Skip to content

chore(deps): bump actions/setup-node from 6 to 7 in the github-actions group#1624

Merged
vybe merged 1 commit into
devfrom
dependabot/github_actions/dev/github-actions-eefdb6dedd
Jul 15, 2026
Merged

chore(deps): bump actions/setup-node from 6 to 7 in the github-actions group#1624
vybe merged 1 commit into
devfrom
dependabot/github_actions/dev/github-actions-eefdb6dedd

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 1 update: actions/setup-node.

Updates actions/setup-node from 6 to 7

Release notes

Sourced from actions/setup-node's releases.

v7.0.0

What's Changed

Enhancements:

Bug fixes:

Documentation updates:

Dependency update:

New Contributors

Full Changelog: actions/setup-node@v6...v7.0.0

v6.5.0

What's Changed

Full Changelog: actions/setup-node@v6.4.0...v6.5.0

v6.4.0

What's Changed

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.4.0

v6.3.0

What's Changed

Enhancements:

... (truncated)

Commits
  • 8207627 Migrate to ESM and upgrade dependencies (#1574)
  • 04be95c Add cache-primary-key and cache-matched-key as outputs (#1577)
  • 7c2c68d docs: Update caching recommendations to mitigate cache poisoning risks (#1567)
  • 6a61c03 Merge pull request #1569 from jasongin/update-actions-cache-5.1.0
  • 30eb73b Resolve high-severity audit issues
  • 4e1a87a Update dist
  • 360237f Strict equality
  • 4f8aac5 Bump @​actions/cache to 5.1.0, log cache write denied
  • f4a67bb Only use mirrorToken in getManifest if it's provided (#1548)
  • 0355742 Remove dummy NODE_AUTH_TOKEN export (#1558)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 1 update: [actions/setup-node](https://github.com/actions/setup-node).


Updates `actions/setup-node` from 6 to 7
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v6...v7)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency label Jul 14, 2026
@dependabot
dependabot Bot requested a review from AndriiPasternak31 as a code owner July 14, 2026 21:35
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency label Jul 14, 2026

@vybe vybe left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Validated via /validate-pr — major bump, held by dependabot-auto-merge policy for human review. Reviewed:

  • Diff is 4 identical setup-node@v6 → @v7 lines, no config changes.
  • 2 of 4 changed workflows exercised green by this PR's own CI (pull_request runs the head's workflow files): frontend-build (build ✅) and Helper MCP Tests (build/unit/stdio smoke ✅).
  • frontend-e2e.yml not exercised — its e2e job is ui-label gated and SKIPPED here. Its setup-node block is byte-identical to frontend-build's (node 20, cache npm), which passed.
  • publish-helper-mcp.yml not exercised (tag / main-push only). Its v7-relevant change is 'remove dummy NODE_AUTH_TOKEN export' (actions/setup-node#1558) — that dummy export is precisely what broke npm OIDC trusted publishing (actions/setup-node#1440), and this workflow publishes via OIDC with no NODE_AUTH_TOKEN. So v7 is favorable, not breaking, on that path. @abilityai/trinity-docs-mcp is also still unpublished (404), so the first publish is the documented manual bootstrap regardless.

All 4 required checks green. No secrets, no backend surface.

@vybe
vybe merged commit e120a57 into dev Jul 15, 2026
21 of 24 checks passed
@dependabot
dependabot Bot deleted the dependabot/github_actions/dev/github-actions-eefdb6dedd branch July 15, 2026 07:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant