Bump actions/setup-node from 4 to 6

[dependabot]

Bumps actions/setup-node from 4 to 6.

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in actions/setup-node#1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in actions/setup-node#1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in actions/setup-node#1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-node#1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-node#1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-node#1345

New Contributors

• @​priya-kinthali made their first contribution in actions/setup-node#1348
• @​salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

• 2028fbc Limit automatic caching to npm, update workflows and documentation (#1374)
• 1342781 Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)
• 89d709d Bump prettier from 2.8.8 to 3.6.2 (#1334)
• cd2651c Bump ts-jest from 29.1.2 to 29.4.1 (#1336)
• a0853c2 Bump actions/checkout from 4 to 5 (#1345)
• b7234cc Upgrade action to use node24 (#1325)
• d7a1131 Enhance caching in setup-node with automatic package manager detection (#1348)
• 5e2628c Bumps form-data (#1332)
• 65becef Bump undici from 5.28.5 to 5.29.0 (#1295)
• 7e24a65 Bump uuid from 9.0.1 to 11.1.0 (#1273)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated build and release workflow infrastructure.

[coderabbitai]

Walkthrough

Two GitHub Actions workflow files updated to use actions/setup-node@v6 instead of v4. No behavioral changes beyond the version bump of the setup node action in both CI and release package workflows.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow version updates .github/workflows/ci.yml, .github/workflows/release.package.yml	Updated Setup Node action from v4 to v6 in node setup steps

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description does not follow the required template structure. While the description provides substantial information about the actions/setup-node upgrade, including release notes, breaking changes, and dependency information, it is missing the two required template sections: "## Changes" and "## Checklist". The "## Checklist" section specifically requires checkboxes for applying labels, confirming documentation updates, and confirming test updates, all of which are absent. Although this appears to be a Dependabot-generated PR, the missing required template sections represent a significant deviation from the repository's requirements.	The PR description should be updated to include the required template sections. Add a "## Changes" section that describes what was modified, and include the "## Checklist" section with all required items checked or completed, including confirmation that one of the labels (major, minor, patch, or skip-release) has been applied, that documentation was updated or noted as unnecessary, and that tests were updated or noted as unnecessary.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title "Bump actions/setup-node from 4 to 6" is concise, clear, and directly reflects the main change in the changeset. The raw summary confirms that both workflow files (.github/workflows/ci.yml and .github/workflows/release.package.yml) were updated to upgrade the actions/setup-node action from version 4 to version 6. The title accurately summarizes this primary modification without unnecessary noise or vagueness.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/github_actions/actions/setup-node-6

---

📜 Recent review details

Configuration used: Repository: lokalise/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6cbbeb2 and d0ee4bc.

📒 Files selected for processing (2)

• .github/workflows/ci.yml (1 hunks)
• .github/workflows/release.package.yml (1 hunks)

🔇 Additional comments (2)

.github/workflows/ci.yml (1)

20-23: Version bump to v6 is compatible across the tested node versions.

The upgrade to actions/setup-node@v6 is solid. The CI workflow already tests against node 24.x, confirming compatibility with v5/v6's node24 runtime. The npm-exclusive workflow (no other package managers detected) means v6's breaking change of limiting caching to npm is fully compatible.

.github/workflows/release.package.yml (1)

25-31: Version bump to v6 is compatible and requires no action.

The upgrade from actions/setup-node@v4 to v6 is straightforward and fully supported. setup-node v6 automatically enables npm caching when package.json contains the packageManager field set to "npm" (your package.json specifies "packageManager": "[email protected]"), which is beneficial for this workflow.

The workflow is entirely npm-based with workspaces and Turbo orchestration, and all v6 features align with the existing setup: registry-url, always-auth, and scope inputs are supported, with NODE_AUTH_TOKEN reading auth at runtime. The ubuntu-latest runner includes the required GitHub Actions runner version for v6 compatibility.

No changes needed.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}