actions/dependency-review-action@v4.9.0 (latest as of 2026-04-25) still declares using: 'node20' in its action.yml. Upstream tracker: actions/dependency-review-action#1084 (OPEN).
6 ecosystem workflow files use this action: Docker, Home-Lab, Monday, Plaid, Steam, Developer-Tools-Directory. Cannot be fixed downstream.
Deadline: 2026-06-02 (Node 24 default). If upstream does not ship v5 by then, these workflows will break.
Mitigation options:
- Wait for upstream (preferred)
- Drop the action and replace with dependabot-only review flow
- Accept temporary PR-time breakage (the action is not release-blocking)
Action: monitor upstream. Decision required by 2026-05-25 (one week before deadline).
actions/dependency-review-action@v4.9.0(latest as of 2026-04-25) still declaresusing: 'node20'in its action.yml. Upstream tracker: actions/dependency-review-action#1084 (OPEN).6 ecosystem workflow files use this action: Docker, Home-Lab, Monday, Plaid, Steam, Developer-Tools-Directory. Cannot be fixed downstream.
Deadline: 2026-06-02 (Node 24 default). If upstream does not ship v5 by then, these workflows will break.
Mitigation options:
Action: monitor upstream. Decision required by 2026-05-25 (one week before deadline).