[depSync] Dependency Update: @actions/core #23
Description
Dependency Update Required: @actions/core
depSync detected an outdated dependency and prepared a compact remediation context for stateless follow-up automation.
Impact
- Latest version:
3.0.0 - Current versions:
^1.11.1 - Risk level: HIGH
1. Summary
The @actions/core dependency is structurally widespread throughout the depsync service. It serves as the primary mechanism for interacting with the GitHub Actions runtime, handling input configuration (getInput) and recording execution logs (info, warning, error, debug, and setFailed) across workflows, commands, infrastructure, and core logic.
2. Risk
The migration risk is moderate. Since the dependency is deeply integrated into the main entry points and heavily utilized for workflow execution control, any breaking changes to input parsing or logging methods could cause the action to crash, fail silently, or report incorrect execution statuses.
3. Recommended migration focus
Migration efforts should prioritize testing the main entry points and workflow handlers where the execution context is established and reported. Focus specifically on verifying:
/home/runner/work/depSync/depSync/src/index.ts(highest risk due to extensivegetInputandsetFailedusage)/home/runner/work/depSync/depSync/src/workflows/scan.workflow.ts/home/runner/work/depSync/depSync/src/workflows/chatops.workflow.ts/home/runner/work/depSync/depSync/src/commands/fix.command.ts
Additionally, ensure that the dependency injection interfaces wrapping @actions/core methods in src/clients/notifier.ts and src/core/scanner/scanner.ts remain compatible with the updated API.
Affected Packages
| Package | Description | Footprint |
|---|---|---|
| depsync | No description | 11 files |
ChatOps Commands
/fix: Rebuild focused context, generate code changes, and open a Pull Request./close: Close the issue and clean up any legacy session state if present.
This issue was generated by depSync.