Skip to content

chore(deps): update actions/dependency-review-action action to v4.6.0#122

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/github-actions-monthly-minorpatch
Apr 1, 2025
Merged

chore(deps): update actions/dependency-review-action action to v4.6.0#122
renovate[bot] merged 1 commit intomainfrom
renovate/github-actions-monthly-minorpatch

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Apr 1, 2025

This PR contains the following updates:

Package Type Update Change
actions/dependency-review-action action minor v4.5.0 -> v4.6.0

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

Configuration

📅 Schedule: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 1, 2025
@github-actions
Copy link

github-actions bot commented Apr 1, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/dependency-review-action ce3cf9537a52e8119d91fd484ab5b8a807627bf8 🟢 7.1
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 9security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Files

  • .github/workflows/dependency-review.yaml

@renovate renovate bot merged commit 0b336ce into main Apr 1, 2025
5 checks passed
@renovate renovate bot deleted the renovate/github-actions-monthly-minorpatch branch April 1, 2025 19:40
@smlx smlx mentioned this pull request Jun 6, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants