chore(deps): update github actions major (major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
actions/checkout	action	major	v4 → 6.0.3	7.0.0
actions/setup-node	action	major	v4 → 6.4.0
googleapis/release-please-action	action	major	v4 → 5.0.0
pnpm/action-setup	action	major	v4 → 6.0.9

---

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

• Add worktree support for persist-credentials includeIf by @​ericsciple in #​2327

v6.0.0

Compare Source

• Persist creds to a separate file by @​ericsciple in #​2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in #​2248

v5.0.1

Compare Source

• Port v6 cleanup to v5 by @​ericsciple in #​2301

v5.0.0

Compare Source

• Update actions checkout to use node 24 by @​salmanmkc in #​2226

actions/setup-node (actions/setup-node)

v6.4.0

Compare Source

What's Changed

Dependency updates:

• Upgrade @​actions dependencies by @​Copilot in #​1525
• Update Node.js versions in versions.yml and bump package to v6.4.0 by @​priya-kinthali in #​1533

New Contributors

• @​Copilot made their first contribution in #​1525

Full Changelog: actions/setup-node@v6...v6.4.0

v6.3.0

Compare Source

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in #​1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in #​1491
• Replace uuid with crypto.randomUUID() by @​trivikr in #​1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in #​1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in #​1495

New Contributors

• @​susnux made their first contribution in #​1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

Compare Source

What's Changed

Documentation

• Documentation update related to absence of Lockfile by @​mahabaleshwars in #​1454
• Correct mirror option typos by @​MikeMcC399 in #​1442
• Readme update on checkout version v6 by @​deining in #​1446
• Readme typo fixes @​munyari in #​1226
• Advanced document update on checkout version v6 by @​aparnajyothi-y in #​1468

Dependency updates:

• Upgrade @​actions/cache to v5.0.1 by @​salmanmkc in #​1449

New Contributors

• @​mahabaleshwars made their first contribution in #​1454
• @​MikeMcC399 made their first contribution in #​1442
• @​deining made their first contribution in #​1446
• @​munyari made their first contribution in #​1226

Full Changelog: actions/setup-node@v6...v6.2.0

v6.1.0

Compare Source

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in #​1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in #​1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in #​1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in #​1419

Full Changelog: actions/setup-node@v6...v6.1.0

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in #​1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #​1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #​1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #​1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

Compare Source

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in #​1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in #​1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in #​1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in #​1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in #​1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​1345

New Contributors

• @​priya-kinthali made their first contribution in #​1348
• @​salmanmkc made their first contribution in #​1325

Full Changelog: actions/setup-node@v4...v5.0.0

googleapis/release-please-action (googleapis/release-please-action)

v5.0.0

Compare Source

⚠ BREAKING CHANGES

• upgrade to node24 (#​1188)

Features

• upgrade to node24 (#​1188) (46dfc01)

Bug Fixes

• bump release-please from 17.3.0 to 17.6.0 (#​1199) (f533c26)

pnpm/action-setup (pnpm/action-setup)

v6.0.9

Compare Source

What's Changed

• fix: update pnpm to v11.7.0 by @​zkochan in #​267

Full Changelog: pnpm/action-setup@v6...v6.0.9

v6.0.8

Compare Source

What's Changed

• docs(README): fix cache_dependency_path type by @​haines in #​257
• fix: drop patchPnpmEnv so standalone+self-update works on Windows by @​zkochan in #​258
• fix: update pnpm to 11.1.1 by @​mungodewar in #​248

New Contributors

• @​mungodewar made their first contribution in #​248

Full Changelog: pnpm/action-setup@v6.0.7...v6.0.8

v6.0.7

Compare Source

What's Changed

• fix: honor devEngines.packageManager.onFail=error (#​252) by @​zkochan in #​254
• fix: restore inputs from state in post by @​haines in #​255
• fix: self-update bootstrap to packageManager-pinned version (#​233) by @​zkochan in #​256

New Contributors

• @​haines made their first contribution in #​255

Full Changelog: pnpm/action-setup@v6.0.6...v6.0.7

v6.0.6

Compare Source

What's Changed

• fix: bin_dest output points to self-updated pnpm, not bootstrap by @​zkochan in #​249

Full Changelog: pnpm/action-setup@v6.0.5...v6.0.6

v6.0.5

Compare Source

What's Changed

• fix: append (not prepend) action node dir to PATH for npm bootstrap by @​zkochan in #​241

Full Changelog: pnpm/action-setup@v6.0.4...v6.0.5

v6.0.4

Compare Source

What's Changed

• fix: use npm co-located with the action node binary by @​benquarmby in #​239

New Contributors

• @​benquarmby made their first contribution in #​239

Full Changelog: pnpm/action-setup@v6.0.3...v6.0.4

v6.0.3

Compare Source

Updated pnpm to v11.0.0-rc.5

Full Changelog: pnpm/action-setup@v6.0.2...v6.0.3

v6.0.2

Compare Source

What's Changed

• fix: pnpm self-update binary shadowed by bootstrap on PATH by @​oniani1 in #​230

New Contributors

• @​oniani1 made their first contribution in #​230

Full Changelog: pnpm/action-setup@v6.0.1...v6.0.2

v6.0.1

Compare Source

Update pnpm to v11.0.0-rc.2. pnpm-lock.yaml will not be saved with two documents unless the packageManager is set via devEngines.packageManager. Related issue: #​228

v6.0.0

Compare Source

Added support for pnpm v11.

v5.0.0

Compare Source

Updated the action to use Node.js 24.

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • "on the 15th day of the month before 12pm"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[greptile-apps]

Greptile Summary

This PR updates four GitHub Actions dependencies to new major versions across all CI/CD workflow files. All actions remain SHA-pinned with version comments, maintaining the existing security posture.

• actions/checkout is bumped from v4 to 6.0.3 across all four workflows; v6 migrates credential persistence to a separate file and adds Node 24 support.
• pnpm/action-setup is bumped from v4 to 6.0.9 (the actual pinned SHA is 6.0.9, one patch ahead of the 6.0.8 described in the PR table); v6 adds pnpm v11 support by default.
• actions/setup-node is bumped from v4 to 6.4.0 in ci.yml and release.yml; the v6.0.0 breaking change ("Limit automatic caching to npm") applies only to automatic package-manager detection — the explicit cache: pnpm used in both files continues to work.
• googleapis/release-please-action is bumped from v4 to 5.0.0 in release-please.yml; the only breaking change is an upgrade to Node 24 at runtime.

Confidence Score: 5/5

Safe to merge — all four workflow files receive routine action version bumps with no logic changes and no removed functionality.

All changes are automated version bumps to well-maintained official actions. Every action remains SHA-pinned. The cache: pnpm input in setup-node is unaffected by the v6 breaking change (which only restricts automatic cache detection, not explicit cache configuration). No workflow logic, permissions, secrets usage, or step ordering was modified.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Bumps actions/checkout, pnpm/action-setup, and actions/setup-node to new major versions; all pinned to specific SHAs with version comments.
.github/workflows/release-please.yml	Bumps googleapis/release-please-action from v4 to 5.0.0, pinned to a new SHA.
.github/workflows/release.yml	Bumps the same three actions (checkout, pnpm/action-setup, setup-node) to the same new major versions as ci.yml.
.github/workflows/socket-tier1-analysis.yml	Bumps actions/checkout from v4 to 6.0.3, SHA-pinned; only the checkout step is changed.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Push or PR event] --> B[ci.yml]
    B --> C[checkout 6.0.3]
    C --> D[pnpm-setup 6.0.9]
    D --> E[setup-node 6.4.0 with pnpm cache]
    E --> F[install / lint / build / test]

    G[Release PR merged] --> H[release-please.yml]
    H --> I[release-please-action 5.0.0]
    I -->|release_created=true| J[release.yml]
    J --> K[checkout 6.0.3]
    K --> L[pnpm-setup 6.0.9]
    L --> M[setup-node 6.4.0 with pnpm cache]
    M --> N[pnpm publish to npm]

    O[Socket scan dispatch] --> P[socket-tier1-analysis.yml]
    P --> Q[checkout 6.0.3]
    Q --> R[Socket CLI scan]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Push or PR event] --> B[ci.yml]
    B --> C[checkout 6.0.3]
    C --> D[pnpm-setup 6.0.9]
    D --> E[setup-node 6.4.0 with pnpm cache]
    E --> F[install / lint / build / test]

    G[Release PR merged] --> H[release-please.yml]
    H --> I[release-please-action 5.0.0]
    I -->|release_created=true| J[release.yml]
    J --> K[checkout 6.0.3]
    K --> L[pnpm-setup 6.0.9]
    L --> M[setup-node 6.4.0 with pnpm cache]
    M --> N[pnpm publish to npm]

    O[Socket scan dispatch] --> P[socket-tier1-analysis.yml]
    P --> Q[checkout 6.0.3]
    Q --> R[Socket CLI scan]

Loading

_{Reviews (2): Last reviewed commit: "chore(deps): update github actions major" | Re-trigger Greptile}