ci(deps): bump actions/setup-node from 4 to 6

[dependabot]

Bumps actions/setup-node from 4 to 6.

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @​priyagupta108 in actions/setup-node#1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @​dependabot[bot] in #1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @​dependabot[bot] in #1334
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in actions/setup-node#1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in actions/setup-node#1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-node#1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-node#1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-node#1345

New Contributors

• @​priya-kinthali made their first contribution in actions/setup-node#1348
• @​salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

• 2028fbc Limit automatic caching to npm, update workflows and documentation (#1374)
• 1342781 Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)
• 89d709d Bump prettier from 2.8.8 to 3.6.2 (#1334)
• cd2651c Bump ts-jest from 29.1.2 to 29.4.1 (#1336)
• a0853c2 Bump actions/checkout from 4 to 5 (#1345)
• b7234cc Upgrade action to use node24 (#1325)
• d7a1131 Enhance caching in setup-node with automatic package manager detection (#1348)
• 5e2628c Bumps form-data (#1332)
• 65becef Bump undici from 5.28.5 to 5.29.0 (#1295)
• 7e24a65 Bump uuid from 9.0.1 to 11.1.0 (#1273)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

🔍 Lint Check Results

ESLint Results

> @tryft/echarts@0.1.0 lint
> eslint src --ext ts,tsx --report-unused-disable-directives --max-warnings 0

Prettier Results

> @tryft/echarts@0.1.0 format:check
> prettier --check "src/**/*.{ts,tsx,js,jsx,json,md}"

Checking formatting...
[warn] src/components/GraphChart.tsx
[warn] src/components/TreemapChart.tsx
[warn] src/stories/GaugeChart.stories.tsx
[warn] Code style issues found in 3 files. Run Prettier with --write to fix.

---

This comment was automatically generated by the PR Checks workflow.

[github-actions]

📦 Bundle Size Report

Format	Size	Gzipped	Change
ESM	1664.95 KB	453.44 KB	➡️ No change
UMD	1149.08 KB	379.64 KB	-

Details

• ESM Bundle: Modern ES modules format, tree-shakable
• UMD Bundle: Universal module definition, compatible with CommonJS, AMD, and global variables
• Gzipped sizes represent what users actually download

Size Guidelines

• 🟢 Good: < 100 KB gzipped
• 🟡 Warning: 100-500 KB gzipped
• 🔴 Large: > 500 KB gzipped

Bundle sizes are automatically tracked on every commit to main.

[github-actions]

🚦 Bundle Size Limit Check

✅ ESM Bundle: 453.44KB is within limit of 500KB
✅ UMD Bundle: 379.64KB is within limit of 600KB

These limits help maintain reasonable bundle sizes for end users.

[github-actions]

🔨 Build Check Results

Library Build

> @tryft/echarts@0.1.0 build
> tsc && vite build

vite v6.3.5 building for production...
transforming...
✓ 1145 modules transformed.
rendering chunks...
computing gzip size...
dist/index.esm.js  1,704.91 kB │ gzip: 463.72 kB
dist/index.umd.js  1,176.67 kB │ gzip: 389.89 kB
✓ built in 6.01s
 // Truncate to last 1000 chars

Storybook Build

: 160.65 kB
storybook-static/assets/BaseEChart-BLQ9tw5u.js                1,039.52 kB │ gzip: 344.66 kB
storybook-static/assets/iframe-X-XMsM58.js                    1,279.53 kB │ gzip: 356.83 kB

(!) Some chunks are larger than 500 kB after minification. Consider:
- Using dynamic import() to code-split the application
- Use build.rollupOptions.output.manualChunks to improve chunking: https://rollupjs.org/configuration-options/#output-manualchunks
- Adjust chunk size limit for this warning via build.chunkSizeWarningLimit.
✓ built in 12.60s
info => Preview built (15 s)
info => Output directory: /home/runner/work/tryft-echarts/tryft-echarts/storybook-static

attention => Storybook now collects completely anonymous telemetry regarding usage.
This information is used to shape Storybook's roadmap and prioritize features.
You can learn more, including how to opt-out if you'd not like to participate in this anonymous program, by visiting the following URL:
https://storybook.js.org/telemetry

 // Truncate to last 1000 chars

Test Results

> @tryft/echarts@0.1.0 test
> npm run type-check && npm run lint


> @tryft/echarts@0.1.0 type-check
> tsc --noEmit


> @tryft/echarts@0.1.0 lint
> eslint src --ext ts,tsx --report-unused-disable-directives --max-warnings 0

 // Truncate to last 1000 chars

Bundle Size Analysis

• ESM Bundle: 1664.95 KB
• UMD Bundle: 1149.08 KB

Gzipped Sizes

• ESM Bundle (gzipped): 453.44 KB
• UMD Bundle (gzipped): 379.64 KB

---

This comment was automatically generated by the PR Checks workflow.

[github-actions]

🔀 Merge Simulation Results

Merge Attempt

Automatic merge went well; stopped before committing as requested

Post-Merge Testing

Testing merged state...

> @tryft/echarts@0.1.0 prepare
> husky


added 468 packages in 7m

111 packages are looking for funding
  run `npm fund` for details

> @tryft/echarts@0.1.0 build
> tsc && vite build

vite v6.3.5 building for production...
transforming...
✓ 1145 modules transformed.
rendering chunks...
computing gzip size...
dist/index.esm.js  1,704.91 kB │ gzip: 463.72 kB
dist/index.umd.js  1,176.67 kB │ gzip: 389.89 kB
✓ built in 5.96s

> @tryft/echarts@0.1.0 test
> npm run type-check && npm run lint


> @tryft/echarts@0.1.0 type-check
> tsc --noEmit


> @tryft/echarts@0.1.0 lint
> eslint src --ext ts,tsx --report-unused-disable-directives --max-warnings 0

 // Truncate to last 1500 chars

---

This comment was automatically generated by the PR Checks workflow.

[github-actions]

📋 PR Checks Summary

Check	Status	Result
Lint Check	✅	success
Build Check	✅	success
Merge Simulation	✅	success

🎉 All checks passed! This PR is ready for review.

---

This summary was automatically generated by the PR Checks workflow.

[github-actions]

✅ Security Audit Results

No high/critical vulnerabilities found

📋 View Full Security Audit Report

Security Audit Report

Generated on: Mon Oct 20 10:10:11 UTC 2025

Summary

• Total dependencies: 0
• Development dependencies: 0

Vulnerabilities

No vulnerabilities data

Detailed Audit Output

npm warn audit 503 Service Unavailable - POST https://registry.npmjs.org/-/npm/v1/security/audits/quick - Service Unavailable
{ error: 'Service Unavailable' }
npm error audit endpoint returned an error
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-10-20T10_17_12_208Z-debug-0.log
Audit completed with findings

Potential Fixes

npm warn audit 503 Service Unavailable - POST https://registry.npmjs.org/-/npm/v1/security/audits/quick - Service Unavailable
{ error: 'Service Unavailable' }
npm error audit endpoint returned an error
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-10-20T10_24_12_964Z-debug-0.log
No automatic fixes available

---

This comment was automatically generated by the Security Audit workflow.