Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

@actions/core

Ecosystem:
npm
Package URL:
pkg:npm/@actions/core
Total PRs:
1,792 Dependabot PRs
Latest PR:
6 days ago
Unique Repositories:
1,331 repositories
Unique Repos (30 days):
26 repositories
Security Advisories
Environment Variable Injection in GitHub Actions
GHSA-mfwh-5m23-j46w CVE-2020-15228 LOW published over 5 years ago • updated 13 days ago
### Impact The `@actions/core` npm module `addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a ...
@actions/core has Delimiter Injection Vulnerability in exportVariable
GHSA-7r3h-m5j6-3q42 CVE-2022-35954 MODERATE published almost 4 years ago • updated about 2 months ago
## Impact The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign ...
Recent PRs
RSS Feed
⬆ bump the npm-packages group across 1 directory with 28 updates

TheoGoudout/greensecops #11

1.11.1 → 3.0.1 Major PR
Open 6 days ago 2 comments
TheoGoudout
chore: Bump @actions/core from 3.0.0 to 3.0.1

richardrigutins/replace-in-files #480

3.0.0 → 3.0.1 Patch PR
Open 10 days ago 3 comments
richardrigutins
deps(deps): bump @actions/core from 1.11.1 to 3.0.1

23prime/sync-upstream #23

1.11.1 → 3.0.1 Major PR
Open 11 days ago 2 comments
23prime
chore(deps,action)(deps-dev): bump @actions/core from 1.11.1 to 2.0.3 in /action

actions-marketplace-validations/mcbuddy_testivai-oss #3

1.11.1 → 2.0.3 Major PR
Open 11 days ago 1 comment
actions-marketplace-validations
build: Bump the npm-dependencies group across 1 directory with 15 updates

borchero/terraform-plan-comment #116

3.0.0 → 3.0.1 Patch PR
Open 14 days ago 1 comment
borchero
Bump @actions/core from 1.10.1 to 3.0.1

ishandutta2007/beautiful-github-homepage #67

1.10.1 → 3.0.1 Major PR
Closed 15 days ago 2 comments
ishandutta2007
Bump the all group across 1 directory with 4 updates

SecretOnline/client-side-painting-variants #64

3.0.0 → 3.0.1 Patch PR
Open 16 days ago 1 comment
SecretOnline
Bump the actions-deps group across 1 directory with 11 updates

actions-marketplace-validations/contractify_label-and-assign #42

3.0.0 → 3.0.1 Patch PR
Open 16 days ago 1 comment
actions-marketplace-validations
chore(deps)(deps-dev): bump @actions/core from 1.11.1 to 3.0.1

mcbuddy/testivai-oss #47

1.11.1 → 3.0.1 Major PR
Open 16 days ago 1 comment
mcbuddy
chore(deps,action)(deps-dev): bump @actions/core from 1.11.1 to 2.0.3 in /action

mcbuddy/testivai-oss #43

1.11.1 → 2.0.3 Major PR
Open 16 days ago 1 comment
mcbuddy
build(deps-dev): bump @actions/core from 2.0.1 to 3.0.1

auricvex/readme-stats #2

2.0.1 → 3.0.1 Major PR
Open 17 days ago 1 comment
auricvex
Bump uuid and @actions/core

sealedsecurity/cla-github-action #1

1.10.0 → 1.11.1 Minor PR
Open 18 days ago 1 comment
sealedsecurity
Bump @actions/core from 3.0.0 to 3.0.1 in the npm-production group

kun1gund3/animated-spoon #5

3.0.0 → 3.0.1 Patch PR
Closed 21 days ago 1 comment
kun1gund3
Bump @actions/core from 1.11.1 to 3.0.1

datarobot-oss/review-router #7

1.11.1 → 3.0.1 Major PR
Open 21 days ago 1 comment
datarobot-oss
chore(deps): bump @actions/core from 1.6.0 to 3.0.1

