From 0593fedee1eaefd08e4c5e881b7e94c9c3a54e24 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 21:54:43 +0000 Subject: [PATCH] chore(deps): bump actions/dependency-review-action Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.3 to 4.9.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...2031cfc080254a8a887f58cffee85186f0e49e48) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- workflow-templates/dependency-review.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workflow-templates/dependency-review.yaml b/workflow-templates/dependency-review.yaml index 8f7127d..c78438d 100644 --- a/workflow-templates/dependency-review.yaml +++ b/workflow-templates/dependency-review.yaml @@ -22,7 +22,7 @@ jobs: run: echo "first_commit_sha=$(git rev-list --max-parents=0 HEAD)" >> $GITHUB_ENV - name: 'Dependency Review (manual)' if: github.event_name == 'workflow_dispatch' - uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 # v4.8.3 + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 with: base-ref: ${{ env.first_commit_sha }} head-ref: ${{ github.ref }} @@ -32,7 +32,7 @@ jobs: warn-only: true - name: 'Dependency Review (pull_request)' if: github.event_name == 'pull_request' - uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 # v4.8.3 + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 with: show-openssf-scorecard: true vulnerability-check: true