Skip to content

Bump actions/dependency-review-action from 4.8.3 to 4.9.0#7897

Merged
jenshnielsen merged 1 commit intomainfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0
Mar 4, 2026
Merged

Bump actions/dependency-review-action from 4.8.3 to 4.9.0#7897
jenshnielsen merged 1 commit intomainfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2026

Bumps actions/dependency-review-action from 4.8.3 to 4.9.0.

Release notes

Sourced from actions/dependency-review-action's releases.

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

Commits
  • 2031cfc Merge pull request #1064 from actions/ahpook/release-4.9.0
  • d02fa39 Updates for release 4.9.0
  • 4038a34 Merge pull request #1021 from actions/dependabot/github_actions/actions/check...
  • a632b83 Merge pull request #1058 from actions/dependabot/github_actions/actions/stale...
  • 57a3d46 Merge pull request #1060 from jantiebot/main
  • 5ecdc4b Merge pull request #1045 from forks-felickz/main
  • e8c2f9a fix: remove inferrable type annotation to pass eslint
  • 0e129e1 Prettier - Refactor summary table rendering for improved readability
  • aa60746 Add 'show-patched-versions' option to configuration and update summary handling
  • e404798 Merge upstream actions/dependency-review-action main
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump actions/dependency-review-action from 4.8.3 to 4.9.0
ecb1fc9 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.3 to 4.9.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@05fe457...2031cfc)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 4, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 4, 2026 04:42
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 4, 2026
@codecov
Copy link

codecov bot commented Mar 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.94%. Comparing base (f93d05e) to head (ecb1fc9).
⚠️ Report is 10 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7897   +/-   ##
=======================================
  Coverage   59.94%   59.94%           
=======================================
  Files         352      352           
  Lines       31933    31933           
=======================================
  Hits        19143    19143           
  Misses      12790    12790

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jenshnielsen jenshnielsen added this pull request to the merge queue Mar 4, 2026
Merged via the queue into main with commit 5170ce0 Mar 4, 2026
18 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/actions/dependency-review-action-4.9.0 branch March 4, 2026 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jenshnielsen jenshnielsen jenshnielsen approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jenshnielsen