chore(deps): bump typst-community/setup-typst from 4.3.1 to 5.1.0

[dependabot]

Bumps typst-community/setup-typst from 4.3.1 to 5.1.0.

Release notes

Sourced from typst-community/setup-typst's releases.

v5.1.0

What's Changed

• Feature: Added support for multiple formats including YAML and TOML when installing multiple Typst versions. #63 🚨 Breaking Change: The existing typst-versions-map input will be deprecated in a future major release. You can now use typst-versions-json: directly as a replacement for typst-versions-map:.
• Bug: zip-packages now uses the latest version of installed Typst to download packages. #63 No error will occur when zip-packages is set with a non-typst executable name.
• [Documentation] #63
  • Updated README.md.
  • Removed Simplified Chinese README due to maintenance considerations.
• [Security]
  1. Updated indirect dependency fast-xml-parser from 5.5.5 to 5.5.8 to address security issues. #62
     • Note: fast-xml-parser is now a direct dependency to support XML parsing when installing multiple Typst versions. #63
  2. Updated the newly added direct dependency smol-toml. #65
  3. Updated indirect dependency brace-expansion for additional security improvements. #66

Full Changelog: typst-community/setup-typst@v5.0.0...v5.1.0

v5.0.0

🎉 Typst GitHub Action v5.0 – One Action, Many Typst Versions!

Welcome to v5.0 — a bold new chapter in our quest to make Typst installation smoother than freshly brewed coffee ☕ (and just as energizing). This release packs breaking changes, exciting new features, and some behind-the-scenes polish that’ll make your workflows shine.

⚠️ Breaking Changes – Out with the Old!

We’ve streamlined things a bit, so please check these before upgrading:

1. Node.js Runtime Upgrade: The action now runs on node24 (runs.using: node24). Time to leave older Node versions in the dust!
2. Goodbye, local-packages! 👋 The deprecated local-packages input has officially retired. Please use zip-packages instead—it works exactly the same, just with a snazzier name. No other migration steps needed!
3. No More Outputs: This action no longer emits any outputs—not even typst-version or cache-hit. With the shift to multi-version support via typst-versions-map, outputs became ambiguous and were removed.

🚀 New Feature: Install Multiple Typst Versions at Once!

Introducing the new input typst-versions-map — a flexible way to install several Typst versions simultaneously. See README for more.

# Example
- uses: typst-community/setup-typst@v5
  with:
    typst-versions-map: |
      {
        "typst-latest": {"version": "latest"},
        "typst-013": {
          "version": "v0.13",
          "allowPrerelease": true
        }
      }
</tr></table> 

... (truncated)

Commits

• 63ac138 npm run build
• a3ced27 Bump brace-expansion from 1.1.11 to 1.1.13
• 4d20cf1 Bump smol-toml from 1.6.0 to 1.6.1
• 54bbfc8 Support multiple input formats for Typst versions (#63)
• 7be9333 Bump fast-xml-parser from 5.5.5 to 5.5.8
• ea66969 Update to Node24
• 4098f13 Drop support for compatible input (#59)
• 0bb64c6 Allow installing multiple Typst versions at once (#58)
• cf80824 Bump minimatch from 3.1.2 to 3.1.5
• 73a0f67 Separate File Moving and Package Handling
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	esolia-2025	90ad1a9	Commit Preview URL Branch Preview URL	Apr 04 2026, 09:24 AM