chore: bump the actions group across 1 directory with 5 updates by dependabot[bot] · Pull Request #277 · openfort-xyz/openfort-js

dependabot · 2026-05-07T20:48:06Z

Bumps the actions group with 5 updates in the / directory:

Package	From	To
actions/checkout	`5.0.1`	`6.0.3`
pnpm/action-setup	`5.0.0`	`6.0.8`
actions/setup-node	`6.3.0`	`6.4.0`
actions/upload-artifact	`5.0.0`	`7.0.1`
changesets/action	`1.7.0`	`1.9.0`

Updates actions/checkout from 5.0.1 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

Update changelog by @ericsciple in actions/checkout#2357

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

Update changelog for v6.0.3 by @yaananth in actions/checkout#2446

New Contributors

@yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

... (truncated)

Commits

df4cb1c Update changelog for v6.0.3 (#2446)
1cce339 Fix checkout init for SHA-256 repositories (#2439)
900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
0c366fd Update changelog (#2357)
de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
Additional commits viewable in compare view

Updates pnpm/action-setup from 5.0.0 to 6.0.8

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.8

What's Changed

docs(README): fix cache_dependency_path type by @haines in pnpm/action-setup#257

fix: drop patchPnpmEnv so standalone+self-update works on Windows by @zkochan in pnpm/action-setup#258

fix: update pnpm to 11.1.1 by @mungodewar in pnpm/action-setup#248

New Contributors

@mungodewar made their first contribution in pnpm/action-setup#248

Full Changelog: pnpm/action-setup@v6.0.7...v6.0.8

v6.0.7

What's Changed

fix: honor devEngines.packageManager.onFail=error (#252) by @zkochan in pnpm/action-setup#254

fix: restore inputs from state in post by @haines in pnpm/action-setup#255

fix: self-update bootstrap to packageManager-pinned version (#233) by @zkochan in pnpm/action-setup#256

New Contributors

@haines made their first contribution in pnpm/action-setup#255

Full Changelog: pnpm/action-setup@v6.0.6...v6.0.7

v6.0.6

What's Changed

fix: bin_dest output points to self-updated pnpm, not bootstrap by @zkochan in pnpm/action-setup#249

Full Changelog: pnpm/action-setup@v6.0.5...v6.0.6

v6.0.5

What's Changed

fix: append (not prepend) action node dir to PATH for npm bootstrap by @zkochan in pnpm/action-setup#241

Full Changelog: pnpm/action-setup@v6.0.4...v6.0.5

v6.0.4

What's Changed

fix: use npm co-located with the action node binary by @benquarmby in pnpm/action-setup#239

New Contributors

@benquarmby made their first contribution in pnpm/action-setup#239

Full Changelog: pnpm/action-setup@v6.0.3...v6.0.4

v6.0.3

Updated pnpm to v11.0.0-rc.5

Full Changelog: pnpm/action-setup@v6.0.2...v6.0.3

... (truncated)

Commits

0e279bb fix: update pnpm to 11.1.1 (#248)
3e83581 fix: drop patchPnpmEnv so standalone+self-update works on Windows (#258)
551b42e docs(README): fix cache_dependency_path type (#257)
739bfe4 fix: self-update bootstrap to packageManager-pinned version (#233) (#256)
f61705d chore: add CODEOWNERS
7a5507b fix: restore inputs from state in post (#255)
1155470 fix: honor devEngines.packageManager.onFail=error (#252) (#254)
91ab88e fix: bin_dest output points to self-updated pnpm, not bootstrap (#249)
e578e19 fix: update pnpm to 11.0.4
8912a91 fix: append (not prepend) action node dir to PATH for npm bootstrap (#241)
Additional commits viewable in compare view

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

Upgrade @actions dependencies by @Copilot in actions/setup-node#1525

Update Node.js versions in versions.yml and bump package to v6.4.0 by @priya-kinthali in actions/setup-node#1533

New Contributors

@Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
ab72c7e Upgrade @actions dependencies (#1525)
See full diff in compare view

Updates actions/upload-artifact from 5.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in actions/upload-artifact#719

fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in actions/upload-artifact#744

prepare release v6.0.0 for Node.js 24 support by @salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
Additional commits viewable in compare view

Updates changesets/action from 1.7.0 to 1.9.0

Release notes

Sourced from changesets/action's releases.

v1.9.0

Minor Changes

#636 b072bcc Thanks @bluwy! - Add a new @changesets/action/pr-comment sub-action to comment on PRs

#625 8795eee Thanks @bluwy! - Add a new @changesets/action/pr-status sub-action to generate the changeset status comment for PRs as an alternative to the Changesets Bot.

Patch Changes

#535 34f64f6 Thanks @Andarist! - Fixed an issue with GitHub releases not being created for successfully published packages when some packages failed to be published to the registry.

#632 1d54b9e Thanks @bluwy! - Simplify internal implementation to get changelog entries for a package version

#629 e0c90aa Thanks @bluwy! - Fix custom version and publish command argument parsing

#645 f9585d9 Thanks @Andarist! - Improved force-push handling when using commitMode: "github-api" so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.

v1.8.0

Minor Changes

#258 f5dbf72 Thanks @tom-sherman! - Support draft version PR modes with a new prDraft input. Use create to create new version PRs as drafts, or always to also convert existing version PRs back to draft when updating them.

Patch Changes

#502 6002dbd Thanks @oshytiko! - Fixed initial .changeset state being picked up, when cwd parameter is provided

#536 81b3f61 Thanks @radnan! - Fixed .changeset state being picked for the version command when cwd parameter is provided

Changelog

Sourced from changesets/action's changelog.

@changesets/action

1.9.0

Minor Changes

#636 b072bcc Thanks @bluwy! - Add a new @changesets/action/pr-comment sub-action to comment on PRs

#625 8795eee Thanks @bluwy! - Add a new @changesets/action/pr-status sub-action to generate the changeset status comment for PRs as an alternative to the Changesets Bot.

Patch Changes

#535 34f64f6 Thanks @Andarist! - Fixed an issue with GitHub releases not being created for successfully published packages when some packages failed to be published to the registry.

#632 1d54b9e Thanks @bluwy! - Simplify internal implementation to get changelog entries for a package version

#629 e0c90aa Thanks @bluwy! - Fix custom version and publish command argument parsing

#645 f9585d9 Thanks @Andarist! - Improved force-push handling when using commitMode: "github-api" so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.

1.8.0

Minor Changes

#258 f5dbf72 Thanks @tom-sherman! - Support draft version PR modes with a new prDraft input. Use create to create new version PRs as drafts, or always to also convert existing version PRs back to draft when updating them.

Patch Changes

#502 6002dbd Thanks @oshytiko! - Fixed initial .changeset state being picked up, when cwd parameter is provided

#536 81b3f61 Thanks @radnan! - Fixed .changeset state being picked for the version command when cwd parameter is provided

1.7.0

Minor Changes

#564 935fe87 Thanks @Andarist! - Automatically use the GitHub-provided token to allow most users to avoid explicit GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration.

Patch Changes

#545 54220dd Thanks @ryanbas21! - The .npmrc generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when NPM_TOKEN is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.

#563 6af4a7e Thanks @Andarist! - Don't error on already committed symlinks and executables that stay untouched

1.6.0

Minor Changes

#558 342005d Thanks @harsha-venugopal-ledn! - Upgrade from Node.js 20 to Node.js 24 LTS

... (truncated)

Commits

a45c4d5 v1.9.0
b459b1e Version Packages (#637)
f9585d9 Update @changesets/ghcommit (#645)
020e8cc Use internal bot for versioning (#643)
b072bcc Add simple PR comment sub-action (#636)
8795eee Comment changeset status in PRs (#625)
34f64f6 Fixed an issue with GitHub releases not being created for successfully publis...
1d54b9e Simplify getChangelogEntry (#632)
031358f Update to typescript v6 (#633)
a0c05f7 Bump @changesets/changelog-github from 0.5.2 to 0.7.0 (#620)
Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

vercel · 2026-05-07T20:48:12Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
firebase-auth-embedded-wallet	Ready	Preview, Comment	Jun 4, 2026 8:50pm
openfort-auth-non-custodial	Ready	Preview, Comment	Jun 4, 2026 8:50pm
openfort-js-sdk-solana	Ready	Preview, Comment	Jun 4, 2026 8:50pm
openfort-wagmi-next	Ready	Preview, Comment	Jun 4, 2026 8:50pm

