Skip to content

chore(deps): Bump pnpm/action-setup from 4 to 6#19

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/pnpm/action-setup-6
Open

chore(deps): Bump pnpm/action-setup from 4 to 6#19
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/pnpm/action-setup-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown

Bumps pnpm/action-setup from 4 to 6.

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.0

Added support for pnpm v11.

v5.0.0

Updated the action to use Node.js 24.

v4.4.0

Updated the action to use Node.js 24.

v4.3.0

What's Changed

New Contributors

Full Changelog: pnpm/action-setup@v4.2.0...v4.3.0

v4.2.0

When there's a .npmrc file at the root of the repository, pnpm will be fetched from the registry that is specified in that .npmrc file #179

v4.1.0

Add support for package.yaml #156.

Commits
  • 0ebf471 fix: update pnpm to v11.7.0 (#267)
  • 0e279bb fix: update pnpm to 11.1.1 (#248)
  • 3e83581 fix: drop patchPnpmEnv so standalone+self-update works on Windows (#258)
  • 551b42e docs(README): fix cache_dependency_path type (#257)
  • 739bfe4 fix: self-update bootstrap to packageManager-pinned version (#233) (#256)
  • f61705d chore: add CODEOWNERS
  • 7a5507b fix: restore inputs from state in post (#255)
  • 1155470 fix: honor devEngines.packageManager.onFail=error (#252) (#254)
  • 91ab88e fix: bin_dest output points to self-updated pnpm, not bootstrap (#249)
  • e578e19 fix: update pnpm to 11.0.4
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4 to 6.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v4...v6)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 23, 2026

@eitri-ccl eitri-ccl Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛡️ Eitrithe forge's second smith

🔒 Security scan

Ran semgrep, trivy · scoped to changed files · 0 blocking, 0 total.

No security findings in the changed files. ✅


VERDICT: APPROVE

This is a routine GitHub Actions dependency bump from pnpm/action-setup@v4 to v6. The workflow is minimal (typecheck + build), and the packageManager: "pnpm@9.15.0" field in package.json satisfies the action's version-detection in both v4 and v6 — no version: input is needed. The security scan is clean, no configuration inputs changed, and the rest of the workflow (checkout, setup-node, cache, install, typecheck, build) is unaffected.

Findings

No blocking issues found.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants