fix(deps): upgrade npm packages (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@actions/artifact (source)	5.0.3 → 6.1.0
@actions/cache (source)	5.0.5 → 6.0.0
@actions/core (source)	2.0.3 → 3.0.0
@actions/exec (source)	2.0.0 → 3.0.0
@actions/github (source)	7.0.0 → 9.0.0
@actions/http-client (source)	3.0.2 → 4.0.0
@actions/io (source)	2.0.0 → 3.0.2
@actions/tool-cache (source)	3.0.1 → 4.0.0

---

Release Notes

actions/toolkit (@​actions/artifact)

v6.1.0

• Support downloading non-zip artifacts. Zipped artifacts will be decompressed automatically (with an optional override). Un-zipped artifacts will be downloaded as-is.

v6.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

actions/toolkit (@​actions/cache)

v6.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

actions/toolkit (@​actions/core)

v3.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

actions/toolkit (@​actions/exec)

v3.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

actions/toolkit (@​actions/github)

v9.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()
  • Example: const { getOctokit, context } = await import('@​actions/github')
• Fix TypeScript compilation by migrating to ESM, enabling proper imports from @octokit/core/types

v8.0.1

• Update undici to 6.23.0
• Update @actions/http-client to 3.0.2

v8.0.0

• Update @​octokit dependencies
  • @octokit/core ^7.0.6
  • @octokit/plugin-paginate-rest ^14.0.0
  • @octokit/plugin-rest-endpoint-methods ^17.0.0
  • @octokit/request ^10.0.7
  • @octokit/request-error ^7.1.0
• Breaking change: Minimum Node.js version is now 20 (previously 18)

actions/toolkit (@​actions/http-client)

v4.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

actions/toolkit (@​actions/io)

v3.0.2

• Fix: update lock file version

v3.0.1

• Fix: export @actions/io/lib/io-util

v3.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

actions/toolkit (@​actions/tool-cache)

v4.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

3.0.1

• Bump @actions/http-client to 3.0.2

3.0.0

• Update to v2.0.1 of @actions/core
• Update to v2.0.0 of @actions/exec
• Update to v3.0.1 of @actions/http-client
• Update to v2.0.0 of @actions/io

2.0.2

• Update @actions/core to v1.11.1 #​1872
• Remove dependency on uuid package #​1824, #​1842

2.0.1

• Update to v2.0.1 of @actions/http-client #​1087

2.0.0

• Update to v2.0.0 of @actions/http-client
• The type of the headers parameter in the exported function downloadTool has been narrowed from { [header: string]: any } to { [header: string]: number | string | string[] | undefined; } (that is, http.OutgoingHttpHeaders).
  This is strictly a compile-time change for TypeScript consumers. Previous attempts to use a header value of a type other than those now accepted would have resulted in an error at run time.

1.7.2

• Update lockfileVersion to v2 in package-lock.json #​1025

1.7.1

• Fallback to os-releases file to get linux version
• Update to latest @​actions/io verison

1.7.0

• Allow arbirtary headers when downloading tools to the tc
• Export isExplicitVersion and evaluateVersions functions
• Force overwrite on default when extracted compressed files

1.6.1

• Update @​actions/core version

1.6.0

• Add extractXar function to extract XAR files

1.3.5

• Check if tool path exists before executing
• Make extract functions quiet by default

1.3.4

• Update the http-client to 1.0.8 which had a security fix

Here is the security issue that was fixed in the http-client 1.0.8 release

1.3.3

• Update downloadTool to only retry 500s and 408 and 429

1.3.2

• Update downloadTool with better error handling and retries

1.3.1

• Increase http-client min version

1.3.0

• Uses @​actions/http-client

1.2.0

• Overload downloadTool to accept destination path
• Fix extractTar on Windows
• Add "types" to package.json

1.1.2

• Use zip and unzip from PATH
• Support custom flags for extractTar

1.0.0

• Initial release

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.