Bump actions/setup-node from 5 to 6 #2345

Merged

dependabot[bot] merged 1 commit from refs/pull/2345/head into main

2025-11-20 04:02:58 +00:00

dependabot[bot] commented

2025-10-20 02:16:36 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1810
Original author: @dependabot[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1810
Original created: 2025-10-20T02:16:36Z
Original updated: 2025-11-20T04:03:21Z
Original head: carverauto/serviceradar:dependabot/github_actions/actions/setup-node-6
Original base: main
Original merged: 2025-11-20T04:02:58Z by @mfreeman451

Bumps actions/setup-node from 5 to 6.

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in actions/setup-node#1374

Dependency Upgrades

Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336

Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362

Full Changelog: https://github.com/actions/setup-node/compare/v5...v6.0.0

Commits

2028fbc Limit automatic caching to npm, update workflows and documentation (#1374)
1342781 Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)
89d709d Bump prettier from 2.8.8 to 3.6.2 (#1334)
cd2651c Bump ts-jest from 29.1.2 to 29.4.1 (#1336)
See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Imported from GitHub pull request. Original GitHub pull request: #1810 Original author: @dependabot[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1810 Original created: 2025-10-20T02:16:36Z Original updated: 2025-11-20T04:03:21Z Original head: carverauto/serviceradar:dependabot/github_actions/actions/setup-node-6 Original base: main Original merged: 2025-11-20T04:02:58Z by @mfreeman451 --- Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>. <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> Breaking Changes <ul> <li>Limit automatic caching to npm, update workflows and documentation by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li> </ul> Dependency Upgrades <ul> <li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li> <li>Upgrade prettier from 2.8.8 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li> </ul> Full Changelog: <a href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903"><code>2028fbc</code></a> Limit automatic caching to npm, update workflows and documentation (<a href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/13427813f706a0f6c9b74603b31103c40ab1c35a"><code>1342781</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/89d709d423dc495668cd762a18dd4a070611be3f"><code>89d709d</code></a> Bump prettier from 2.8.8 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/cd2651c46231bc0d6f48d6b34433b845331235fe"><code>cd2651c</code></a> Bump ts-jest from 29.1.2 to 29.4.1 (<a href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-node/compare/v5...v6">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

qodo-code-review[bot] commented

2025-11-20 04:03:20 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1810#issuecomment-3555666629
Original created: 2025-11-20T04:03:20Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No audit scope: The changes only bump the GitHub Action version for Node setup and do not introduce or modify application logic where audit trails would apply. Referred Code `uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'docs/package-lock.json'` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Not applicable here: The diff only updates the version of the setup-node action without adding executable logic where error handling would be implemented. Referred Code `uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'web/package-lock.json'` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Not applicable here: The change updates an action reference and does not introduce user-facing error messages to assess for sensitive information leakage. Referred Code `uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'docs/package-lock.json'` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: No logging added: The PR only updates the action version and does not add or modify logging behavior to evaluate for sensitive data exposure. Referred Code `uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'web/package-lock.json'` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: No inputs handled: The update to use actions/setup-node@v6 does not introduce input handling logic where validation or sanitization would apply. Referred Code `uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'docs/package-lock.json'` Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1810#issuecomment-3555666629 Original created: 2025-11-20T04:03:20Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td>🟢</td><td><details><summary>No security concerns identified</summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=1>🟢</td><td> <details><summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=5>⚪</td> <td><details> <summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1810/files#diff-0f132b0962009071404990a6789b3466dbd8723d1f7b744f6aca0312396a7900R25-R29'>No audit scope</a>: The changes only bump the GitHub Action version for Node setup and do not introduce or modify application logic where audit trails would apply. <details open><summary>Referred Code</summary> ```yaml uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'docs/package-lock.json' ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1810/files#diff-9d090859e31fc574efb47cacf534d619a3e83d55e59da3be2484999b9055b1b2R45-R49'>Not applicable here</a>: The diff only updates the version of the setup-node action without adding executable logic where error handling would be implemented. <details open><summary>Referred Code</summary> ```yaml uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'web/package-lock.json' ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1810/files#diff-0f132b0962009071404990a6789b3466dbd8723d1f7b744f6aca0312396a7900R25-R29'>Not applicable here</a>: The change updates an action reference and does not introduce user-facing error messages to assess for sensitive information leakage. <details open><summary>Referred Code</summary> ```yaml uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'docs/package-lock.json' ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1810/files#diff-9d090859e31fc574efb47cacf534d619a3e83d55e59da3be2484999b9055b1b2R45-R49'>No logging added</a>: The PR only updates the action version and does not add or modify logging behavior to evaluate for sensitive data exposure. <details open><summary>Referred Code</summary> ```yaml uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'web/package-lock.json' ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1810/files#diff-0f132b0962009071404990a6789b3466dbd8723d1f7b744f6aca0312396a7900R25-R29'>No inputs handled</a>: The update to use actions/setup-node@v6 does not introduce input handling logic where validation or sanitization would apply. <details open><summary>Referred Code</summary> ```yaml uses: actions/setup-node@v6 with: node-version: '20' cache: 'npm' cache-dependency-path: 'docs/package-lock.json' ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>