From b04413352d4644ac2131b9a90c074f5e93ca18a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Mar 2026 15:26:59 -0700
Subject: [PATCH] fix(deps): bump @actions/core from 1.11.1 to 3.0.0 (#337)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps
[@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core)
from 1.11.1 to 3.0.0.
Changelog
Sourced from @actions/core's
changelog.
3.0.0
- Breaking change: Package is now ESM-only
- CommonJS consumers must use dynamic
import() instead of
require()
2.0.3
- Bump
@actions/http-client to 3.0.2
2.0.1
- Bump
@actions/exec from 1.1.1 to 2.0.0 #2199
2.0.0
- Add support for Node 24 #2110
- Bump
@actions/http-client from 2.0.1 to 3.0.0
Commits
Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub
Actions), a new releaser for @actions/core since your
current version.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
---------
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
lib/request.js | 2 +-
main.js | 2 +-
package-lock.json | 57 +++++++++++++++++++++--------------------------
package.json | 2 +-
post.js | 2 +-
5 files changed, 29 insertions(+), 36 deletions(-)
diff --git a/lib/request.js b/lib/request.js
index 7593fb7..e68566d 100644
--- a/lib/request.js
+++ b/lib/request.js
@@ -1,4 +1,4 @@
-import core from "@actions/core";
+import * as core from "@actions/core";
import { request } from "@octokit/request";
import { ProxyAgent, fetch as undiciFetch } from "undici";
diff --git a/main.js b/main.js
index 7670378..486d67e 100644
--- a/main.js
+++ b/main.js
@@ -1,6 +1,6 @@
// @ts-check
-import core from "@actions/core";
+import * as core from "@actions/core";
import { createAppAuth } from "@octokit/auth-app";
import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
diff --git a/package-lock.json b/package-lock.json
index 2aef45f..c46d867 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
"version": "2.2.1",
"license": "MIT",
"dependencies": {
- "@actions/core": "^1.11.1",
+ "@actions/core": "^3.0.0",
"@octokit/auth-app": "^8.1.2",
"@octokit/request": "^10.0.3",
"p-retry": "^7.1.0",
@@ -31,48 +31,48 @@
}
},
"node_modules/@actions/core": {
- "version": "1.11.1",
- "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
- "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
+ "integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
+ "license": "MIT",
"dependencies": {
- "@actions/exec": "^1.1.1",
- "@actions/http-client": "^2.0.1"
+ "@actions/exec": "^3.0.0",
+ "@actions/http-client": "^4.0.0"
}
},
"node_modules/@actions/exec": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
- "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
+ "integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
+ "license": "MIT",
"dependencies": {
- "@actions/io": "^1.0.1"
+ "@actions/io": "^3.0.2"
}
},
"node_modules/@actions/http-client": {
- "version": "2.2.3",
- "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
- "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
+ "version": "4.0.0",
+ "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
+ "integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
"license": "MIT",
"dependencies": {
"tunnel": "^0.0.6",
- "undici": "^5.25.4"
+ "undici": "^6.23.0"
}
},
"node_modules/@actions/http-client/node_modules/undici": {
- "version": "5.29.0",
- "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
- "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
+ "version": "6.24.0",
+ "resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
+ "integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
"license": "MIT",
- "dependencies": {
- "@fastify/busboy": "^2.0.0"
- },
"engines": {
- "node": ">=14.0"
+ "node": ">=18.17"
}
},
"node_modules/@actions/io": {
- "version": "1.1.3",
- "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
- "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
+ "version": "3.0.2",
+ "resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
+ "integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==",
+ "license": "MIT"
},
"node_modules/@bcoe/v8-coverage": {
"version": "1.0.1",
@@ -525,14 +525,6 @@
"node": ">=18"
}
},
- "node_modules/@fastify/busboy": {
- "version": "2.1.1",
- "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
- "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
- "engines": {
- "node": ">=14"
- }
- },
"node_modules/@isaacs/cliui": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
@@ -3540,6 +3532,7 @@
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
+ "license": "MIT",
"engines": {
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
}
diff --git a/package.json b/package.json
index a577a50..079da38 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
},
"license": "MIT",
"dependencies": {
- "@actions/core": "^1.11.1",
+ "@actions/core": "^3.0.0",
"@octokit/auth-app": "^8.1.2",
"@octokit/request": "^10.0.3",
"p-retry": "^7.1.0",
diff --git a/post.js b/post.js
index a4bc763..feea045 100644
--- a/post.js
+++ b/post.js
@@ -1,6 +1,6 @@
// @ts-check
-import core from "@actions/core";
+import * as core from "@actions/core";
import { post } from "./lib/post.js";
import request from "./lib/request.js";