chore(deps): update extractions/setup-just action to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
extractions/setup-just	action	major	v3 → v4

---

Release Notes

extractions/setup-just (extractions/setup-just)

v4.0.0

Compare Source

v4

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying control-layer with    Cloudflare Pages

Latest commit:	fb63277
Status:	✅  Deploy successful!
Preview URL:	https://39d686b1.control-layer.pages.dev
Branch Preview URL:	https://renovate-extractions-setup-j.control-layer.pages.dev

View logs

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the CI and release workflows. This is a routine dependency maintenance update.

Verdict: Approved — Low-risk change with no breaking changes detected.

Research notes

Fetched the extractions/setup-just GitHub repository:

• v4 release date: April 5, 2026
• Usage pattern unchanged: The basic usage (uses: extractions/setup-just@v4) is identical to v3
• Same inputs available: just-version (optional semver) and github-token (optional, defaults to github.token)
• Action type: Composite action using @extractions/setup-crate library
• Repository health: 50 commits, 148 stars, active maintenance
• Licenses: Dual-licensed under Apache-2.0 and MIT

The action's README confirms backward-compatible usage between v3 and v4.

Suggested next steps

1. Merge as-is — No changes required. This is a straightforward version bump with no workflow modifications needed.
2. Monitor first CI run — As with any action update, verify the workflows complete successfully after merge (standard practice).

General findings

None. The changes are correctly applied to all 4 occurrences of the action reference, maintaining consistency across both workflow files.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (ci.yaml and release.yml). The action installs the just command runner and is used in 4 places total.

Verdict: Approved - this is a routine, low-risk dependency update managed by Renovate.

Research notes

• Action repository: extractions/setup-just
• v4 release date: April 5, 2026
• License: Dual MIT/Apache-2.0 licensed
• Current implementation: The action is a composite action that delegates to extractions/setup-crate@v2.0.0 (pinned by SHA) to install the just binary from casey/just
• Breaking changes: No explicit breaking changes documented in the release notes beyond the major version increment. The usage pattern (uses: extractions/setup-just@v4) remains identical to v3.
• Inputs unchanged: The action accepts optional just-version and github-token inputs, same as v3.

The major version bump likely reflects internal refactoring or the underlying setup-crate dependency versioning rather than user-facing API changes.

Suggested next steps

1. Merge as-is - This is a safe, routine update. The action has an established maintainer, clear licensing, and the change is non-breaking for current usage patterns.
2. Monitor CI - After merge, verify that workflows complete successfully (standard practice for any action update).

General findings

None. The change is exactly what it claims to be: a straightforward version bump for a well-maintained, low-risk utility action. All four occurrences of extractions/setup-just@v3 have been consistently updated to @v4.

[doubleword-code]

Summary

This PR upgrades the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The v4 release primarily updates the underlying setup-crate library to support Node.js 24, which aligns well with this project's existing use of Node 24 in CI. No breaking changes or API modifications were identified.

Verdict: Ready to approve - this is a low-risk, routine dependency update.

Research notes

Fetched documentation from the extractions/setup-just repository:

• v4 released: April 5, 2026 by maintainer @rossmacarthur
• Key change: Update to setup-crate with Node 24 support (commit cf2bee9)
• Usage unchanged: The action syntax remains uses: extractions/setup-just@v4 with identical inputs
• Project compatibility: This repo already uses actions/setup-node@v6 with node-version: "24", making this update consistent with existing CI configuration

Suggested next steps

1. Approve the PR after confirming CI workflows pass with the new action version.
2. No additional changes required.

General findings

None identified. This is a clean, single-purpose dependency update.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 occurrences in two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change is straightforward with no breaking changes to the public API.

Verdict: Ready to approve — This is a safe, low-risk dependency update.

