chore(deps): bump actions/setup-node from 4 to 6 by dependabot[bot] · Pull Request #9 · topcoder1/ci-workflows

dependabot · 2026-04-30T22:33:34Z

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in actions/setup-node#1374

Dependency Upgrades

Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336

Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false
Upgrade action to use node24 by @salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @octokit/request-error and @actions/github by @dependabot[bot] in actions/setup-node#1227

Upgrade uuid from 9.0.1 to 11.1.0 by @dependabot[bot] in actions/setup-node#1273

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-node#1295

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-node#1332

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-node#1345

New Contributors

@priya-kinthali made their first contribution in actions/setup-node#1348

@salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
ab72c7e Upgrade @actions dependencies (#1525)
53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
54045ab Scope test lockfiles by package manager and update cache tests (#1495)
c882bff Replace uuid with crypto.randomUUID() (#1378)
774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
efcb663 fix: remove hardcoded bearer (#1467)
d02c89d Fix npm audit issues (#1491)
6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
Additional commits viewable in compare view

…Rs (#16) claude-code-action@v1 currently crashes when invoked on a dependabot PR with the error: Internal error: directory mismatch for directory "/home/runner/work/_actions/anthropics/claude-code-action/v1/tsconfig.json", fd 4 Verified across #7, #8, #9 — three consecutive dependabot PRs, all FAILURE on `review / Claude Review`. The same action+version succeeds on human-authored PRs in the same repo, so the bug is specific to dependabot's restricted GITHUB_TOKEN scope. Even when the action does run on dep bumps, the value is low — diffs are upstream version metadata, not project logic. The risk classifier still labels them; humans still see the diff at merge time. Skipping Claude review here is signal, not loss. Implementation: a pre-check step posts a one-line "Skipped" PR comment when the PR author is dependabot[bot] or renovate[bot], sets a step output, and the claude-code-action step is gated on that output. The job remains green so branch rulesets that require `review / Claude Review` are satisfied. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

topcoder1 · 2026-05-01T22:36:28Z

Reopening to trigger fresh CI with updated claude-review.yml (#16 merged)

dependabot · 2026-05-01T22:36:30Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

github-actions · 2026-05-01T22:37:22Z