Bump actions/github-script from 7 to 8

[dependabot]

Bumps actions/github-script from 7 to 8.

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

• Update Node.js version support to 24.x by @​salmanmkc in actions/github-script#637
• README for updating actions/github-script from v7 to v8 by @​sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

• @​salmanmkc made their first contribution in actions/github-script#637
• @​sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

• Upgrade husky to v9 by @​benelan in actions/github-script#482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/github-script#485
• Upgrade IA Publish by @​Jcambass in actions/github-script#486
• Fix workflow status badges by @​joshmgross in actions/github-script#497
• Update usage of actions/upload-artifact by @​joshmgross in actions/github-script#512
• Clear up package name confusion by @​joshmgross in actions/github-script#514
• Update dependencies with npm audit fix by @​joshmgross in actions/github-script#515
• Specify that the used script is JavaScript by @​timotk in actions/github-script#478
• chore: Add Dependabot for NPM and Actions by @​nschonni in actions/github-script#472
• Define permissions in workflows and update actions by @​joshmgross in actions/github-script#531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in actions/github-script#532
• chore: Remove .vscode settings by @​nschonni in actions/github-script#533
• ci: Use github/setup-licensed by @​nschonni in actions/github-script#473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in actions/github-script#508
• Remove octokit README updates for v7 by @​joshmgross in actions/github-script#557
• docs: add "exec" usage examples by @​neilime in actions/github-script#546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in actions/github-script#563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in actions/github-script#575
• Clearly document passing inputs to the script by @​joshmgross in actions/github-script#603
• Update README.md by @​nebuk89 in actions/github-script#610

New Contributors

• @​benelan made their first contribution in actions/github-script#482
• @​Jcambass made their first contribution in actions/github-script#485
• @​timotk made their first contribution in actions/github-script#478
• @​iamstarkov made their first contribution in actions/github-script#508
• @​neilime made their first contribution in actions/github-script#546
• @​nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

• ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
• 2dc352e Bold minimum Actions Runner version in README
• 01e118c Update README for Node 24 runtime requirements
• 8b222ac Apply suggestion from @​salmanmkc
• adc0eea README for updating actions/github-script from v7 to v8
• 20fe497 Merge pull request #637 from actions/node24
• e7b7f22 update licenses
• 2c81ba0 Update Node.js version support to 24.x
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #653
Resolves #637
Resolves actions/github-script#637
Resolves actions/github-script#653
Resolves actions/github-script#482
Resolves actions/github-script#485
Resolves actions/github-script#486
Resolves actions/github-script#497
Resolves actions/github-script#512
Resolves actions/github-script#514
Resolves actions/github-script#515
Resolves actions/github-script#478
Resolves actions/github-script#472
Resolves actions/github-script#531
Resolves actions/github-script#532
Resolves actions/github-script#533
Resolves actions/github-script#473
Resolves actions/github-script#508
Resolves actions/github-script#557
Resolves actions/github-script#546
Resolves actions/github-script#563
Resolves actions/github-script#575
Resolves actions/github-script#603
Resolves actions/github-script#610

[github-actions]

🤖 Claude Code Review

Based on my review of the PR diff, this is a straightforward dependency version bump. Here's my detailed analysis:

PR Code Review Results

Code Quality

✅ Code follows style guide: This is a GitHub Actions workflow YAML file with dependency version updates only. No code style issues apply.

✅ No commented-out code: Clean diff with no commented code.

✅ Meaningful variable names: No variable changes in this PR.

✅ DRY principle followed: No code duplication introduced.

✅ Defects/Security: No bugs, logic errors, or security vulnerabilities introduced. This is a straightforward dependency version bump from actions/github-script@v7 to actions/github-script@v8.

Changes:

• .github/workflows/link-issues-to-pull-request-post-merge.yaml:30 - Bumped to v8
• .github/workflows/link-issues-to-pull-request-post-merge.yaml:309 - Bumped to v8

Testing

⚠️ Unit tests: N/A - This is a GitHub Actions workflow configuration change, not application code. However, the workflow itself should be tested by running it in a real PR scenario.

⚠️ Integration tests: N/A - Workflow changes can't be unit tested but should be validated by:

• Triggering the workflow in a test PR
• Verifying issue extraction still works correctly
• Confirming PR description updates function as expected

⚠️ Edge cases covered: Existing workflow has comprehensive edge case handling (truncated titles, timeouts, ReDoS protection, etc.). The version bump should not affect this, but validation is recommended.

❌ Test coverage > 80%: Not applicable to workflow files.

Recommendation: Test this workflow on a sample PR before merging to ensure github-script@v8 maintains compatibility with the existing script logic.

Documentation

✅ Readme updated: Not needed - this is a minor dependency version bump.

✅ API docs updated: Not applicable.

✅ Inline comments: No changes to logic; existing comments remain intact.

⚠️ CHANGELOG.md updated: Not present in the diff. If your repository maintains a CHANGELOG, this dependency update should be noted (e.g., "Bump actions/github-script from v7 to v8").

Security

✅ No hardcoded credentials: None present.

✅ Input validation implemented: Existing comprehensive validation remains (ReDoS protection, input sanitization, length limits).

✅ Proper error handling: Existing robust error handling with retries and timeouts.

✅ No sensitive data in logs: Console logs only show issue numbers and metadata - safe.

✅ No license files (.lic) or AQAAAD strings: Not applicable to this change.

Security Note: The bump from v7 to v8 of actions/github-script should be reviewed in the official changelog to ensure no breaking changes or new security considerations exist.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

This is a clean dependency version bump with minimal risk. The changes are:

• Two instances of actions/github-script@v7 → actions/github-script@v8
• No logic changes
• No security concerns introduced

Recommendations before merging:

1. Review the actions/github-script@v8 release notes for any breaking changes
2. Test the workflow on a sample PR to confirm functionality
3. Consider adding a CHANGELOG entry if your project maintains one

---

Automated code review analyzing defects and coding standards