chore(deps): bump denoland/setup-deno from 2.0.4 to 2.0.5#2443
chore(deps): bump denoland/setup-deno from 2.0.4 to 2.0.5#2443dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [denoland/setup-deno](https://github.com/denoland/setup-deno) from 2.0.4 to 2.0.5. - [Release notes](https://github.com/denoland/setup-deno/releases) - [Commits](denoland/setup-deno@667a34c...22d081f) --- updated-dependencies: - dependency-name: denoland/setup-deno dependency-version: 2.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
|
@modelcontextprotocol/client
@modelcontextprotocol/codemod
@modelcontextprotocol/core
@modelcontextprotocol/server
@modelcontextprotocol/server-legacy
@modelcontextprotocol/express
@modelcontextprotocol/fastify
@modelcontextprotocol/hono
@modelcontextprotocol/node
commit: |
There was a problem hiding this comment.
LGTM — routine Dependabot bump of the pinned setup-deno action SHA (2.0.4 → 2.0.5).
Extended reasoning...
Overview
This PR is a Dependabot-generated single-line change in .github/workflows/main.yml, updating the pinned commit SHA for denoland/setup-deno from v2.0.4 (667a34c) to v2.0.5 (22d081f). The version comment remains # v2, consistent with the existing pinning convention used elsewhere in the workflow.
Security risks
Minimal. The action remains pinned to a full commit SHA (not a mutable tag), which is the safest pinning style. The new SHA corresponds to the upstream v2.0.5 release per the Dependabot-provided release notes and commit list. The action is only used in the test-runtimes job's Deno leg and does not touch publish/release workflows or secrets beyond the default job token.
Level of scrutiny
Low. This is CI configuration only — no SDK code, types, transports, or public API surface is affected. It is a within-major patch bump (2.0.4 → 2.0.5) of a widely used first-party Deno action, and the changes upstream (versions.json source change, Node runtime bump for the action) do not alter the workflow's inputs or expected behavior. Per repo conventions on CI/GitHub Actions changes, there is nothing here to flag.
Other factors
No changeset is required for workflow-only changes. The bug hunting system found no issues, and the only timeline activity is the changeset-bot notice, which is expected for a deps PR. CI on the PR will exercise the updated action directly, providing verification that the bump works.
Bumps denoland/setup-deno from 2.0.4 to 2.0.5.
Release notes
Sourced from denoland/setup-deno's releases.
Commits
22d081f2.0.5 (#131)28c677fchore: use versions.json from dl.deno.land (#130)ff4860f2.0.4 (#125)6a293fcfeat: upgrade Node.js runtime from node20 to node24 (#123)390061adocs: fix identifier for latest stable release (#115)bdaa2e4docs: condense Deno version information in one section (#100)e4ff81cdocs: add lts as possible release-channel output (#99)bac1f72Update actions/checkout (#106)2f7698f2.0.3 (#102)ee64dd3fix: switch back to package.json as it's necessary for GH actions (#101)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)