Bump the github-actions group across 1 directory with 3 updates

[dependabot]

Bumps the github-actions group with 3 updates in the / directory: pnpm/action-setup, danielpalme/ReportGenerator-GitHub-Action and gitkraken/merge-mate-action.

Updates pnpm/action-setup from 4 to 6

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.0

Added support for pnpm v11.

v5.0.0

Updated the action to use Node.js 24.

v4.4.0

Updated the action to use Node.js 24.

v4.3.0

What's Changed

• docs: fix the run_install example in the Readme by @​dreyks in pnpm/action-setup#175
• chore: remove unused @types/node-fetch dependency by @​silverwind in pnpm/action-setup#186
• Clarify that package_json_file is relative to GITHUB_WORKSPACE by @​chris-martin in pnpm/action-setup#184
• feat: store caching by @​jrmajor in pnpm/action-setup#188
• refactor: remove star imports by @​KSXGitHub in pnpm/action-setup#196
• fix(ci): exclude macos by @​KSXGitHub in pnpm/action-setup#197

New Contributors

• @​dreyks made their first contribution in pnpm/action-setup#175
• @​silverwind made their first contribution in pnpm/action-setup#186
• @​chris-martin made their first contribution in pnpm/action-setup#184
• @​jrmajor made their first contribution in pnpm/action-setup#188
• @​Boosted-Bonobo made their first contribution in pnpm/action-setup#199

Full Changelog: pnpm/action-setup@v4.2.0...v4.3.0

v4.2.0

When there's a .npmrc file at the root of the repository, pnpm will be fetched from the registry that is specified in that .npmrc file #179

v4.1.0

Add support for package.yaml #156.

Commits

• 91ab88e fix: bin_dest output points to self-updated pnpm, not bootstrap (#249)
• e578e19 fix: update pnpm to 11.0.4
• 8912a91 fix: append (not prepend) action node dir to PATH for npm bootstrap (#241)
• 26f6d4f fix: use npm co-located with the action node binary (#239)
• 903f9c1 fix: update pnpm to 11.0.0-rc.5
• bdf0af2 test: add strict version-match jobs to reproduce #225 / #227
• 71c9247 fix: pnpm self-update binary shadowed by bootstrap on PATH (#230)
• 078e9d4 fix: update pnpm to 11.0.0-rc.2
• 08c4be7 docs(README): update action-setup version
• 5798914 chore: update .gitignore
• Additional commits viewable in compare view

Updates danielpalme/ReportGenerator-GitHub-Action from 5.5.5 to 5.5.10

Release notes

Sourced from danielpalme/ReportGenerator-GitHub-Action's releases.

5.5.10

Added support for Sha256 signed licenses

5.5.9

• New: Added new setting "applyQueryStringToAllLinks" to apply query string to referenced CSS and JavaScript files and links to support SAS tokens (e.g. on blob storage) (#349)
• New: Improved escaping of JavaScript content

5.5.8

Azure DevOps: Added metadata to become a trusted publisher

5.5.7

• danielpalme/ReportGenerator#783: Reduce memory usage for large code files

5.5.6

• #39: Github Action: Allow runner.temp directory

Commits

• 049f7ec 5.5.10
• c31aa4e 5.5.9
• 76a32cb 5.5.8
• a003c8f #40: Improved error reporting
• 254e112 5.5.7
• ee3806a 5.5.6
• 0d51eb3 #39 Allow runner.temp directory
• See full diff in compare view

Updates gitkraken/merge-mate-action from 0.2 to 0.4

Release notes

Sourced from gitkraken/merge-mate-action's releases.

v0.4.0

[v0.4.0] — 2026-05-04

⚠️ Breaking

• Review trigger migrated to repository_dispatch — repository_dispatch is now the primary trigger for the review action; the previous workflow_run trigger is still supported but deprecated and will be removed in a future release — update your review workflow accordingly

Added

• Setup wizard workflow templates — new workflow templates and migration manifest let the setup wizard generate correctly configured sync and review workflows out of the box
• Label-based PR filtering — filter which PRs merge-mate processes using GitHub labels, in addition to existing author/branch/ID filters
• Draft PR filtering — new include-drafts option controls whether draft PRs are included in sync runs

Fixed

• Concurrent shallow fetch race condition — parallel git fetches no longer compete over repository depth, eliminating intermittent fetch failures in repos with many open PRs
• Non-fork push failure messaging — when a branch push fails on a non-fork PR, the comment now explains the cause and suggests fixes instead of showing a raw error
• PR filter input validation — authors, IDs, and target-branches inputs are now validated early, surfacing configuration errors before the run starts instead of silently misbehaving

Changed

• Redesigned PR comments — all comment states (sync success, conflicts, errors, review) are unified into a cleaner compact layout with less noise in PR conversations

v0.3.0

[0.3.0] - 2026-04-20

Added

• Apply/undo action buttons — PR comments now show clickable image buttons for applying and reverting rebases, replacing the previous checkbox UI.
• Mention-based commands — Apply or undo a rebase by @-mentioning the bot in a PR comment as an alternative to clicking the buttons.
• Per-chunk conflict resolution strategies — Each conflict chunk is now resolved with its own tailored strategy, improving AI resolution quality on mixed-complexity conflicts.

Fixed

• Backup ref lost on repeated syncs — The pre-rebase backup reference is now preserved across repeated syncs, so rollback always points to the correct original state.

Migration from v0.2

The apply/undo UX moved from checkbox edits to image buttons and mention commands, which requires updating merge-mate-review.yml:

• Change trigger: issue_comment: types: [edited] → types: [created]
• Add permission: issues: write
• Add workflow_dispatch input trigger-mode and pass it via with: trigger-mode:
• Change pr-number: ${{ inputs.pr-number }} → pr-number: ${{ github.event.issue.number || inputs.pr-number }}
• Bump action ref @v0.2 → @v0.3

See the updated Quick Start in README for the full workflow.

v0.2.8

[0.2.8] - 2026-04-01

... (truncated)

Commits

• 036d8e2 Release v0.4.0
• 514f167 Release v0.3.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions