Skip to content

Bump actions/setup-dotnet from 5.3.0 to 5.4.0#195

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/setup-dotnet-5.4.0
Open

Bump actions/setup-dotnet from 5.3.0 to 5.4.0#195
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/setup-dotnet-5.4.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/setup-dotnet from 5.3.0 to 5.4.0.

Release notes

Sourced from actions/setup-dotnet's releases.

v5.4.0

What's Changed

Enhancements

Documentation

Bug Fixes

Dependency Updates

New Contributors

Full Changelog: actions/setup-dotnet@v5...v5.4.0

Commits
  • 26b0ec1 Expand the CSC problem matcher to light up more errors on GitHub. (#717)
  • da5e548 docs(action): explicitly mark all optional inputs with required: false (#737)
  • 9bd3b44 Improve readability of global.json creation command (#694)
  • 4406a63 Bump @​actions/cache to 5.1.0, log cache write denied (#746)
  • dc3262d pin actions to commit SHAs in workflows (#744)
  • 95a3f8b Validate global.json SDK version before rollForward optimization (#742)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@v5.3.0...v5.4.0)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner July 16, 2026 17:44
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 16, 2026
@github-actions

Copy link
Copy Markdown

🤖 Claude Code Review

Code Review: Bump actions/setup-dotnet from 5.3.0 → 5.4.0

This is a minimal, mechanical dependency-bump PR (likely Dependabot) touching four GitHub Actions workflow files. All four instances of actions/setup-dotnet@v5.3.0 are consistently updated to @v5.4.0, and a repo-wide grep confirms no stragglers were missed.

Code Quality

  • Style conventions: Change follows existing YAML formatting/indentation exactly; no formatting drift.
  • No commented-out code: N/A, none present.
  • Meaningful variable names: N/A, no variables introduced.
  • DRY principle: N/A, four separate workflow files each pin the action version independently — this is the existing pattern in the repo, not something introduced by this PR.
  • Defects: No logic changes; pure version bump. No behavioral risk beyond whatever the upstream setup-dotnet v5.4.0 release changes (worth a glance at its release notes before merging, but nothing in the diff itself is defective).
  • CLAUDE.md: Unchanged by this PR; existing .claude/CLAUDE.md content is already environment-agnostic (no local-machine-specific paths/values). No new concerns introduced.

Testing

  • ✅ N/A — no application code changed, only CI action pinning. Existing CI workflows (csharp-darwin-snippets.yaml, csharp-linux-snippets.yaml, csharp-windows-snippets.yaml, dotnet-format.yaml) will themselves exercise the new action version on next run.

Documentation

  • README/API docs/CHANGELOG: Not required — consistent with recent history (202357d, 3e84c6e, af4a0b8 similarly bump action/dependency versions without CHANGELOG entries).
  • Markdown/CommonMark: N/A, no .md files touched.

Security

  • No hardcoded credentials: Confirmed, none present.
  • No .lic files: Confirmed via diff inspection — no license files added, and no AQAAAD-prefixed strings present.
  • Input validation / error handling / sensitive data in logs: N/A for this change.

Verdict

No issues found. Safe, consistent, low-risk dependency bump — approve.

Automated code review analyzing defects and coding standards

@github-actions

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants