Skip to content

build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0#517

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-5.0.0
Open

build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0#517
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-5.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps actions/dependency-review-action from 4.9.0 to 5.0.0.

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 11, 2026
@dependabot dependabot Bot requested a review from RoseSecurity as a code owner May 11, 2026 22:29
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 11, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/dependency-review-action-5.0.0 branch 2 times, most recently from 7ad1823 to c927889 Compare May 14, 2026 20:04
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/dependency-review-action-5.0.0 branch from c927889 to da1da9f Compare May 20, 2026 11:41
@dependabot
build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0
7121f41 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.9.0 to 5.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@2031cfc...a1d282b)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/dependency-review-action-5.0.0 branch from da1da9f to 7121f41 Compare May 21, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RoseSecurity RoseSecurity Awaiting requested review from RoseSecurity RoseSecurity is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant