Skip to content

Bump actions/dependency-review-action from 4.5.0 to 4.9.0 in the actions-minor-updates group across 1 directory#1146

Merged
calebbrown merged 1 commit into
mainfrom
dependabot/github_actions/actions-minor-updates-33179f41c4
May 15, 2026
Merged

Bump actions/dependency-review-action from 4.5.0 to 4.9.0 in the actions-minor-updates group across 1 directory#1146
calebbrown merged 1 commit into
mainfrom
dependabot/github_actions/actions-minor-updates-33179f41c4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Bumps the actions-minor-updates group with 1 update in the / directory: actions/dependency-review-action.

Updates actions/dependency-review-action from 4.5.0 to 4.9.0

Release notes

Sourced from actions/dependency-review-action's releases.

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Minor fixes:

... (truncated)

Commits
  • 2031cfc Merge pull request #1064 from actions/ahpook/release-4.9.0
  • d02fa39 Updates for release 4.9.0
  • 4038a34 Merge pull request #1021 from actions/dependabot/github_actions/actions/check...
  • a632b83 Merge pull request #1058 from actions/dependabot/github_actions/actions/stale...
  • 57a3d46 Merge pull request #1060 from jantiebot/main
  • 5ecdc4b Merge pull request #1045 from forks-felickz/main
  • e8c2f9a fix: remove inferrable type annotation to pass eslint
  • 0e129e1 Prettier - Refactor summary table rendering for improved readability
  • aa60746 Add 'show-patched-versions' option to configuration and update summary handling
  • e404798 Merge upstream actions/dependency-review-action main
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 15, 2026
@dependabot dependabot Bot changed the title Bump actions/dependency-review-action from 4.5.0 to 4.9.0 in the actions-minor-updates group Bump actions/dependency-review-action from 4.5.0 to 4.9.0 in the actions-minor-updates group across 1 directory May 15, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-minor-updates-33179f41c4 branch from 6e35032 to 61b1857 Compare May 15, 2026 01:59
@dependabot
Bump actions/dependency-review-action
f3e7851 
Bumps the actions-minor-updates group with 1 update in the / directory: [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `actions/dependency-review-action` from 4.5.0 to 4.9.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@3b139cf...2031cfc)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-minor-updates-33179f41c4 branch from 61b1857 to f3e7851 Compare May 15, 2026 02:07
@calebbrown calebbrown merged commit cb9b46b into main May 15, 2026
11 of 12 checks passed
@calebbrown calebbrown deleted the dependabot/github_actions/actions-minor-updates-33179f41c4 branch May 15, 2026 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@calebbrown calebbrown calebbrown approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@calebbrown