Skip to content

chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 in the github-actions group#10919

Merged
jasonsaayman merged 2 commits into
v1.xfrom
dependabot/github_actions/github-actions-2661ef2cb7
May 20, 2026
Merged

chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 in the github-actions group#10919
jasonsaayman merged 2 commits into
v1.xfrom
dependabot/github_actions/github-actions-2661ef2cb7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited by cubic-dev-ai Bot
Loading

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 1 update: actions/dependency-review-action.

Updates actions/dependency-review-action from 4.9.0 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by cubic

Upgrade actions/dependency-review-action to v5.0.0 in the run-ci workflow, moving the step to Node.js 24. Requires Actions Runner v2.327.1+; GitHub-hosted runners are compatible.

Description

  • Summary of changes
    • Update .github/workflows/run-ci.yml to actions/dependency-review-action@a1d282b... (v5.0.0, pinned by SHA).
  • Reasoning
    • Keep security tooling current; includes fixes and Node 24 runtime.
  • Additional context
    • Rebased onto latest v1.x. No other workflow changes.

Docs

  • Add a note in /docs/ about using actions/dependency-review-action@v5 and the minimum runner version requirement.

Testing

  • No code tests changed.
  • Validate by running CI and confirming the “Dependency Review” step succeeds.
  • For self-hosted runners, verify runner is v2.327.1+.

Semantic version impact

  • Patch: CI-only change with no runtime or API impact. No release required.

Written for commit b4cdc7f. Summary will update on new commits. Review in cubic

@dependabot
chore(deps): bump actions/dependency-review-action
0777474 
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@2031cfc...a1d282b)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added commit::chore The PR is related to a chore type::automated-pr The PR has been created by an automation labels May 19, 2026
@dependabot dependabot Bot requested a review from jasonsaayman as a code owner May 19, 2026 22:15
@dependabot dependabot Bot added commit::chore The PR is related to a chore type::automated-pr The PR has been created by an automation labels May 19, 2026
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 19, 2026
View reviewed changes

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@jasonsaayman jasonsaayman merged commit a7c2022 into v1.x May 20, 2026
26 checks passed
@jasonsaayman jasonsaayman deleted the dependabot/github_actions/github-actions-2661ef2cb7 branch May 20, 2026 18:20
jasonsaayman added a commit that referenced this pull request May 28, 2026
@dependabot @jasonsaayman
chore(deps): bump actions/dependency-review-action (#10919)
4e1cdd5 
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@2031cfc...a1d282b)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@jasonsaayman jasonsaayman Awaiting requested review from jasonsaayman jasonsaayman is a code owner

Assignees

No one assigned

Labels

commit::chore The PR is related to a chore type::automated-pr The PR has been created by an automation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jasonsaayman