Skip to content

Bump actions/github-script from 7 to 8#20

Open
dependabot[bot] wants to merge 14 commits into
mainfrom
dependabot/github_actions/actions/github-script-8
Open

Bump actions/github-script from 7 to 8#20
dependabot[bot] wants to merge 14 commits into
mainfrom
dependabot/github_actions/actions/github-script-8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Sep 4, 2025

Copy link
Copy Markdown

Bumps actions/github-script from 7 to 8.

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits
  • ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
  • 2dc352e Bold minimum Actions Runner version in README
  • 01e118c Update README for Node 24 runtime requirements
  • 8b222ac Apply suggestion from @​salmanmkc
  • adc0eea README for updating actions/github-script from v7 to v8
  • 20fe497 Merge pull request #637 from actions/node24
  • e7b7f22 update licenses
  • 2c81ba0 Update Node.js version support to 24.x
  • f28e40c Merge pull request #610 from actions/nebuk89-patch-1
  • 1ae9958 Update README.md
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

gradle-update-robot and others added 14 commits February 26, 2025 01:07
@gradle-update-robot
Update Gradle Wrapper from 8.12.1 to 8.13
22d8d42 
Signed-off-by: gradle-update-robot <gradle-update-robot@regolo.cc>
@hankem
upgrade ASM (9.7.1 → 9.8) to support Java 25's class file major versi…
1f801a3 
…on 69

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
upgrade Guava (33.3.1-jre → 33.4.8-jre)
1ea6489 
https://github.com/google/guava/releases/tag/v33.4.4 has
- removed the dependency on JSR-305
  [google/guava@04bf030]
- migrated from Checker Framework annotations to (JSpecify)[https://jspecify.dev/] annotations
  [google/guava@2cc8c5e]
- removed the dependency on Checker Framework annotations
  [google/guava@800b3d4]

compare
- https://repo1.maven.org/maven2/com/google/guava/guava/33.3.1-jre/guava-33.3.1-jre.pom
- https://repo1.maven.org/maven2/com/google/guava/guava/33.4.8-jre/guava-33.4.8-jre.pom

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
upgrade slf4j (2.0.16 → 2.0.17) and test dependencies
e34ce85 
* org.apache.logging.log4j:log4j-{api,core,slf4j2-impl}
  2.24.1 → 2.24.3

* org.assertj:assertj-{core,guava}
  3.26.3 → 3.27.3

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
simplify JUnit dependencies
df96dfd 
  junit-jupiter
= junit-jupiter-api
+ junit-jupiter-params
+ junit-jupiter-engine (runtime)

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
upgrade JUnit (5.11.2 → 5.12.2)
70cab88 
Without the `junit-platform-launcher` dependency,
test execution in `archunit-3rd-party-test` fails with
```
Caused by: org.junit.platform.commons.JUnitException: TestEngine with ID 'junit-jupiter' failed to discover tests
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discoverEngineRoot(EngineDiscoveryOrchestrator.java:160)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discoverSafely(EngineDiscoveryOrchestrator.java:134)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discover(EngineDiscoveryOrchestrator.java:108)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discover(EngineDiscoveryOrchestrator.java:80)
	at app//org.junit.platform.launcher.core.DefaultLauncher.discover(DefaultLauncher.java:110)
	at app//org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:86)
	at app//org.junit.platform.launcher.core.DefaultLauncherSession$DelegatingLauncher.execute(DefaultLauncherSession.java:86)
	at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.processAllTestClasses(JUnitPlatformTestClassProcessor.java:124)
	at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.access$000(JUnitPlatformTestClassProcessor.java:99)
	at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor.stop(JUnitPlatformTestClassProcessor.java:94)
	at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.stop(SuiteTestClassProcessor.java:63)
	... 16 more
Caused by: org.junit.platform.commons.JUnitException: OutputDirectoryProvider not available; probably due to unaligned versions of the junit-platform-engine and junit-platform-launcher jars on the classpath/module path.
	at app//org.junit.platform.engine.EngineDiscoveryRequest.getOutputDirectoryProvider(EngineDiscoveryRequest.java:94)
	at app//org.junit.jupiter.engine.JupiterTestEngine.discover(JupiterTestEngine.java:67)
	at app//org.junit.platform.launcher.core.EngineDiscoveryOrchestrator.discoverEngineRoot(EngineDiscoveryOrchestrator.java:152)
	... 26 more
```

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
Ignore sun packages when importing full classpath
0194182 
resolves TNG#1446

The CI build has recently often failed on `ubuntu` and `macos` with Java 8,
due to `java.lang.OutOfMemoryError: GC overhead limit exceeded`.

This is due to `ClassFileImporterSlowTest` importing the full classpath in some tests,
which gives more than 20k classes on Java 8,
which contains 7k classes in `com.sun` and 4k classes in `sun` packages
that can easily be ignored.

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
remove unused dependencies
f80ab70 
Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
simplify dependency exclusion
3f94312 
`it` in the `exclude(dependency { /*...*/ })` closure of
[DependencyFilter](https://github.com/GradleUp/shadow/blob/8.3.6/src/main/groovy/com/github/jengelman/gradle/plugins/shadow/internal/DependencyFilter.groovy)
is a [`org.gradle.api.artifacts.ResolvedDependency`](https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/ResolvedDependency.html),
whose [`name`](https://github.com/gradle/gradle/blob/v8.13.0/platforms/software/dependency-management/src/main/java/org/gradle/api/internal/artifacts/DefaultResolvedDependency.java#L76-L78) is a `String`.

When the comparison `it.name != dependency.guava` was introduced with 18c5d18,
`dependency.guava` was String that could be compared against `it.name`,
but 82d61ad has changed this those to a `Map`.

However `dependency.guava` is relocated anyway – and hence removed by the `removeDuplicateThirdParty` task (as it is transitively available in `archunit.jar`),
so we can simply drop `dependency.guava` from not being excluded in the `shadowJar`.

Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
introduce Gradle version catalog for ArchUnit dependencies
ce80903 
Signed-off-by: Manfred Hanke <Manfred.Hanke@tngtech.com>
@hankem
use Gradle version catalog for ArchUnit-Examples
548da3c
@hankem
downgrade to test dependabot
a573854
@hankem
Merge pull request #1 from hankem/gradlew-update-8.13
9d0b02b 
Update Gradle Wrapper from 8.12.1 to 8.13
@dependabot
Bump actions/github-script from 7 to 8
77bfeb6 
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 4, 2025
@hankem hankem force-pushed the main branch 4 times, most recently from 0740662 to 1a0cfac Compare May 15, 2026 06:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gradle-update-robot @hankem