Skip to content

Update dependency @actions/core to v3 #573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency @actions/core to v3 #573

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
},
"dependencies": {
"@actions/artifact": "^6.0.0",
Copy link

@sentry sentry bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: A deep import from @actions/core/lib/summary.js will fail at runtime because v3.0.0 of the package is ESM-only and does not export this internal path.
Severity: CRITICAL

Suggested Fix

Update the import statement to use the main package entry point, which is a supported public API. Change the import from import type { SummaryTableRow } from '@actions/core/lib/summary.js'; to import type { SummaryTableRow } from '@actions/core';.

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/actions/package.json#L14

Potential issue: The code imports a type using a deep path: `import type {
SummaryTableRow } from '@actions/core/lib/summary.js';`. While this compiles
successfully due to the `"moduleResolution": "bundler"` setting, it will cause a runtime
failure. The build configuration marks `@actions/core` as an external package, so the
import is resolved by Node.js when the action runs. The updated v3.0.0 of
`@actions/core` is ESM-only and does not expose this internal path in its `package.json`
exports map. This will result in an `ERR_PACKAGE_PATH_NOT_EXPORTED` error, causing the
GitHub Action to crash on startup.

Did we get this right? 👍 / 👎 to inform future reviews.

"@actions/core": "^1.11.1",
"@actions/core": "^3.0.0",
"@actions/exec": "^3.0.0",
"es-toolkit": "^1.44.0",
"snyk-nodejs-lockfile-parser": "^2.4.2"
Expand Down
54 changes: 1 addition & 53 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,6 @@ __metadata:
languageName: node
linkType: hard

"@actions/core@npm:^1.11.1":
version: 1.11.1
resolution: "@actions/core@npm:1.11.1"
dependencies:
"@actions/exec": "npm:^1.1.1"
"@actions/http-client": "npm:^2.0.1"
checksum: 10c0/9aa30b397d8d0dbc74e69fe46b23fb105cab989beb420c57eacbfc51c6804abe8da0f46973ca9f639d532ea4c096d0f4d37da0223fbe94f304fa3c5f53537c30
languageName: node
linkType: hard

"@actions/core@npm:^3.0.0":
version: 3.0.0
resolution: "@actions/core@npm:3.0.0"
Expand All @@ -47,15 +37,6 @@ __metadata:
languageName: node
linkType: hard

"@actions/exec@npm:^1.1.1":
version: 1.1.1
resolution: "@actions/exec@npm:1.1.1"
dependencies:
"@actions/io": "npm:^1.0.1"
checksum: 10c0/4a09f6bdbe50ce68b5cf8a7254d176230d6a74bccf6ecc3857feee209a8c950ba9adec87cc5ecceb04110182d1c17117234e45557d72fde6229b7fd3a395322a
languageName: node
linkType: hard

"@actions/exec@npm:^3.0.0":
version: 3.0.0
resolution: "@actions/exec@npm:3.0.0"
Expand All @@ -80,16 +61,6 @@ __metadata:
languageName: node
linkType: hard

"@actions/http-client@npm:^2.0.1":
version: 2.2.3
resolution: "@actions/http-client@npm:2.2.3"
dependencies:
tunnel: "npm:^0.0.6"
undici: "npm:^5.25.4"
checksum: 10c0/13141b66a42aa4afd8c50f7479e13a5cdb5084ccb3c73ec48894b8029743389a3d2bf8cdc18e23fb70cd33995740526dd308815613907571e897c3aa1e5eada6
languageName: node
linkType: hard

"@actions/http-client@npm:^3.0.2":
version: 3.0.2
resolution: "@actions/http-client@npm:3.0.2"
Expand All @@ -110,13 +81,6 @@ __metadata:
languageName: node
linkType: hard

"@actions/io@npm:^1.0.1":
version: 1.1.3
resolution: "@actions/io@npm:1.1.3"
checksum: 10c0/5b8751918e5bf0bebd923ba917fb1c0e294401e7ff0037f32c92a4efa4215550df1f6633c63fd4efb2bdaae8711e69b9e36925857db1f38935ff62a5c92ec29e
languageName: node
linkType: hard

"@actions/io@npm:^3.0.2":
version: 3.0.2
resolution: "@actions/io@npm:3.0.2"
Expand Down Expand Up @@ -2655,13 +2619,6 @@ __metadata:
languageName: node
linkType: hard

"@fastify/busboy@npm:^2.0.0":
version: 2.1.1
resolution: "@fastify/busboy@npm:2.1.1"
checksum: 10c0/6f8027a8cba7f8f7b736718b013f5a38c0476eea67034c94a0d3c375e2b114366ad4419e6a6fa7ffc2ef9c6d3e0435d76dd584a7a1cbac23962fda7650b579e3
languageName: node
linkType: hard

"@floating-ui/core@npm:^1.7.4":
version: 1.7.4
resolution: "@floating-ui/core@npm:1.7.4"
Expand Down Expand Up @@ -4497,7 +4454,7 @@ __metadata:
resolution: "@sourceacademy/modules-github-actions@workspace:.github/actions"
dependencies:
"@actions/artifact": "npm:^6.0.0"
"@actions/core": "npm:^1.11.1"
"@actions/core": "npm:^3.0.0"
"@actions/exec": "npm:^3.0.0"
"@sourceacademy/modules-repotools": "workspace:^"
"@types/node": "npm:^22.15.30"
Expand Down Expand Up @@ -17531,15 +17488,6 @@ __metadata:
languageName: node
linkType: hard

"undici@npm:^5.25.4":
version: 5.29.0
resolution: "undici@npm:5.29.0"
dependencies:
"@fastify/busboy": "npm:^2.0.0"
checksum: 10c0/e4e4d631ca54ee0ad82d2e90e7798fa00a106e27e6c880687e445cc2f13b4bc87c5eba2a88c266c3eecffb18f26e227b778412da74a23acc374fca7caccec49b
languageName: node
linkType: hard

"undici@npm:^6.23.0":
version: 6.23.0
resolution: "undici@npm:6.23.0"
Expand Down
Loading