Skip to content

chore(deps): update dependency @actions/core to v3#1017

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/actions-core-3.x
Open

chore(deps): update dependency @actions/core to v3#1017
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/actions-core-3.x

Conversation

@renovate

@renovate renovate Bot commented Jan 29, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@actions/core (source) ^2.0.0^3.0.0 age adoption passing confidence

Release Notes

actions/toolkit (@​actions/core)

v3.0.1

  • Bump undici from 6.23.0 to 6.24.1 #​2348

v3.0.0

  • Breaking change: Package is now ESM-only
    • CommonJS consumers must use dynamic import() instead of require()

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file dev-dependencies javascript Pull requests that update Javascript code labels Jan 29, 2026
@github-actions

github-actions Bot commented Jan 29, 2026
edited
Loading

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@actions/core 3.0.1 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
npm/@actions/exec 3.0.0 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
npm/@actions/http-client 4.0.1 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
npm/@actions/io 3.0.2 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • package-lock.json

@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 7 times, most recently from 6562199 to e801809 Compare February 8, 2026 04:31
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 4 times, most recently from 32c97e3 to 5ba12ff Compare February 16, 2026 05:39
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 6 times, most recently from a72691e to 4fbc7d1 Compare February 27, 2026 01:20
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 9 times, most recently from 6979a9b to 5be4c1b Compare March 6, 2026 13:37
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 2 times, most recently from 64f8bb5 to 4c2aa83 Compare April 9, 2026 18:19
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 4 times, most recently from 89cb488 to a8030fa Compare April 20, 2026 04:33
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 4 times, most recently from d9db481 to fcc9ea3 Compare April 27, 2026 04:57
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 6 times, most recently from 7f286ba to dea1e2d Compare May 8, 2026 10:10
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 6 times, most recently from 4581a16 to 1599d23 Compare May 15, 2026 16:44
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 3 times, most recently from 19a2eb3 to f46b16c Compare May 22, 2026 21:07
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 2 times, most recently from 00e1e64 to 608b291 Compare May 28, 2026 19:49
@renovate renovate Bot force-pushed the renovate/actions-core-3.x branch 2 times, most recently from b2683af to 15625c3 Compare June 2, 2026 22:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file dev-dependencies javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants