chore(deps): bump actions/github-script from 8 to 9 in the utilities group across 1 directory

[dependabot]

Bumps the utilities group with 1 update in the / directory: actions/github-script.

Updates actions/github-script from 8 to 9

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

• getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
• Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

• require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
• getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
• If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

• Add ACTIONS_ORCHESTRATION_ID to user-agent string by @​Copilot in actions/github-script#695
• ci: use deployment: false for integration test environments by @​salmanmkc in actions/github-script#712
• feat!: add getOctokit to script context, upgrade @​actions/github v9, @​octokit/core v7, and related packages by @​salmanmkc in actions/github-script#700

New Contributors

• @​Copilot made their first contribution in actions/github-script#695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits

• 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
• ca10bbd fix: use @​octokit/core/types import for v7 compatibility
• 86e48e2 merge: incorporate main branch changes
• c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
• afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
• ff8117e ci: fix user-agent test to handle orchestration ID
• 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
• 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
• c17d55b ci: add getOctokit integration test job
• a047196 test: add getOctokit integration tests via callAsyncFunction
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[lerian-studio]

🔍 Lint Analysis

Check	Files Scanned	Status
YAML Lint	2 file(s)	❌ failure
Action Lint	2 file(s)	❌ failure
Pinned Actions	2 file(s)	❌ failure
Markdown Link Check	no changes	⏭️ skipped
Spelling Check	2 file(s)	✅ success
Shell Check	2 file(s)	❌ failure
README Check	2 file(s)	✅ success
Composite Schema	no changes	⏭️ skipped

❌ Failures (4)

YAML Lint

.github

• .github (line 84) — Process completed with exit code 1.

Action Lint

.github/workflows/go-pr-analysis.yml

• .github/workflows/go-pr-analysis.yml (line 314) — shellcheck reported issue in this script: SC2086:info:7:30: Double quote to prevent globbing and word splitting
• .github/workflows/go-pr-analysis.yml (line 314) — shellcheck reported issue in this script: SC2086:info:4:29: Double quote to prevent globbing and word splitting
• .github/workflows/go-pr-analysis.yml (line 314) — shellcheck reported issue in this script: SC2086:info:11:28: Double quote to prevent globbing and word splitting
• .github/workflows/go-pr-analysis.yml (line 258) — shellcheck reported issue in this script: SC2086:info:7:30: Double quote to prevent globbing and word splitting
• .github/workflows/go-pr-analysis.yml (line 258) — shellcheck reported issue in this script: SC2086:info:4:29: Double quote to prevent globbing and word splitting
• .github/workflows/go-pr-analysis.yml (line 258) — shellcheck reported issue in this script: SC2086:info:11:28: Double quote to prevent globbing and word splitting
• .github/workflows/go-pr-analysis.yml (line 251) — shellcheck reported issue in this script: SC2086:info:2:32: Double quote to prevent globbing and word splitting
• .github/workflows/go-pr-analysis.yml (line 251) — shellcheck reported issue in this script: SC2046:warning:1:101: Quote this to prevent word splitting
• .github/workflows/go-pr-analysis.yml (line 112) — shellcheck reported issue in this script: SC2181:style:9:9: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?
• .github/workflows/go-pr-analysis.yml (line 112) — shellcheck reported issue in this script: SC2086:info:10:34: Double quote to prevent globbing and word splitting

Pinned Actions

.github/workflows/go-pr-analysis.yml

• .github/workflows/go-pr-analysis.yml (line 479) — External action not pinned by SHA: uses: actions/upload-artifact@v7 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 373) — External action not pinned by SHA: uses: actions/setup-go@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 370) — External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 342) — External action not pinned by SHA: uses: github/codeql-action/upload-sarif@v4 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 336) — External action not pinned by SHA: uses: securego/gosec@v2.25.0 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 299) — External action not pinned by SHA: uses: actions/setup-go@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 296) — External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 238) — External action not pinned by SHA: uses: actions/setup-go@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 235) — External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)
• .github/workflows/go-pr-analysis.yml (line 105) — External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)

Shell Check

.github

• .github (line 132) — Process completed with exit code 1.
• .github (line 131) — Found 1 shellcheck error(s) in run: blocks.

⚠️ Warnings (1)

Shell Check

.github/workflows/go-pr-analysis.yml

• .github/workflows/go-pr-analysis.yml — Step "Install golangci-lint" (script line 1): [SC2046] Quote this to prevent word splitting.

---

_{🔍 View full scan logs}

[lerian-studio]

🛡️ CodeQL Analysis Results

Languages analyzed: actions

✅ No security issues found.

---

_{🔍 View full scan logs | 🛡️ Security tab}