chore(deps): bump pnpm/action-setup from 5.0.0 to 6.0.0

[dependabot]

Bumps pnpm/action-setup from 5.0.0 to 6.0.0.

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.0

Added support for pnpm v11.

Commits

• 08c4be7 docs(README): update action-setup version
• 5798914 chore: update .gitignore
• ddffd66 fix: remove accidentally committed file
• b43f991 fix: update pnpm to 11.0.0-rc.0
• 3852509 README.md: bring versions up-to-date (#222)
• 6e7bdbd chore: bump bootstrap pnpm to 11.0.0-beta.4-1 and add update script
• 6b87c46 fix: Windows standalone mode — bypass broken npm shims (#217)
• 994d756 feat: read pnpm version from devEngines.packageManager (#211)
• 738f428 docs: upgrade pnpm/action-setup from v4 to v5
• 62bce64 fix: extract pnpm version from packageManager field instead of returning unde...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

Chores

• Updated GitHub Actions workflows to use newer versions of the package manager setup action in automated backup and continuous integration processes for improved build reliability.

[coderabbitai]

📝 Walkthrough

Walkthrough

GitHub Actions workflow files are updated to use pnpm/action-setup version v6.0.0 instead of v4.4.0. The configured pnpm installation version remains unchanged at 9.15.0.

Changes

Cohort / File(s)	Summary
pnpm Action Setup Version Updates .github/workflows/backup-restore-weekly.yml, .github/workflows/ci.yml	Updated pnpm/action-setup action reference from v4.4.0 to v6.0.0 across workflow jobs while maintaining pnpm version 9.15.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Hop hop, the versions take flight,
From v4.4 to v6.0, all feels right,
pnpm's ready, steady, and true,
A simple update makes workflows anew! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description lacks required template sections including Summary, Linked Plan/Issue, Change Type checkbox, and Validation checklist items.	Fill out the PR description template with required sections: add a summary of changes, mark the 'chore' checkbox, and complete relevant validation items.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: bumping pnpm/action-setup from v5 to v6 across workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/github_actions/pnpm/action-setup-6.0.0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/backup-restore-weekly.yml:
- Around line 46-48: Update the pnpm/action-setup reference to a known-good
release so the specified version input (version: 9.15.0) is honored; either
change the tag to the stable v5 release (pnpm/action-setup@v5.0.0) or pin the
working v6 commit hash provided
(pnpm/action-setup@2e223e0f0d2b8fd9872cbadb8b7428e5f8b5556d) and remove the
incorrect commit hash (08c4be7e2e672a47d11bd04269e27e5f3e8529cb) currently used
with pnpm/action-setup so the action no longer installs pnpm v11 regardless of
the version input.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 98db2681-0660-42e0-9bc4-f002a1749037

📥 Commits

Reviewing files that changed from the base of the PR and between ba5bf3c and d93ffba.

📒 Files selected for processing (2)

• .github/workflows/backup-restore-weekly.yml
• .github/workflows/ci.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the commit hash matches the v6.0.0 tag in pnpm/action-setup

# Fetch the commit hash for v6.0.0 tag
curl -s https://api.github.com/repos/pnpm/action-setup/git/ref/tags/v6.0.0 | jq -r '.object.sha'

echo "Expected: 08c4be7e2e672a47d11bd04269e27e5f3e8529cb"

Repository: sebastianspicker/cueq

Length of output: 156

---

🌐 Web query:

pnpm/action-setup v6.0.0 release notes breaking changes

💡 Result:

pnpm/action-setup v6.0.0 was released recently (around early April 2026 based on nearby tags like 10 Apr). Official release notes are available on the GitHub releases page, but specific details for v6.0.0 are not fully detailed in search snippets. From context: Key changes in recent versions (v5.0.0 and prior, likely carried or similar): - Updated to use Node.js 24 (feat!: run the action on Node.js 24). A major known issue with v6 (including v6.0.0): The action does not respect the specified pnpm version input and always installs pnpm v11 (e.g., 11.0.0-beta.4-1), even if version: 10 is set. This is a confirmed bug reported on 2026-04-11, open as of 2026-04-13. Workaround: Pin to a specific working commit like 2e223e0f0d2b8fd9872cbadb8b7428e5f8b5556d # v6. No other explicit breaking changes listed distinctly for v6.0.0; check https://github.com/pnpm/action-setup/releases/tag/v6.0.0 for full notes. Prior versions had non-breaking docs updates, caching feats, package.yaml support.

Citations:

• 1: https://github.com/pnpm/action-setup/releases
• 2: action-setup@v6 does not take the requested pnpm version into account pnpm/action-setup#225
• 3: https://github.com/pnpm/action-setup/tags
• 4: Bump pnpm/action-setup from 4 to 5 actions/setup-node#1513
• 5: https://github.com/pnpm/action-setup/

---

🌐 Web query:

pnpm/action-setup v6.0.0 compatibility with pnpm 9.15.0

💡 Result:

pnpm/action-setup v6.0.0 is compatible with pnpm 9.15.0 in principle, as the action's tests were updated to use pnpm 9.15.5 and 9.15.0 around February 2025 (commit fff7088), and it supports specifying exact versions like "9.15.0" via the 'version' input. The action fetches and installs the requested pnpm version from the npm registry or as specified. However, there is a critical bug in v6.0.0: it ignores the specified 'version' input and always installs pnpm v11 (e.g., 11.0.0-beta.4-1), as reported in open GitHub issue #225 opened on 2026-04-11 (still active as of 2026-04-13). Workarounds include pinning to a specific commit hash like 2e223e0f0d2b8fd9872cbadb8b7428e5f8b5556d labeled as "# v6". Official releases list latest as v5.0.0 (2026-03-17), but v6.0.0 exists as a Git tag. For reliable use with pnpm 9.15.0, use v5 or pin to a working v6 commit. Official docs and CI examples recommend versions up to pnpm 10.

Citations:

• 1: action-setup@v6 does not take the requested pnpm version into account pnpm/action-setup#225
• 2: pnpm/action-setup@fff7088
• 3: pnpm/action-setup@fe02b34...41ff726
• 4: https://github.com/pnpm/action-setup
• 5: https://github.com/pnpm/action-setup/releases
• 6: https://github.com/pnpm/action-setup/tags

---

Fix action version and commit hash — v6.0.0 has a critical bug.

The commit hash 08c4be7e2e672a47d11bd04269e27e5f3e8529cb does not match the v6.0.0 tag (actual: f3d73ada1fa6e5c0c19973ff70a3f5cabf225cc5). More critically, pnpm/action-setup@v6.0.0 contains a known bug that ignores the version input and always installs pnpm v11, regardless of the specified version. This means version: 9.15.0 will not be respected.

Solutions:

• Downgrade to v5.0.0 (latest stable release)
• Or pin to a working v6 commit hash: 2e223e0f0d2b8fd9872cbadb8b7428e5f8b5556d # v6

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/backup-restore-weekly.yml around lines 46 - 48, Update the
pnpm/action-setup reference to a known-good release so the specified version
input (version: 9.15.0) is honored; either change the tag to the stable v5
release (pnpm/action-setup@v5.0.0) or pin the working v6 commit hash provided
(pnpm/action-setup@2e223e0f0d2b8fd9872cbadb8b7428e5f8b5556d) and remove the
incorrect commit hash (08c4be7e2e672a47d11bd04269e27e5f3e8529cb) currently used
with pnpm/action-setup so the action no longer installs pnpm v11 regardless of
the version input.