Skip to content

Bump actions/setup-node from 4 to 6#3

Merged
s977043 merged 1 commit into
mainfrom
dependabot/github_actions/actions/setup-node-6
Nov 1, 2025
Merged

Bump actions/setup-node from 4 to 6#3
s977043 merged 1 commit into
mainfrom
dependabot/github_actions/actions/setup-node-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 1, 2025

Copy link
Copy Markdown
Contributor

Bumps actions/setup-node from 4 to 6.

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 1, 2025
@dependabot dependabot Bot requested a review from s977043 as a code owner November 1, 2025 04:07
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 1, 2025
@vercel

vercel Bot commented Nov 1, 2025

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
ai-review-kit Ready Ready Preview Comment Nov 1, 2025 4:11am

@s977043 s977043 merged commit 026acf7 into main Nov 1, 2025
6 checks passed
@s977043 s977043 deleted the dependabot/github_actions/actions/setup-node-6 branch November 1, 2025 04:14
s977043 added a commit that referenced this pull request Feb 21, 2026
- Remove unused `import matter from 'gray-matter'` (Copilot #4)
- Add explicit ID collision deduplication in convertAgentSkillToRR()
  so duplicate frontmatter IDs get `-2` suffix instead of silent
  overwrite (Sentry #1, Copilot #2)
- Resolve fromPath relative to projectRoot instead of CWD in
  discoverAgentSkillPaths() (Copilot #3)
- Clarify --to help text for import/export subcommands (Gemini #5)
- Add test for colliding explicit IDs

Co-Authored-By: Claude Opus 4.6 <[email protected]>
s977043 added a commit that referenced this pull request May 25, 2026
* docs(runbook): add release-smoke.md (codex final-pass review item #3)

Close the third drift item from Codex's final-pass review (after the
v0.51.0–v0.55.0 sprint). Items #1 and #2 already landed:
- #1 README Epic 1 status drift (PR #889)
- #2 risk-map example (PR #896)
- #3 release smoke runbook (this PR)

Add docs/runbook/release-smoke.md as a sibling to docs/runbook/dev.md.
It is not a release runbook (release-please handles tagging), but the
smoke test that confirms a fresh tag installs cleanly for an adopter.

Sections
- When to run: post release-please merge, post dependabot prod-dep
  bump, pre announcement.
- What it verifies: lint/tests/skills validate, river run dry-run,
  npm pack --dry-run, npm audit --omit=dev, GitHub Release presence.
- Smoke sequence: single bash block, all commands must exit 0.
- Release confirmation via gh: tagName / publishedAt / changelog body.
- When the smoke fails: concrete recovery moves for the 5 common
  failure modes (lockfile drift, dist staleness, audit vuln, release
  404, skill loader error), pointing at the existing docs and PRs
  that document each fix.
- Out of scope: cross-platform install, npx river try, real LLM, Vercel.

No code change.

Refs: PRs #889, #896 (sibling Codex final-pass items),
docs/development/npm-distribution-design.md, AGENT_LEARNINGS.md
gh-api empty-commit entry.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

* docs(runbook): apply gemini PR #897 review on release-smoke

Both gemini comments are valid; apply.

1. Resolve TAG via the upstream GitHub Release instead of the local
   package.json. The previous form trusted that the operator had
   already pulled main after the release-please merge; if they had
   not, the local package.json could point at the previous
   version and the smoke would run against the wrong commit. Use
   `gh release view --json tagName --jq .tagName` so the upstream
   release is the source of truth.

2. The "feedback_release_please_workflow_race.md memory if available"
   pointer was misleading — that file is Claude's internal memory,
   not a repo doc. Replace with a concrete pointer to the
   AGENT_LEARNINGS.md 2026-05-24 entry that actually carries the
   gh-api empty-commit pattern in the repo.