Research notes

I investigated the differences between v3 and v4 of the extractions/setup-just action:

1. Release date: v4 was released on April 5, 2026 (release page)

2. Technical diff: The only change is an internal dependency update:

   • v3: extractions/setup-crate@4993624604c307fbca528d28a3c8b60fa5ecc859 (v1.4.0)
   • v4: extractions/setup-crate@0551596312d4008a6dfbc4d3c38fa20eaef46d2d (v2.0.0)

   Source: v3 action.yaml vs v4 action.yaml

3. No breaking changes: The action's public interface remains identical:

   • Same inputs (just-version, github-token)
   • Same default behavior (installs latest just version)
   • Same composite action structure

4. Action health: Well-maintained project (148 stars, active maintenance), dual-licensed (Apache-2.0/MIT), uses pinned commit SHAs for dependencies (good security practice).

Suggested next steps

1. Merge this PR — no changes required.

General findings

None. The change is exactly what it claims to be: a routine major-version bump of a GitHub Action where the vendor chose to increment the major version due to an internal dependency update, not due to any breaking changes in the public API.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). This is a routine dependency update brought by Renovate.

Verdict: Ready to approve.

Research notes

I researched the extractions/setup-just action to understand what changed between v3 and v4:

• v4 release: Published April 5, 2026 by the same maintainer (@rossmacarthur)
• Key changes: Upgrade to @extractions/setup-crate with Node 24 runtime support (commit cf2bee9)
• No breaking API changes: The action maintains the same inputs (just-version, github-token) and behavior
• No security advisories: Checked GitHub Advisory Database - no known vulnerabilities for this action
• Repository health: 148 stars, actively maintained, dual-licensed (Apache-2.0/MIT)

Suggested next steps

1. Approve and merge - This is a safe, routine dependency update with no identified risks.

General findings

None. The change is straightforward and low-risk:

• All four occurrences of extractions/setup-just@v3 are correctly updated to extractions/setup-just@v4
• The workflows don't use any optional inputs that might have changed behavior
• The just tool installation will continue to work identically from the workflow perspective
• No code changes required elsewhere in the repository

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the workflow files. This is a Renovate-generated dependency update.

Verdict: Approved — The change is straightforward and safe to merge.

Research notes

I reviewed the extractions/setup-just repository to understand what changed between v3 and v4:

• v4 release date: April 5, 2026
• API surface: Identical — same inputs (just-version, github-token) with same defaults
• Implementation: v4 uses extractions/setup-crate@v2.0.0 (pinned commit) as its underlying installer
• Usage pattern: - uses: extractions/setup-just@v4 remains valid without any with: parameters

The action.yaml shows no breaking changes to the interface. The workflows in this repo use the action without any custom inputs, relying on default behavior (install latest just version using the default GitHub token).

Suggested next steps

1. Merge this PR — no changes required.
2. Consider enabling Dependabot/Renovate auto-merge for minor/patch GitHub Actions updates to reduce review overhead for similar routine updates.

General findings

No issues found. The update is applied consistently across all 4 occurrences:

• .github/workflows/ci.yaml: 3 locations (frontend-test, backend-test, e2e-test-docker jobs)
• .github/workflows/release.yml: 1 location (publish-crates job)

All usages follow the same pattern and will continue to work correctly with v4.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across three workflow files. The change is a routine dependency upgrade managed by Renovate.

Verdict: Ready to approve - this is a safe, non-breaking update.

Research notes

I investigated what changed between v3 and v4 of extractions/setup-just:

• Repository: extractions/setup-just
• Key finding: The only substantive change is an internal dependency update:
  • v3 used: extractions/setup-crate@v1.4.0 (running on Node 20)
  • v4 uses: extractions/setup-crate@v2.0.0 (running on Node 24)

The setup-crate v2.0.0 release only changed using: 'node20' → using: 'node24' in its action.yaml. All inputs, outputs, and behavior remain identical.

Compatibility check: The workflows in this repository already use Node 24 (actions/setup-node@v6 with node-version: "24"), so there are no compatibility concerns.

Suggested next steps

1. Merge this PR as-is - the change is safe and follows best practices for keeping GitHub Actions up to date.

General findings

None. The change is exactly what it claims to be: a version bump from v3 to v4 with no functional changes affecting this repository's usage pattern.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change is a routine dependency upgrade with no functional changes required.

