Skip to content

build(deps): bump @actions/core from 2.0.2 to 3.0.1#272

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/actions/core-3.0.1
Closed

build(deps): bump @actions/core from 2.0.2 to 3.0.1#272
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/actions/core-3.0.1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026
edited
Loading

Bumps @actions/core from 2.0.2 to 3.0.1.

Changelog

Sourced from @​actions/core's changelog.

3.0.1

  • Bump undici from 6.23.0 to 6.24.1 #2348

3.0.0

  • Breaking change: Package is now ESM-only
    • CommonJS consumers must use dynamic import() instead of require()

2.0.3

  • Bump @actions/http-client to 3.0.2

2.0.1

  • Bump @​actions/exec from 1.1.1 to 2.0.0 #2199

2.0.0

  • Add support for Node 24 #2110
  • Bump @​actions/http-client from 2.0.1 to 3.0.0

1.11.1

  • Fix uses of crypto.randomUUID on Node 18 and earlier #1842

1.11.0

  • Add platform info utilities #1551
  • Remove dependency on uuid package #1824

1.10.1

  • Fix error message reference in oidc utils #1511

1.10.0

  • saveState and setOutput now use environment files if available #1178
  • getMultilineInput now correctly trims whitespace by default #1185

1.9.1

  • Randomize delimiter when calling core.exportVariable

1.9.0

  • Added toPosixPath, toWin32Path and toPlatformPath utilities #1102

1.8.2

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file npm labels Apr 22, 2026
@github-actions github-actions Bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Apr 22, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 22, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​actions/​core@​2.0.2 ⏵ 3.0.1100 +2100100100 +14100

View full report

@guibranco guibranco enabled auto-merge (squash) April 22, 2026 05:34
@gstraccini gstraccini Bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Apr 22, 2026
guibranco
guibranco approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@guibranco guibranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@gstraccini gstraccini Bot added the 🤖 bot Automated processes or integrations label Apr 22, 2026
@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented Apr 22, 2026
edited
Loading

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes. Give us feedback

@guibranco
Copy link
Copy Markdown
Owner

guibranco commented Apr 22, 2026

@dependabot recreate

@dependabot
build(deps): bump @actions/core from 2.0.2 to 3.0.1
259772a 
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 2.0.2 to 3.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/actions/core-3.0.1 branch from 3c2cb95 to 259772a Compare April 22, 2026 05:38
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@guibranco guibranco closed this Apr 22, 2026
auto-merge was automatically disabled April 22, 2026 16:48

Pull request was closed

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 22, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/actions/core-3.0.1 branch April 22, 2026 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guibranco guibranco guibranco approved these changes

@gstraccini gstraccini[bot] gstraccini[bot] approved these changes

Assignees

@guibranco guibranco

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations dependencies Pull requests that update a dependency file npm size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@guibranco