[PR #657] build(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 #655

New issue

Closed

opened 2026-03-03 14:32:10 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:32:10 +03:00

Owner

Original Pull Request: https://github.com/konstruktoid/hardening/pull/657

State: closed
Merged: Yes

Bumps actions/dependency-review-action from 4.7.2 to 4.7.3.

Release notes

Sourced from actions/dependency-review-action's releases.

4.7.3

What's Changed

Add explicit permissions to workflow files by @AshelyTC in actions/dependency-review-action#966

Claire153/fix spamming mentioned issue by @claire153 in actions/dependency-review-action#974

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.7.3

Commits

595b5ae Update package version (#975)
fc5fd66 Claire153/fix spamming mentioned issue (#974)
d38d1a4 Merge pull request #965 from actions/dependabot/npm_and_yarn/multi-c22e25d29b
8d420b8 Merge branch 'main' into dependabot/npm_and_yarn/multi-c22e25d29b
bde0129 Merge pull request #966 from actions/ashelytc/add-permissions
ab52490 remove ruby
ef00a0a add permissions to workflows
74c8179 Bump brace-expansion
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

**Original Pull Request:** https://github.com/konstruktoid/hardening/pull/657 **State:** closed **Merged:** Yes --- Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.7.2 to 4.7.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>4.7.3</h2> <h2>What's Changed</h2> <ul> <li>Add explicit permissions to workflow files by <a href="https://github.com/AshelyTC"><code>@AshelyTC</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/966">actions/dependency-review-action#966</a></li> <li>Claire153/fix spamming mentioned issue by <a href="https://github.com/claire153"><code>@claire153</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/974">actions/dependency-review-action#974</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4...v4.7.3">https://github.com/actions/dependency-review-action/compare/v4...v4.7.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/595b5aeba73380359d98a5e087f648dbb0edce1b"><code>595b5ae</code></a> Update package version (<a href="https://redirect.github.com/actions/dependency-review-action/issues/975">#975</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/fc5fd661aa443a25c657922b187812d85d3c6fa7"><code>fc5fd66</code></a> Claire153/fix spamming mentioned issue (<a href="https://redirect.github.com/actions/dependency-review-action/issues/974">#974</a>)</li> <li><a href="https://github.com/actions/dependency-review-action/commit/d38d1a4f40f1e9fd802865455d695d0ae924edee"><code>d38d1a4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/965">#965</a> from actions/dependabot/npm_and_yarn/multi-c22e25d29b</li> <li><a href="https://github.com/actions/dependency-review-action/commit/8d420b827cac87791e1303cb1b01d3447e0bb8df"><code>8d420b8</code></a> Merge branch 'main' into dependabot/npm_and_yarn/multi-c22e25d29b</li> <li><a href="https://github.com/actions/dependency-review-action/commit/bde01290d367cf6ae7232580700fcca870e35a80"><code>bde0129</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/966">#966</a> from actions/ashelytc/add-permissions</li> <li><a href="https://github.com/actions/dependency-review-action/commit/ab524903e88a228b6df0ab1dc878a34aebc28b70"><code>ab52490</code></a> remove ruby</li> <li><a href="https://github.com/actions/dependency-review-action/commit/ef00a0afbb540db022eb79fc3aea57b5603d7a47"><code>ef00a0a</code></a> add permissions to workflows</li> <li><a href="https://github.com/actions/dependency-review-action/commit/74c8179d39388ccd6863b1a230d2cd3e1d0de71d"><code>74c8179</code></a> Bump brace-expansion</li> <li>See full diff in <a href="https://github.com/actions/dependency-review-action/compare/bc41886e18ea39df68b1b1245f4184881938e050...595b5aeba73380359d98a5e087f648dbb0edce1b">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.7.2&new-version=4.7.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>