Full Changelog**: <actions/setup-node@v4...v5.0.0>
>
> v4.4.0
> ------
>
> What's Changed
> --------------
>
> ### Bug fixes:
>
> * Make eslint-compact matcher compatible with Stylelint by [`@​FloEdelmann`](https://github.com/FloEdelmann) in [actions/setup-node#98](https://redirect.github.com/actions/setup-node/pull/98)
> * Add support for indented eslint output by [`@​fregante`](https://github.com/fregante) in [actions/setup-node#1245](https://redirect.github.com/actions/setup-node/pull/1245)
>
> ### Enhancement:
>
> * Support private mirrors by [`@​marco-ippolito`](https://github.com/marco-ippolito) in [actions/setup-node#1240](https://redirect.github.com/actions/setup-node/pull/1240)
>
> ### Dependency update:
>
> * Upgrade `@​action/cache` from 4.0.2 to 4.0.3 by [`@​aparnajyothi-y`](https://github.com/aparnajyothi-y) in [actions/setup-node#1262](https://redirect.github.com/actions/setup-node/pull/1262)
>
> New Contributors
> ----------------
>
> * [`@​FloEdelmann`](https://github.com/FloEdelmann) made their first contribution in [actions/setup-node#98](https://redirect.github.com/actions/setup-node/pull/98)
> * [`@​fregante`](https://github.com/fregante) made their first contribution in [actions/setup-node#1245](https://redirect.github.com/actions/setup-node/pull/1245)
> * [`@​marco-ippolito`](https://github.com/marco-ippolito) made their first contribution in [actions/setup-node#1240](https://redirect.github.com/actions/setup-node/pull/1240)
>
> **Full Changelog**: <actions/setup-node@v4...v4.4.0>

... (truncated)


Commits

* [`a0853c2`](actions/setup-node@a0853c2) Bump actions/checkout from 4 to 5 ([#1345](https://redirect.github.com/actions/setup-node/issues/1345))
* [`b7234cc`](actions/setup-node@b7234cc) Upgrade action to use node24 ([#1325](https://redirect.github.com/actions/setup-node/issues/1325))
* [`d7a1131`](actions/setup-node@d7a1131) Enhance caching in setup-node with automatic package manager detection ([#1348](https://redirect.github.com/actions/setup-node/issues/1348))
* [`5e2628c`](actions/setup-node@5e2628c) Bumps form-data ([#1332](https://redirect.github.com/actions/setup-node/issues/1332))
* [`65becef`](actions/setup-node@65becef) Bump undici from 5.28.5 to 5.29.0 ([#1295](https://redirect.github.com/actions/setup-node/issues/1295))
* [`7e24a65`](actions/setup-node@7e24a65) Bump uuid from 9.0.1 to 11.1.0 ([#1273](https://redirect.github.com/actions/setup-node/issues/1273))
* [`08f58d1`](actions/setup-node@08f58d1) Bump `@​octokit/request-error` and `@​actions/github` ([#1227](https://redirect.github.com/actions/setup-node/issues/1227))
* See full diff in [compare view](actions/setup-node@v4...v5)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=actions/setup-node&package-manager=github\_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HarithaVattikuti HarithaVattikuti

@aparnajyothi-y aparnajyothi-y

@gowridurgad gowridurgad

@priya-kinthali priya-kinthali

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gowridurgad @aparnajyothi-y @HarithaVattikuti @priya-kinthali