Skip to content

Update actions/dependency-review-action action to v4.9.0#19

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/actions-dependency-review-action-4.x
Open

Update actions/dependency-review-action action to v4.9.0#19
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/actions-dependency-review-action-4.x

Conversation

@renovate

@renovate renovate Bot commented May 31, 2024

Copy link
Copy Markdown

This PR contains the following updates:

Package Type Update Change
actions/dependency-review-action action minor v4.0.0v4.9.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Compare Source

Minor fixes:

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

  • Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
  • License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

  • Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
  • Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

  • Include all added dependencies in scorecard entries by @​elireisman in #​783
  • Update SPDX Expression Parsing by @​febuiles in #​719
    • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

v4.3.3: Notes for v4.3.3

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See #​753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

Compare Source

New Features

  • The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

v4.2.5: 4.2.5

Compare Source

What's Changed

  • Fixed a bug where some configuration options in external files were not being properly picked up -- #​722
  • Bump eslint from 8.56.0 to 8.57.0

Full Changelog: actions/dependency-review-action@v4.2.4...v4.2.5

v4.2.4

Compare Source

What's Changed

Fixed a bug in the output of OpenSSF cards for GitHub Actions.

New Contributors

Full Changelog: actions/dependency-review-action@v4.2.3...v4.2.4

v4.2.3: 4.2.3

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.1.3...v4.2.3

v4.1.3: 4.1.3

Compare Source

Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see #​697).

Full Changelog: actions/dependency-review-action@v4.1.2...v4.1.3

v4.1.2: 4.1.2

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.1.1...v4.1.2

v4.1.1: 4.1.1

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.1.0...v4.1.1

v4.1.0: 4.1.0

Compare Source

What's Changed

Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.1.0


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.3.2 Update actions/dependency-review-action action to v4.3.3 Jun 6, 2024
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from dba9cd2 to 3d2470b Compare June 6, 2024 02:16
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.3.3 Update actions/dependency-review-action action to v4.3.4 Jul 12, 2024
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 3d2470b to c5b9e21 Compare July 12, 2024 08:49
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.3.4 Update actions/dependency-review-action action to v4.3.5 Oct 22, 2024
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from c5b9e21 to d9e277d Compare October 22, 2024 23:30
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.3.5 Update actions/dependency-review-action action to v4.4.0 Oct 30, 2024
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from d9e277d to 7d21a32 Compare October 30, 2024 05:52
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.4.0 Update actions/dependency-review-action action to v4.5.0 Nov 21, 2024
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 7d21a32 to 42c66eb Compare November 21, 2024 23:46
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 42c66eb to 080fd39 Compare April 3, 2025 04:07
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.5.0 Update actions/dependency-review-action action to v4.6.0 Apr 3, 2025
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.6.0 Update actions/dependency-review-action action to v4.7.0 May 10, 2025
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 080fd39 to 575b793 Compare May 10, 2025 11:43
@coderabbitai

coderabbitai Bot commented May 10, 2025

Copy link
Copy Markdown

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 575b793 to 6622f69 Compare May 17, 2025 16:09
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.7.0 Update actions/dependency-review-action action to v4.7.1 May 17, 2025
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.7.1 Update actions/dependency-review-action action to v4.7.2 Aug 23, 2025
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 6622f69 to 4fd2b5f Compare August 23, 2025 04:15
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.7.2 Update actions/dependency-review-action action to v4.7.3 Sep 1, 2025
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 4fd2b5f to 81d52fd Compare September 1, 2025 01:58
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.7.3 Update actions/dependency-review-action action to v4.8.0 Sep 26, 2025
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 81d52fd to 2688a9d Compare September 26, 2025 20:02
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 2688a9d to c0a0a42 Compare October 11, 2025 07:15
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.8.0 Update actions/dependency-review-action action to v4.8.1 Oct 11, 2025
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.8.1 Update actions/dependency-review-action action to v4.8.2 Nov 16, 2025
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from c0a0a42 to 9f3086c Compare November 16, 2025 00:03
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.8.2 Update actions/dependency-review-action action to v4.8.3 Feb 20, 2026
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 9f3086c to 1730b06 Compare February 20, 2026 03:59
@renovate renovate Bot changed the title Update actions/dependency-review-action action to v4.8.3 Update actions/dependency-review-action action to v4.9.0 Mar 8, 2026
@renovate renovate Bot force-pushed the renovate/actions-dependency-review-action-4.x branch from 1730b06 to dc1dfe6 Compare March 8, 2026 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants