Summary
Upgrade the @actions/github dependency from v6.0.0 to v9.0.0 and @octokit/core from v5.0.1 to v7.0.6 (latest).
Current State
| Package |
Current Version |
Latest Version |
@actions/github |
^6.0.0 (resolved: 6.0.0) |
9.0.0 |
@octokit/core |
^5.0.1 (resolved: 5.0.1) |
7.0.6 |
Motivation
- The current dependencies are several major versions behind.
@actions/github v9 ships with the latest Octokit APIs, newer GitHub REST/GraphQL endpoint support, and security patches.@octokit/core v7+ includes performance improvements and bug fixes.- Keeping up with upstream major releases ensures compatibility with the latest GitHub platform features and avoids accumulating migration debt.
Breaking Changes to Address
@actions/github v9 is ESM-only, which is the main breaking change. Key migration considerations:
- ESM-only module:
require() calls must be replaced with import statements. Since this repo already uses TypeScript with ESM-style imports, this may be partially mitigated, but bundler configuration (esbuild) should be verified.
- Internal import paths: Imports from
@actions/github/lib/utils and @actions/github/lib/context may need updating if subpath exports have changed in v9.
- Plugin composition: The Octokit plugin model (
@octokit/plugin-retry, @octokit/plugin-request-log) should be tested for compatibility with the new core version.
- TypeScript types:
OctokitOptions from @octokit/core/dist-types/types and other type imports may have changed paths or shapes.
- Node.js version: The repo already requires Node.js >= 24, so runtime compatibility should not be an issue.
Affected Source Files
The following files import from @actions/github or @octokit/* and would need review:
src/main.ts — imports context, getOctokit, and defaults from @actions/githubsrc/async-function.ts — imports Context and GitHub types from @actions/githubsrc/retry-options.ts — imports OctokitOptions from @octokit/core
Suggested Approach
- Update
package.json dependencies to @actions/github@^9.0.0 and @octokit/core@^7.0.0
- Run
npm install and resolve any peer dependency conflicts
- Update import paths if subpath exports changed in v9
- Verify TypeScript compilation passes
- Verify esbuild bundling still works correctly with ESM input
- Run the existing test suite and fix any failures
- Test end-to-end in a workflow to confirm runtime behavior
Summary
Upgrade the
@actions/githubdependency from v6.0.0 to v9.0.0 and@octokit/corefrom v5.0.1 to v7.0.6 (latest).Current State
@actions/github^6.0.0(resolved: 6.0.0)@octokit/core^5.0.1(resolved: 5.0.1)Motivation
@actions/githubv9 ships with the latest Octokit APIs, newer GitHub REST/GraphQL endpoint support, and security patches.@octokit/corev7+ includes performance improvements and bug fixes.Breaking Changes to Address
@actions/githubv9 is ESM-only, which is the main breaking change. Key migration considerations:require()calls must be replaced withimportstatements. Since this repo already uses TypeScript with ESM-style imports, this may be partially mitigated, but bundler configuration (esbuild) should be verified.@actions/github/lib/utilsand@actions/github/lib/contextmay need updating if subpath exports have changed in v9.@octokit/plugin-retry,@octokit/plugin-request-log) should be tested for compatibility with the new core version.OctokitOptionsfrom@octokit/core/dist-types/typesand other type imports may have changed paths or shapes.Affected Source Files
The following files import from
@actions/githubor@octokit/*and would need review:src/main.ts— importscontext,getOctokit, anddefaultsfrom@actions/githubsrc/async-function.ts— importsContextandGitHubtypes from@actions/githubsrc/retry-options.ts— importsOctokitOptionsfrom@octokit/coreSuggested Approach
package.jsondependencies to@actions/github@^9.0.0and@octokit/core@^7.0.0npm installand resolve any peer dependency conflicts