Prepare cache v5 release #2194
Prepare cache v5 release #2194
Conversation
salmanmkc
force-pushed
the
prepare-cache-release-v5.0.0
branch
from
40cee30 to
b046462
Compare
There was a problem hiding this comment.
Pull request overview
This PR prepares the @actions/cache package for its v5.0.0 release by upgrading all @actions dependencies to their latest major versions, ensuring compatibility with Node.js 24 and addressing security vulnerabilities.
Key Changes:
- Major version bumps for all @actions dependencies (
@actions/core,@actions/exec,@actions/glob,@actions/http-client, and@actions/io) - Updated documentation to reference v5.0.0 instead of v4.0.0
- Node.js 24 support and node-fetch override for security
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| packages/cache/package.json | Updated all @actions dependencies from v1.x/v0.x/v2.x to their latest major versions (v2.x/v0.5.x/v3.x) |
| packages/cache/package-lock.json | Synchronized lockfile with updated dependencies, including proper nested dependency resolution for packages with conflicting version requirements |
| packages/cache/RELEASES.md | Added v5.0.0 release notes documenting the dependency upgrades and new Node.js 24 support |
| packages/cache/README.md | Updated version references from 4.0.0 to 5.0.0 in the important changes section |
Files not reviewed (1)
- packages/cache/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Removed `@azure/ms-rest-js` dependency to fix Node.js 24+ punycode deprecation warning. - The `TransferProgressEvent` type is now imported from `@azure/core-rest-pipeline`. - Updated `package.json` to reflect the new dependency. - Updated tests to import `TransferProgressEvent` from the new package. - Updated `package-lock.json` to remove `@azure/ms-rest-js` and include `@azure/core-rest-pipeline`. - Bumped versions of several dependencies including `@azure/storage-blob` and `@azure/storage-common`.
|
https://www.npmjs.com/package/undici has a 7.x, but there are still things pulling in 5.x: toolkit/packages/cache/package-lock.json Line 100 in eb7ff84 |
This can be a follow up. It requires bumping another 3 packages which will delay this process even further. So far npm audit seems to be fine how it is, and we can look into bumping this later. |
|
Do note that https://www.npmjs.com/package/undici#user-content-long-term-support says:
|
Which is kinda important, since it's still included: toolkit/packages/artifact/package.json Line 46 in 2c52220 And it triggers:
|
Thanks, that's useful to know
As per core-http, will keep that in mind when upgrading artifact, thanks for pointing that out. Will keep it out of this PR though since this is for cache. |
I've made this PR, releases will need to follow at some point. #2205 Seems a bit more involved, I will work on trying to make it compatible. |
…eprecation warning
salmanmkc
force-pushed
the
prepare-cache-release-v5.0.0
branch
from
abc0556 to
cc6abe3
Compare
This pull request documents the release of version 5.0.0 for the
@actions/cachepackage, highlighting several dependency updates, a dependency removal, and node 24 support.