Skip to content

Bump the major group across 1 directory with 4 updates#107

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/update-completed-sprint-on-issue-closed/major-911366c8d8
Open

Bump the major group across 1 directory with 4 updates#107
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/update-completed-sprint-on-issue-closed/major-911366c8d8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the major group with 4 updates in the /update-completed-sprint-on-issue-closed directory: @actions/core, @actions/github, @types/node and typescript.

Updates @actions/core from 1.10.0 to 3.0.1

Changelog

Sourced from @​actions/core's changelog.

3.0.1

  • Bump undici from 6.23.0 to 6.24.1 #2348

3.0.0

  • Breaking change: Package is now ESM-only
    • CommonJS consumers must use dynamic import() instead of require()

2.0.3

  • Bump @actions/http-client to 3.0.2

2.0.1

  • Bump @​actions/exec from 1.1.1 to 2.0.0 #2199

2.0.0

  • Add support for Node 24 #2110
  • Bump @​actions/http-client from 2.0.1 to 3.0.0

1.11.1

  • Fix uses of crypto.randomUUID on Node 18 and earlier #1842

1.11.0

  • Add platform info utilities #1551
  • Remove dependency on uuid package #1824

1.10.1

  • Fix error message reference in oidc utils #1511
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​actions/core since your current version.


Updates @actions/github from 5.1.1 to 9.1.1

Changelog

Sourced from @​actions/github's changelog.

9.1.1

  • Bump undici from 6.23.0 to 6.24.0 #2346

9.1.0

  • Append actions_orchestration_id to user-agent when the ACTIONS_ORCHESTRATION_ID environment variable is set #2364

9.0.0

  • Breaking change: Package is now ESM-only
    • CommonJS consumers must use dynamic import() instead of require()
    • Example: const { getOctokit, context } = await import('@actions/github')
  • Fix TypeScript compilation by migrating to ESM, enabling proper imports from @octokit/core/types

8.0.1

  • Update undici to 6.23.0
  • Update @actions/http-client to 3.0.2

8.0.0

  • Update @​octokit dependencies
    • @octokit/core ^7.0.6
    • @octokit/plugin-paginate-rest ^14.0.0
    • @octokit/plugin-rest-endpoint-methods ^17.0.0
    • @octokit/request ^10.0.7
    • @octokit/request-error ^7.1.0
  • Breaking change: Minimum Node.js version is now 20 (previously 18)

7.0.0

  • Update to v3.0.1 of @actions/http-client

6.0.1

  • Dependency updates #2043
  • Add context.runAttempt #1588

6.0.0

  • Support the latest Octokit in @​actions/github #1553
    • Drop support of NodeJS v14, v16
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​actions/github since your current version.


Updates @types/node from 18.15.11 to 25.9.3

Commits

Updates typescript from 5.0.4 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

TypeScript 5.9

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

... (truncated)

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Copilot AI review requested due to automatic review settings June 8, 2026 13:26
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
Copilot AI reviewed Jun 8, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@socket-security

socket-security Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​types/​node@​18.15.11 ⏵ 25.9.31001008196 +1100
Updated@​actions/​github@​5.1.1 ⏵ 9.1.197100100 +188100
Updated@​actions/​core@​1.10.0 ⏵ 3.0.199 +110010088100
Updatedtypescript@​5.0.4 ⏵ 6.0.3100 +110090 +19590

View full report

@socket-security

socket-security Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm typescript under MIT-Khronos-old

License: MIT-Khronos-old - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

From: update-completed-sprint-on-issue-closed/package-lock.jsonnpm/typescript@6.0.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot
Bump the major group across 1 directory with 4 updates
1d2f4f4 
Bumps the major group with 4 updates in the /update-completed-sprint-on-issue-closed directory: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@actions/core` from 1.10.0 to 3.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@actions/github` from 5.1.1 to 9.1.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `@types/node` from 18.15.11 to 25.9.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `typescript` from 5.0.4 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.0.4...v6.0.3)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@actions/github"
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/node"
  dependency-version: 25.9.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the major group in /update-completed-sprint-on-issue-closed with 4 updates Bump the major group across 1 directory with 4 updates Jun 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/update-completed-sprint-on-issue-closed/major-911366c8d8 branch from 1a01d18 to 1d2f4f4 Compare June 14, 2026 02:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant