Open
Conversation
- @actions/core: ^1.11.1 → ^2.0.3 - @actions/cache: ^5.0.1 → ^5.0.5 - @actions/glob: ^0.5.0 → ^0.5.1 - @actions/http-client: ^2.2.1 → ^3.0.2 - @actions/tool-cache: ^2.0.2 → ^3.0.1 - @actions/io: ^1.0.2 → ^2.0.0 - Run npm audit fix - Update license files for new versions - Rebuild dist files Agent-Logs-Url: https://github.com/actions/setup-node/sessions/872a3dbf-9b85-446b-963b-9127718d9560 Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
gowridurgad
April 9, 2026 13:45
View session
Contributor
|
@copilot Fix the License failures |
Update 5 license records that were out of date after the dependency upgrade: - brace-expansion: 1.1.12 → 1.1.13 - fast-xml-builder: 1.0.0 → 1.1.4 - fast-xml-parser: 5.4.1 → 5.5.11 - strnum: 2.1.2 → 2.2.3 - path-expression-matcher: add new record (version 1.4.0, new transitive dep) Rebuild dist/ files to reflect updated lock file Agent-Logs-Url: https://github.com/actions/setup-node/sessions/fb0e70ce-ad19-48df-88a4-97f3bdc896cb Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Author
Fixed in commit
|
Contributor
|
@copilot, Upgrade @actions/exec from ^1.1.1 to ^2.0.0 Run the appropriate license commands such as licensed status and licensed cache and fix any licensing issues. |
- Upgrade @actions/exec from ^1.1.1 to ^2.0.0 in package.json - Update package-lock.json via npm install - Run `licensed cache` to regenerate license records: - Remove exec-1.1.1.dep.yml and exec-2.0.0.dep.yml (replaced by exec.dep.yml) - Remove io-1.1.3.dep.yml and io-2.0.0.dep.yml (replaced by io.dep.yml) - Create exec.dep.yml (v2.0.0) - single version now in tree - Create io.dep.yml (v2.0.0) - @actions/exec@1.1.1's nested io@1.1.3 removed - Rebuild dist/ files Agent-Logs-Url: https://github.com/actions/setup-node/sessions/24a1a530-6840-4445-8262-8342ec739e6d Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Author
Done in commit
|
priya-kinthali
approved these changes
Apr 15, 2026
There was a problem hiding this comment.
Pull request overview
Updates this action’s Node.js toolkit dependencies and associated lock/license metadata to newer @actions/* versions, aligning runtime dependencies with the latest toolkit releases.
Changes:
- Bumped
@actions/*runtime dependencies inpackage.json. - Refreshed
package-lock.json(including transitive upgrades fromnpm audit fix). - Updated
.licenses/npm/**records to reflect upgraded/added/removed dependencies.
Reviewed changes
Copilot reviewed 14 out of 19 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updates @actions/* dependency version ranges. |
| package-lock.json | Locks new versions; includes new nested dependency resolutions and transitive upgrades. |
| .licenses/npm/undici-6.24.1.dep.yml | Updates undici license record version. |
| .licenses/npm/strnum.dep.yml | Updates strnum license record version. |
| .licenses/npm/path-expression-matcher.dep.yml | Adds new license record for a new transitive dependency. |
| .licenses/npm/fast-xml-parser.dep.yml | Updates fast-xml-parser license record version. |
| .licenses/npm/fast-xml-builder.dep.yml | Updates fast-xml-builder license record version. |
| .licenses/npm/brace-expansion.dep.yml | Updates brace-expansion license record version. |
| .licenses/npm/@actions/tool-cache.dep.yml | Updates tool-cache license record version. |
| .licenses/npm/@actions/io.dep.yml | Adds consolidated @actions/io license record at v2.0.0. |
| .licenses/npm/@actions/io-1.1.3.dep.yml | Removes old @actions/io license record. |
| .licenses/npm/@actions/glob.dep.yml | Updates glob license record version. |
| .licenses/npm/@actions/exec.dep.yml | Adds consolidated @actions/exec license record at v2.0.0. |
| .licenses/npm/@actions/exec-1.1.1.dep.yml | Removes old @actions/exec license record. |
| .licenses/npm/@actions/core.dep.yml | Updates core license record version. |
| .licenses/npm/@actions/core-1.11.1.dep.yml | Removes old @actions/core license record. |
| .licenses/npm/@actions/cache.dep.yml | Updates cache license record version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Upgrades the following
@actionstoolkit dependencies to their latest versions:@actions/core^1.11.1^2.0.3@actions/cache^5.0.1^5.0.5@actions/exec^1.1.1^2.0.0@actions/glob^0.5.0^0.5.1@actions/http-client^2.2.1^3.0.2@actions/tool-cache^2.0.2^3.0.1@actions/io^1.0.2^2.0.0Changes included:
package.jsonwith new version rangespackage-lock.jsonvianpm installnpm audit fixto address vulnerabilitiesdist/files vianpm run build.licenses/npm/files:cache.dep.yml: 5.0.1 → 5.0.5glob.dep.yml: 0.5.0 → 0.5.1tool-cache.dep.yml: 2.0.2 → 3.0.1core-1.11.1.dep.yml+core-2.0.1.dep.ymlwithcore.dep.ymlat 2.0.3undici-6.23.0.dep.ymlwithundici-6.24.1.dep.yml(transitive dep update)brace-expansion.dep.yml: 1.1.12 → 1.1.13 (transitive dep update)fast-xml-builder.dep.yml: 1.0.0 → 1.1.4 (transitive dep update)fast-xml-parser.dep.yml: 5.4.1 → 5.5.11 (transitive dep update)strnum.dep.yml: 2.1.2 → 2.2.3 (transitive dep update)path-expression-matcher.dep.yml: added new record for 1.4.0 (new transitive dep from fast-xml-parser upgrade)exec-1.1.1.dep.yml+exec-2.0.0.dep.ymlwithexec.dep.ymlat 2.0.0 (ranlicensed cache)io-1.1.3.dep.yml+io-2.0.0.dep.ymlwithio.dep.ymlat 2.0.0 (ranlicensed cache)Related issue:
Check list: