chore(deps): bump actions/setup-node from 4 to 6

[dependabot]

Bumps actions/setup-node from 4 to 6.

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in actions/setup-node#1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in actions/setup-node#1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in actions/setup-node#1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-node#1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-node#1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-node#1345

New Contributors

• @​priya-kinthali made their first contribution in actions/setup-node#1348
• @​salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• 621ac41 README.md: bump to latest released checkout version v6 (#1446)
• 2951748 Bump @​actions/cache to v5.0.1 (#1449)
• 21ddc7b Correct mirror option typos (#1442)
• 65d868f Update Documentation for Lockfile (#1454)
• 395ad32 Bump js-yaml from 3.14.1 to 3.14.2 (#1435)
• a4d2e2b Bump actions/checkout from 5 to 6 (#1439)
• b9b25d4 Remove always-auth configuration handling from action (#1436)
• 633bb92 Bump @​actions/cache from 4.0.3 to 4.1.0 (#1384)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/setup-node	6.*.*	🟢 6	Details Check Score Reason Maintained 🟢 9 11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 9 binaries present in source code Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches Vulnerabilities 🟢 6 4 existing vulnerabilities detected SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9

Scanned Files

• .github/workflows/ci.yml

[github-actions]

🤖 Auto-Test Results

Check	Status
Linting	✅ Passed
Build	✅ Passed
Tests	✅ Passed
Config Sync	✅ Validated
Environment	✅ Healthy

Automated checks completed at 2026-02-14T03:26:33.849Z