pkg-pr-new · 2026-05-07T20:49:08Z

Open in StackBlitz

npm i https://pkg.pr.new/@openfort/openfort-js@277

commit: 7652f44

Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.1` | `6.0.3` | | [pnpm/action-setup](https://github.com/pnpm/action-setup) | `5.0.0` | `6.0.8` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `7.0.1` | | [changesets/action](https://github.com/changesets/action) | `1.7.0` | `1.9.0` | Updates `actions/checkout` from 5.0.1 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@93cb6ef...df4cb1c) Updates `pnpm/action-setup` from 5.0.0 to 6.0.8 - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@fc06bc1...0e279bb) Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@53b8394...48b55a0) Updates `actions/upload-artifact` from 5.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@330a01c...043fb46) Updates `changesets/action` from 1.7.0 to 1.9.0 - [Release notes](https://github.com/changesets/action/releases) - [Changelog](https://github.com/changesets/action/blob/main/CHANGELOG.md) - [Commits](changesets/action@6a0a831...a45c4d5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: changesets/action dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: pnpm/action-setup dependency-version: 6.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-06-04T20:45:30Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jest@29.7.0
	jsdom@25.0.1
	encoding@0.1.13
	firebase@11.10.0
	axios-retry@4.5.0
	human-id@4.1.3
	ethers@5.8.0
	cors@2.8.6
	bufferutil@4.1.0
	crypto-browserify@3.12.1
	globals@15.15.0
	autoprefixer@10.5.0
	js-cookie@3.0.8
	firebase-admin@13.8.0
	axios@1.16.1

View full report

dependabot Bot added the dependencies Pull requests that update a dependency file label May 7, 2026

vercel Bot deployed to Preview – openfort-wagmi-next May 7, 2026 20:50 View deployment

vercel Bot deployed to Preview – openfort-auth-non-custodial May 7, 2026 20:50 View deployment

vercel Bot deployed to Preview – openfort-js-sdk-solana May 7, 2026 20:51 View deployment

vercel Bot deployed to Preview – firebase-auth-embedded-wallet May 7, 2026 20:53 View deployment

dependabot Bot force-pushed the dependabot/github_actions/actions-6bfeeef63e branch from 6d39886 to a686991 Compare May 21, 2026 20:58

vercel Bot deployed to Preview – openfort-wagmi-next May 21, 2026 21:00 View deployment

vercel Bot deployed to Preview – openfort-auth-non-custodial May 21, 2026 21:03 View deployment

vercel Bot deployed to Preview – firebase-auth-embedded-wallet May 21, 2026 21:05 View deployment

vercel Bot deployed to Preview – openfort-js-sdk-solana May 21, 2026 21:06 View deployment

dependabot Bot force-pushed the dependabot/github_actions/actions-6bfeeef63e branch from a686991 to 7652f44 Compare June 4, 2026 20:44

vercel Bot deployed to Preview – openfort-js-sdk-solana June 4, 2026 20:45 View deployment

vercel Bot deployed to Preview – openfort-auth-non-custodial June 4, 2026 20:47 View deployment

vercel Bot deployed to Preview – openfort-wagmi-next June 4, 2026 20:48 View deployment

vercel Bot deployed to Preview – firebase-auth-embedded-wallet June 4, 2026 20:50 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump the actions group across 1 directory with 5 updates#277

chore: bump the actions group across 1 directory with 5 updates#277
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-6bfeeef63e

dependabot Bot commented on behalf of github May 7, 2026 •

edited

Loading

Uh oh!

vercel Bot commented May 7, 2026 •

edited

Loading

Uh oh!

pkg-pr-new Bot commented May 7, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Jun 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.3

What's Changed

New Contributors

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v6.0.8

What's Changed

New Contributors

v6.0.7

What's Changed

New Contributors

v6.0.6

What's Changed

v6.0.5

What's Changed

v6.0.4

What's Changed

New Contributors

v6.0.3

v6.4.0

What's Changed

Dependency updates:

New Contributors

v7.0.1

What's Changed

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

v6.0.0

v6 - What's new

Node.js 24

What's Changed

v1.9.0

Minor Changes

Patch Changes

v1.8.0

Minor Changes

Patch Changes

@​changesets/action

1.9.0

Minor Changes

Patch Changes

1.8.0

Minor Changes

Patch Changes

1.7.0

Minor Changes

Patch Changes

1.6.0

Minor Changes

Uh oh!

vercel Bot commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pkg-pr-new Bot commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

dependabot Bot commented on behalf of github May 7, 2026 •

edited

Loading

`@changesets/action`

vercel Bot commented May 7, 2026 •

edited

Loading

pkg-pr-new Bot commented May 7, 2026 •

edited

Loading