Skip to content

build(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0#2859

Merged
omer-topal merged 1 commit intomasterfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0
Apr 13, 2026
Merged

build(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0#2859
omer-topal merged 1 commit intomasterfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps actions/dependency-review-action from 4.8.3 to 4.9.0.

Release notes

Sourced from actions/dependency-review-action's releases.

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

Commits
  • 2031cfc Merge pull request #1064 from actions/ahpook/release-4.9.0
  • d02fa39 Updates for release 4.9.0
  • 4038a34 Merge pull request #1021 from actions/dependabot/github_actions/actions/check...
  • a632b83 Merge pull request #1058 from actions/dependabot/github_actions/actions/stale...
  • 57a3d46 Merge pull request #1060 from jantiebot/main
  • 5ecdc4b Merge pull request #1045 from forks-felickz/main
  • e8c2f9a fix: remove inferrable type annotation to pass eslint
  • 0e129e1 Prettier - Refactor summary table rendering for improved readability
  • aa60746 Add 'show-patched-versions' option to configuration and update summary handling
  • e404798 Merge upstream actions/dependency-review-action main
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026
@dependabot
build(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0
80dbee3 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.3 to 4.9.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@05fe457...2031cfc)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions/dependency-review-action-4.9.0 branch from b43026c to 80dbee3 Compare April 13, 2026 19:58
@omer-topal omer-topal merged commit fc00ae5 into master Apr 13, 2026
11 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/actions/dependency-review-action-4.9.0 branch April 13, 2026 21:49
@github-actions github-actions bot locked and limited conversation to collaborators Apr 13, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@omer-topal