No content change beyond these two clarifications.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
s977043 added a commit that referenced this pull request Jun 29, 2026
…alidation

- Consume positional target path after subcommand in review parse block (#1)
- Pass targetPath to routeReviewMode (#1)
- Warn instead of silently dropping riskMap load errors (#3)
- Reject unsupported --format values with exit code 3 (#7)

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
s977043 added a commit that referenced this pull request Jun 30, 2026
…1324)

* feat: add Review Mode Router for risk-based review depth selection

- Add `src/lib/review-mode-router.mjs`: routeReviewMode() and
  formatRouterResultMarkdown() — pure heuristic, no LLM calls
- Add `tests/review-mode-router.test.mjs`: 17 unit tests (all pass)
- Add `river review route` CLI subcommand (--format json|markdown)
- Add `docs/development/review-mode-router-design.md`: design doc

Routing priority: risk-map require_human_review > escalate >
migration/schema > large diff (≥20 files or ≥500 lines) >
infra/config > docs/test-only > standard (default).

Fixes #1323

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix: cli route handler path parsing, riskMap error handling, format validation

- Consume positional target path after subcommand in review parse block (#1)
- Pass targetPath to routeReviewMode (#1)
- Warn instead of silently dropping riskMap load errors (#3)
- Reject unsupported --format values with exit code 3 (#7)

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* docs: sync review-policy.md SSoT with Review Mode Router vocabulary

Add mode taxonomy (light/standard/team/human-required), routing triggers,
and CLI usage for `river review route`. Closes SSoT gap from PR #1324 (#4).

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix(review-mode-router): address second review cycle findings

- fix: river review route without --format flags defaulted to parsed.output='text'
  and always exited code 3; use formatExplicit/outputExplicit to default to json
- fix: quote targetPath in buildNextCommand when path contains spaces
- refactor: hasAnyFiles now uses fileCount > 0 (dedup with existing var)
- docs: add comment to Rule 5 guard explaining suppression intent
- docs: add §8 Review Mode Router section to review-policy.en.md (SSoT sync)
- docs: update review-mode-router-design.md — add targetPath to RouterInput,
  narrow confidence to 'high'|'medium', parameterize nextCommand examples

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* build: rebuild action dist after cli.mjs changes

src/cli.mjs is bundled into runners/github-action/dist/index.mjs via ncc.
Rebuild required after route handler and format validation fixes.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* fix(review-mode-router): address CodeQL and Gemini bot review findings

- fix: escape backslashes before double-quotes in buildNextCommand
  (CodeQL: incomplete string escaping in shell command suggestion)
- fix: treat unknown file types as substantive to prevent incorrect
  demotion to light mode (Gemini: .rs/.py files classified as unknown
  were erroneously routed to light)
- test: add unknown-file-only → standard mode regression test
- build: rebuild action dist

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

---------

Co-authored-by: Claude Sonnet 4.6 <[email protected]>
s977043 added a commit that referenced this pull request Jul 4, 2026
…iveTo, awesome-devsecops (#1393)

Prepare copy-paste-ready submission materials for the top remaining
external-listing candidates (awareness backlog #2/#3/#8), so the
maintainer can submit quickly. Each draft's submission method was
researched against the live list:

- awesome-claude-code: ISSUE FORM only (recommend-resource.yml) — NOT a
  PR / gh CLI (CONTRIBUTING forbids it); category 'Infrastructure &
  DevOps'; exact form field values included.
- AlternativeTo: website 'Suggest new application' wizard (no PR); note
  the ~1-week new-account wait; field values included. Applied review
  fixes: dropped the misleading 'static-code-analysis' tag (River Review
  is not a SAST scanner) and neutralized comparative phrasing.
- awesome-devsecops: fork+PR to the MAINTAINED TaptuIT/awesome-devsecops
  (the higher-star devsecops/awesome-devsecops is abandoned since 2021);
  honest 'marginal' fit noted; entry frames it as complementing SAST.

Built via a research+verify workflow; drafts checked for rule
compliance, accuracy, and non-promotional tone. Actual submission is a
maintainer action per the repo's external-listing policy.

Co-authored-by: Antigravity <[email protected]>
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant