chore(deps): update actions/github-script action to v8#5053
Conversation
thomhurst
added
dependencies
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review - actions/github-script v7 → v8
Straightforward, low-risk dependency update.
Change Summary
Single line in .github/workflows/dotnet.yml: bumps actions/github-script from v7 to v8.
Analysis
What v8 brings:
- Node.js runtime upgraded from 20.x to 24.x — aligns with GitHub Actions' ongoing push to modernise bundled runtimes.
- No breaking API changes for the script being run here (simple
core.exportVariablecall), so there is zero migration risk.
Compatibility note:
The v8 release notes state a minimum runner version of v2.327.1 is required. GitHub-hosted runners update automatically, so this should not be a concern, but worth keeping in mind for any self-hosted runners used in this repo.
The script itself (exposing ACTIONS_RUNTIME_TOKEN / ACTIONS_CACHE_URL for AOT/WASM builds) is unchanged and continues to work correctly.
Verdict
No issues found. This is a clean, routine update generated by Renovate — safe to merge.
There was a problem hiding this comment.
Code Review - actions/github-script v7 → v8
Straightforward, low-risk dependency update.
Change Summary
Single line in .github/workflows/dotnet.yml: bumps actions/github-script from v7 to v8.
Analysis
What v8 brings:
- Node.js runtime upgraded from 20.x to 24.x — aligns with GitHub Actions' ongoing push to modernise bundled runtimes.
- No breaking API changes for the script being run here (simple
core.exportVariablecall), so there is zero migration risk.
Compatibility note:
The v8 release notes state a minimum runner version of v2.327.1 is required. GitHub-hosted runners update automatically, so this should not be a concern, but worth keeping in mind for any self-hosted runners used in this repo.
The script itself (exposing ACTIONS_RUNTIME_TOKEN / ACTIONS_CACHE_URL for AOT/WASM builds) is unchanged and continues to work correctly.
Verdict
No issues found. This is a clean, routine update generated by Renovate - safe to merge.
thomhurst
force-pushed
the
renovate/actions-github-script-8.x
branch
from
aa718ea to
704f4f0
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review (follow-up)
Two prior review comments from Claude have already covered this change thoroughly — both reached the same conclusion. Confirming the analysis remains accurate:
Change: .github/workflows/dotnet.yml — actions/github-script@v7 → @v8
Summary of findings:
- Single-line, mechanical bump generated by Renovate. No logic or configuration changes.
- v8 upgrades the bundled Node.js runtime from 20.x to 24.x; no breaking API changes affect the
core.exportVariablecalls used here. - Minimum runner requirement is v2.327.1 — GitHub-hosted runners satisfy this automatically.
- No prior review concerns remain open; no new issues identified.
Verdict: Safe to merge.
thomhurst
force-pushed
the
renovate/actions-github-script-8.x
branch
from
704f4f0 to
023cb0e
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
Previous reviews (×3 from Claude) have already analysed this change thoroughly. All reached the same verdict. Confirming nothing has changed since then.
Change
— actions/github-script@v7 → @v8
Analysis
- Single-line bump generated by Renovate. No logic or configuration changes.
- v8 changes: Node.js runtime upgraded from 20.x to 24.x. No API breaking changes affect the simple
core.exportVariablecalls used in this step. - Minimum runner requirement: v2.327.1 — GitHub-hosted runners satisfy this automatically.
- Consistency:
claude-autofix.ymlalready referencesactions/github-script@v8, so both workflow files are now in sync. - No prior concerns remain open; no new issues identified.
Verdict
Clean, routine dependency update. Safe to merge.
There was a problem hiding this comment.
Code Review
Previous reviews (x3 from Claude) have already analysed this change thoroughly. All reached the same verdict. Confirming nothing has changed since then.
Change
.github/workflows/dotnet.yml - actions/github-script@v7 to @v8
Analysis
- Single-line bump generated by Renovate. No logic or configuration changes.
- v8 changes: Node.js runtime upgraded from 20.x to 24.x. No API breaking changes affect the simple
core.exportVariablecalls used in this step. - Minimum runner requirement: v2.327.1 — GitHub-hosted runners satisfy this automatically.
- Consistency:
claude-autofix.ymlalready referencesactions/github-script@v8, so both workflow files are now in sync. - No prior concerns remain open; no new issues identified.
Verdict
Clean, routine dependency update. Safe to merge.
thomhurst
force-pushed
the
renovate/actions-github-script-8.x
branch
from
023cb0e to
e7814be
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review: chore(deps): update actions/github-script action to v8
This is a straightforward Renovate Bot dependency update — a single-line change bumping actions/github-script from v7 to v8 in .github/workflows/dotnet.yml.
Summary
Change: .github/workflows/dotnet.yml line 126: actions/github-script@v7 → actions/github-script@v8
The step is used to export the ACTIONS_RUNTIME_TOKEN and ACTIONS_RESULTS_URL environment variables for the AOT test job.
Assessment
No issues found. This update is safe and appropriate:
- Node.js runtime upgrade: v8 updates the underlying Node.js runtime from v20 to v24, keeping the action on a supported LTS runtime.
- No breaking changes for this usage: The script only calls
core.exportVariable, which is a stable API with no known breaking changes between v7 and v8. The migration guide for v7→v8 confirms there are no API-level breaking changes for standard usage. - Runner version requirement: v8 requires runner
v2.327.1+. GitHub-hosted runners are updated automatically and will meet this requirement. - Pinning strategy: The PR uses mutable version tags (
@v8) rather than pinned SHAs. This is consistent with the existing approach in the workflow. While SHA pinning is a stronger security posture, aligning with the project's current convention is appropriate here — this is not a regression introduced by this PR.
Verdict
✅ Approve. A clean, low-risk dependency bump. The change is minimal, consistent, and keeps the CI toolchain current.
thomhurst
force-pushed
the
renovate/actions-github-script-8.x
branch
from
e7814be to
96598af
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
Updated [TUnit](https://github.com/thomhurst/TUnit) from 1.18.9 to 1.18.21. <details> <summary>Release notes</summary> _Sourced from [TUnit's releases](https://github.com/thomhurst/TUnit/releases)._ ## 1.18.21 <!-- Release notes generated using configuration in .github/release.yml at v1.18.21 --> ## What's Changed ### Other Changes * avoid some string alloc by using AppendJoin by @SimonCropp in thomhurst/TUnit#4971 * respect attribute namespace during migration by @SimonCropp in thomhurst/TUnit#5066 * fix: parent data source initialization spans under session span by @thomhurst in thomhurst/TUnit#5071 ### Dependencies * chore(deps): update tunit to 1.18.9 by @thomhurst in thomhurst/TUnit#5060 * chore(deps): update dependency polyfill to 9.14.0 by @thomhurst in thomhurst/TUnit#5063 * chore(deps): update dependency microsoft.testing.extensions.codecoverage to 18.5.2 by @thomhurst in thomhurst/TUnit#5065 * chore(deps): update dependency polyfill to 9.14.0 by @thomhurst in thomhurst/TUnit#5062 * chore(deps): update actions/github-script action to v8 by @thomhurst in thomhurst/TUnit#5053 * chore(deps): update dependency polyfill to 9.15.0 by @thomhurst in thomhurst/TUnit#5067 * chore(deps): update dependency polyfill to 9.15.0 by @thomhurst in thomhurst/TUnit#5068 **Full Changelog**: thomhurst/TUnit@v1.18.9...v1.18.21 Commits viewable in [compare view](thomhurst/TUnit@v1.18.9...v1.18.21). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 participants
This PR contains the following updates:
v7→v8Release Notes
actions/github-script (actions/github-script)
v8: .0.0Compare Source
What's Changed
v2.327.1
Release Notes
Make sure your runner is updated to this version or newer to use this release.
New Contributors
Full Changelog: actions/github-script@v7.1.0...v8.0.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled because a matching PR was automerged previously.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.