refactor: Bump @actions/core from 1.11.1 to 3.0.0

[dependabot]

Bumps @actions/core from 1.11.1 to 3.0.0.

Changelog

Sourced from @​actions/core's changelog.

3.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

2.0.3

• Bump @actions/http-client to 3.0.2

2.0.1

• Bump @​actions/exec from 1.1.1 to 2.0.0 #2199

2.0.0

• Add support for Node 24 #2110
• Bump @​actions/http-client from 2.0.1 to 3.0.0

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​actions/core since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated @actions/core dependency to version 3.0.0.
  • Improved CI infrastructure for runtime module loading optimization.

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[dependabot]

Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request.

[mtrezza]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Three CI check files are converted from synchronous CommonJS imports to dynamic ES module imports for the @actions/core dependency, and the package.json version is updated from 1.11.1 to 3.0.0 to support the new import pattern.

Changes

Cohort / File(s)	Summary
Dynamic import migration ci/CiVersionCheck.js, ci/definitionsCheck.js, ci/nodeEngineCheck.js	Replaced static require('@actions/core') with dynamic await import('@actions/core') inside async execution contexts to accommodate the major version upgrade of @actions/core.
Dependency version update package.json	Updated @actions/core devDependency version from 1.11.1 to 3.0.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description does not follow the required template. It lacks the Issue, Approach, and Tasks sections specified in the repository's PR template, containing only dependency update details from Dependabot.	Add Issue section with 'Closes:' reference, Approach section describing the dynamic import changes across the three CI files, and complete or remove unchecked Tasks section.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: bumping @actions/core from 1.11.1 to 3.0.0, which aligns with the package.json modification and refactoring work shown in the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/npm_and_yarn/actions/core-3.0.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@package.json`:
- Line 68: benchmark/performance.js currently uses CommonJS require for
'@actions/core' (const core = require('@actions/core')) which breaks with
ESM-only v3.0.0; change that to use a dynamic import (e.g. const { default: core
} = await import('@actions/core') or const coreModule = await
import('@actions/core'); const core = coreModule.default || coreModule) and
ensure the import is executed in an async context (add top-level await if the
file is ESM or wrap code in an async IIFE) so the rest of the script that
references core continues to work; update any module type (package.json or file
extension) if necessary so the file can use top-level await.

🧹 Nitpick comments (1)

ci/nodeEngineCheck.js (1)

4-4: Module-scoped core creates a latent undefined risk for class methods.

Previously, core was assigned at load time via require(), so it was always available. Now it's only assigned inside check() (line 140). The NodeEngineCheck class references core directly on line 92 (core.warning(...)). If getNodeVersion were ever called before check() runs, core would be undefined and throw a TypeError.

This isn't a bug in the current call flow (since check() is always the entry point), but it's a fragility introduced by this refactor. Consider passing core into the class constructor or importing it inside getNodeVersion as well.

Suggested approach: pass core to the constructor

 async function check() {
-  core = await import('@actions/core');
+  const core = await import('@actions/core');
   // Define paths
   const nodeModulesPath = path.join(__dirname, '../node_modules');
   const packageJsonPath = path.join(__dirname, '../package.json');
 
   // Create check
   const check = new NodeEngineCheck({
     nodeModulesPath,
     packageJsonPath,
+    core,
   });

Then store this.core = core in the constructor and use this.core throughout the class.

Also applies to: 140-140

[mtrezza]

Fixed the benchmark/performance.js file as well - good catch. Applied the same dynamic import pattern.

Regarding the nitpick about nodeEngineCheck.js module-scoped core: the current approach is safe because check() is the sole entry point (called at the bottom of the file) and always sets core before any class methods are invoked. Adding constructor injection would be a larger refactor for minimal benefit in this case.

@coderabbitai review

[coderabbitai]

@mtrezza Thank you for the fixes and clarification!

The dynamic import pattern you applied to benchmark/performance.js ensures consistency across all files affected by the ESM-only migration. Your explanation about nodeEngineCheck.js makes sense—since check() is the only entry point and always initializes core before any other methods run, the module-scoped approach is safe and avoids unnecessary refactoring.

The PR title follows the Angular convention well. Since this primarily affects internal CI tooling, you might consider chore(ci): bump @actions/core from 1.11.1 to 3.0.0 for semantic clarity, though the current title works fine.

I'll review the changes now.

---

🧠 Learnings used

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:20.138Z
Learning: For Parse Server 9 release (PR `#9938` and related), the parse/push-adapter dependency must be upgraded to version >= 8.0.0, not 7.0.0. Version 8.x drops support for Node 18.

---

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:08.440Z
Learning: For Parse Server 9 release preparation, the parse/push-adapter dependency should be upgraded to version >= 8.0.0, not 7.x, as version 8.x is required despite dropping Node 18 support (which aligns with Parse Server 9's removal of EOL Node versions).

---

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-17T15:02:48.786Z
Learning: For Parse Server PRs, always suggest an Angular commit convention PR title that would make a meaningful changelog entry for developers. Update the PR title suggestion on every commit. The format should be: type(scope): description. Common types include feat, fix, perf, refactor, docs, test, chore. The scope should identify the subsystem (e.g., graphql, rest, push, security). The description should be action-oriented and clearly convey the change's impact to developers.

---

Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-17T15:02:24.824Z
Learning: For Parse Server PRs, always suggest an Angular-style PR title that would make a meaningful changelog entry for developers. Update the PR title suggestion with every new commit to the PR.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.57%. Comparing base (79f581b) to head (22c185d).
⚠️ Report is 18 commits behind head on alpha.

Additional details and impacted files

@@            Coverage Diff             @@
##            alpha   #10047      +/-   ##
==========================================
+ Coverage   92.55%   92.57%   +0.01%     
==========================================
  Files         191      191              
  Lines       15573    15573              
  Branches      176      176              
==========================================
+ Hits        14414    14416       +2     
+ Misses       1147     1145       -2     
  Partials       12       12              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[parseplatformorg]

🎉 This change has been released in version 9.3.0-alpha.4

[parseplatformorg]

🎉 This change has been released in version 9.3.0