Upgrade @actions dependencies#1525
Merged
HarithaVattikuti merged 3 commits intomainfrom Apr 16, 2026
Merged
Conversation
- @actions/core: ^1.11.1 → ^2.0.3 - @actions/cache: ^5.0.1 → ^5.0.5 - @actions/glob: ^0.5.0 → ^0.5.1 - @actions/http-client: ^2.2.1 → ^3.0.2 - @actions/tool-cache: ^2.0.2 → ^3.0.1 - @actions/io: ^1.0.2 → ^2.0.0 - Run npm audit fix - Update license files for new versions - Rebuild dist files Agent-Logs-Url: https://github.com/actions/setup-node/sessions/872a3dbf-9b85-446b-963b-9127718d9560 Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
gowridurgad
April 9, 2026 13:45
View session
Contributor
|
@copilot Fix the License failures |
Update 5 license records that were out of date after the dependency upgrade: - brace-expansion: 1.1.12 → 1.1.13 - fast-xml-builder: 1.0.0 → 1.1.4 - fast-xml-parser: 5.4.1 → 5.5.11 - strnum: 2.1.2 → 2.2.3 - path-expression-matcher: add new record (version 1.4.0, new transitive dep) Rebuild dist/ files to reflect updated lock file Agent-Logs-Url: https://github.com/actions/setup-node/sessions/fb0e70ce-ad19-48df-88a4-97f3bdc896cb Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Contributor
Author
Fixed in commit
|
Contributor
|
@copilot, Upgrade @actions/exec from ^1.1.1 to ^2.0.0 Run the appropriate license commands such as licensed status and licensed cache and fix any licensing issues. |
- Upgrade @actions/exec from ^1.1.1 to ^2.0.0 in package.json - Update package-lock.json via npm install - Run `licensed cache` to regenerate license records: - Remove exec-1.1.1.dep.yml and exec-2.0.0.dep.yml (replaced by exec.dep.yml) - Remove io-1.1.3.dep.yml and io-2.0.0.dep.yml (replaced by io.dep.yml) - Create exec.dep.yml (v2.0.0) - single version now in tree - Create io.dep.yml (v2.0.0) - @actions/exec@1.1.1's nested io@1.1.3 removed - Rebuild dist/ files Agent-Logs-Url: https://github.com/actions/setup-node/sessions/24a1a530-6840-4445-8262-8342ec739e6d Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Contributor
Author
Done in commit
|
priya-kinthali
approved these changes
Apr 15, 2026
There was a problem hiding this comment.
Pull request overview
Updates this action’s Node.js toolkit dependencies and associated lock/license metadata to newer @actions/* versions, aligning runtime dependencies with the latest toolkit releases.
Changes:
- Bumped
@actions/*runtime dependencies inpackage.json. - Refreshed
package-lock.json(including transitive upgrades fromnpm audit fix). - Updated
.licenses/npm/**records to reflect upgraded/added/removed dependencies.
Reviewed changes
Copilot reviewed 14 out of 19 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updates @actions/* dependency version ranges. |
| package-lock.json | Locks new versions; includes new nested dependency resolutions and transitive upgrades. |
| .licenses/npm/undici-6.24.1.dep.yml | Updates undici license record version. |
| .licenses/npm/strnum.dep.yml | Updates strnum license record version. |
| .licenses/npm/path-expression-matcher.dep.yml | Adds new license record for a new transitive dependency. |
| .licenses/npm/fast-xml-parser.dep.yml | Updates fast-xml-parser license record version. |
| .licenses/npm/fast-xml-builder.dep.yml | Updates fast-xml-builder license record version. |
| .licenses/npm/brace-expansion.dep.yml | Updates brace-expansion license record version. |
| .licenses/npm/@actions/tool-cache.dep.yml | Updates tool-cache license record version. |
| .licenses/npm/@actions/io.dep.yml | Adds consolidated @actions/io license record at v2.0.0. |
| .licenses/npm/@actions/io-1.1.3.dep.yml | Removes old @actions/io license record. |
| .licenses/npm/@actions/glob.dep.yml | Updates glob license record version. |
| .licenses/npm/@actions/exec.dep.yml | Adds consolidated @actions/exec license record at v2.0.0. |
| .licenses/npm/@actions/exec-1.1.1.dep.yml | Removes old @actions/exec license record. |
| .licenses/npm/@actions/core.dep.yml | Updates core license record version. |
| .licenses/npm/@actions/core-1.11.1.dep.yml | Removes old @actions/core license record. |
| .licenses/npm/@actions/cache.dep.yml | Updates cache license record version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
lmvysakh
approved these changes
Apr 16, 2026
HarithaVattikuti
approved these changes
Apr 16, 2026
bjw-s
pushed a commit
to bjw-s-labs/action-changed-files
that referenced
this pull request
Apr 20, 2026
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-node](https://github.com/actions/setup-node) | action | minor | `v6.3.0` → `v6.4.0` | --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v6.4.0`](https://github.com/actions/setup-node/releases/tag/v6.4.0) [Compare Source](actions/setup-node@v6.3.0...v6.4.0) ##### What's Changed ##### Dependency updates: - Upgrade [@​actions](https://github.com/actions) dependencies by [@​Copilot](https://github.com/Copilot) in [#​1525](actions/setup-node#1525) - Update Node.js versions in versions.yml and bump package to v6.4.0 by [@​priya-kinthali](https://github.com/priya-kinthali) in [#​1533](actions/setup-node#1533) ##### New Contributors - [@​Copilot](https://github.com/Copilot) made their first contribution in [#​1525](actions/setup-node#1525) **Full Changelog**: <actions/setup-node@v6...v6.4.0> </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/Amsterdam) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9naXRodWItYWN0aW9uIiwicmVub3ZhdGUvZ2l0aHViLXJlbGVhc2UiLCJ0eXBlL21pbm9yIl19--> Reviewed-on: https://git.bjw-s.dev/bjw-s/action-changed-files/pulls/18
onap-github
pushed a commit
to onap/portal-ng-ui
that referenced
this pull request
Apr 22, 2026
Bumps actions/setup-node from 6.3.0 to 6.4.0. ## Release notes Sourced from actions/setup-node's releases. v6.4.0 What's Changed Dependency updates: Upgrade @actions dependencies by @Copilot in actions/setup-node#1525 Update Node.js versions in versions.yml and bump package to v6.4.0 by @priya-kinthali in actions/setup-node#1533 New Contributors @Copilot made their first contribution in actions/setup-node#1525 Full Changelog: actions/setup-node@v6...v6.4.0 ## Commits 48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533) ab72c7e Upgrade @actions dependencies (#1525) See full diff in compare view  Issue-ID: CIMAN-33 Signed-off-by: dependabot[bot] <support@github.com> Change-Id: Ic2fe2de13524d4424f21ab77ee1064f647aa9a2a GitHub-PR: #183 GitHub-Hash: 03249b1e9e2bf5d7 Signed-off-by: onap.gh2gerrit <releng+onap-gh2gerrit@linuxfoundation.org>
1 task
mergify Bot
added a commit
to ArcadeData/arcadedb-usecases
that referenced
this pull request
Apr 26, 2026
Bumps the github-actions group with 2 updates: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [actions/setup-node](https://github.com/actions/setup-node). Updates `anthropics/claude-code-action` from 1.0.101 to 1.0.107 Release notes *Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).* > v1.0.107 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.107> > > v1.0.106 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.106> > > v1.0.105 > -------- > > What's Changed > -------------- > > * fix: allow + in branch names (generated by Claude Code EnterWorktree) by [`@awakia`](https://github.com/awakia) in [anthropics/claude-code-action#1248](https://redirect.github.com/anthropics/claude-code-action/pull/1248) > > New Contributors > ---------------- > > * [`@awakia`](https://github.com/awakia) made their first contribution in [anthropics/claude-code-action#1248](https://redirect.github.com/anthropics/claude-code-action/pull/1248) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.105> > > v1.0.104 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.104> > > v1.0.103 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.103> > > v1.0.102 > -------- > > What's Changed > -------------- > > * chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#1238](https://redirect.github.com/anthropics/claude-code-action/pull/1238) > * docs: nit updates to security.md by [`@OctavianGuzu`](https://github.com/OctavianGuzu) in [anthropics/claude-code-action#1240](https://redirect.github.com/anthropics/claude-code-action/pull/1240) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.102> Commits * [`567fe95`](anthropics/claude-code-action@567fe95) chore: bump Claude Code to 2.1.119 and Agent SDK to 0.2.119 * [`2da6cfa`](anthropics/claude-code-action@2da6cfa) chore: bump Claude Code to 2.1.120 and Agent SDK to 0.2.120 * [`e58dfa5`](anthropics/claude-code-action@e58dfa5) chore: bump Claude Code to 2.1.119 and Agent SDK to 0.2.119 * [`6ee201f`](anthropics/claude-code-action@6ee201f) fix: allow + in branch names (generated by Claude Code EnterWorktree) ([#1248](https://redirect.github.com/anthropics/claude-code-action/issues/1248)) * [`b4d6741`](anthropics/claude-code-action@b4d6741) chore: