Skip to content

build(deps): bump pnpm/action-setup from 5 to 6#10241

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/github_actions/dev/pnpm/action-setup-6
Open

build(deps): bump pnpm/action-setup from 5 to 6#10241
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/github_actions/dev/pnpm/action-setup-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps pnpm/action-setup from 5 to 6.

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.0

Added support for pnpm v11.

Commits
  • 91ab88e fix: bin_dest output points to self-updated pnpm, not bootstrap (#249)
  • e578e19 fix: update pnpm to 11.0.4
  • 8912a91 fix: append (not prepend) action node dir to PATH for npm bootstrap (#241)
  • 26f6d4f fix: use npm co-located with the action node binary (#239)
  • 903f9c1 fix: update pnpm to 11.0.0-rc.5
  • bdf0af2 test: add strict version-match jobs to reproduce #225 / #227
  • 71c9247 fix: pnpm self-update binary shadowed by bootstrap on PATH (#230)
  • 078e9d4 fix: update pnpm to 11.0.0-rc.2
  • 08c4be7 docs(README): update action-setup version
  • 5798914 chore: update .gitignore
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added ci CI/CD and GitHub Actions dependencies Pull requests that update a dependency file security Security update This issue is for an update or upgrade. labels Apr 20, 2026
@dependabot dependabot Bot requested a review from h0lybyte as a code owner April 20, 2026 06:06
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ci CI/CD and GitHub Actions labels Apr 20, 2026
@github-actions

github-actions Bot commented Apr 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/ci-mc-gradle-cache.yml

PackageVersionLicenseIssue Type
pnpm/action-setup6.*.*NullUnknown License

.github/workflows/python-test-package.yml

PackageVersionLicenseIssue Type
pnpm/action-setup6.*.*NullUnknown License

.github/workflows/utils-nx-kbve-shell.yml

PackageVersionLicenseIssue Type
pnpm/action-setup6.*.*NullUnknown License

.github/workflows/utils-update-version-toml.yml

PackageVersionLicenseIssue Type
pnpm/action-setup6.*.*NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/pnpm/action-setup 6.*.* 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Maintained🟢 1022 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/pnpm/action-setup 6.*.* 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Maintained🟢 1022 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/pnpm/action-setup 6.*.* 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Maintained🟢 1022 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/pnpm/action-setup 6.*.* 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Maintained🟢 1022 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/ci-mc-gradle-cache.yml
  • .github/workflows/python-test-package.yml
  • .github/workflows/utils-nx-kbve-shell.yml
  • .github/workflows/utils-update-version-toml.yml

@dependabot dependabot Bot force-pushed the dependabot/github_actions/dev/pnpm/action-setup-6 branch from db15157 to 9896db1 Compare April 25, 2026 00:21
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dev/pnpm/action-setup-6 branch 2 times, most recently from d20d68f to 728a1ff Compare May 8, 2026 03:04
@dependabot
build(deps): bump pnpm/action-setup from 5 to 6
4b1f981 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 5 to 6.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v5...v6)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump pnpm/action-setup from 5 to 6 build(deps): bump pnpm/action-setup from 5 to 6 May 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dev/pnpm/action-setup-6 branch from 728a1ff to 4b1f981 Compare May 11, 2026 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@h0lybyte h0lybyte Awaiting requested review from h0lybyte h0lybyte is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

ci CI/CD and GitHub Actions dependencies Pull requests that update a dependency file security Security update This issue is for an update or upgrade.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants