starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-25 16:55:53 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[PR #729] [MERGED] chore(deps): update actions/dependency-review-action action to v4.8.3 #728

New issue
Closed
opened 2026-03-03 14:32:30 +03:00 by kerem · 0 comments
kerem commented 2026-03-03 14:32:30 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/729
Author: @renovate[bot]
Created: 2/20/2026
Status: Merged
Merged: 2/20/2026
Merged by: @renovate[bot]

Base: masterHead: renovate/actions-dependency-review-action-4.x

📝 Commits (1)

  • 75b315a chore(deps): update actions/dependency-review-action action to v4.8.3

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/dependency-review.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package Type Update Change
actions/dependency-review-action action patch v4.8.2v4.8.3

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/729 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 2/20/2026 **Status:** ✅ Merged **Merged:** 2/20/2026 **Merged by:** [@renovate[bot]](https://github.com/apps/renovate) **Base:** `master` ← **Head:** `renovate/actions-dependency-review-action-4.x` --- ### 📝 Commits (1) - [`75b315a`](https://github.com/konstruktoid/hardening/commit/75b315ac3d60e4160e204bb723ca210de666c367) chore(deps): update actions/dependency-review-action action to v4.8.3 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/dependency-review.yml` (+1 -1) </details> ### 📄 Description This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://redirect.github.com/actions/dependency-review-action) | action | patch | `v4.8.2` → `v4.8.3` | --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.8.3`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.8.3): 4.8.3 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.8.2...v4.8.3) #### Dependency Review Action v4.8.3 This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action. We have also updated the release process to use a long-lived `v4` **branch** for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users. #### What's Changed - GitHub Actions can't push to our protected main by [@&#8203;dangoor](https://redirect.github.com/dangoor) in [#&#8203;1017](https://redirect.github.com/actions/dependency-review-action/pull/1017) - Bump actions/stale from 9.1.0 to 10.1.0 by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;995](https://redirect.github.com/actions/dependency-review-action/pull/995) - Bump github/codeql-action from 3 to 4 by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;1003](https://redirect.github.com/actions/dependency-review-action/pull/1003) - Bump actions/setup-node from 4 to 6 by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;1005](https://redirect.github.com/actions/dependency-review-action/pull/1005) - Upgrade glob to address a vulnerability by [@&#8203;brrygrdn](https://redirect.github.com/brrygrdn) in [#&#8203;1024](https://redirect.github.com/actions/dependency-review-action/pull/1024) - Bump js-yaml by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;1020](https://redirect.github.com/actions/dependency-review-action/pull/1020) - Addressing vulnerabilities by [@&#8203;Ahmed3lmallah](https://redirect.github.com/Ahmed3lmallah) in [#&#8203;1036](https://redirect.github.com/actions/dependency-review-action/pull/1036) - Bump fast-xml-parser from 5.3.3 to 5.3.5 by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;1050](https://redirect.github.com/actions/dependency-review-action/pull/1050) - Bump fast-xml-parser from 5.3.5 to 5.3.6 by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;1053](https://redirect.github.com/actions/dependency-review-action/pull/1053) - Properly truncate long summaries and catch errors by [@&#8203;juxtin](https://redirect.github.com/juxtin) in [#&#8203;1052](https://redirect.github.com/actions/dependency-review-action/pull/1052) - Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;931](https://redirect.github.com/actions/dependency-review-action/pull/931) - Changes for Release 4.8.3 by [@&#8203;ahpook](https://redirect.github.com/ahpook) in [#&#8203;1054](https://redirect.github.com/actions/dependency-review-action/pull/1054) **Full Changelog**: <https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/konstruktoid/hardening). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS4xMSIsInVwZGF0ZWRJblZlciI6IjQzLjI1LjExIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-03 14:32:30 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#728
No description provided.