From e1f7d4957561861ea45bc7cee5457a75b2eed9fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 May 2026 19:23:09 +0000
Subject: [PATCH] chore(deps)(deps): bump actions/github-script from 7.1.0 to
 9.0.0

Bumps [actions/github-script](https://github.com/actions/github-script) from 7.1.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/f28e40c7f34bde8b3046d885e986cb6290c5673b...3a2844b7e9c422d3c10d287c895573f7108da1b3)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/canary-staging.yml     | 4 ++--
 .github/workflows/e2e-staging-sanity.yml | 2 +-
 .github/workflows/railway-pin-audit.yml  | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/canary-staging.yml b/.github/workflows/canary-staging.yml
index 30691a82..a43cac8f 100644
--- a/.github/workflows/canary-staging.yml
+++ b/.github/workflows/canary-staging.yml
@@ -98,7 +98,7 @@ jobs:
       # next deploy window.
       - name: Open issue on failure
         if: failure()
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           # Inject the workflow path explicitly — context.workflow is
           # the *name*, not the file path the actions API needs.
@@ -165,7 +165,7 @@ jobs:
 
       - name: Auto-close canary issue on success
         if: success()
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             const title = '🔴 Canary failing: staging SaaS smoke';
diff --git a/.github/workflows/e2e-staging-sanity.yml b/.github/workflows/e2e-staging-sanity.yml
index e645a58f..e8261491 100644
--- a/.github/workflows/e2e-staging-sanity.yml
+++ b/.github/workflows/e2e-staging-sanity.yml
@@ -89,7 +89,7 @@ jobs:
 
       - name: Open issue if safety net is broken
         if: failure()
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             const title = "🚨 E2E teardown safety net broken";
diff --git a/.github/workflows/railway-pin-audit.yml b/.github/workflows/railway-pin-audit.yml
index 08c3cec5..bbc06726 100644
--- a/.github/workflows/railway-pin-audit.yml
+++ b/.github/workflows/railway-pin-audit.yml
@@ -143,7 +143,7 @@ jobs:
 
       - name: Open / update drift issue
         if: failure() && steps.audit.outputs.rc == '1'
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           AUDIT_LOG: ${{ steps.audit.outputs.log }}
         with:
@@ -184,7 +184,7 @@ jobs:
         # issue with a confirmation comment so the queue doesn't carry
         # stale ones.
         if: success() && steps.audit.outputs.rc == '0'
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`;