Bundle Dependabot NPM updates with ESM compatibility fixes for @actions/github v9

[Copilot]

Bundles 5 Dependabot updates for actions/setup/js/: @actions/core (3.0.0), @actions/io (3.0.2), @actions/github (9.0.0), @actions/glob (0.6.1), and vitest (4.0.18).

ESM Migration

@actions/github v9.0.0 is ESM-only ("type": "module"), breaking CommonJS require() imports. Converted to dynamic imports:

// Before: synchronous require
const { getOctokit } = require("@actions/github");
const octokit = getOctokit(token);

// After: async dynamic import
async function setupProjectGitHubClient() {
  const { getOctokit } = await import("@actions/github");
  const octokit = getOctokit(token);
  return octokit;
}

Changes

• safe_output_unified_handler_manager.cjs: Made setupProjectGitHubClient() async, uses dynamic import, updated call site with await
• frontmatter_hash_github_api.test.cjs: Moved import inside test function that conditionally uses GitHub API
• test-live-github-api.cjs: Moved import into async main function
• safe_output_unified_handler_manager.test.cjs: Updated assertions for async function (expect(...).rejects instead of expect(() => ...))

Package lock regenerated with npm install.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Dependabot Burner] Dependabot: NPM Dependencies - actions/setup/js/ directory</issue_title>
<issue_description>## 📦 Dependency Update Bundle

This issue tracks Dependabot dependency updates for the actions/setup/js/ directory (npm/yarn packages).

Pull Requests Included

• chore(deps-dev): bump @actions/io from 2.0.0 to 3.0.2 in /actions/setup/js #13452 - Bump @actions/io from 2.0.0 to 3.0.2 in /actions/setup/js
• chore(deps-dev): bump vitest from 4.0.17 to 4.0.18 in /actions/setup/js #13450 - Bump vitest from 4.0.17 to 4.0.18 in /actions/setup/js
• chore(deps-dev): bump @actions/core from 2.0.2 to 3.0.0 in /actions/setup/js #13449 - Bump @actions/core from 2.0.2 to 3.0.0 in /actions/setup/js
• chore(deps-dev): bump @actions/github from 7.0.0 to 9.0.0 in /actions/setup/js #13448 - Bump @actions/github from 7.0.0 to 9.0.0 in /actions/setup/js
• chore(deps-dev): bump @actions/glob from 0.5.0 to 0.6.1 in /actions/setup/js #13446 - Bump @actions/glob from 0.5.0 to 0.6.1 in /actions/setup/js

Summary

Runtime: npm/yarn
Manifest: /actions/setup/js
PRs: 5

⚠️ Breaking Changes: Several of these updates involve breaking changes (ESM-only packages). Careful testing required.

Next Steps

1. Review all PRs together for compatibility
2. Test the combined changes locally (especially ESM migration)
3. Merge all PRs in sequence or create a combined PR
4. Close this parent issue once complete

---

This issue was created by the Dependabot Burner workflow to bundle related dependency updates.

AI generated by Dependabot Burner

• expires on Feb 15, 2026, 12:29 PM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes github/gh-aw#14508

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.