chore(deps): update actions/setup-node action to v5

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-node	action	major	v4 -> v5

---

Release Notes

actions/setup-node (actions/setup-node)

v5

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

Claude finished @thomhurst's task —— View job

---

PR Review: Update actions/setup-node to v5

Todo List:

• Read and analyze the changed workflow files
• Review the setup-node v4 to v5 changes and breaking changes
• Assess code quality and best practices
• Check for potential bugs or issues
• Evaluate performance considerations
• Review security concerns
• Assess test coverage implications
• Provide comprehensive review feedback

---

🔍 Code Review Summary

This PR updates actions/setup-node from v4 to v5 in two GitHub Actions workflows. Here's my comprehensive analysis:

✅ Code Quality & Best Practices

• Clean implementation: The changes are minimal and focused - only updating the action version
• Consistent usage: Both workflow files updated consistently
• Good workflow structure: Both workflows follow GitHub Actions best practices with proper job naming, working directories, and step organization
• Appropriate caching: Both workflows use Yarn cache with proper cache-dependency-path configuration

🐛 Potential Bugs/Issues

• No immediate issues detected: The version update appears straightforward
• Node.js 22 compatibility: The workflows specify node-version: 22 which should be well supported by setup-node v5
• Yarn lockfile handling: Both workflows correctly use --frozen-lockfile for deterministic installs

⚡ Performance Considerations

• Positive impact expected: Major version updates of GitHub Actions often include performance improvements
• Caching preserved: The existing cache configuration (cache: yarn) should continue to work, potentially with improvements in v5
• No performance regressions anticipated: The change is purely a version bump with identical configuration

🔒 Security Concerns

• Pinning to major version: Using @v5 instead of specific commit hash provides automatic security patches but less strict version control
• Action source trusted: actions/setup-node is an official GitHub Action maintained by GitHub
• Permissions appropriate: The deploy workflow has minimal required permissions (contents: write)
• Token usage secure: Uses the standard ${{ secrets.GITHUB_TOKEN }} which is appropriately scoped

🧪 Test Coverage

• Test workflow present: The deploy-pages-test.yml workflow provides testing for documentation builds on PRs
• Production workflow: The deploy-pages.yml workflow handles actual deployment on main branch pushes
• Coverage adequate: Both test and production scenarios are covered

📝 Recommendations

1. ✅ Safe to merge: This is a routine dependency update with minimal risk
2. Monitor first deployment: Watch the next documentation deployment to ensure v5 works as expected
3. Consider pinning: For maximum security, consider pinning to a specific commit hash (e.g., actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6) instead of major version tags
4. Future consideration: The workflows are well-structured and follow current best practices

🎯 Overall Assessment

This is a low-risk, high-value update. The setup-node v5 action will likely provide performance and security improvements while maintaining full backward compatibility with the existing configuration.

Recommendation: ✅ APPROVE - The changes are safe, well-implemented, and beneficial.

---