From cff651527aaba326baac405aa61c5d27579f99e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 14:45:48 +0200 Subject: [PATCH] build(deps): bump actions/setup-node from 4 to 5 (#5954) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: https://github.com/actions/setup-node/compare/v4...v5.0.0

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

Full Changeloghttps://github.com/actions/setup-node/compare/v4...v4.4.0

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
by @mifi: See also https://github.com/actions/setup-node/issues/614 .npmrc was added in 9ddd4d907eb72b5b992b7000a235166785d2645f but it's not entirely clear to why, so that's why I added the `rm -f` calls instead. --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: mifi <402547+mifi@users.noreply.github.com> Co-authored-by: Mikael Finstad --- .github/workflows/bundlers.yml | 4 +++- .github/workflows/ci.yml | 10 +++++++--- .github/workflows/e2e.yml | 3 ++- .github/workflows/lockfile_check.yml | 4 +++- .github/workflows/manual-cdn.yml | 4 +++- .github/workflows/release.yml | 15 +++++++++++++-- .npmrc | 1 - 7 files changed, 31 insertions(+), 10 deletions(-) delete mode 100644 .npmrc diff --git a/.github/workflows/bundlers.yml b/.github/workflows/bundlers.yml index 5c2aaa471..e5da8684f 100644 --- a/.github/workflows/bundlers.yml +++ b/.github/workflows/bundlers.yml @@ -22,6 +22,8 @@ jobs: isolate_uppy: name: Isolate Uppy packages runs-on: ubuntu-latest + env: + SKIP_YARN_COREPACK_CHECK: true steps: - name: Checkout sources uses: actions/checkout@v5 @@ -37,7 +39,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn- - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: lts/* - name: Install dependencies diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8be34256e..fee9658a8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,6 +23,8 @@ jobs: unit_tests: name: Tests runs-on: ubuntu-latest + env: + SKIP_YARN_COREPACK_CHECK: true strategy: matrix: node-version: [lts/*] @@ -42,7 +44,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn- - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: ${{matrix.node-version}} - name: Install dependencies @@ -63,6 +65,8 @@ jobs: types: name: Types runs-on: ubuntu-latest + env: + SKIP_YARN_COREPACK_CHECK: true steps: - name: Checkout sources uses: actions/checkout@v5 @@ -79,7 +83,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn- - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: lts/* - name: Install dependencies @@ -97,7 +101,7 @@ jobs: uses: actions/checkout@v5 - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: lts/* - name: Install dependencies diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 00b0dcc6c..69df9ccc0 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -32,6 +32,7 @@ jobs: runs-on: ubuntu-latest env: DIFF_BUILDER: true + SKIP_YARN_COREPACK_CHECK: true outputs: diff: ${{ steps.diff.outputs.OUTPUT_DIFF }} steps: @@ -54,7 +55,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn- - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: lts/* - run: corepack yarn install diff --git a/.github/workflows/lockfile_check.yml b/.github/workflows/lockfile_check.yml index 9334b8201..d2d2d19bf 100644 --- a/.github/workflows/lockfile_check.yml +++ b/.github/workflows/lockfile_check.yml @@ -18,6 +18,8 @@ jobs: lint_lockfile: name: Lint yarn.lock runs-on: ubuntu-latest + env: + SKIP_YARN_COREPACK_CHECK: true steps: - name: Checkout sources uses: actions/checkout@v5 @@ -34,7 +36,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn- - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: lts/* - name: Install dependencies diff --git a/.github/workflows/manual-cdn.yml b/.github/workflows/manual-cdn.yml index 7c6ec3eb4..b798e3b3f 100644 --- a/.github/workflows/manual-cdn.yml +++ b/.github/workflows/manual-cdn.yml @@ -23,6 +23,8 @@ env: jobs: upload: runs-on: ubuntu-latest + env: + SKIP_YARN_COREPACK_CHECK: true steps: - name: Checkout sources uses: actions/checkout@v5 @@ -39,7 +41,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn- - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: lts/* - name: Install upload-to-cdn dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f96b793c8..d28c6b159 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,8 @@ jobs: release: name: Release runs-on: ubuntu-latest + env: + SKIP_YARN_COREPACK_CHECK: true outputs: companionWasReleased: ${{ steps.checkIfCompanionWasReleased.outputs.version }} published: ${{ steps.changesets.outputs.published }} @@ -21,7 +23,7 @@ jobs: fetch-depth: 2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: lts/* @@ -38,10 +40,15 @@ jobs: - name: '@uppy/angular prepublish' run: corepack yarn workspace @uppy/angular prepublishOnly - - run: | + - name: Add npm token to yarnrc + run: | echo '' >> .yarnrc.yml echo 'npmAuthToken: "${NPM_TOKEN}"' >> .yarnrc.yml + - name: Add npm token to npmrc + run: | + echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc + - name: Create Release Pull Request or Publish id: changesets uses: changesets/action@v1 @@ -58,6 +65,10 @@ jobs: run: | sed -i '/npmAuthToken:/d' .yarnrc.yml + - name: Remove npmrc + run: | + rm .npmrc + - name: Check if Companion was released id: checkIfCompanionWasReleased if: steps.changesets.outputs.published == 'true' diff --git a/.npmrc b/.npmrc deleted file mode 100644 index ae643592e..000000000 --- a/.npmrc +++ /dev/null @@ -1 +0,0 @@ -//registry.npmjs.org/:_authToken=${NPM_TOKEN}