Skip to content

chore(deps): bump actions/dependency-review-action from 4 to 5#4

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-5
Closed

chore(deps): bump actions/dependency-review-action from 4 to 5#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-5

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Bumps actions/dependency-review-action from 4 to 5.

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

... (truncated)

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

@dependabot dependabot Bot added ci dependencies Pull requests that update a dependency file labels May 14, 2026
@dependabot dependabot Bot requested a review from jesseoue as a code owner May 14, 2026 02:40
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ci labels May 14, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 14, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
stackfoundry Ready Ready Preview, Comment May 14, 2026 6:45am

@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/dependency-review-action-5 branch from 84f179d to 267e711 Compare May 14, 2026 06:28
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/dependency-review-action-5 branch from 267e711 to ca14208 Compare May 14, 2026 06:43
@dependabot
chore(deps): bump actions/dependency-review-action from 4 to 5
7777a33 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4 to 5.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@v4...v5)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/dependency-review-action-5 branch from ca14208 to 7777a33 Compare May 14, 2026 06:45
@jesseoue
Copy link
Copy Markdown
Owner

jesseoue commented May 14, 2026

Closed as superseded: the GitHub Actions dependency updates were applied directly in commit 149fe66, alongside the public repository security hardening work.

@jesseoue jesseoue closed this May 14, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 14, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@jesseoue jesseoue deleted the dependabot/github_actions/actions/dependency-review-action-5 branch May 14, 2026 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jesseoue jesseoue Awaiting requested review from jesseoue jesseoue is a code owner

Assignees

No one assigned

Labels

ci dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jesseoue