Skip to content

Bump actions/dependency-review-action from 4.8.3 to 4.9.0#423

Merged
cezmunsta merged 1 commit intomasterfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0
Mar 29, 2026
Merged

Bump actions/dependency-review-action from 4.8.3 to 4.9.0#423
cezmunsta merged 1 commit intomasterfrom
dependabot/github_actions/actions/dependency-review-action-4.9.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 3, 2026
edited
Loading

Bumps actions/dependency-review-action from 4.8.3 to 4.9.0.

Release notes

Sourced from actions/dependency-review-action's releases.

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

Commits
  • 2031cfc Merge pull request #1064 from actions/ahpook/release-4.9.0
  • d02fa39 Updates for release 4.9.0
  • 4038a34 Merge pull request #1021 from actions/dependabot/github_actions/actions/check...
  • a632b83 Merge pull request #1058 from actions/dependabot/github_actions/actions/stale...
  • 57a3d46 Merge pull request #1060 from jantiebot/main
  • 5ecdc4b Merge pull request #1045 from forks-felickz/main
  • e8c2f9a fix: remove inferrable type annotation to pass eslint
  • 0e129e1 Prettier - Refactor summary table rendering for improved readability
  • aa60746 Add 'show-patched-versions' option to configuration and update summary handling
  • e404798 Merge upstream actions/dependency-review-action main
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 3, 2026
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions/dependency-review-action-4.9.0 branch from 2d06b1e to 5957379 Compare March 29, 2026 12:15
@cezmunsta
Copy link
Copy Markdown
Owner

cezmunsta commented Mar 29, 2026

@dependabot rebase

@dependabot
Bump actions/dependency-review-action from 4.8.3 to 4.9.0
3551d0e 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.3 to 4.9.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@05fe457...2031cfc)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions/dependency-review-action-4.9.0 branch from 5957379 to 3551d0e Compare March 29, 2026 12:18
@cezmunsta cezmunsta merged commit 87341d8 into master Mar 29, 2026
3 checks passed
@cezmunsta cezmunsta deleted the dependabot/github_actions/actions/dependency-review-action-4.9.0 branch March 29, 2026 12:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cezmunsta