Uncodedtech/metrics #808

1.6.0 → 3.0.1 Major PR
Open 23 days ago 1 comment
Uncodedtech
build(deps): bump @actions/core from 1.11.1 to 3.0.1

unloopedmido/contextlevy #8

1.11.1 → 3.0.1 Major PR
Closed 23 days ago 2 comments
unloopedmido
fix: bump uuid and @actions/core

meupatrocinio/release-please-action #2

1.10.1 → 1.11.1 Minor PR
Closed 25 days ago 1 comment
meupatrocinio
Bump the all group with 4 updates

SecretOnline/secrets-pack #3

3.0.0 → 3.0.1 Patch PR
Open 27 days ago 2 comments
SecretOnline
build(deps): Bump @actions/core from 1.11.1 to 3.0.1

ashlrai/binshield #16

1.11.1 → 3.0.1 Major PR
Open 27 days ago 1 comment
ashlrai
deps(deps): bump the production-dependencies group across 1 directory with 4 updates

anantacloud-actions/github-tag-action #7

3.0.0 → 3.0.1 Patch PR
Closed 29 days ago 2 comments
anantacloud-actions
Bump the security-all group across 1 directory with 9 updates

seven-io/github-action-sms #14

1.10.1 → 1.11.1 Minor PR
Closed 29 days ago 1 comment
seven-io
Bump the npm group across 1 directory with 8 updates

navikt/automerge-dependabot #81

3.0.0 → 3.0.1 Patch PR
Closed 30 days ago 2 comments
navikt
build(deps-dev): bump @actions/core from 2.0.1 to 3.0.1

Misha-Mayskiy/github-readme-stats #5

2.0.1 → 3.0.1 Major PR
Open about 1 month ago 1 comment
Misha-Mayskiy
chore(deps): Bump the npm-minor-and-patch group across 5 directories with 7 updates

Sidharthwin/A11yship #8

3.0.0 → 3.0.1 Patch PR
Open about 1 month ago 2 comments
Sidharthwin
build(deps-dev): bump @actions/core from 2.0.1 to 3.0.1

TsinbeiTech/github-readme-stats #11

2.0.1 → 3.0.1 Major PR
Open about 1 month ago 1 comment
TsinbeiTech
chore(deps): bump the github-action-dependencies group across 1 directory with 9 updates

77mdias/criptenv #23

1.11.1 → 3.0.1 Major PR
Open about 1 month ago 2 comments
77mdias
Bump @actions/core from 1.11.1 to 3.0.1

Boroycchuy/swift-coverage-action #10

1.11.1 → 3.0.1 Major PR
Closed about 1 month ago 1 comment
Boroycchuy
build(deps): bump @actions/core from 1.11.1 to 3.0.1

step-security/closed-issue-message #10

1.11.1 → 3.0.1 Major PR
Closed about 1 month ago 1 comment
step-security
Bump @actions/core from 3.0.0 to 3.0.1 in the npm-production group

pshevche/act-test-runner-example #2

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 2 comments
pshevche
chore(deps): bump the low group with 5 updates

nebetoxyz/create-pull-request--action #24

1.11.1 → 3.0.1 Major PR
Open about 1 month ago 1 comment
nebetoxyz
Bump @actions/core from 3.0.0 to 3.0.1

WordPress/plugin-check-action #569

3.0.0 → 3.0.1 Patch PR
Open about 1 month ago 1 comment
WordPress
chore(deps): bump the npm-dependencies group across 1 directory with 7 updates

Dev-kitx/smart-gh-release #46

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 4 comments
Dev-kitx
Bump the all group across 1 directory with 9 updates

buluma/ansible_galaxy_collection #272

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 2 comments
buluma
[Docs Site] Bump @actions/core from 1.11.1 to 3.0.1

