Skip to content

Update dependency actions-toolkit to v5 #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency actions-toolkit to v5 #12

wants to merge 1 commit into from

Conversation

@dev-mend-for-github-com
Copy link

@dev-mend-for-github-com dev-mend-for-github-com bot commented Jan 12, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions-toolkit dependencies major ^4.0.0 -> ^5.0.0

By merging this PR, the issue #5 will be automatically resolved and closed:

Severity CVSS Score Vulnerability Reachability
Critical Critical 9.8 CVE-2021-44906
Medium Medium 5.6 CVE-2020-7598

Release Notes

JasonEtco/actions-toolkit (actions-toolkit)

v5.0.0

Compare Source

Breaking Changes

There are a couple of major improvements that are unfortunately breaking changes:

tools.context.issue returns a different object

Thanks to @​mheap, tools.context.issue now returns { owner, repo, issue_number } instead of { owner, repo, number }. This is due to a change in the Octokit SDK. To have parity with pull requests, there is now also tools.context.pullRequest, which returns { owner, repo, pull_number }.

See #​118 for more information!

Toolkit#getFile is now Toolkit#readFile

The getFile method has been renamed to readFile, and the behavior has changed. It now uses fs.promises.readFile under the hood, so it returns a promise:

const tools = new Toolkit({ ... })
const contents = await tools.readFile('README.md')

See #​121 for more information!

tools.store has been removed

This feature was added before the Actions runtime had a way to share data between actions. That now exists in the platform, as "outputs"! See #​125 for the removal of Store, and #​120 for it's "replacement", tools.outputs (thanks to @​abouroubi ✨):

tools.outputs.example = 'foo'
Toolkit#runInWorkspace is now Toolkit#exec

This method was useful, but @actions/exec is built more with the Actions runner in mind. So, now Toolkit#exec calls @actions/exec! This will be more stable for the finicky, ephemeral environments of Actions.

See #​123 for more information!

What’s Changed

  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Jan 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant