Skip to content

chore(ci): bump actions/dependency-review-action from 4.7.1 to 4.9.0#3137

Merged
dmihalcik-virtru merged 1 commit intomainfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0
Mar 11, 2026
Merged

chore(ci): bump actions/dependency-review-action from 4.7.1 to 4.9.0#3137
dmihalcik-virtru merged 1 commit intomainfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 11, 2026

Bumps actions/dependency-review-action from 4.7.1 to 4.9.0.

Release notes

Sourced from actions/dependency-review-action's releases.

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Minor fixes:

... (truncated)

Commits
  • 2031cfc Merge pull request #1064 from actions/ahpook/release-4.9.0
  • d02fa39 Updates for release 4.9.0
  • 4038a34 Merge pull request #1021 from actions/dependabot/github_actions/actions/check...
  • a632b83 Merge pull request #1058 from actions/dependabot/github_actions/actions/stale...
  • 57a3d46 Merge pull request #1060 from jantiebot/main
  • 5ecdc4b Merge pull request #1045 from forks-felickz/main
  • e8c2f9a fix: remove inferrable type annotation to pass eslint
  • 0e129e1 Prettier - Refactor summary table rendering for improved readability
  • aa60746 Add 'show-patched-versions' option to configuration and update summary handling
  • e404798 Merge upstream actions/dependency-review-action main
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(ci): bump actions/dependency-review-action from 4.7.1 to 4.9.0
a7ac60e 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.1 to 4.9.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@da24556...2031cfc)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 11, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 11, 2026 16:03
@dependabot dependabot Bot added the github_actions Pull requests that update GitHub Actions code label Mar 11, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 11, 2026 16:03
@dependabot dependabot Bot mentioned this pull request Mar 11, 2026
Closed
@github-actions github-actions Bot added comp:ci Github Actions Work size/xs labels Mar 11, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 11, 2026

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 188.699924ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 96.138087ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 395.829051ms
Throughput 252.63 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 42.009277141s
Average Latency 418.733665ms
Throughput 119.02 requests/second

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 11, 2026

X-Test Results

✅ go-pull-3137
✅ go-v0.9.0
✅ java-pull-3137
✅ java-v0.9.0
✅ js-pull-3137
✅ js-v0.9.0
bats-test-results
cukes-report
opentdfplatformSZS8NA.dockerbuild

@dmihalcik-virtru dmihalcik-virtru added this pull request to the merge queue Mar 11, 2026
Merged via the queue into main with commit 44ae895 Mar 11, 2026
45 checks passed
@dmihalcik-virtru dmihalcik-virtru deleted the dependabot/github_actions/actions/dependency-review-action-4.9.0 branch March 11, 2026 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmihalcik-virtru dmihalcik-virtru dmihalcik-virtru approved these changes

Assignees

No one assigned

Labels

comp:ci Github Actions Work dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dmihalcik-virtru