bump Claude Code to 2.1.118 and Agent SDK to 0.2.118 * [`4e5d8b1`](anthropics/claude-code-action@4e5d8b1) chore: bump Claude Code to 2.1.117 and Agent SDK to 0.2.117 * [`5d5c10a`](anthropics/claude-code-action@5d5c10a) chore: bump Claude Code to 2.1.116 and Agent SDK to 0.2.116 * [`632a368`](anthropics/claude-code-action@632a368) docs: nit updates to security.md ([#1240](https://redirect.github.com/anthropics/claude-code-action/issues/1240)) * [`4c682d8`](anthropics/claude-code-action@4c682d8) chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) ([#1238](https://redirect.github.com/anthropics/claude-code-action/issues/1238)) * See full diff in [compare view](anthropics/claude-code-action@38ec876...567fe95) Updates `actions/setup-node` from 6.3.0 to 6.4.0 Release notes *Sourced from [actions/setup-node's releases](https://github.com/actions/setup-node/releases).* > v6.4.0 > ------ > > What's Changed > -------------- > > ### Dependency updates: > > * Upgrade [`@actions`](https://github.com/actions) dependencies by [`@Copilot`](https://github.com/Copilot) in [actions/setup-node#1525](https://redirect.github.com/actions/setup-node/pull/1525) > * Update Node.js versions in versions.yml and bump package to v6.4.0 by [`@priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-node#1533](https://redirect.github.com/actions/setup-node/pull/1533) > > New Contributors > ---------------- > > * [`@Copilot`](https://github.com/Copilot) made their first contribution in [actions/setup-node#1525](https://redirect.github.com/actions/setup-node/pull/1525) > > **Full Changelog**: <actions/setup-node@v6...v6.4.0> Commits * [`48b55a0`](actions/setup-node@48b55a0) Update Node.js versions in versions.yml and bump package to v6.4.0 ([#1533](https://redirect.github.com/actions/setup-node/issues/1533)) * [`ab72c7e`](actions/setup-node@ab72c7e) Upgrade [`@actions`](https://github.com/actions) dependencies ([#1525](https://redirect.github.com/actions/setup-node/issues/1525)) * See full diff in [compare view](actions/setup-node@53b8394...48b55a0) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
mergify Bot
added a commit
to ArcadeData/arcadedb
that referenced
this pull request
Apr 27, 2026
Bumps the github-actions group with 4 updates: [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions), [actions/cache](https://github.com/actions/cache), [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [actions/setup-node](https://github.com/actions/setup-node). Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 5.0.3 to 5.0.4 Release notes *Sourced from [zgosalvez/github-actions-ensure-sha-pinned-actions's releases](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases).* > v5.0.4 > ------ > > What's Changed > -------------- > > * Bump picomatch from 2.3.1 to 2.3.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#302](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/302) > * Bump eslint from 10.0.3 to 10.1.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#301](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/301) > * Bump brace-expansion by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#303](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/303) > * Bump yaml from 2.8.2 to 2.8.3 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#300](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/300) > > **Full Changelog**: <zgosalvez/github-actions-ensure-sha-pinned-actions@v5...v5.0.4> Commits * [`ca46236`](zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236) Bump yaml from 2.8.2 to 2.8.3 ([#300](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/300)) * [`c1f725e`](zgosalvez/github-actions-ensure-sha-pinned-actions@c1f725e) Bump brace-expansion ([#303](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/303)) * [`2a0679d`](zgosalvez/github-actions-ensure-sha-pinned-actions@2a0679d) Bump eslint from 10.0.3 to 10.1.0 ([#301](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/301)) * [`4533f2e`](zgosalvez/github-actions-ensure-sha-pinned-actions@4533f2e) Bump picomatch from 2.3.1 to 2.3.2 ([#302](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/302)) * See full diff in [compare view](zgosalvez/github-actions-ensure-sha-pinned-actions@v5.0.3...ca46236) Updates `actions/cache` from 5.0.4 to 5.0.5 Release notes *Sourced from [actions/cache's releases](https://github.com/actions/cache/releases).