Upgrade GitHub Actions for Node 24 compatibility

[salmanmkc]

Warning

You may currently be seeing a warning like this in your workflow runs:

Node.js 20 actions are deprecated. The following actions are running on Node.js 20
and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4, actions/setup-node@v4.
Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026.
Please check if updated versions of these actions are available that support Node.js 24.
To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment
variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you
can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true.
For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

The exact actions listed will vary per workflow.

Upgrades GitHub Actions to versions that support Node 24, since Node 20 is reaching EOL in April 2026.

Changes

Action	Old Version(s)	New Version	Compare	Files
actions/checkout	v4	v6	Diff	build-multiarch.yml, dependency-audit.yml, deploy-docs-draft.yml, deploy-gh-pages.yml, lint-frontend.yml, publish-mcp.yml, publish-sdk-python.yml, publish-sdk-typescript.yml, test-e2e.yml, test-integration.yml, update-uv-lock.yml
actions/setup-node	v4	v6	Diff	dependency-audit.yml, deploy-docs-draft.yml, deploy-gh-pages.yml, lint-frontend.yml, publish-sdk-typescript.yml, test-e2e.yml, test-integration.yml
actions/upload-artifact	v4	v7	Diff	build-multiarch.yml, deploy-docs-draft.yml, test-e2e.yml

Context

Per GitHub's announcement, Node 20 is being deprecated and runners will default to Node 24 starting June 2nd, 2026.

• Node 20 EOL: April 2026
• Node 24 becomes default: June 2nd, 2026

Release Notes

Release notes for actions/checkout

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in Fix tag handling: preserve annotations and explicit fetch-tags actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @ericsciple in Update all references from v5 and v4 to v6 actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @ericsciple in Add worktree support for persist-credentials includeIf actions/checkout#2327
• Clarify v6 README by @ericsciple in Clarify v6 README actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @salmanmkc in Update README to include Node.js 24 support details and requirements actions/checkout#2248
• Persist creds to a separate file by @ericsciple in Persist creds to a separate file actions/checkout#2286
• v6-beta by @ericsciple in v6-beta actions/checkout#2298
• update readme/changelog for v6 by @ericsciple in update readme/changelog for v6 actions/checkout#2311

Full Changelog: https://github.com/actions/checkout/compare/v5.0.

...truncated

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @ericsciple in Port v6 cleanup to v5 actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @ericsciple in Port v6 cleanup to v4 actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

Release notes for actions/upload-artifact

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packag

...truncated

v6.0.0

v6 - What's new

[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

...truncated

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @GhadimiR in Update README.md actions/upload-artifact#681
• Update README.md by @nebuk89 in Update README.md actions/upload-artifact#712
• Readme: spell out the first use of GHES by @danwkennedy in Readme: spell out the first use of GHES actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version

...truncated

v4.6.2

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @salmanmkc in Update to use artifact 2.3.2 package & prepare for new upload-artifact release actions/upload-artifact#685

New Contributors

• @salmanmkc made their first contribution in Update to use artifact 2.3.2 package & prepare for new upload-artifact release actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

• Update to use artifact 2.2.2 package by @yacaovsnc in Update to use artifact 2.2.2 package actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

Release notes for actions/setup-node

v6.3.0

What's Changed

Enhancements:

• Support parsing devEngines field by @susnux in feat(node-version-file): support parsing devEngines field actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @gowridurgad in Fix npm audit issues actions/setup-node#1491
• Replace uuid with crypto.randomUUID() by @trivikr in Replace uuid with crypto.randomUUID() actions/setup-node#1378
• Upgrade minimatch from 3.1.

...truncated

v6.2.0

What's Changed

Documentation

• Documentation update related to absence of Lockfile by @mahabaleshwars in Update Documentation for Lockfile actions/setup-node#1454
• Correct mirror option typos by @MikeMcC399 in Correct mirror option typos actions/setup-node#1442
• Readme update on checkout version v6 by @deining in README.md: bump to latest released checkout version v6 actions/setup-node#1446
• Readme typo fixes @munyari in Fix README typo actions/setup-node#1226
• Advanced document update on checkout version v6 by @

...truncated

v6.1.0

What's Changed

Enhancement:

• Remove always-auth configuration handling by @priyagupta108 in Remove always-auth configuration handling from action actions/setup-node#1436

Dependency updates:

• Upgrade @actions/cache from 4.0.3 to 4.1.0 by @dependabot[bot] in Bump @actions/cache from 4.0.3 to 4.1.0 actions/setup-node#1384
• Upgrade actions/checkout from 5 to 6 by @dependabot[bot] in Bump actions/checkout from 5 to 6 actions/setup-node#1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in https://github.com/actions/setu

...truncated

v6.0.0

What's Changed

Breaking Changes

• Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in Limit automatic caching to npm, update workflows and documentation actions/setup-node#1374

Dependency Upgrades

• Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336
• Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334
• Upgrade

...truncated

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in Enhance caching in setup-node with automatic package manager detection actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/chec

*...truncated*

</details>

## Notes

Worth running the workflows on a branch before merging to make sure everything still works.

## Validation Warnings

The following issues were detected by [actionlint](https://github.com/rhysd/actionlint):

- `build-multiarch.yml: .github/workflows/build-multiarch.yml:27:9: shellcheck reported issue in this script: SC2086:info:22:44: Double quote to prevent globbing and word splitting [shellcheck]`
- `build-multiarch.yml: |`
- `build-multiarch.yml: 27 |         run: |`
- `deploy-docs-draft.yml: .github/workflows/deploy-docs-draft.yml:31:384: "github.event.pull_request.head.ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details [expression]`
- `deploy-docs-draft.yml: .github/workflows/deploy-docs-draft.yml:44:499: "github.event.pull_request.head.ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details [expression]`
- `deploy-docs-draft.yml: .github/workflows/deploy-docs-draft.yml:73:9: shellcheck reported issue in this script: SC2086:info:1:126: Double quote to prevent globbing and word splitting [shellcheck]`
- `publish-mcp.yml: .github/workflows/publish-mcp.yml:33:9: shellcheck reported issue in this script: SC2086:info:2:28: Double quote to prevent globbing and word splitting [shellcheck]`
- `publish-mcp.yml: |`
- `publish-mcp.yml: 33 |         run: |`
- `publish-sdk-python.yml: .github/workflows/publish-sdk-python.yml:33:9: shellcheck reported issue in this script: SC2086:info:2:28: Double quote to prevent globbing and word splitting [shellcheck]`

[MikeMcC399]

@salmanmkc

Could you possibly just link to the release notes instead of copying their contents?

Due to me having submitted a minor typo PR to actions/setup-node#1442 I am now getting notified on every single one of your related PRs in repos that I am not otherwise involved in, like this one.