Verdict: Ready to approve - this is a safe, straightforward version bump.

Research notes

Fetched the upstream repository at https://github.com/extractions/setup-just:

• v4 release date: April 5, 2026
• Breaking changes: None indicated in the README - usage syntax is identical between v3 and v4
• Inputs remain the same: just-version (optional semver) and github-token (optional, defaults to ${{ github.token }})
• License: Dual-licensed under Apache-2.0 and MIT (both permissive and compatible with this project)
• The action is a composite action using the shared library @extractions/setup-crate

Suggested next steps

1. Merge this PR if CI passes - no code changes required.

General findings

None. This is a clean, low-risk dependency update that follows standard Renovate bot conventions. All four occurrences of the action have been updated consistently.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 in two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change is a straightforward dependency bump that keeps the CI infrastructure up to date.

Verdict: Ready to approve — this is a safe, non-breaking update.

Research notes

I reviewed the extractions/setup-just repository to understand what changed between v3 and v4:

1. v4 release (April 5, 2026): The major version bump primarily upgrades the underlying setup-crate library to support Node 24 (commit). This aligns well with this repo's workflows, which already use Node 24 via actions/setup-node@v6.

2. No breaking changes for end users: The action's interface remains unchanged — it still accepts the same inputs (just-version, github-token) with the same defaults. The usage syntax is identical (uses: extractions/setup-just@v4).

3. Action credibility: The action has ~150 stars, is actively maintained, and releases are GPG-signed by the maintainer (@rossmacarthur). It's dual-licensed under Apache-2.0 and MIT.

4. Consistency check: All other actions in these workflows are at their latest versions (actions/checkout@v6, pnpm/action-setup@v5, docker/login-action@v4, etc.), so this update maintains consistency across the CI infrastructure.

Suggested next steps

1. Approve and merge — No changes required. This is a routine dependency update with no identified risks.

General findings

No issues found. The four occurrences of extractions/setup-just@v4 are correctly placed:

• .github/workflows/ci.yaml: Lines 35, 137, 349 (frontend-test, backend-test, e2e-test-docker jobs)
• .github/workflows/release.yml: Line 117 (publish-crates job)

All usages follow the simple pattern without custom inputs, relying on the default behavior (install latest just version using the GitHub token for rate-limit avoidance).

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across all workflow files. The change is applied consistently in 4 locations: 3 instances in .github/workflows/ci.yaml and 1 instance in .github/workflows/release.yml.

Verdict: Ready to approve. This is a routine dependency update with no breaking changes to the action's interface.

Research notes

I reviewed the following sources:

1. setup-just v4 README - Confirmed the action interface remains unchanged:

   • Inputs: just-version (optional semver specifier), github-token (optional, defaults to ${{ github.token }})
   • Usage pattern: - uses: extractions/setup-just@v4 (same as v3)

2. Release v4 - Released April 5, 2026 by @rossmacarthur (verified commit)

3. Diff between v3 and v4 action.yaml - The only internal change is the underlying extractions/setup-crate dependency:

   • v3: extractions/setup-crate@4993624604c307fbca528d28a3c8b60fa5ecc859 (v1.4.0)
   • v4: extractions/setup-crate@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3 (v2.0.0)

The action's public API (inputs, outputs, behavior) is unchanged - this is a major version bump driven by the internal dependency update, not a breaking change for consumers.

Suggested next steps

1. Merge this PR - No code changes required. The update is safe and follows best practices for GitHub Actions versioning (pinning to major versions).

2. Consider enabling Renovate auto-merge - For low-risk dependency updates like this, auto-merge could reduce reviewer burden.

General findings

None. The change is exactly what it claims to be: a straightforward action version update with no side effects or regressions expected.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across all workflow files (3 occurrences in ci.yaml, 1 in release.yml). Based on my review of the action's documentation, this is a straightforward major version bump with no breaking changes to the basic usage pattern. The action continues to support the same inputs (just-version, github-token) and the default usage (uses: extractions/setup-just@v4) remains identical to v3.

Verdict: Ready to approve - this is a routine dependency update with no identified risks.

Research notes

Fetched the official repository README at https://github.com/extractions/setup-just which confirms:

• v4 was released on Apr 5, 2026
• Usage syntax remains unchanged: uses: extractions/setup-just@v4
• Same inputs supported: just-version (optional semver spec) and github-token (optional, defaults to ${{ github.token }})
• The action is a composite action using shared library logic from @extractions/setup-crate
• Licensed under Apache-2.0 and MIT (dual-licensed, matching the project's own licensing)

None of the workflows in this PR specify custom inputs - they all use the default behavior which installs the latest version of just. This usage pattern is identical between v3 and v4.

General findings

No issues found. The change is minimal and low-risk:

• All 4 occurrences are updated consistently
• No custom parameters are used that could have changed between versions
• The action has 150 stars and appears actively maintained (50 commits, recent release)

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the CI and release workflows. The change is a routine dependency upgrade performed by Renovate.

Verdict: Ready to approve - this is a low-risk maintenance update.

Research notes

Fetched the action's GitHub page and v4 release notes:

• v4 released: April 5, 2026 by Ross MacArthur (GPG verified commit 53165ef)
• Usage unchanged: The README confirms the same syntax works for v4: uses: extractions/setup-just@v4 with optional just-version and github-token inputs
• No breaking API changes: The action is a composite action wrapping @extractions/setup-crate, and the public interface remains identical
• Dual licensed: Apache-2.0 and MIT licenses confirmed

Suggested next steps

1. Merge this PR after confirming CI passes with the updated action version.

General findings

None. This is a straightforward dependency bump with no identified issues. The workflows using this action (frontend-test, backend-test, e2e-test-docker, publish-crates) all use the action in the same simple form without custom inputs, so there's no risk of input compatibility issues.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). This is a Renovate-managed dependency update.

Verdict: Approved – this is a routine, low-risk dependency update with no breaking changes to the action's API.

Research notes

I reviewed the extractions/setup-just repository to understand what changed between v3 and v4:

• v4 release date: April 5, 2026
• Key changes: The v4 tag includes commits that upgrade to the latest setup-crate library, which itself was updated to support Node.js 24 (commit cf2bee9)
• API compatibility: The action maintains the same interface with two optional inputs: just-version and github-token. No breaking changes to the action signature.
• Repository alignment: This repo already uses Node.js 24 in its workflows (actions/setup-node@v6 with node-version: "24"), so the underlying runtime change is consistent with existing configuration.

The action README confirms the usage pattern remains unchanged: uses: extractions/setup-just@v4.

Suggested next steps

1. Merge this PR as-is – the update is safe and keeps the CI infrastructure current.
2. Consider enabling Renovate auto-merge for minor/patch GitHub Actions updates to reduce review overhead for similar changes.

General findings

No issues found. The changes are consistent across all four occurrences (three in ci.yaml, one in release.yml), and the version bump follows semantic versioning conventions for GitHub Actions (major version tag for potentially breaking changes, though none apply here).

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change affects 4 occurrences total.

Verdict: Ready to approve – this is a standard dependency update with no breaking changes detected.

Research notes

• Fetched the setup-just README – confirms v4 was released on Apr 5, 2026, with identical usage syntax and inputs (just-version, github-token)
• The action is a composite action delegating to @extractions/setup-crate (currently at v2)
• No breaking changes documented between v3 and v4; the interface remains backward compatible
• No security advisories found for this action

Suggested next steps

1. Approve and merge – This is a low-risk dependency update that follows Renovate's automated version bumping best practices.
2. Consider enabling Dependabot/Renovate auto-merge for such trivial updates if not already configured.

General findings

None. The change is straightforward and all occurrences of the action have been consistently updated.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 occurrences in the CI and release workflows. This is a straightforward dependency update maintained by Renovate.

Verdict: Ready to approve - this is a safe, routine maintenance update.

Research notes

I researched the upstream repository and release information:

1. Repository status: The action is well-maintained with 150 stars and active development (GitHub)

2. v4 release: Released April 5, 2026, as version 4.0.0 (Release v4)

3. Interface compatibility: The action's public interface remains unchanged - it still accepts the same inputs:

   • just-version: Optional semver specifier for the just version
   • github-token: Optional token for API authentication (defaults to ${{ github.token }})

4. Internal changes: v4 uses extractions/setup-crate@v2.0.0 internally (pinned to commit 53165ef), but this is an implementation detail that doesn't affect usage.

5. Open issues: Only 2 minor open issues exist (checksum pinning feature request, API rate limiting discussion) - neither affects v4 adoption.

Suggested next steps

No action required. This update follows GitHub Actions best practices of pinning to major versions while staying current with security and bug fixes.

General findings

None. The change is minimal, low-risk, and follows standard dependency update patterns for GitHub Actions.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across all workflow files (ci.yaml and release.yml). This is a routine dependency update managed by Renovate.

Verdict: Approved — this is a safe, non-breaking update.

Research notes

I reviewed the setup-just repository to understand what changed between v3 and v4:

• v4 release (April 5, 2026): The changelog indicates v4.0.0 includes:

  • Upgrade to latest setup-crate (the shared library powering the action)
  • Update to Node 24 runtime
  • Bump of actions/checkout from v5 to v6 in the action's own CI

• The README confirms the usage syntax remains identical: uses: extractions/setup-just@v4 with optional just-version and github-token inputs.

• This repository does not use either optional input, relying on defaults (latest just version and the automatic github.token for rate limit avoidance).

Suggested next steps

1. Merge as-is — No changes required. The update is straightforward and maintains backward compatibility.
2. Optional follow-up: Consider pinning to a specific just-version in workflows if reproducible builds are a priority (currently uses * default, which installs the latest version).

General findings

No issues identified. The PR correctly updates all 4 occurrences of the action:

• .github/workflows/ci.yaml: lines 35, 137, 349 (frontend-test, backend-test, e2e-test-docker jobs)
• .github/workflows/release.yml: line 117 (publish-crates job)

The major version bump (v3 → v4) follows semantic versioning conventions for GitHub Actions, where the major version tag points to the latest compatible minor/patch releases. This ensures stability while receiving updates.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 in two workflow files. After reviewing the changes and researching both versions, this is a safe, non-breaking update.

Verdict: Ready to approve – no changes required.

Research notes

I examined the action.yaml for both v3 and v4:

• v3 internals: Used extractions/setup-crate@v1.4.0
• v4 internals: Uses extractions/setup-crate@v2.0.0

The public interface (inputs: just-version, github-token) is identical between versions. The major version bump reflects an internal dependency upgrade in the composite action, not a breaking change in the external API.

Relevant references:

• setup-just v4 source
• setup-just v3 source
• setup-crate v2.0.0 release

Suggested next steps

1. Merge this PR – the update is safe and follows semantic versioning best practices by pinning to a major version tag.

General findings

None. The change is exactly what it claims to be: a straightforward dependency version bump with no side effects.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across both CI and release workflows. This is a routine dependency maintenance update.

Verdict: Ready to approve - low-risk change with no functional impact.

Research notes

Fetched the action repository:

• v4 released April 5, 2026
• Basic usage pattern unchanged: uses: extractions/setup-just@v4
• Optional inputs (just-version, github-token) remain the same
• The action is a composite action using shared library logic from @extractions/setup-crate

The workflows use the default installation pattern without specifying version pins, which aligns with the documented usage examples.

Suggested next steps

1. Approve and merge - This is a standard dependency update with no code changes required elsewhere.
2. Consider monitoring the first CI run after merge to confirm the action works as expected (though risk is minimal).

General findings

No issues identified. The change is:

• Backwards compatible: Same invocation syntax, no input changes required
• Consistent: All 4 occurrences across both workflow files updated uniformly
• Low risk: The action only installs a tool; it doesn't modify build logic or test behavior

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across all 4 occurrences in the workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). This is a routine dependency update generated by Renovate.

Verdict: Approved — The change is straightforward and safe to merge.

Research notes

• Action repository: extractions/setup-just — v4 was released on April 5, 2026
• Usage remains unchanged: The action continues to work with the simple uses: extractions/setup-just@v4 syntax without any required configuration changes
• No breaking changes for current usage: The README and release page show no breaking changes that would affect the basic installation pattern used in this repository
• All instances updated consistently: All 4 references across 2 workflow files have been updated from @v3 to @v4

Suggested next steps

1. Merge this PR to keep the CI workflows using the latest supported version of the action
2. No additional testing required — the action simply installs the just command runner and doesn't affect application logic

General findings

No issues identified. This is a clean, low-risk dependency update:

• The setup-just action is a thin wrapper that installs the just command runner
• Major version bumps in GitHub Actions typically indicate internal changes (e.g., Node.js runtime updates) rather than API changes
• The action's inputs remain backward compatible (just-version, github-token)
• All workflow files have been updated consistently

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 occurrences in two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). This is a routine dependency update from Renovate.

Verdict: Ready to approve - this is a low-risk, straightforward version bump with no breaking changes for the current usage pattern.

Research notes

I investigated what changed between v3 and v4 of extractions/setup-just:

1. V4 release info (GitHub releases): Released April 5, 2026 by Ross MacArthur (the original maintainer). No release notes provided.

2. Actual diff (v3...v4 comparison): The only substantive change is in action.yaml:

   • Updates internal dependency extractions/setup-crate from v1.4.0 to v2.0.0
   • Also updates actions/checkout from v5 to v6 in the action's own test workflows

3. setup-crate@v2 (repository): The underlying crate installer action:

   • Maintains backward-compatible API (still accepts repo, version, github-token inputs)
   • Same maintainer (Ross MacArthur)
   • 20 stars, actively maintained
   • Uses consolidated repo: owner/name@version format internally, but still supports deprecated separate inputs

4. Current usage: This project uses the simple form uses: extractions/setup-just@v4 without any custom inputs, which means:

   • Installs the latest version of just (default behavior)
   • Uses the default GitHub token for rate limiting
   • No custom configuration that could be affected by breaking changes

Suggested next steps

1. Merge as-is - This is a safe, routine update. The action is non-critical (only installs the just command runner), comes from the same trusted maintainer, and has a stable API.

2. Optional follow-up: Consider pinning to a specific commit hash instead of a major version tag if you want maximum reproducibility (e.g., uses: extractions/setup-just@53165ef7e734c5c07cb06b3c8e7b647c5aa16db3), though using major version tags is standard practice and perfectly acceptable.

General findings

No issues found. The change is minimal (4 lines across 2 files), follows the repository's existing pattern of pinning GitHub Actions to major versions (e.g., actions/checkout@v6, pnpm/action-setup@v5), and introduces no functional changes to the workflows' behavior.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across all workflow files (ci.yaml and release.yml). The change is a straightforward dependency bump with no API or behavioral changes required.

Verdict: Ready to approve - low-risk maintenance update.

Research notes

• Fetched extractions/setup-just repository: Well-maintained action (150 stars) released v4 on April 5, 2026
• Fetched v4 release notes: Simple version tag with no breaking changes documented
• README confirms identical usage pattern: uses: extractions/setup-just@v4 works the same as v3
• All 4 occurrences in the codebase updated consistently (3 in ci.yaml, 1 in release.yml)

Suggested next steps

1. Merge this PR - it's a safe, routine dependency update
2. Consider enabling Renovate auto-merge for such low-risk chore updates to reduce review overhead

General findings

None - this is a clean, low-risk dependency update with no issues identified.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the CI and release workflows. Based on my review:

• Change scope: Minor version bump (v3 → v4) for the just installer action
• Main update: v4 upgrades the underlying setup-crate library to Node 24 (commit cf2bee9)
• Compatibility: Aligned with your existing CI which already runs Node 24 via actions/setup-node@v6
• Security: No concerns identified — same maintainer (@rossmacarthur), GPG-signed commits, no breaking API changes

Verdict: ✅ Approved — this is a safe, routine dependency update.

