chore(deps): update actions/setup-node action to v4.4.0

[renovate-bot-cbcoutinho]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-node	action	minor	v4.1.0 → v4.4.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed

Bug fixes:

• Make eslint-compact matcher compatible with Stylelint by @​FloEdelmann in #​98
• Add support for indented eslint output by @​fregante in #​1245

Enhancement:

• Support private mirrors by @​marco-ippolito in #​1240

Dependency update:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in #​1262

New Contributors

• @​FloEdelmann made their first contribution in #​98
• @​fregante made their first contribution in #​1245
• @​marco-ippolito made their first contribution in #​1240

Full Changelog: actions/setup-node@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

Dependency updates

• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in #​1200
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​gowridurgad in #​1251
• Upgrade @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in #​1203
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot in #​1220

New Contributors

• @​gowridurgad made their first contribution in #​1251

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

• Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @​aparnajyothi-y in #​1174
• Add recommended permissions section to readme by @​benwells in #​1193
• Configure Dependabot settings by @​HarithaVattikuti in #​1192
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in #​1191
• Upgrade pnpm/action-setup from 2 to 4 by @​dependabot in #​1194
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in #​1195
• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in #​1196
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in #​1201
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in #​1205

New Contributors

• @​benwells made their first contribution in #​1193

Full Changelog: actions/setup-node@v4...v4.2.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

PR Review: Update actions/setup-node to v4.4.0

Summary

This PR updates the actions/setup-node GitHub Action from v4.1.0 to v4.4.0 in the CI/CD workflow. This is a dependency update managed by Renovate Bot.

---

✅ Positive Findings

1. Security Best Practice - Pinned Commit SHA

• The update correctly uses commit SHA pinning (49933ea5288caeca8642d1e84afbd3f7d6820020) alongside the version tag
• This prevents potential tag manipulation attacks and ensures reproducible builds
• Follows GitHub Actions security best practices

2. Safe Dependency Update

• Minor version update (v4.1.0 → v4.4.0) with backward-compatible changes
• Release notes show bug fixes and enhancements, no breaking changes:
  • Bug fixes for eslint-compact matcher and indented eslint output
  • Support for private mirrors
  • Dependency updates for @actions/cache and other internal dependencies

3. Minimal Impact

• Single line change in a low-risk area (CI dependency)
• Only affects the Astrolabe build step in the test workflow
• No changes to application code or runtime dependencies

---

🔍 Analysis

Scope of Change:
The change only affects line 54 of .github/workflows/test.yml, specifically the Node.js setup for building the Astrolabe app (a Nextcloud app dependency).

Upgrade Benefits:

• Enhanced eslint output compatibility (more robust CI feedback)
• Private mirror support (useful for enterprise environments)
• Updated internal dependencies (@actions/cache 4.0.2 → 4.0.3)

Risk Assessment: LOW

• No breaking changes between v4.1.0 and v4.4.0
• Node.js version specification remains unchanged (node-version: '20')
• The action continues to serve the same purpose: setting up Node.js for building the Astrolabe app

---

✅ Recommendations

Approve and Merge:
This is a safe, routine dependency update with no security concerns or breaking changes. The update brings bug fixes and enhancements without introducing risk.

Verification:
The CI checks should confirm that:

1. Linting passes (ruff format, ruff check, ty check)
2. Astrolabe app builds successfully with the updated action
3. Integration tests complete successfully

Note: Consider enabling Renovate automerge for low-risk updates like patch/minor version bumps of GitHub Actions to reduce manual review overhead.

---

📊 Overall Assessment

Category	Rating	Notes
Code Quality	✅ Excellent	Proper SHA pinning, follows best practices
Security	✅ No Concerns	Legitimate update from trusted source
Testing	✅ Adequate	CI will validate the change
Risk Level	🟢 LOW	Minor dependency update, no breaking changes
Recommendation	✅ APPROVE	Safe to merge once CI passes

---

Conclusion: This is a well-executed, low-risk dependency update. No concerns identified. Approve and merge once CI checks pass. ✅