Skip to content

chore(deps): bump pnpm/action-setup from 5.0.0 to 6.0.3 in the github-actions group#3495

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-99b2969927
Closed

chore(deps): bump pnpm/action-setup from 5.0.0 to 6.0.3 in the github-actions group#3495
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-99b2969927

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the github-actions group with 1 update: pnpm/action-setup.

Updates pnpm/action-setup from 5.0.0 to 6.0.3

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.3

Updated pnpm to v11.0.0-rc.5

Full Changelog: pnpm/action-setup@v6.0.2...v6.0.3

v6.0.2

What's Changed

New Contributors

Full Changelog: pnpm/action-setup@v6.0.1...v6.0.2

v6.0.1

Update pnpm to v11.0.0-rc.2. pnpm-lock.yaml will not be saved with two documents unless the packageManager is set via devEngines.packageManager. Related issue: pnpm/action-setup#228

v6.0.0

Added support for pnpm v11.

Commits
  • 903f9c1 fix: update pnpm to 11.0.0-rc.5
  • bdf0af2 test: add strict version-match jobs to reproduce #225 / #227
  • 71c9247 fix: pnpm self-update binary shadowed by bootstrap on PATH (#230)
  • 078e9d4 fix: update pnpm to 11.0.0-rc.2
  • 08c4be7 docs(README): update action-setup version
  • 5798914 chore: update .gitignore
  • ddffd66 fix: remove accidentally committed file
  • b43f991 fix: update pnpm to 11.0.0-rc.0
  • 3852509 README.md: bring versions up-to-date (#222)
  • 6e7bdbd chore: bump bootstrap pnpm to 11.0.0-beta.4-1 and add update script
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump pnpm/action-setup in the github-actions group
ccbf5ba 
Bumps the github-actions group with 1 update: [pnpm/action-setup](https://github.com/pnpm/action-setup).


Updates `pnpm/action-setup` from 5.0.0 to 6.0.3
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@fc06bc1...903f9c1)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 1, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 1, 2026

⚠️ No Changeset found

Latest commit: ccbf5ba

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 1, 2026

Thanks for your contribution! We require all external PRs to be opened in draft status first so you can address CodeRabbit review comments and ensure CI passes before requesting a review. Please re-open this PR as a draft. See CONTRIBUTING.md for details.

@github-actions github-actions Bot closed this May 1, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 1, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-99b2969927 branch May 1, 2026 14:13
@nicktrn nicktrn mentioned this pull request May 1, 2026
Merged
nicktrn added a commit that referenced this pull request May 1, 2026
@nicktrn
ci: vouch dependabot[bot] (#3496)
cb94382 
Dependabot's first auto-bump PR (#3495) was auto-closed because
`dependabot[bot]` isn't in the vouch list and isn't exempt from the
require-draft check.

Two changes:

- Add `dependabot[bot]` to `.github/VOUCHED.td` so the vouch check
passes.
- Add `dependabot[bot]` to the require-draft exception in
`vouch-check-pr.yml` (alongside `devin-ai-integration[bot]`) so its PRs
aren't closed for being non-draft.

Without both, dependabot bumps will keep getting closed and we lose the
weekly action update flow that #3494 set up.
@nicktrn
Copy link
Copy Markdown
Collaborator

nicktrn commented May 1, 2026

@dependabot ignore pnpm/action-setup major version

(we had an issue here in a different repo, bug likely not fixed yet)

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 1, 2026

OK, I won't notify you about version 6.x.x of pnpm/action-setup again, unless you unignore it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nicktrn