Research notes

• extractions/setup-just repository: Confirmed v4 released April 5, 2026; primary change is "Upgrade to latest setup-crate" and "Update setup-crate to Node 24"
• Action marketplace listing: Usage syntax unchanged between v3 and v4
• Commit history shows v4 is a minor maintenance release focused on Node runtime updates, not functional changes

Suggested next steps

1. Merge this PR as-is — no changes required
2. Optionally verify the CI workflows pass on the first run (standard practice for any workflow change)

General findings

None — the change is isolated to version tags in workflow YAML files with no downstream impact on workflow logic.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the CI and release workflows. The change is straightforward and low-risk.

Verdict: Ready to approve - This is a routine dependency update with no breaking changes.

Research notes

I reviewed the setup-just repository and its release history:

• v4 (April 5, 2026): Upgrades the underlying setup-crate dependency to support Node 24 and updates internal actions/checkout references from v5 to v6
• The action's public interface remains unchanged - same inputs (just-version, github-token), same usage pattern
• The repository is actively maintained (50 commits, recent activity) with 150 stars

Suggested next steps

1. Approve and merge - No changes required. This is a safe dependency update.
2. Consider pinning to a specific minor version (e.g., @v4.0.0) if you want stricter control, though the current @v4 approach follows GitHub's recommended practice and works well with Renovate.

General findings

No issues identified. The update:

• ✅ Maintains backward compatibility
• ✅ Aligns with your existing Node 24 toolchain
• ✅ Follows GitHub Actions best practices for version pinning
• ✅ Has been available for ~2 months without reported issues

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 occurrences in two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change is straightforward with no functional impact on the workflows.

Verdict: Ready to approve - this is a routine dependency update with no breaking changes affecting this codebase.

Research notes

Fetched the action's GitHub repository:

• v4 released: April 5, 2026 by maintainer @rossmacarthur
• Usage pattern: Identical between v3 and v4 (- uses: extractions/setup-just@v4)
• Breaking changes: None that affect this codebase - the action is invoked without custom inputs in all 4 locations
• Repository health: 150 stars, 50 commits, actively maintained
• Underlying implementation: Composite action using @extractions/setup-crate shared library

The workflows do not pass any optional inputs (just-version, github-token), so the major version bump is transparent.

Suggested next steps

1. Approve and merge - No changes required; this is a safe dependency update.

General findings

None. The change is minimal, well-scoped, and follows the existing patterns in the codebase where other actions are already pinned to v4+ versions (e.g., docker/login-action@v4, actions/checkout@v6, pnpm/action-setup@v5).

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 usages in 2 workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml).

Verdict: Ready to merge – this is a safe, routine dependency update with no breaking changes.

Research notes

I examined the setup-just repository to understand what changed between v3 and v4:

• v3 used extractions/setup-crate@v1.4.0 (commit hash 4993624604c307fbca528d28a3c8b60fa5ecc859)
• v4 uses extractions/setup-crate@v2.0.0 (commit hash 0551596312d4008a6dfbc4d3c38fa20eaef46d2d)
• The primary change in setup-crate v2.0.0 is an upgrade to Node 24 runtime (using: 'node24' in action.yaml)
• The public API (inputs: just-version, github-token) remains unchanged
• Release date: April 5, 2026

The workflows are compatible because:

1. GitHub Actions composite actions run in isolated environments
2. The project already uses Node 24 for frontend CI steps (actions/setup-node@v6 with node-version: "24")
3. No input schema changes affect existing usage

Suggested next steps

1. Merge this PR as-is – no changes required.
2. Consider enabling Dependabot auto-merge for minor/patch version updates to reduce PR review overhead for routine dependency updates.

General findings

None – this is a straightforward dependency bump with no issues identified.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the CI and release workflows. The change is part of Renovate's automated dependency management.

Verdict: Ready to approve - this is a low-risk maintenance update with no breaking changes to the action's public API.

