[Snyk] Security upgrade @actions/core from 1.11.1 to 2.0.0

[ajhalili2006]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-UNDICI-14943963	551

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-272ea68e80b4c1987c44933fed42ea6f

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​actions/​core@​1.11.1 ⏵ 2.0.0	+2			-10

View full report

[Copilot]

Pull request overview

This PR upgrades @actions/core from version 1.11.1 to 2.0.0 to address a medium severity security vulnerability (SNYK-JS-UNDICI-14943963) related to resource allocation without limits in the undici dependency. The upgrade is a major version bump that includes breaking changes in the dependency chain.

Changes:

• Updated @actions/core from ^1.11.1 to ^2.0.0 in package.json
• Updated dependency tree in package-lock.json including @actions/http-client (2.2.1 → 3.0.2) and undici (5.29.0 → 6.23.0)
• Removed @fastify/busboy dependency as it's no longer required by undici 6.x

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates @actions/core to v2.0.0 to address security vulnerability
package-lock.json	Updates dependency tree including @actions/core, @actions/http-client, and undici; removes @fastify/busboy

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The dist folder needs to be rebuilt after updating dependencies. The action.yml specifies main: dist/index.js as the entry point, which is a bundled version of action.js and its dependencies created by running npm run package (or npm run build). When dependencies like @actions/core are updated, the dist folder must be regenerated to include the new versions. Please run npm run package and commit the updated dist/ files.