Bump the ci-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the ci-dependencies group with 3 updates in the / directory: actions/github-script, pypa/gh-action-pypi-publish and release-drafter/release-drafter.

Updates actions/github-script from 8.0.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

• getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
• Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

• require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
• getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
• If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

• Add ACTIONS_ORCHESTRATION_ID to user-agent string by @​Copilot in actions/github-script#695
• ci: use deployment: false for integration test environments by @​salmanmkc in actions/github-script#712
• feat!: add getOctokit to script context, upgrade @​actions/github v9, @​octokit/core v7, and related packages by @​salmanmkc in actions/github-script#700

New Contributors

• @​Copilot made their first contribution in actions/github-script#695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits

• 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
• ca10bbd fix: use @​octokit/core/types import for v7 compatibility
• 86e48e2 merge: incorporate main branch changes
• c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
• afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
• ff8117e ci: fix user-agent test to handle orchestration ID
• 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
• 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
• c17d55b ci: add getOctokit integration test job
• a047196 test: add getOctokit integration tests via callAsyncFunction
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

• @​him2him2 made their first contribution in #395
• @​whitequark made their first contribution in #397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits

• cef2210 Merge pull request #397 from whitequark/patch-1
• b4595e2 Enable verbose and print-hash by default.
• e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
• 7495c38 docs: fix typos and grammar in README and SECURITY
• 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
• 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
• b5a6e8b deps: bump sigstore and pypi-attestations
• a48a03e remove another experimental mention
• 8087a88 action: remove a lingering mention of PEP 740 being experimental
• 3317ede 🧪 Integrate actionlint via pre-commit framework
• Additional commits viewable in compare view

Updates release-drafter/release-drafter from 7.1.1 to 7.2.0

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.2.0

What's Changed

New

• feat: allow always collapsing a category (#1444) @​mhanberg

Bug Fixes

• fix: improve advanced substitutions in replacers (#1555) @​jetersen
• fix: support repo-only _extends and prevent .github/ path doubling (#1577) @​jetersen

Maintenance

• chore(deps): update dependency typescript to 6.0.2 (#1587) @renovate[bot]
• chore(deps): update vitest to 4.1.4 (#1585) @renovate[bot]
• ci(deps): update peter-evans/create-pull-request action to v8 (#1588) @renovate[bot]
• chore(deps): update dependency vite to 8.0.5 (#1579) @renovate[bot]
• chore(deps): update dependency nock to 14.0.12 (#1583) @renovate[bot]
• chore(deps): update dependency @​types/node to 24.12.2 (#1582) @renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.10 (#1581) @renovate[bot]
• chore: move codegen to monthly scheduled workflow (#1578) @​jetersen
• chore: replace vite-tsconfig-paths plugin with native resolve.tsconfigPaths (#1571) @​jetersen

Documentation

• docs: fix autolabeler example tag (#1568) @​cchanche

Dependency Updates

• build(deps): bump lodash and @​graphql-codegen/plugin-helpers (#1589) @dependabot[bot]
• fix(deps): update dependency @​actions/github to 9.1.0 (#1586) @renovate[bot]
• chore(deps): update dependency yaml to 2.8.3 (#1580) @renovate[bot]
• chore(deps): update node.js to v24.14.1 (#1584) @renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.10 (#1581) @renovate[bot]

Full Changelog: release-drafter/release-drafter@v7.1.1...v7.2.0

Commits

• 5de9358 7.2.0
• e50d61c chore: rebuild dist
• d3a61d3 chore: fix npm audit vulnerabilities
• 8bfa279 build(deps): bump lodash and @​graphql-codegen/plugin-helpers (#1589)
• c2a8a67 chore: remove engine-strict from .npmrc to fix Dependabot resolution
• e51e4ad chore(deps): update dependency typescript to 6.0.2 (#1587)
• 0e7bd54 fix(deps): update dependency @​actions/github to 9.1.0 (#1586)
• 9c0b0a8 chore(deps): update dependency yaml to 2.8.3 (#1580)
• b27f820 chore(deps): update vitest to 4.1.4 (#1585)
• eb90534 ci(deps): update peter-evans/create-pull-request action to v8 (#1588)
• Additional commits viewable in compare view

[marcopeix]

@dependabot rebase