Skip to content

chore(deps): bump actions/setup-node from 6.4.0 to 7.0.0#2122

Merged
pethers merged 1 commit into
mainfrom
dependabot/github_actions/actions/setup-node-7.0.0
Jul 14, 2026
Merged

chore(deps): bump actions/setup-node from 6.4.0 to 7.0.0#2122
pethers merged 1 commit into
mainfrom
dependabot/github_actions/actions/setup-node-7.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/setup-node from 6.4.0 to 7.0.0.

Release notes

Sourced from actions/setup-node's releases.

v7.0.0

What's Changed

Enhancements:

Bug fixes:

Documentation updates:

Dependency update:

New Contributors

Full Changelog: actions/setup-node@v6...v7.0.0

v6.5.0

What's Changed

Full Changelog: actions/setup-node@v6.4.0...v6.5.0

Commits
  • 8207627 Migrate to ESM and upgrade dependencies (#1574)
  • 04be95c Add cache-primary-key and cache-matched-key as outputs (#1577)
  • 7c2c68d docs: Update caching recommendations to mitigate cache poisoning risks (#1567)
  • 6a61c03 Merge pull request #1569 from jasongin/update-actions-cache-5.1.0
  • 30eb73b Resolve high-severity audit issues
  • 4e1a87a Update dist
  • 360237f Strict equality
  • 4f8aac5 Bump @โ€‹actions/cache to 5.1.0, log cache write denied
  • f4a67bb Only use mirrorToken in getManifest if it's provided (#1548)
  • 0355742 Remove dummy NODE_AUTH_TOKEN export (#1558)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.4.0 to 7.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@48b55a0...8207627)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependency updates github-actions labels Jul 14, 2026
@dependabot dependabot Bot requested a review from pethers as a code owner July 14, 2026 05:39
@dependabot dependabot Bot added dependencies Dependency updates github-actions labels Jul 14, 2026
@github-actions github-actions Bot added infrastructure CI/CD and build infrastructure security Security improvements labels Jul 14, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

โœ… No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/setup-node 820762786026740c76f36085b0efc47a31fe5020 ๐ŸŸข 6.1
Details
CheckScoreReason
Maintained๐ŸŸข 1013 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow๐ŸŸข 10no dangerous workflow patterns detected
Binary-Artifacts๐ŸŸข 9binaries present in source code
Code-Review๐ŸŸข 10all changesets reviewed
CII-Best-Practicesโš ๏ธ 0no effort to earn an OpenSSF best practices badge detected
Packagingโš ๏ธ -1packaging workflow not detected
Token-Permissionsโš ๏ธ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependenciesโš ๏ธ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzingโš ๏ธ 0project is not fuzzed
License๐ŸŸข 10license file detected
Signed-Releasesโš ๏ธ -1no releases found
Security-Policy๐ŸŸข 9security policy file detected
Branch-Protectionโš ๏ธ 1branch protection is not maximal on development and all release branches
SAST๐ŸŸข 9SAST tool is not run on all commits -- score normalized to 9
actions/actions/setup-node 820762786026740c76f36085b0efc47a31fe5020 ๐ŸŸข 6.1
Details
CheckScoreReason
Maintained๐ŸŸข 1013 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow๐ŸŸข 10no dangerous workflow patterns detected
Binary-Artifacts๐ŸŸข 9binaries present in source code
Code-Review๐ŸŸข 10all changesets reviewed
CII-Best-Practicesโš ๏ธ 0no effort to earn an OpenSSF best practices badge detected
Packagingโš ๏ธ -1packaging workflow not detected
Token-Permissionsโš ๏ธ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependenciesโš ๏ธ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzingโš ๏ธ 0project is not fuzzed
License๐ŸŸข 10license file detected
Signed-Releasesโš ๏ธ -1no releases found
Security-Policy๐ŸŸข 9security policy file detected
Branch-Protectionโš ๏ธ 1branch protection is not maximal on development and all release branches
SAST๐ŸŸข 9SAST tool is not run on all commits -- score normalized to 9

Scanned Files

  • .github/workflows/knip.yml
  • .github/workflows/test-and-report.yml

@sonarqubecloud

Copy link
Copy Markdown

@github-actions

Copy link
Copy Markdown
Contributor

๐Ÿ“ธ Automated UI Screenshots

๐Ÿ“‹ Screenshots Captured (8)

# Screenshot
1 01-splash-screen.png - 01 splash screen.png
2 02-intro-screen-menu.png - 02 intro screen menu.png
3 03-intro-screen-archetype-selector.png - 03 intro screen archetype selector.png
4 04-controls-screen.png - 04 controls screen.png
5 05-philosophy-screen.png - 05 philosophy screen.png
6 06-training-screen.png - 06 training screen.png
7 07-combat-screen-practice.png - 07 combat screen practice.png
8 08-combat-screen-versus.png - 08 combat screen versus.png

๐Ÿ“ฆ Download Screenshots

๐Ÿ“ฅ Download all screenshots from workflow artifacts

Screenshots are preserved as workflow artifacts for 30 days.


๐Ÿค– Generated by Playwright automation

@pethers pethers merged commit 47ac666 into main Jul 14, 2026
16 checks passed
@pethers pethers deleted the dependabot/github_actions/actions/setup-node-7.0.0 branch July 14, 2026 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates github-actions infrastructure CI/CD and build infrastructure security Security improvements

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant