[PR #512] [MERGED] build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 #521

New issue

Closed

opened 2026-03-03 14:31:33 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:31:33 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/512
Author: @dependabot[bot]
Created: 10/29/2024
Status: ✅ Merged
Merged: 10/29/2024
Merged by: @konstruktoid

Base: master ← Head: dependabot/github_actions/actions/dependency-review-action-4.4.0

📝 Commits (1)

aa3fe3a build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/dependency-review.yml (+1 -1)

📄 Description

Bumps actions/dependency-review-action from 4.3.5 to 4.4.0.

Release notes

Sourced from actions/dependency-review-action's releases.

v4.4.0

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0

Commits

4081bf9 Merge pull request #846 from actions/merge-group-bug-fix
03e585e fixing minor typo
08b4117 updating dist code
9c3441f updating dist code
304a544 updating tests
e99353b fixing merge_group schema bug
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/512 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 10/29/2024 **Status:** ✅ Merged **Merged:** 10/29/2024 **Merged by:** [@konstruktoid](https://github.com/konstruktoid) **Base:** `master` ← **Head:** `dependabot/github_actions/actions/dependency-review-action-4.4.0` --- ### 📝 Commits (1) - [`aa3fe3a`](https://github.com/konstruktoid/hardening/commit/aa3fe3ade47a45a1719c7f01205956d7c71fd7d8) build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/dependency-review.yml` (+1 -1) </details> ### 📄 Description Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.5 to 4.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.4.0</h2> <h2>What's Changed</h2> <ul> <li>Fix for merge_group event bug by <a href="https://github.com/Ahmed3lmallah"><code>@Ahmed3lmallah</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/846">actions/dependency-review-action#846</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0">https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/4081bf99e2866ebe428fc0477b69eb4fcda7220a"><code>4081bf9</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/846">#846</a> from actions/merge-group-bug-fix</li> <li><a href="https://github.com/actions/dependency-review-action/commit/03e585eea794b63b8de08308f3f36505bea142f3"><code>03e585e</code></a> fixing minor typo</li> <li><a href="https://github.com/actions/dependency-review-action/commit/08b41179240a09a27223f31e2fe22333dda9f5f0"><code>08b4117</code></a> updating dist code</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9c3441f7ee1dc89c7af261af6792c4688123879e"><code>9c3441f</code></a> updating dist code</li> <li><a href="https://github.com/actions/dependency-review-action/commit/304a544dca0138ce45a1349083d287c0923353c3"><code>304a544</code></a> updating tests</li> <li><a href="https://github.com/actions/dependency-review-action/commit/e99353b1e140c6150d4d159afda453aff63e8f8a"><code>e99353b</code></a> fixing merge_group schema bug</li> <li>See full diff in <a href="https://github.com/actions/dependency-review-action/compare/a6993e2c61fd5dc440b409aa1d6904921c5e1894...4081bf99e2866ebe428fc0477b69eb4fcda7220a">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.3.5&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>