chore(deps): bump actions/setup-node from 4 to 5 in /.github/workflows

[dependabot]

Bumps actions/setup-node from 4 to 5.

Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in actions/setup-node#1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in actions/setup-node#1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-node#1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-node#1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-node#1345

New Contributors

• @​priya-kinthali made their first contribution in actions/setup-node#1348
• @​salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

What's Changed

Bug fixes:

• Make eslint-compact matcher compatible with Stylelint by @​FloEdelmann in actions/setup-node#98
• Add support for indented eslint output by @​fregante in actions/setup-node#1245

Enhancement:

• Support private mirrors by @​marco-ippolito in actions/setup-node#1240

Dependency update:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in actions/setup-node#1262

New Contributors

• @​FloEdelmann made their first contribution in actions/setup-node#98
• @​fregante made their first contribution in actions/setup-node#1245
• @​marco-ippolito made their first contribution in actions/setup-node#1240

Full Changelog: actions/setup-node@v4...v4.4.0

... (truncated)

Commits

• a0853c2 Bump actions/checkout from 4 to 5 (#1345)
• b7234cc Upgrade action to use node24 (#1325)
• d7a1131 Enhance caching in setup-node with automatic package manager detection (#1348)
• 5e2628c Bumps form-data (#1332)
• 65becef Bump undici from 5.28.5 to 5.29.0 (#1295)
• 7e24a65 Bump uuid from 9.0.1 to 11.1.0 (#1273)
• 08f58d1 Bump @​octokit/request-error and @​actions/github (#1227)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[changeset-bot]

🦋 Changeset detected

Latest commit: 6347789

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
docs-diary	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[what-the-diff]

PR Summary

• Upgrade to the Node.js Setup Action
  This PR brings an update to our GitHub Actions workflow. Specifically, we have upgraded the setup action for Node.js from version 4 to version 5. This update will enable us to benefit from the latest improvements and features provided in the new version, helping improve the efficiency and reliability of our automated workflows.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/setup-node	5.*.*	🟢 5.7	Details Check Score Reason Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 9 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities 🟢 8 2 existing vulnerabilities detected

Scanned Files

• .github/workflows/release.yml