Research notes

I reviewed the setup-just repository and compared the action.yaml files between v3 and v4:

• v4 release date: April 5, 2026
• Key change: The internal extractions/setup-crate dependency was updated from v1.4.0 to v2.0.0
• Public API: Unchanged - still accepts just-version and github-token inputs with the same defaults
• No breaking changes for end users of the action

The action is used consistently across all 4 locations with no custom inputs, making this a straightforward version bump.

Suggested next steps

1. Merge this PR - The update is safe and keeps the CI infrastructure current
2. Consider enabling Renovate's group updates if not already enabled to batch similar action updates together

General findings

All 4 occurrences of extractions/setup-just have been correctly updated:

• .github/workflows/ci.yaml: lines 35, 137, 357 (frontend-test, backend-test, e2e-test-docker jobs)
• .github/workflows/release.yml: line 117 (publish-crates job)

No other workflow files reference this action.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across three workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change is a routine dependency maintenance update.

Verdict: Approved — This is a safe, low-risk change that should be merged.

Research notes

I fetched the extractions/setup-just repository page and release information:

• v4 released: April 5, 2026 by Ross MacArthur (commit 53165ef)
• Usage remains identical: The action still uses the same syntax: uses: extractions/setup-just@v4
• Same inputs supported: just-version and github-token inputs remain unchanged
• Same underlying implementation: The action is a composite action using the shared library @extractions/setup-crate
• 150 stars, 23 forks — actively maintained project
• Dual-licensed: Apache-2.0 and MIT (same as v3)

The major version bump (v3 → v4) typically indicates a breaking change in the action's interface, but since this project uses major-version tagging for releases (not a separate v4 branch with breaking changes), and the usage syntax remains identical, this is a straightforward update.

Suggested next steps

1. Merge this PR to keep dependencies up to date
2. Monitor the next CI run to confirm workflows execute correctly (standard practice for any action update)

General findings

No issues found. The change is consistent across all 4 occurrences:

• .github/workflows/ci.yaml: 3 instances updated (lines 35, 137, 357 in the frontend-test, backend-test, and e2e-test-docker jobs)
• .github/workflows/release.yml: 1 instance updated (line 117 in the publish-crates job)

This is a routine Renovate bot update following semantic versioning best practices.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across all 4 occurrences in the CI workflows (ci.yaml and release.yml). This is a routine dependency update generated by Renovate.

Verdict: Approved - safe, non-breaking upgrade with security benefits.

Research notes

I researched the differences between v3 and v4 of extractions/setup-just:

1. v3 action.yaml used extractions/setup-crate@v1.4.0
2. v4 action.yaml uses extractions/setup-crate@0551596312d4008a6dfbc4d3c38fa20eaef46d2d (pinned commit for v2.0.0)

The public API surface is identical between versions:

• Same inputs (just-version, github-token)
• Same defaults
• Same composite action structure
• No breaking changes

The key improvement in v4 is pinning the internal setup-crate dependency to a specific commit hash rather than a floating tag, which provides better supply chain security and reproducible builds.

Suggested next steps

1. Merge this PR - the change is straightforward and beneficial
2. Consider enabling Dependabot/Renovate auto-merge for minor/patch GitHub Actions updates to reduce PR noise

General findings

No issues found. The update is consistent across all workflow files:

• .github/workflows/ci.yaml: 3 occurrences updated (lines 35, 137, 357)
• .github/workflows/release.yml: 1 occurrence updated (line 117)

Other workflow files (build-staging.yml, pr-title-check.yml, autolabel.yaml, release-please.yaml) do not use this action and require no changes.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the CI and release workflows. The change is straightforward and low-risk.

Verdict: Ready to merge — no issues identified.

Research notes

• Fetched extractions/setup-just repository: v4 is the latest release (April 5, 2026)
• The action is a simple composite action that installs the just command runner binary
• No breaking changes in the action's input interface (just-version, github-token inputs remain compatible)
• The repository is actively maintained with 150 stars and regular releases
• Current usage in this codebase does not specify any custom inputs, so the default behavior is all that matters

Suggested next steps

1. Approve and merge — this is a routine dependency update with no identified issues.

General findings

None. The changes are correct and follow the project's existing patterns for GitHub Actions versioning (using major version tags like @v4).