Fix all dependabot security vulnerabilities

[Copilot]

9 npm vulnerabilities (1 high, 8 moderate) across cross-spawn, undici, @babel/helpers/runtime, ajv, and @octokit/plugin-paginate-rest — all ReDoS or resource exhaustion issues.

Dependency upgrades

Package	From	To	Notes
@actions/github	^6.0.0	^8.0.1	Pulls in patched undici@^6.23.0 and @octokit/plugin-paginate-rest@^14.0.0
@actions/core	^1.10.1	^2.0.3	Uses @actions/http-client@3.x → undici@^6.23.0
@actions/exec	^1.1.1	^2.0.0	Required by @actions/core@2.x
@actions/glob	^0.4.0	^0.5.1	Required for @actions/core@2.x compatibility
@actions/io	^1.1.3	^2.0.0	Required by @actions/exec@2.x
@vercel/ncc	^0.38.1	^0.38.4	Packaging compat with updated deps

cross-spawn, ajv, and @babel/* were fixed transitively via npm audit fix.

Source/config changes

• tsconfig.json: Added skipLibCheck: true — newer @octokit packages use subpath exports (@octokit/core/types) that aren't resolvable under moduleResolution: node.
• src/main.ts: Explicit type annotation on the check parameter in the find() callback, which became any after the octokit upgrade:

  res.data.check_runs.find((check: {name: string | null}) => check.name === name)

• dist/: Rebuilt bundle.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR resolves 9 npm security vulnerabilities (1 high, 8 moderate) — all ReDoS or resource exhaustion issues — by upgrading several @actions/* and @octokit/* packages to their latest major versions. The changes pull in patched versions of undici, @octokit/plugin-paginate-rest, cross-spawn, ajv, and @babel/* (transitively).

Changes:

• Upgraded @actions/core, @actions/exec, @actions/github, @actions/glob, @actions/io, and @vercel/ncc to new major versions, pulling in security-patched transitive dependencies
• Added skipLibCheck: true to tsconfig.json and an explicit type annotation in src/main.ts to maintain TypeScript compatibility with the new @octokit packages
• Rebuilt dist/ bundle and updated dist/licenses.txt to reflect the dependency changes

Reviewed changes

Copilot reviewed 2 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
package.json	Bumps @actions/* and @vercel/ncc to new major versions
package-lock.json	Resolved dependency tree reflecting all upgrades and transitive security fixes
tsconfig.json	Adds skipLibCheck: true for compatibility with new @octokit subpath exports
src/main.ts	Adds explicit type annotation on check callback parameter to fix type error post-upgrade
dist/sourcemap-register.js	Rebuilt bundle reflecting new dependency tree
dist/licenses.txt	Updated license attributions to reflect added/removed dependencies

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.