Skip to content

Bump @actions/* npm packages to latest versions #3368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Bump @actions/* npm packages to latest versions #3368

Copilot wants to merge 3 commits into from
+537,402 −456,110

Conversation

Copy link
Contributor

Copilot AI commented Dec 16, 2025
edited
Loading

Updates @actions/* npm packages to their latest major/minor versions:

  • @actions/artifact: ^4.0.0 → ^5.0.1
  • @actions/cache: ^4.1.0 → ^5.0.1
  • @actions/core: ^1.11.1 → ^2.0.1
  • @actions/exec: ^1.1.1 → ^2.0.0
  • @actions/github: ^6.0.0 → ^6.0.1

Packages already at latest: @actions/glob, @actions/http-client, @actions/io, @actions/tool-cache.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

  • Advanced setup - Impacts users who have custom CodeQL workflows.
  • Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.
  • CCR - The changes impact analyses for Copilot Code Reviews.
  • Third-party analyses - The changes affect the upload-sarif action.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com.
  • GHES - Impacts CodeQL workflows on GitHub Enterprise Server.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.
Original prompt

Make a PR that bumps the version of the @actions/* npm packages

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@henrymercer
Bump @actions/* npm packages to latest versions
db75d46 
Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>
Copilot AI changed the title [WIP] Update version of @actions npm packages Bump @actions/* npm packages to latest versions Dec 16, 2025
Copilot AI requested a review from henrymercer December 16, 2025 13:39
henrymercer
henrymercer reviewed Dec 16, 2025
View reviewed changes
@github-actions github-actions bot added the size/XS Should be very easy to review label Dec 16, 2025
@henrymercer henrymercer marked this pull request as ready for review December 16, 2025 13:46
@henrymercer henrymercer requested a review from a team as a code owner December 16, 2025 13:46
Copilot AI review requested due to automatic review settings December 16, 2025 13:46
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@henrymercer henrymercer henrymercer left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XS Should be very easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@henrymercer