build(deps): bump the gh-actions group across 2 directories with 4 updates by dependabot[bot] · Pull Request #2720 · cotes2020/jekyll-theme-chirpy

dependabot · 2026-04-16T19:37:05Z

Bumps the gh-actions group with 1 update in the /.github/workflows directory: actions/github-script.
Bumps the gh-actions group with 3 updates in the /.github/workflows/starter directory: actions/configure-pages, actions/upload-pages-artifact and actions/deploy-pages.

Updates actions/github-script from 8 to 9

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.

Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.

getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.

If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

Add ACTIONS_ORCHESTRATION_ID to user-agent string by @Copilot in actions/github-script#695

ci: use deployment: false for integration test environments by @salmanmkc in actions/github-script#712

feat!: add getOctokit to script context, upgrade @actions/github v9, @octokit/core v7, and related packages by @salmanmkc in actions/github-script#700

New Contributors

@Copilot made their first contribution in actions/github-script#695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits

3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
ca10bbd fix: use @octokit/core/types import for v7 compatibility
86e48e2 merge: incorporate main branch changes
c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
ff8117e ci: fix user-agent test to handle orchestration ID
81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
3953caf docs: update README examples from @v8 to @v9, add getOctokit docs and v9 brea...
c17d55b ci: add getOctokit integration test job
a047196 test: add getOctokit integration tests via callAsyncFunction
Additional commits viewable in compare view

Updates actions/configure-pages from 5 to 6

Release notes

Sourced from actions/configure-pages's releases.

v6.0.0

Changelog

upgrade to node 24 @salmanmkc (#186)

Upgrade IA Publish @Jcambass (#165)

Add workflow file for publishing releases to immutable action package @Jcambass (#163)

pin draft release version @YiMysty (#162)

Bump espree from 9.6.1 to 10.1.0 @dependabot (#160)

Bump eslint-config-prettier from 8.8.0 to 9.1.0 @dependabot (#143)

Be more friendly to Dependabot @yoannchaudet (#158)

Bump eslint-plugin-github from 4.10.2 to 5.0.1 @dependabot (#154)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group @dependabot (#156)

Bump undici from 5.28.3 to 5.28.4 @dependabot (#145)

See details of all code changes since previous release.

Commits

45bfe01 Merge pull request #186 from salmanmkc/node24
d8770c2 Update Node version from 20 to 24 in action.yml
cb8a1a3 upgrade to node 24
d560657 Merge pull request #165 from actions/Jcambass-patch-1
35e0ac4 Upgrade IA Publish
1dfbcbf Merge pull request #163 from actions/Jcambass-patch-1
2f4f988 Add workflow file for publishing releases to immutable action package
0d7570c Merge pull request #162 from actions/pin-draft-release-verssion
3ea1966 pin draft release version
aabcbc4 Merge pull request #160 from actions/dependabot/npm_and_yarn/espree-10.1.0
Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 4 to 5

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

Update upload-artifact action to version 7 @Tom-van-Woudenberg (#139)

feat: add include-hidden-files input @jonchurch (#137)

See details of all code changes since previous release.

Commits

fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
fe9d4b7 Merge branch 'main' into patch-1
0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
57f0e84 Update action.yml
4a90348 v7 --> hash
56f665a Update upload-artifact action to version 7
f7615f5 Add include-hidden-files input
See full diff in compare view

Updates actions/deploy-pages from 4 to 5

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

Update Node.js version to 24.x @salmanmkc (#404)

Add workflow file for publishing releases to immutable action package @Jcambass (#374)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @dependabot (#360)

Make the rebuild dist workflow work nicer with Dependabot @yoannchaudet (#361)

Bump the non-breaking-changes group across 1 directory with 3 updates @dependabot (#358)

Delete repeated sentence @garethsb (#359)

Update README.md @tsusdere (#348)

Bump the non-breaking-changes group with 4 updates @dependabot (#341)

Remove error message for file permissions @TooManyBees (#340)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.5

