Skip to content

chore(deps): bump actions/github-script from 7 to 9 in the all-actions group across 1 directory#281

Merged
mpaulosky merged 1 commit into
devfrom
dependabot/github_actions/dev/all-actions-556be15a16
May 11, 2026
Merged

chore(deps): bump actions/github-script from 7 to 9 in the all-actions group across 1 directory#281
mpaulosky merged 1 commit into
devfrom
dependabot/github_actions/dev/all-actions-556be15a16

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-actions group with 1 update in the / directory: actions/github-script.

Updates actions/github-script from 7 to 9

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

... (truncated)

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies github-actions Dependabot GitHub Actions updates labels May 10, 2026
@github-actions github-actions Bot added squad Squad triage inbox — Lead will assign to a member squad:boromir Assigned to Boromir (DevOps / Infra) labels May 10, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🤖 Dependency Update PR

This PR was opened by dependabot[bot] and has been automatically labeled for Boromir (DevOps) to review.

Labels applied:

  • squad:boromir — Assigned to DevOps for dependency updates
  • squad — In triage queue

Dependency and infrastructure updates are owned by the DevOps team.

@github-actions
github-actions Bot enabled auto-merge (squash) May 10, 2026 16:09
@github-actions

github-actions Bot commented May 10, 2026

Copy link
Copy Markdown
Contributor

Test Results Summary

341 tests  ±0   340 ✅ ±0   19s ⏱️ ±0s
  6 suites ±0     1 💤 ±0 
  6 files   ±0     0 ❌ ±0 

Results for commit f671833. ± Comparison against base commit f680a57.

♻️ This comment has been updated with latest results.

@mpaulosky

Copy link
Copy Markdown
Owner

Refreshing this branch so CI can evaluate the update cleanly.\n\n@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github May 10, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@mpaulosky
mpaulosky disabled auto-merge May 10, 2026 23:16
@mpaulosky
mpaulosky enabled auto-merge (squash) May 10, 2026 23:18
@codecov

codecov Bot commented May 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.21%. Comparing base (158815e) to head (36268ce).
⚠️ Report is 1 commits behind head on dev.

Additional details and impacted files
@@           Coverage Diff           @@
##              dev     #281   +/-   ##
=======================================
  Coverage   86.21%   86.21%           
=======================================
  Files          44       44           
  Lines        1103     1103           
  Branches      132      132           
=======================================
  Hits          951      951           
  Misses        100      100           
  Partials       52       52           
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mpaulosky

Copy link
Copy Markdown
Owner

🤖 Boromir triage — PR #281

Analysis: This is a clean, safe bump — actions/github-script v7 → v9 in squad-mark-released.yml. All other workflows already use @v9. The script only uses github.graphql() and standard github.rest.* calls, none of which are affected by v9 breaking changes (require('@actions/github') removal, getOctokit injection).

Why checks are blocked:

  1. Early CI run (~16:08 UTC May 10) failed at dotnet restore — this was a transient dev-side issue, not caused by this PR's changes.
  2. Five subsequent "Merge branch dev" commits were created by github-actions[bot] via the auto-update workflow. GitHub Actions does not trigger new workflow runs from github-actions[bot] pushes (loop-prevention), so the required Build Solution check has never run on the current HEAD.

Dev branch is fully green as of the latest commit. A rebase will pick up the healthy state and CI should pass cleanly.

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github May 11, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@mpaulosky

Copy link
Copy Markdown
Owner

@dependabot recreate

Bumps the all-actions group with 1 update in the / directory: [actions/github-script](https://github.com/actions/github-script).


Updates `actions/github-script` from 7 to 9
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v9)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump actions/github-script from 7 to 9 in the all-actions group chore(deps): bump actions/github-script from 7 to 9 in the all-actions group across 1 directory May 11, 2026
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/dev/all-actions-556be15a16 branch from 2ebbeab to 36268ce Compare May 11, 2026 00:59
@mpaulosky
mpaulosky merged commit 3215029 into dev May 11, 2026
12 checks passed
@mpaulosky
mpaulosky deleted the dependabot/github_actions/dev/all-actions-556be15a16 branch May 11, 2026 01:00
mpaulosky pushed a commit that referenced this pull request May 11, 2026
Picks up the dependabot bump already merged to dev (commit 3215029)
to resolve the merge conflict that caused the PR dirty state.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
mpaulosky pushed a commit that referenced this pull request May 11, 2026
Picks up the dependabot bump already merged to dev (commit 3215029)
to resolve the merge conflict that caused the PR dirty state.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies github-actions Dependabot GitHub Actions updates squad:boromir Assigned to Boromir (DevOps / Infra) squad Squad triage inbox — Lead will assign to a member

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant