chore(deps): bump actions/setup-node from 4 to 6

[dependabot]

Bumps actions/setup-node from 4 to 6.

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in actions/setup-node#1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in actions/setup-node#1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in actions/setup-node#1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-node#1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-node#1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-node#1345

New Contributors

• @​priya-kinthali made their first contribution in actions/setup-node#1348
• @​salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

• 48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
• ab72c7e Upgrade @​actions dependencies (#1525)
• 53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
• 54045ab Scope test lockfiles by package manager and update cache tests (#1495)
• c882bff Replace uuid with crypto.randomUUID() (#1378)
• 774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
• efcb663 fix: remove hardcoded bearer (#1467)
• d02c89d Fix npm audit issues (#1491)
• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated Node.js setup configuration across all CI/CD workflows to use the latest major version, ensuring improved compatibility and tooling support for code quality checks, testing, deployment, and release processes.

[coderabbitai]

📝 Walkthrough

Walkthrough

All GitHub Actions workflows in the .github/workflows/ directory are updated to use actions/setup-node@v6 instead of actions/setup-node@v4. The Node.js setup step is consistently bumped across code-quality, deploy, release, and test workflows; all other job steps and configurations remain unchanged.

Changes

Node.js Setup Action Version Bump

Layer / File(s)	Summary
Update setup-node action across CI/CD workflows .github/workflows/code-quality.yml, .github/workflows/deploy.yml, .github/workflows/release.yml, .github/workflows/test.yml	The actions/setup-node step is bumped from v4 to v6 (or to a new pinned commit SHA in release.yml) across all workflows to ensure consistent, up-to-date Node.js tooling in all pipeline stages.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• OpenDevFlow/md-latex#3: Created the initial workflow files with actions/setup-node@v4; this PR bumps them to v6.

Suggested reviewers

• iamvirul
• hiranyasemindi

Poem

🐰 A rabbit hops through workflows with glee,
Bumping versions from four to six with care,
Each pipeline now runs fresh and free,
Node.js setup modern everywhere! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: updating the actions/setup-node GitHub Action from version 4 to version 6 across all workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/github_actions/actions/setup-node-6

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

.github/workflows/code-quality.yml (1)

23-23: 💤 Low value

Consider pinning the action to a commit SHA.

For enhanced security and reproducibility, consider pinning to a specific commit SHA (e.g., actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) instead of using the @v6 tag, which can change over time.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/code-quality.yml at line 23, The workflow currently
references the reusable action tag actions/setup-node@v6 which is mutable;
replace this with a pinned commit SHA (e.g.,
actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) to ensure
immutability and reproducibility—update the usage of actions/setup-node@v6 to
the chosen commit SHA in the workflow.

.github/workflows/test.yml (1)

23-23: 💤 Low value

Consider pinning the action to a commit SHA.

For enhanced security and reproducibility, consider pinning to a specific commit SHA instead of the @v6 tag.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/test.yml at line 23, The workflow currently references the
reusable action with a floating tag "actions/setup-node@v6"; replace that with a
specific commit SHA to pin the action for security and reproducibility (e.g.,
change the uses value from "actions/setup-node@v6" to
"actions/setup-node@<commit-sha>"). Find the desired commit SHA from the
actions/setup-node repository, update the uses entry accordingly, and commit the
updated workflow so the run uses the exact pinned revision instead of the tag.

.github/workflows/deploy.yml (1)

36-36: 💤 Low value

Consider pinning the action to a commit SHA.

For enhanced security and reproducibility, consider pinning to a specific commit SHA instead of the @v6 tag.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/deploy.yml at line 36, Replace the floating tag for the
setup-node action with a pinned commit SHA: update the uses entry that currently
reads "actions/setup-node@v6" to use the exact commit SHA for the desired
version; locate the uses line in the deploy workflow and replace the tag with
the SHA (e.g., actions/setup-node@<commit-sha>), ensuring you fetch the commit
SHA from the actions/setup-node GitHub repo release you intend to pin to and
commit the updated workflow.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/code-quality.yml:
- Line 23: The workflow currently references the reusable action tag
actions/setup-node@v6 which is mutable; replace this with a pinned commit SHA
(e.g., actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) to ensure
immutability and reproducibility—update the usage of actions/setup-node@v6 to
the chosen commit SHA in the workflow.

In @.github/workflows/deploy.yml:
- Line 36: Replace the floating tag for the setup-node action with a pinned
commit SHA: update the uses entry that currently reads "actions/setup-node@v6"
to use the exact commit SHA for the desired version; locate the uses line in the
deploy workflow and replace the tag with the SHA (e.g.,
actions/setup-node@<commit-sha>), ensuring you fetch the commit SHA from the
actions/setup-node GitHub repo release you intend to pin to and commit the
updated workflow.

In @.github/workflows/test.yml:
- Line 23: The workflow currently references the reusable action with a floating
tag "actions/setup-node@v6"; replace that with a specific commit SHA to pin the
action for security and reproducibility (e.g., change the uses value from
"actions/setup-node@v6" to "actions/setup-node@<commit-sha>"). Find the desired
commit SHA from the actions/setup-node repository, update the uses entry
accordingly, and commit the updated workflow so the run uses the exact pinned
revision instead of the tag.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e3183b1b-d53e-42a1-986c-b6afc0423d08

📥 Commits

Reviewing files that changed from the base of the PR and between 1fee58b and 93929b5.

📒 Files selected for processing (4)

• .github/workflows/code-quality.yml
• .github/workflows/deploy.yml
• .github/workflows/release.yml
• .github/workflows/test.yml