Bump pnpm/action-setup from 4.2.0 to 4.3.0 by dependabot[bot] · Pull Request #644 · CodeEditorLand/WebSite

dependabot · 2026-03-11T23:42:58Z

Bumps pnpm/action-setup from 4.2.0 to 4.3.0.

Release notes

Sourced from pnpm/action-setup's releases.

v4.3.0

What's Changed

docs: fix the run_install example in the Readme by @dreyks in pnpm/action-setup#175

chore: remove unused @types/node-fetch dependency by @silverwind in pnpm/action-setup#186

Clarify that package_json_file is relative to GITHUB_WORKSPACE by @chris-martin in pnpm/action-setup#184

feat: store caching by @jrmajor in pnpm/action-setup#188

refactor: remove star imports by @KSXGitHub in pnpm/action-setup#196

fix(ci): exclude macos by @KSXGitHub in pnpm/action-setup#197

New Contributors

@dreyks made their first contribution in pnpm/action-setup#175

@silverwind made their first contribution in pnpm/action-setup#186

@chris-martin made their first contribution in pnpm/action-setup#184

@jrmajor made their first contribution in pnpm/action-setup#188

@Boosted-Bonobo made their first contribution in pnpm/action-setup#199

Full Changelog: pnpm/action-setup@v4.2.0...v4.3.0

Commits

b906aff Revert "feat!: run the action on Node.js 24 (#205)"
9b5745c feat!: run the action on Node.js 24 (#205)
1e1c8ea ci: pin github actions (#199)
b9e1dbc fix(ci): exclude macos (#197)
61bc82c refactor: remove star imports (#196)
e94b270 feat: store caching (#188)
ee7b871 Clarify that package_json_file is relative to GITHUB_WORKSPACE (#184)
3a0024f Remove unused @types/node-fetch dependency (#186)
72f0451 Update README.md (#175)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v4.2.0...v4.3.0) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-03-11T23:44:25Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	zod@4.3.5

View full report

socket-security · 2026-03-11T23:44:27Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `vite` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/@playform/compress@0.2.1` → `npm/solid-devtools@0.34.5` → `npm/astro@5.18.0` → `npm/@astrojs/solid-js@5.1.3` → `npm/vite@6.4.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/vite@6.4.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot · 2026-03-13T23:42:51Z

Superseded by #645.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 11, 2026

dependabot bot closed this Mar 13, 2026

dependabot bot deleted the dependabot/github_actions/pnpm/action-setup-4.3.0 branch March 13, 2026 23:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump pnpm/action-setup from 4.2.0 to 4.3.0#644

Bump pnpm/action-setup from 4.2.0 to 4.3.0#644
dependabot[bot] wants to merge 1 commit intoCurrentfrom
dependabot/github_actions/pnpm/action-setup-4.3.0

dependabot bot commented on behalf of github Mar 11, 2026

Uh oh!

socket-security bot commented Mar 11, 2026

Uh oh!

socket-security bot commented Mar 11, 2026

Uh oh!

dependabot bot commented on behalf of github Mar 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 11, 2026

v4.3.0

What's Changed

New Contributors

Uh oh!

socket-security bot commented Mar 11, 2026

Uh oh!

socket-security bot commented Mar 11, 2026

Uh oh!

dependabot bot commented on behalf of github Mar 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants