Dependabot Update
Bumps actions/dependency-review-action from 4 to 5.
Release notes
Sourced from actions/dependency-review-action's releases.
5.0.0
This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.
What's Changed
New Contributors
Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0
Dependency Review Action 4.9.0
This feature release contains a couple of notable changes:
- There is a new configuration option
show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @felickz!
- Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch
@jantiebot!
- There are a couple of fixes to purl parsing which should improve match accuracy for
allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @juxtin!
What's Changed
New Contributors
Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0
4.8.3
Dependency Review Action v4.8.3
This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.
We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.
What's Changed
... (truncated)
Commits
a1d282b Merge pull request #1098 from actions/ahpook/v5-release
eb6c199 update examples to show @v5
3943c2c v5.0.0 release branch
454943c Merge pull request #1094 from actions/ashelytc/security-findings
6d92a12 revert @typescript-eslint/parser update
a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
b6b7079 update @typescript-eslint/parser to 8.40.0
821a21d update more dependencies
05aaaae run npm audit fix
55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
- Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request
This issue was automatically created to track the Dependabot update.
Dependabot Update
Bumps actions/dependency-review-action from 4 to 5.
Release notes
Sourced from actions/dependency-review-action's releases.
... (truncated)
Commits
a1d282bMerge pull request #1098 from actions/ahpook/v5-releaseeb6c199update examples to show@v53943c2cv5.0.0 release branch454943cMerge pull request #1094 from actions/ashelytc/security-findings6d92a12revert@typescript-eslint/parserupdatea8e5a7eMerge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...b6b7079update@typescript-eslint/parserto 8.40.0821a21dupdate more dependencies05aaaaerun npm audit fix55d3e75Merge pull request #1077 from Marukome0743/docs/checkoutDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Pull Request
This issue was automatically created to track the Dependabot update.