chore(deps): update extractions/setup-just action to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
extractions/setup-just	action	major	v3 → v4

---

Release Notes

extractions/setup-just (extractions/setup-just)

v4.0.0

Compare Source

v4

Compare Source

v3.1.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying control-layer with    Cloudflare Pages

Latest commit:	63f9fd3
Status:	✅  Deploy successful!
Preview URL:	https://28130898.control-layer.pages.dev
Branch Preview URL:	https://renovate-extractions-setup-j.control-layer.pages.dev

View logs

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across all workflow files (ci.yaml and release.yml). The change is straightforward with no breaking changes expected.

Verdict: Ready to approve - this is a safe, routine dependency update.

Research notes

• Fetched the setup-just repository README and v4 release page
• v4 was released on April 5, 2026, signed by maintainer @rossmacarthur
• No breaking changes documented - inputs (just-version, github-token) and usage patterns remain identical
• The action is a composite action that installs the just command runner; major version bump appears to be standard release practices rather than functional changes
• All 4 usages of the action across .github/workflows/ are consistently updated

Suggested next steps

1. Merge this PR as-is - no changes required

General findings

None - this is a clean dependency update with no issues identified.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 occurrences in the CI and release workflows. This is an automated Renovate dependency update.

Verdict: Ready to approve - this is a low-risk maintenance update with no breaking changes.

Research notes

I reviewed the following sources:

1. setup-just GitHub repository - The action has 148 stars, 2 open issues, and is actively maintained. The README confirms v4 uses the identical interface as v3.

2. v4 Release Notes - Released April 5, 2026. The release notes are minimal ("This is 4.0.0") but indicate this is a major version bump, likely for housekeeping or to follow semver conventions rather than breaking changes.

3. setup-crate library - The underlying implementation library that powers setup-just. Also maintained by the same author (@rossmacarthur).

Key findings from research:

• The action's inputs remain unchanged: just-version (optional, defaults to *) and github-token (optional, defaults to ${{ github.token }})
• Usage syntax is identical between v3 and v4
• The action is a composite action with TypeScript implementation
• Licensed under Apache-2.0 and MIT

Suggested next steps

1. Merge this PR - The update is safe and keeps dependencies current.
2. Consider pinning to specific versions - For critical CI infrastructure, consider whether pinning to exact versions (e.g., @v4.0.0) would provide better reproducibility vs. the floating @v4 tag.

General findings

Observation: Floating major version tags

All four usages follow the pattern @v4 which tracks the latest v4.x release. This is the recommended practice for GitHub Actions (per GitHub's documentation on versioning) as it:

• Automatically receives bug fixes and minor improvements
• Follows semver where major version bumps indicate potential breaking changes
• Is the pattern used by official actions like actions/checkout@v6

The current approach is correct and aligns with GitHub best practices.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across four locations in the CI and release workflows. The change is straightforward and low-risk—only 4 lines modified, with no changes to the action's usage pattern or inputs.

Verdict: Ready to approve. This is a routine dependency update with no concerning changes.

Research notes

• Fetched the setup-just repository: v4 was released on April 5, 2026 as version 4.0.0
• The README confirms the usage syntax is unchanged: uses: extractions/setup-just@v4 works identically to v3
• Same inputs supported (just-version, github-token) with identical defaults
• The action has 148 stars, 20 forks, and appears actively maintained

Suggested next steps

1. Merge this PR - No changes required. The update is safe and follows best practices for keeping CI dependencies current.

General findings

None. This is a clean, minimal dependency update with no issues identified.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 occurrences in the CI and release workflows. This is a straightforward major version bump of a well-maintained action that installs the just command runner.

Verdict: Ready to approve - this is a low-risk, routine dependency update.

Research notes

Fetched documentation and release information for extractions/setup-just:

• Repository: https://github.com/extractions/setup-just (148 stars, actively maintained)
• v4 release: Published April 5, 2026
• Key internal change: v4 upgrades the underlying extractions/setup-crate dependency from v1.4.0 (node20) to v2.0.0 (node24)
• No breaking changes: The action's interface (inputs: just-version, github-token) remains identical between v3 and v4
• Same maintainer: Both versions maintained by Ross MacArthur (@rossmacarthur)

The action is a thin composite wrapper that delegates to setup-crate for installing the just binary from GitHub releases. There are no functional changes affecting this repository's workflows.

Suggested next steps

1. Approve and merge - This is a safe, routine dependency update with no identified risks.
2. Verify CI passes - Standard practice for any workflow change, though no issues expected.

General findings

No issues identified. The change is:

• Consistent: All 4 occurrences of the action updated uniformly
• Safe: Major version bump of a simple, well-maintained action from a trusted publisher
• Non-breaking: No interface changes, no behavioral changes affecting workflow logic

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change affects 4 occurrences total.

Verdict: Ready to approve - this is a routine, low-risk dependency update.

