diff --git a/.github/workflows/branch-protection-audit.yml b/.github/workflows/branch-protection-audit.yml index 80d7582..50965f7 100644 --- a/.github/workflows/branch-protection-audit.yml +++ b/.github/workflows/branch-protection-audit.yml @@ -52,7 +52,7 @@ jobs: - name: Open or update drift issue if: steps.audit_checks.outputs.failed == 'true' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); diff --git a/.github/workflows/check-vendored.yml b/.github/workflows/check-vendored.yml index 12af3db..d55ae2f 100644 --- a/.github/workflows/check-vendored.yml +++ b/.github/workflows/check-vendored.yml @@ -38,7 +38,7 @@ jobs: - name: Open issue on failure if: steps.audit.outcome == 'failure' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const title = 'Vendored dependency review required'; diff --git a/.github/workflows/coverage-ratchet.yml b/.github/workflows/coverage-ratchet.yml index 16a2539..2c90377 100644 --- a/.github/workflows/coverage-ratchet.yml +++ b/.github/workflows/coverage-ratchet.yml @@ -43,7 +43,7 @@ jobs: --output ratchet-report.json - name: Update ratchet tracker / propose threshold bump - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 9fa9c4b..843a905 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Sync repository labels - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index d4493ce..7b59677 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -230,7 +230,7 @@ jobs: - name: Post perf results to PR if: always() && github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: SLO_OUTCOME: ${{ steps.slo_gate.outcome }} CANONICAL_OUTCOME: ${{ steps.canonical_gate.outcome }} diff --git a/.github/workflows/release-branch-guard.yml b/.github/workflows/release-branch-guard.yml index 1747f2c..cbc608b 100644 --- a/.github/workflows/release-branch-guard.yml +++ b/.github/workflows/release-branch-guard.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Enforce release branch policy - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const pr = context.payload.pull_request; diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index a8c403d..ac07e37 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Detect dependency graph availability id: dep-graph - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const {owner, repo} = context.repo;