Skip to content

Bump pnpm/action-setup from 4 to 6#852

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/pnpm/action-setup-6
Open

Bump pnpm/action-setup from 4 to 6#852
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/pnpm/action-setup-6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026
edited
Loading

Bumps pnpm/action-setup from 4 to 6.

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.0

Added support for pnpm v11.

v5.0.0

Updated the action to use Node.js 24.

v4.4.0

Updated the action to use Node.js 24.

v4.3.0

What's Changed

New Contributors

Full Changelog: pnpm/action-setup@v4.2.0...v4.3.0

v4.2.0

When there's a .npmrc file at the root of the repository, pnpm will be fetched from the registry that is specified in that .npmrc file #179

v4.1.0

Add support for package.yaml #156.

Commits
  • 26f6d4f fix: use npm co-located with the action node binary (#239)
  • 903f9c1 fix: update pnpm to 11.0.0-rc.5
  • bdf0af2 test: add strict version-match jobs to reproduce #225 / #227
  • 71c9247 fix: pnpm self-update binary shadowed by bootstrap on PATH (#230)
  • 078e9d4 fix: update pnpm to 11.0.0-rc.2
  • 08c4be7 docs(README): update action-setup version
  • 5798914 chore: update .gitignore
  • ddffd66 fix: remove accidentally committed file
  • b43f991 fix: update pnpm to 11.0.0-rc.0
  • 3852509 README.md: bring versions up-to-date (#222)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 13, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 13, 2026 08:01
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 13, 2026
@dependabot dependabot Bot mentioned this pull request Apr 13, 2026
Closed
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 13, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 1cf9c3a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@dependabot dependabot Bot force-pushed the dependabot/github_actions/pnpm/action-setup-6 branch 6 times, most recently from 1b2b523 to a5331c2 Compare May 1, 2026 13:19
@dependabot
Bump pnpm/action-setup from 4 to 6
1cf9c3a 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4 to 6.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v4...v6)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/pnpm/action-setup-6 branch from a5331c2 to 1cf9c3a Compare May 1, 2026 14:02
@matt-evervault Claude
Copy link
Copy Markdown
Contributor

matt-evervault commented May 7, 2026

Review

Reviewed v4 → v6 against every workflow that uses pnpm/action-setup in this repo.

What changed in v4 → v6

  • v4.2.0 — pnpm tarball fetched from .npmrc-configured registry
  • v4.3.0 — optional store-caching input added
  • v4.4.0 / v5.0.0 — action runtime moved to Node.js 24 (the action's own runtime, not the project's)
  • v6.0.0 — adds support for pnpm v11 (becomes the default fallback when no version is pinned)
  • v6.0.1–v6.0.5 — bundled pnpm bumps + PATH/npm-binary fixes

How we use the action (12 references across 9 workflows)

  • Every call site is bare (no version: input) → version is resolved from package.jsonpackageManager field per Corepack
  • package.json pins pnpm@10.26.1+sha512.…, so v6 will still install pnpm 10.26.1, not v11
  • Only other input we use anywhere is run_install: false (in e2e-test.yml), unchanged in v6
  • pnpm-store caching is done by actions/setup-node@v6 with cache: "pnpm", independent of this action — we don't enable the action's own cache: input

Compatibility

  • Runners (ubuntu-latest, macos-latest/macos-15) all support the v5+ Node 24 runtime
  • .nvmrc is v24, fully aligned
  • No new permissions, secrets, or supply-chain risks introduced; tag-pin style (@v6) matches existing convention

Verification

  • pnpm install --frozen-lockfile and pnpm build both succeed locally on pnpm 10.26.1, confirming the version we'll keep getting is healthy

Verdict

Safe to merge. No code changes needed — the packageManager pin makes v6 a no-op for our actual pnpm runtime, and we don't touch any inputs whose semantics changed.

Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matt-evervault