Changelog

On API error, the error message will surface the API request ID @TooManyBees (#324)

Bump the non-breaking-changes group with 2 updates @dependabot (#318)

Bump the non-breaking-changes group with 1 update @dependabot (#316)

Bump the non-breaking-changes group with 3 updates @dependabot (#314)

Bump release-drafter/release-drafter from 5.25.0 to 6.0.0 @dependabot (#311)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.4

Changelog

Update api-client.js @lmammino (#295)

fix typo: compatibilty -> compatibility @SimonSiefke (#298)

Bump @actions/artifact from 2.0.1 to 2.1.1 @dependabot (#310)

Update Dependabot config to group non-breaking changes @JamesMGreene (#307)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.3

Changelog

... (truncated)

Commits

cd2ce8f Merge pull request #404 from salmanmkc/node24
bbe2a95 Update Node.js version to 24.x
854d7aa Merge pull request #374 from actions/Jcambass-patch-1
306bb81 Add workflow file for publishing releases to immutable action package
b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
7273294 Bump braces in the npm_and_yarn group across 1 directory
963791f Merge pull request #361 from actions/dependabot-friendly
51bb29d Make the rebuild dist workflow safer for Dependabot
89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
Additional commits viewable in compare view

joshjohanning · 2026-05-07T16:43:46Z

@cotes2020 this is a good one to merge to resolve the node20 actions warnings ✅

cotes2020 · 2026-05-07T16:57:02Z

Thanks for letting me know. dependabot can be quite noisy with PRs, so I’ve made it a habit to accumulate them and merge shortly before a release. That way, I can consolidate the dependency updates into a single commit per release cycle.

…dates Bumps the gh-actions group with 1 update in the /.github/workflows directory: [actions/github-script](https://github.com/actions/github-script). Bumps the gh-actions group with 3 updates in the /.github/workflows/starter directory: [actions/configure-pages](https://github.com/actions/configure-pages), [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) and [actions/deploy-pages](https://github.com/actions/deploy-pages). Updates `actions/github-script` from 8 to 9 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v8...v9) Updates `actions/configure-pages` from 5 to 6 - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@v5...v6) Updates `actions/upload-pages-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@v4...v5) Updates `actions/deploy-pages` from 4 to 5 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@v4...v5) --- updated-dependencies: - dependency-name: actions/configure-pages dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: actions/deploy-pages dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: actions/upload-pages-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions ... Signed-off-by: dependabot[bot] <support@github.com>

joshjohanning · 2026-05-08T15:24:33Z

@cotes2020 Totally get it, makes sense 😁

dependabot Bot added dependencies Dependency update github_actions Pull requests that update GitHub Actions code labels Apr 16, 2026

dependabot Bot mentioned this pull request Apr 16, 2026

build(deps): bump the gh-actions group across 1 directory with 3 updates #2719

Closed

dependabot Bot force-pushed the dependabot/github_actions/dot-github/workflows/gh-actions-67349225b1 branch from 3128542 to 7a10b1e Compare May 7, 2026 19:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the gh-actions group across 2 directories with 4 updates#2720

build(deps): bump the gh-actions group across 2 directories with 4 updates#2720
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/dot-github/workflows/gh-actions-67349225b1

dependabot Bot commented on behalf of github Apr 16, 2026 •

edited

Loading

Uh oh!

joshjohanning commented May 7, 2026

Uh oh!

cotes2020 commented May 7, 2026

Uh oh!

joshjohanning commented May 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v9.0.0

What's Changed

New Contributors

v6.0.0

Changelog

v5.0.0

Changelog

v5.0.0

Changelog

v4.0.5

Changelog

v4.0.4

Changelog

v4.0.3

Changelog

Uh oh!

joshjohanning commented May 7, 2026

Uh oh!

cotes2020 commented May 7, 2026

Uh oh!

joshjohanning commented May 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot Bot commented on behalf of github Apr 16, 2026 •

edited

Loading