From 6e894b8ab7804a6b63586fa5ef313489103e8a8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 14:28:36 +0000 Subject: [PATCH] chore(deps): bump the ghactions-all group with 2 updates Bumps the ghactions-all group with 2 updates: [actions/github-script](https://github.com/actions/github-script) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ghactions-all - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ghactions-all ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-merge-on-approval.yml | 2 +- .github/workflows/dependabot-auto-merge.yml | 6 +++--- .github/workflows/pull-request-management-fork.yml | 6 +++--- .github/workflows/pull-request-management.yml | 10 +++++----- .github/workflows/scorecard.yml | 2 +- .github/workflows/stale-check.yml | 6 +++--- .github/workflows/sync-labels.yml | 4 ++-- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/auto-merge-on-approval.yml b/.github/workflows/auto-merge-on-approval.yml index 55c27b6..db4521e 100644 --- a/.github/workflows/auto-merge-on-approval.yml +++ b/.github/workflows/auto-merge-on-approval.yml @@ -174,7 +174,7 @@ jobs: # -------------------------------------------------------------------- - name: 🔍 Check conditions and enable auto-merge id: process - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 7dffb31..0bcccc9 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -570,7 +570,7 @@ jobs: - name: ⚠️ Alert on major version bump if: steps.determine-action.outputs.action == 'alert-major' || steps.determine-action.outputs.action == 'alert-security-major' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -656,7 +656,7 @@ jobs: - name: 🔍 Alert on minor production dependency if: steps.determine-action.outputs.action == 'alert-minor-prod' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -873,7 +873,7 @@ jobs: if: | startsWith(steps.determine-action.outputs.action, 'auto-merge-') || startsWith(steps.determine-action.outputs.action, 'alert-') - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/pull-request-management-fork.yml b/.github/workflows/pull-request-management-fork.yml index fa01561..d32bfbc 100644 --- a/.github/workflows/pull-request-management-fork.yml +++ b/.github/workflows/pull-request-management-fork.yml @@ -246,7 +246,7 @@ jobs: - name: 🏷️ Add fork + triage labels id: labels - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -296,7 +296,7 @@ jobs: - name: 👤 Assign default assignee (optional) id: assign if: env.DEFAULT_ASSIGNEE != '' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -325,7 +325,7 @@ jobs: - name: 💬 Comment notice for fork PR id: comment if: env.WELCOME_FORKS == 'true' && github.event.action == 'opened' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/pull-request-management.yml b/.github/workflows/pull-request-management.yml index 15a115e..c55e743 100644 --- a/.github/workflows/pull-request-management.yml +++ b/.github/workflows/pull-request-management.yml @@ -169,7 +169,7 @@ jobs: - name: 🏷️ Apply labels based on patterns id: apply-labels if: env.APPLY_TYPE_LABELS == 'true' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -339,7 +339,7 @@ jobs: # -------------------------------------------------------------------- - name: 👤 Assign default assignee id: assign - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -426,7 +426,7 @@ jobs: - name: 👋 Welcome new contributor id: welcome if: env.WELCOME_FIRST_TIME == 'true' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -525,7 +525,7 @@ jobs: - name: 📏 Add size label id: analyze if: env.APPLY_SIZE_LABELS == 'true' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -728,7 +728,7 @@ jobs: - name: 🌿 Delete branch id: delete if: env.DELETE_BRANCH == 'true' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e6eae30..f803fcc 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/stale-check.yml b/.github/workflows/stale-check.yml index 55b7f99..c3d2f60 100644 --- a/.github/workflows/stale-check.yml +++ b/.github/workflows/stale-check.yml @@ -151,7 +151,7 @@ jobs: # Process issues for stale marking and closing # -------------------------------------------------------------------- - name: 📋 Process stale issues - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: ENV_JSON: ${{ needs.load-env.outputs.env-json }} GH_PAT_TOKEN: ${{ secrets.GH_PAT_TOKEN }} @@ -289,7 +289,7 @@ jobs: # Process pull requests for stale marking and closing # -------------------------------------------------------------------- - name: 🔀 Process stale pull requests - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: ENV_JSON: ${{ needs.load-env.outputs.env-json }} with: @@ -424,7 +424,7 @@ jobs: # Clean up stale labels from recently updated items # -------------------------------------------------------------------- - name: 🏷️ Remove stale labels from updated items - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index b5bd1f3..366697a 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -301,7 +301,7 @@ jobs: # Sync labels using native GitHub API # -------------------------------------------------------------------- - name: 🏷️ Sync labels from manifest - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: ENV_JSON: ${{ needs.load-env.outputs.env-json }} GH_PAT_TOKEN: ${{ secrets.GH_PAT_TOKEN }} @@ -523,7 +523,7 @@ jobs: # -------------------------------------------------------------------- - name: 🔍 Verify sync results if: github.event.inputs.dry_run != 'true' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: LABELS_JSON: ${{ steps.parse_labels.outputs.labels_json }} with: