chore(deps): bump actions/github-script from 8.0.0 to 9.0.0 (#8956)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/code-review.yml

@@ -33,7 +33,7 @@ jobs:
     steps:
       - name: Mint OIDC token
         id: oidc
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           TOKEN_AUDIENCE: goose-oidc-proxy
         with:

.github/workflows/pr-comment-build-cli.yml

@@ -40,7 +40,7 @@ jobs:
       # This prevents attackers from triggering builds on their own malicious PRs
       - name: Verify commenter permissions
         id: security_check
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd  # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         with:
           script: |
             // workflow_dispatch requires repo write access, so it's inherently safe

.github/workflows/pr-comment-bundle.yml

@@ -41,7 +41,7 @@ jobs:
       # This prevents attackers from triggering builds on their own malicious PRs
       - name: Verify commenter permissions
         id: security_check
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd  # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         with:
           script: |
             // workflow_dispatch requires repo write access, so it's inherently safe
@@ -113,7 +113,7 @@ jobs:
       - name: Get PR info
         id: get_pr_info
         if: steps.security_check.outputs.authorized == 'true'
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd  # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         with:
           script: |
             let prNumber;

.github/workflows/recipe-security-scanner.yml

@@ -252,7 +252,7 @@ jobs:
 
       - name: Post scan results to PR
         if: always() && steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd  # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         env:
           WORKSPACE: ${{ github.workspace }}
           RUNNER_TEMP: ${{ runner.temp }}
@@ -347,7 +347,7 @@ jobs:
 
       - name: Set GitHub status check
         if: always() && steps.find_recipes.outputs.has_recipes == 'true' && steps.recipe_changes.outputs.recipe_files_changed == 'true'
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd  # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         env:
           RUNNER_TEMP: ${{ runner.temp }}
         with:

.github/workflows/update-hacktoberfest-leaderboard.yml

@@ -19,7 +19,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
 
       - name: Update Leaderboard
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd  # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/update-health-dashboard.yml

@@ -35,7 +35,7 @@ jobs:
           if_no_artifact_found: ignore
         
       - name: 'Update Dashboard'
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd  # v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         with:
           github-token: ${{ secrets.HEALTH_DASHBOARD_TOKEN }}
           script: |