Mescal0/sitoweb-bottega2011 #9

1.11.1 → 3.0.1 Major PR
Open about 1 month ago 2 comments
Mescal0
chore(deps): bump @actions/core from 1.11.1 to 3.0.1

kirankotari/ossguard-app #6

1.11.1 → 3.0.1 Major PR
Open about 1 month ago 2 comments
kirankotari
Build(deps): Bump the all-minor-patch group across 1 directory with 8 updates

ChecKMarKDevTools/delegate-action #56

3.0.0 → 3.0.1 Patch PR
Open about 1 month ago 3 comments
ChecKMarKDevTools
Bump the npm group across 1 directory with 11 updates

framna-dk/actions #193

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 1 comment
framna-dk
Bump the npm-production group across 1 directory with 4 updates

BelmoMusta/github-actions-tag-sha-verifier #16

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 1 comment
BelmoMusta
build(deps): bump the deps group across 1 directory with 56 updates

scala-steward-org/scala-steward-action #814

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 1 comment
scala-steward-org
build(deps-dev): bump @actions/core from 2.0.1 to 3.0.1

shelvia-w/shelvia-github-readme-stats #11

2.0.1 → 3.0.1 Major PR
Open about 1 month ago 1 comment
shelvia-w
chore(deps,action)(deps-dev): bump @actions/core from 1.11.1 to 3.0.1 in /action

mcbuddy/testivai-oss #6

1.11.1 → 3.0.1 Major PR
Closed about 1 month ago 3 comments
mcbuddy
chore(deps): bump the version-updates group across 1 directory with 21 updates

lets-release/lets-release #68

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 1 comment
lets-release
build(deps): bump @actions/core from 3.0.0 to 3.0.1

bitflight-devops/github-action-readme-generator #547

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 2 comments
bitflight-devops
Bump the node group across 1 directory with 14 updates

actions-marketplace-validations/conda-incubator_setup-conda-standalone #10

3.0.0 → 3.0.1 Patch PR
Closed about 1 month ago 1 comment
actions-marketplace-validations
Bump the npm_and_yarn group across 1 directory with 18 updates

loveyou001/upload-release-asset #1

1.0.0 → 1.9.1 Minor PR
Open about 1 month ago 1 comment
loveyou001
Bump the actions-deps group across 1 directory with 10 updates

actions-marketplace-validations/contractify_label-and-assign #41

3.0.0 → 3.0.1 Patch PR
Open about 1 month ago 1 comment
actions-marketplace-validations
fix(deps): bump the minor-patch-updates group across 1 directory with 56 updates

Cognigy/Cognigy-CLI #493

3.0.0 → 3.0.1 Patch PR
Open about 1 month ago 1 comment
Cognigy
Bump the update-dependencies group with 16 updates

sevy123/S #1

3.0.0 → 3.0.1 Patch PR
Open about 1 month ago 1 comment
sevy123
chore(deps): bump @actions/core from 3.0.0 to 3.0.1

FrancoStino/github-contribution-card #13

3.0.0 → 3.0.1 Patch PR
Open about 2 months ago 1 comment
FrancoStino
chore(deps): bump uuid and @actions/core

Emadalshamery/is-my-node-vulnerable #5

1.10.0 → 1.11.1 Minor PR
Open about 2 months ago 2 comments
Emadalshamery
Package Details
Name: @actions/core
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/@actions/core
JSON API: View JSON
Security Advisories

2

Active advisories
MODERATE 1
LOW 1
View All npm Advisories
Package Information
Description:

Actions core lib

Repository: https://github.com/actions/toolkit
Homepage: https://github.com/actions/toolkit/tree/main/packages/core
Latest Release: 1.11.1
over 1 year ago
Dependent Repos: 147,199
Dependent Packages: 1,089
Downloads: 15,711,687
Ranking: Top 0.0831% by dependent repos Top 0.1036% by downloads Top 0.0725% by dependent pkgs
PR Status
Open 782 (43.6%)
Merged 32 (1.8%)
Closed 948 (52.9%)
PR Types
Major 1,042 (58.1%)
Minor 414 (23.1%)
Patch 306 (17.1%)