Update selected packages to consume @actions/http-client@3.0.1

[Copilot]

Updates selected packages to consume @actions/http-client@3.0.1 and prepares patch releases where needed.

Package Updates

• @actions/artifact 5.0.1 → 5.0.2 (^3.0.0 → ^3.0.1)
• @actions/cache 5.0.1 → 5.0.2 (^3.0.0 → ^3.0.1)
• @actions/core 2.0.1 → 2.0.2 (^3.0.0 → ^3.0.1)
• @actions/attest 2.1.0 (unchanged - remains with ^2.2.3)
• @actions/github 6.0.1 (unchanged - remains with ^2.2.0)
• @actions/tool-cache 2.0.2 (unchanged - remains with ^2.0.1)

Additional Changes

• Regenerated package-lock.json files with updated http-client dependency
• Fixed package-lock.json to correctly mark typescript as dev dependency

The artifact, cache, and core packages now reference the latest http-client patch version (3.0.1). The attest, github, and tool-cache packages remain unchanged as they do not require updates at this time.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[TingluoHuang]

@copilot don't create new release for this action

[Copilot]

Reverted the version back to 2.1.0 while keeping the http-client dependency update to ^3.0.1 in commit d3a0fb2.

[TingluoHuang]

@copilot don't update this package as well.

[Copilot]

Reverted github package to version 6.0.1 with http-client ^2.2.0 in commit 3a3b073.

[TingluoHuang]

@copilot also not this one.

[Copilot]

Reverted tool-cache package to version 2.0.2 with http-client ^2.0.1 in commit 3a3b073.

[TingluoHuang]

@copilot undo this one.

[Copilot]

Removed .nx/ from .gitignore in commit 3a3b073.

[TingluoHuang]

@copilot undo change to this.

[Copilot]

Reverted http-client dependency in attest package back to ^2.2.3 in commit 2a9d836.

[TingluoHuang]

@copilot you have CI failure.

[Copilot]

@copilot you have CI failure.

The CI failure is a flaky test in packages/http-client/__tests__/basics.test.ts - the "does basic http patch request" test failed because the external service (postman-echo.com) returned a 520 error. This is unrelated to the dependency updates in this PR. All other tests (663/664) passed, and the Windows and macOS builds succeeded. Re-running the failed job should resolve this.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• postman-echo.com
  • Triggering command: /usr/local/bin/node node /home/REDACTED/work/toolkit/toolkit/node_modules/.bin/jest --testTimeout 70000 --testNamePattern=does basic http patch request --testPathPattern=basics.test.ts --global e (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

This PR updates three packages (@actions/core, @actions/cache, and @actions/artifact) to consume the latest patch version of @actions/http-client (3.0.1), applying appropriate patch version bumps to each consuming package.

• Updates @actions/http-client dependency from ^3.0.0 to ^3.0.1 in core, cache, and artifact packages
• Bumps package versions: core 2.0.1→2.0.2, cache 5.0.1→5.0.2, artifact 5.0.1→5.0.2
• Regenerates package-lock.json files with correct dependency resolution and integrity hashes

Reviewed changes

Copilot reviewed 3 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/core/package.json	Version bump to 2.0.2 and http-client dependency update to ^3.0.1
packages/core/package-lock.json	Lockfile regeneration with http-client 3.0.1 resolution
packages/cache/package.json	Version bump to 5.0.2 and http-client dependency update to ^3.0.1
packages/cache/package-lock.json	Lockfile regeneration with http-client 3.0.1 resolution
packages/artifact/package.json	Version bump to 5.0.2 and http-client dependency update to ^3.0.1
packages/artifact/package-lock.json	Lockfile regeneration with http-client 3.0.1 resolution

Files not reviewed (3)

• packages/artifact/package-lock.json: Language not supported
• packages/cache/package-lock.json: Language not supported
• packages/core/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.