Research notes

• v4 released: April 5, 2026 (releases page)
• Underlying implementation: v4 uses extractions/setup-crate@v2.0.0 (pinned via SHA), which explains the major version bump
• User-facing API unchanged: The action inputs (just-version, github-token) and defaults remain identical between v3 and v4 (action.yaml)
• Licenses: Both Apache-2.0 and MIT licenses are retained in v4
• No migration required: This is a transparent update for consumers of the action

Suggested next steps

1. Approve and merge - No changes required. This is a standard dependency maintenance update.

General findings

None. The changes are straightforward version bumps with no functional impact on the workflows.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across two workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml). The change affects 4 occurrences total: 3 in the CI workflow (frontend-test, backend-test, and e2e-test-docker jobs) and 1 in the release workflow (publish-crates job).

Verdict: Approve — This is a straightforward dependency update with no breaking changes.

Research notes

Based on my research of the setup-just repository:

• v4 release (April 5, 2026): The major version bump includes:

  • Upgrade to the latest setup-crate library
  • Update to Node.js 24 for the action runtime

• v3 release (March 15, 2025): Converted to a composite action

• No breaking changes: The usage syntax remains identical (uses: extractions/setup-just@v4), and the README confirms the same inputs work unchanged (just-version, github-token)

• The action maintains dual licensing (Apache-2.0 and MIT), consistent with v3

Suggested next steps

1. Merge this PR as-is — the update is safe and follows Renovate's automated dependency management pattern.
2. Consider enabling Dependabot or Renovate for automatic security patches on GitHub Actions in the future if not already configured.

General findings

No issues identified. This is a routine maintenance update that:

• Keeps the CI/CD pipeline on a supported action version
• Benefits from Node 24 runtime improvements and security patches
• Maintains compatibility with existing workflow syntax

The PR correctly updates all occurrences of the action across both workflow files.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in 2 workflow files (ci.yaml and release.yml). Based on my review of the upstream repository, this is a straightforward dependency update with no breaking changes to the action's interface or behavior.

Verdict: Ready to approve — this is a low-risk maintenance update.

Research notes

• Action repository: https://github.com/extractions/setup-just
• v4 release: April 5, 2026 — commit 53165ef
• The v4 release commit shows only README documentation updates (changing example snippets from @v3 to @v4). No functional changes to action.yaml were found.
• The action maintains backward-compatible inputs: just-version and github-token work identically in v4.
• Current usage in this repo uses the simple form without custom inputs, which is explicitly documented as the standard usage pattern for v4.

Suggested next steps

1. Merge this PR — no changes required.

General findings

No issues found. The update is:

• Complete: All 4 references to extractions/setup-just@v3 have been updated to @v4
• Consistent: Same version used across frontend-test, backend-test, e2e-test-docker jobs in ci.yaml and publish-crates job in release.yml
• Safe: The action's interface is unchanged; existing workflows will continue to work without modification

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in 2 workflow files (.github/workflows/ci.yaml and .github/workflows/release.yml).

Verdict: Ready to approve - this is a routine, low-risk dependency update.

Research notes

I researched the extractions/setup-just action to understand what changed between v3 and v4:

1. v4 release (April 5, 2026): The major version bump was driven by the underlying setup-crate library updating to Node 24, not by breaking changes to the action's public API.

2. Commit history v3→v4:

   • c261839: Bump actions/checkout from 5 to 6 (test workflow dependency)
   • cf2bee9: Update setup-crate to Node 24
   • 3ed9feb: Upgrade to latest setup-crate
   • 53165ef: Tagged as v4.0.0

3. Interface unchanged: The action.yaml maintains the same inputs (just-version, github-token) and default behavior. Usage pattern remains identical: uses: extractions/setup-just@v4

4. Repository health: 148 stars, maintained by rossmacarthur, GPG-signed commits, no known security advisories.

Suggested next steps

1. Merge this PR - Safe, routine dependency update with no breaking changes.
2. Optional consideration: For enhanced security/reproducibility, consider pinning to a specific commit SHA instead of version tags (adds maintenance overhead).

General findings

No issues identified. This is a well-scoped, low-risk dependency update following standard GitHub Actions version management practices.

[doubleword-code]

Summary

This PR updates the extractions/setup-just GitHub Action from v3 to v4 across 4 locations in the CI and release workflows. The change is straightforward and low-risk.

Verdict: Ready to approve — no blocking issues identified.

Research notes

• Action repository: extractions/setup-just — 148 stars, dual-licensed (MIT + Apache-2.0)
• v4 release date: April 5, 2026
• Breaking changes: None identified — the README shows identical usage syntax for v3 and v4 (uses: extractions/setup-just@v4)
• Inputs remain compatible: just-version and github-token inputs work the same way
• No security advisories: No CVEs or GitHub Security Advisories found for this action

Suggested next steps

1. ✅ Approve and merge — this is a routine dependency update with no breaking changes
2. Verify CI passes (standard practice for any workflow change)

General findings

No issues found. The update is consistent across all 4 occurrences:

• .github/workflows/ci.yaml: 3 occurrences (lines 35, 137, 345)
• .github/workflows/release.yml: 1 occurrence (line 117)

The setup-just action is a thin wrapper around the @extractions/setup-crate library and simply installs the just command runner. Version 4 appears to be a maintenance update with no API changes affecting this repository's usage.