* > v5.0.5 > ------ > > What's Changed > -------------- > > * Update ts-http-runtime dependency by [`@yacaovsnc`](https://github.com/yacaovsnc) in [actions/cache#1747](https://redirect.github.com/actions/cache/pull/1747) > > **Full Changelog**: <actions/cache@v5...v5.0.5> Changelog *Sourced from [actions/cache's changelog](https://github.com/actions/cache/blob/main/RELEASES.md).* > Releases > ======== > > How to prepare a release > ------------------------ > > > [!NOTE] > > Relevant for maintainers with write access only. > > 1. Switch to a new branch from `main`. > 2. Run `npm test` to ensure all tests are passing. > 3. Update the version in [`https://github.com/actions/cache/blob/main/package.json`](https://github.com/actions/cache/blob/main/package.json). > 4. Run `npm run build` to update the compiled files. > 5. Update this [`https://github.com/actions/cache/blob/main/RELEASES.md`](https://github.com/actions/cache/blob/main/RELEASES.md) with the new version and changes in the `## Changelog` section. > 6. Run `licensed cache` to update the license report. > 7. Run `licensed status` and resolve any warnings by updating the [`https://github.com/actions/cache/blob/main/.licensed.yml`](https://github.com/actions/cache/blob/main/.licensed.yml) file with the exceptions. > 8. Commit your changes and push your branch upstream. > 9. Open a pull request against `main` and get it reviewed and merged. > 10. Draft a new release <https://github.com/actions/cache/releases> use the same version number used in `package.json` > 1. Create a new tag with the version number. > 2. Auto generate release notes and update them to match the changes you made in `RELEASES.md`. > 3. Toggle the set as the latest release option. > 4. Publish the release. > 11. Navigate to <https://github.com/actions/cache/actions/workflows/release-new-action-version.yml> > 1. There should be a workflow run queued with the same version number. > 2. Approve the run to publish the new version and update the major tags for this action. > > Changelog > --------- > > ### 5.0.4 > > * Bump `minimatch` to v3.1.5 (fixes ReDoS via globstar patterns) > * Bump `undici` to v6.24.1 (WebSocket decompression bomb protection, header validation fixes) > * Bump `fast-xml-parser` to v5.5.6 > > ### 5.0.3 > > * Bump `@actions/cache` to v5.0.5 (Resolves: <https://github.com/actions/cache/security/dependabot/33>) > * Bump `@actions/core` to v2.0.3 > > ### 5.0.2 > > * Bump `@actions/cache` to v5.0.3 [#1692](https://redirect.github.com/actions/cache/pull/1692) > > ### 5.0.1 > > * Update `@azure/storage-blob` to `^12.29.1` via `@actions/cache@5.0.1` [#1685](https://redirect.github.com/actions/cache/pull/1685) > > ### 5.0.0 > > > [!IMPORTANT] > > `actions/cache@v5` runs on the Node.js 24 runtime and requires a minimum Actions Runner version of `2.327.1`. ... (truncated) Commits * [`27d5ce7`](actions/cache@27d5ce7) Merge pull request [#1747](https://redirect.github.com/actions/cache/issues/1747) from actions/yacaovsnc/update-dependency * [`f280785`](actions/cache@f280785) licensed changes * [`619aeb1`](actions/cache@619aeb1) npm run build generated dist files * [`bcf16c2`](actions/cache@bcf16c2) Update ts-http-runtime to 0.3.5 * See full diff in [compare view](actions/cache@v5.0.4...27d5ce7) Updates `anthropics/claude-code-action` from 1.0.101 to 1.0.107 Release notes *Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).* > v1.0.107 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.107> > > v1.0.106 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.106> > > v1.0.105 > -------- > > What's Changed > -------------- > > * fix: allow + in branch names (generated by Claude Code EnterWorktree) by [`@awakia`](https://github.com/awakia) in [anthropics/claude-code-action#1248](https://redirect.github.com/anthropics/claude-code-action/pull/1248) > > New Contributors > ---------------- > > * [`@awakia`](https://github.com/awakia) made their first contribution in [anthropics/claude-code-action#1248](https://redirect.github.com/anthropics/claude-code-action/pull/1248) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.105> > > v1.0.104 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.104> > > v1.0.103 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.103> > > v1.0.102 > -------- > > What's Changed > -------------- > > * chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#1238](https://redirect.github.com/anthropics/claude-code-action/pull/1238) > * docs: nit updates to security.md by [`@OctavianGuzu`](https://github.com/OctavianGuzu) in [anthropics/claude-code-action#1240](https://redirect.github.com/anthropics/claude-code-action/pull/1240) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.102> Commits * [`567fe95`](anthropics/claude-code-action@567fe95) chore: bump Claude Code to 2.1.119 and Agent SDK to 0.2.119 * [`2da6cfa`](anthropics/claude-code-action@2da6cfa) chore: bump Claude Code to 2.1.120 and Agent SDK to 0.2.120 * [`e58dfa5`](anthropics/claude-code-action@e58dfa5) chore: bump Claude Code to 2.1.119 and Agent SDK to 0.2.119 * [`6ee201f`](anthropics/claude-code-action@6ee201f) fix: allow + in branch names (generated by Claude Code EnterWorktree) ([#1248](https://redirect.github.com/anthropics/claude-code-action/issues/1248)) * [`b4d6741`](anthropics/claude-code-action@b4d6741) chore: bump Claude Code to 2.1.118 and Agent SDK to 0.2.118 * [`4e5d8b1`](anthropics/claude-code-action@4e5d8b1) chore: bump Claude Code to 2.1.117 and Agent SDK to 0.2.117 * [`5d5c10a`](anthropics/claude-code-action@5d5c10a) chore: bump Claude Code to 2.1.116 and Agent SDK to 0.2.116 * [`632a368`](anthropics/claude-code-action@632a368) docs: nit updates to security.md ([#1240](https://redirect.github.com/anthropics/claude-code-action/issues/1240)) * [`4c682d8`](anthropics/claude-code-action@4c682d8) chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) ([#1238](https://redirect.github.com/anthropics/claude-code-action/issues/1238)) * See full diff in [compare view](anthropics/claude-code-action@38ec876...567fe95) Updates `actions/setup-node` from 6.3.0 to 6.4.0 Release notes *Sourced from [actions/setup-node's releases](https://github.com/actions/setup-node/releases).* > v6.4.0 > ------ > > What's Changed > -------------- > > ### Dependency updates: > > * Upgrade [`@actions`](https://github.com/actions) dependencies by [`@Copilot`](https://github.com/Copilot) in [actions/setup-node#1525](https://redirect.github.com/actions/setup-node/pull/1525) > * Update Node.js versions in versions.yml and bump package to v6.4.0 by [`@priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-node#1533](https://redirect.github.com/actions/setup-node/pull/1533) > > New Contributors > ---------------- > > * [`@Copilot`](https://github.com/Copilot) made their first contribution in [actions/setup-node#1525](https://redirect.github.com/actions/setup-node/pull/1525) > > **Full Changelog**: <actions/setup-node@v6...v6.4.0> Commits * [`48b55a0`](actions/setup-node@48b55a0) Update Node.js versions in versions.yml and bump package to v6.4.0 ([#1533](https://redirect.github.com/actions/setup-node/issues/1533)) * [`ab72c7e`](actions/setup-node@ab72c7e) Upgrade [`@actions`](https://github.com/actions) dependencies ([#1525](https://redirect.github.com/actions/setup-node/issues/1525)) * See full diff in [compare view](actions/setup-node@53b8394...48b55a0) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Upgrades the following
@actionstoolkit dependencies to their latest versions:@actions/core^1.11.1^2.0.3@actions/cache^5.0.1^5.0.5@actions/exec^1.1.1^2.0.0@actions/glob^0.5.0^0.5.1@actions/http-client^2.2.1^3.0.2@actions/tool-cache^2.0.2^3.0.1@actions/io^1.0.2^2.0.0Changes included:
package.jsonwith new version rangespackage-lock.jsonvianpm installnpm audit fixto address vulnerabilitiesdist/files vianpm run build.licenses/npm/files:cache.dep.yml: 5.0.1 → 5.0.5glob.dep.yml: 0.5.0 → 0.5.1tool-cache.dep.yml: 2.0.2 → 3.0.1core-1.11.1.dep.yml+core-2.0.1.dep.ymlwithcore.dep.ymlat 2.0.3undici-6.23.0.dep.ymlwithundici-6.24.1.dep.yml(transitive dep update)brace-expansion.dep.yml: 1.1.12 → 1.1.13 (transitive dep update)fast-xml-builder.dep.yml: 1.0.0 → 1.1.4 (transitive dep update)fast-xml-parser.dep.yml: 5.4.1 → 5.5.11 (transitive dep update)strnum.dep.yml: 2.1.2 → 2.2.3 (transitive dep update)path-expression-matcher.dep.yml: added new record for 1.4.0 (new transitive dep from fast-xml-parser upgrade)exec-1.1.1.dep.yml+exec-2.0.0.dep.ymlwithexec.dep.ymlat 2.0.0 (ranlicensed cache)io-1.1.3.dep.yml+io-2.0.0.dep.ymlwithio.dep.ymlat 2.0.0 (ranlicensed cache)Related issue:
Check list: