chore(deps): Bump pnpm/action-setup from 4 to 6#19
Conversation
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4 to 6. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v4...v6) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
🛡️ Eitri — the forge's second smith
🔒 Security scan
Ran semgrep, trivy · scoped to changed files · 0 blocking, 0 total.
No security findings in the changed files. ✅
VERDICT: APPROVE
This is a routine GitHub Actions dependency bump from pnpm/action-setup@v4 to v6. The workflow is minimal (typecheck + build), and the packageManager: "pnpm@9.15.0" field in package.json satisfies the action's version-detection in both v4 and v6 — no version: input is needed. The security scan is clean, no configuration inputs changed, and the rest of the workflow (checkout, setup-node, cache, install, typecheck, build) is unaffected.
Findings
No blocking issues found.
There was a problem hiding this comment.
🛡️ Eitri — the forge's second smith
🔒 Security scan
Ran trivy · skipped semgrep (not installed) · scoped to changed files · 0 blocking, 0 total.
No security findings in the changed files. ✅
⚠️ scanner errors: trivy: Command failed: trivy fs --quiet --scanners=vuln,secret --format=json --timeout=5m --no-progress .
2026-07-08T00:39:57Z FATAL Fatal error run error: init error: DB error: failed to download vulnerabil
VERDICT: APPROVE
This PR bumps pnpm/action-setup from v4 to v6 in the CI workflow. The change is a straightforward dependency update for a GitHub Actions action. The project uses pnpm@9.15.0 (per package.json), Node 22, and this action is used solely to set up pnpm in the workflow environment. Version 6 of pnpm/action-setup is a recent stable release that maintains compatibility with pnpm v9.x and should integrate seamlessly with the existing setup. The change is safe and addresses security/maintenance concerns by keeping the action dependency current.
Findings
No blocking issues found.
Fecha os dois itens que faltavam do backlog: - #3/#19: escala tipográfica (--t-section 11 · body 14 · title 15/600 · desc 13) aplicada aos papéis recorrentes (nav, tabs, bubbles, títulos/sub de painel) - #2/#24: valores soltos (11/17/29px) das superfícies de alto tráfego snapados na ladder --sp-* (sidebar, nav-label, bubble, preview-msg) Validado ao vivo no Chrome (injeção CSS, dark + light) na tela do Sindri. Backlog de refinamento FECHADO. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bumps pnpm/action-setup from 4 to 6.
Release notes
Sourced from pnpm/action-setup's releases.
Commits
0ebf471fix: update pnpm to v11.7.0 (#267)0e279bbfix: update pnpm to 11.1.1 (#248)3e83581fix: drop patchPnpmEnv so standalone+self-update works on Windows (#258)551b42edocs(README): fixcache_dependency_pathtype (#257)739bfe4fix: self-update bootstrap to packageManager-pinned version (#233) (#256)f61705dchore: add CODEOWNERS7a5507bfix: restore inputs from state in post (#255)1155470fix: honor devEngines.packageManager.onFail=error (#252) (#254)91ab88efix: bin_dest output points to self-updated pnpm, not bootstrap (#249)e578e19fix: update pnpm to 11.0.4Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)