Skip to content

chore(deps): update actions/setup-node action to v5#137

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/actions-setup-node-5.x
Open

chore(deps): update actions/setup-node action to v5#137
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/actions-setup-node-5.x

Conversation

@renovate

@renovate renovate Bot commented Mar 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/setup-node action major v4v5

Release Notes

actions/setup-node (actions/setup-node)

v5.0.0

Compare Source

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v5

Compare Source

v4.4.0

Compare Source

What's Changed

Bug fixes:
Enhancement:
Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

Dependency updates

New Contributors

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-node@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

  • Resolve High Security Alerts by upgrading Dependencies by @​aparnajyothi-y in #​1132
  • Upgrade IA Publish by @​Jcambass in #​1134
  • Revise isGhes logic by @​jww3 in #​1148
  • Add architecture to cache key by @​pengx17 in #​843
    This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
    Note: This change may break previous cache keys as they will no longer be compatible with the new format.

New Contributors

Full Changelog: actions/setup-node@v4...v4.1.0

v4.0.4

Compare Source

What's Changed

Documentation changes:

New Contributors

Full Changelog: actions/setup-node@v4...v4.0.4

v4.0.3

Compare Source

What's Changed

Bug fixes:
Documentation changes:
Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v4...v4.0.3

v4.0.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-node@v4.0.1...v4.0.2

v4.0.1

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-node@v4...v4.0.1


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by Sanity. View repository job log here

@socket-security

socket-security Bot commented Mar 3, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgithub/​actions/​setup-node@​49933ea5288caeca8642d1e84afbd3f7d6820020 ⏵ a0853c24544627f65ddf259abe73b1d18a5914448610010010080

View full report

@renovate renovate Bot force-pushed the renovate/actions-setup-node-5.x branch from ec870c8 to 5d97bde Compare June 18, 2026 17:34
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: github actions/setup-node is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: .github/workflows/ci.ymlgithub/actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore github/actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants