chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 by dependabot[bot] · Pull Request #5990 · external-secrets/external-secrets

dependabot · 2026-02-23T08:27:04Z

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps actions/dependency-review-action from 4.8.2 to 4.8.3.

Release notes

Sourced from actions/dependency-review-action's releases.

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

GitHub Actions can't push to our protected main by @dangoor in actions/dependency-review-action#1017

Bump actions/stale from 9.1.0 to 10.1.0 by @dependabot[bot] in actions/dependency-review-action#995

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in actions/dependency-review-action#1003

Bump actions/setup-node from 4 to 6 by @dependabot[bot] in actions/dependency-review-action#1005

Upgrade glob to address a vulnerability by @brrygrdn in actions/dependency-review-action#1024

Bump js-yaml by @dependabot[bot] in actions/dependency-review-action#1020

Addressing vulnerabilities by @Ahmed3lmallah in actions/dependency-review-action#1036

Bump fast-xml-parser from 5.3.3 to 5.3.5 by @dependabot[bot] in actions/dependency-review-action#1050

Bump fast-xml-parser from 5.3.5 to 5.3.6 by @dependabot[bot] in actions/dependency-review-action#1053

Properly truncate long summaries and catch errors by @juxtin in actions/dependency-review-action#1052

Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @dependabot[bot] in actions/dependency-review-action#931

Changes for Release 4.8.3 by @ahpook in actions/dependency-review-action#1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

Commits

05fe457 Merge pull request #1054 from actions/ahpook/release-4.8.3
3a8496c Update generated package files for v4.8.3
0f22a01 Update CONTRIBUTING for new release process
58be343 Updating package versions for 4.8.3
9284e0c Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-20...
8b76656 Bump spdx-expression-parse in the spdx-licenses group across 1 directory
43f5f02 Merge pull request #1052 from actions/juxtin/fix-long-summaries
f0033fc Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser...
b379e2e Bump fast-xml-parser from 5.3.5 to 5.3.6
2e1cf54 Properly truncate long summaries and catch errors
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.2 to 4.8.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@3c4e3dc...05fe457) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-02-24T21:29:27Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

…2.1.0 (#4491) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets/external-secrets](https://github.com/external-secrets/external-secrets) | minor | `v2.0.1` → `v2.1.0` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets/external-secrets)</summary> ### [`v2.1.0`](https://github.com/external-secrets/external-secrets/releases/tag/v2.1.0) [Compare Source](external-secrets/external-secrets@v2.0.1...v2.1.0) Image: `ghcr.io/external-secrets/external-secrets:v2.1.0` Image: `ghcr.io/external-secrets/external-secrets:v2.1.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v2.1.0-ubi-boringssl`  #### What's Changed ##### General - chore(release): Update helm chart by [@evrardj-roche](https://github.com/evrardj-roche) in [#5981](external-secrets/external-secrets#5981) - fix: cosign verify does not use signing config by [@gusfcarvalho](https://github.com/gusfcarvalho) in [#5982](external-secrets/external-secrets#5982) - docs: Update release process by [@evrardj-roche](https://github.com/evrardj-roche) in [#5980](external-secrets/external-secrets#5980) - fix: allow cross-namespace push with ClusterSecretStore objects by [@Skarlso](https://github.com/Skarlso) in [#5998](external-secrets/external-secrets#5998) - feat(charts): add new flag enable leader for cert-manager by [@nutmos](https://github.com/nutmos) in [#5863](external-secrets/external-secrets#5863) - feat(kubernetes): fall back to system CA roots when no CA is configured by [@rajsinghtech](https://github.com/rajsinghtech) in [#5961](external-secrets/external-secrets#5961) - feat: dedup sbom but keep it monolithic by [@moolen](https://github.com/moolen) in [#6004](external-secrets/external-secrets#6004) - fix: add missing metrics and fundamentally fix the caching logic by [@Skarlso](https://github.com/Skarlso) in [#5894](external-secrets/external-secrets#5894) - docs: designate Oracle Vault provider as 'stable' by [@anders-swanson](https://github.com/anders-swanson) in [#6020](external-secrets/external-secrets#6020) - docs: Oracle Vault provider capabilities by [@anders-swanson](https://github.com/anders-swanson) in [#6023](external-secrets/external-secrets#6023) - docs(azurekv): cert-manager pushsecret example and cleanups by [@illrill](https://github.com/illrill) in [#5972](external-secrets/external-secrets#5972) - feat(kubernetes): implement SecretExists by [@Saku2](https://github.com/Saku2) in [#5973](external-secrets/external-secrets#5973) - fix(charts): Fix wrongly set annotations for cert-controller metrics service by [@josemaia](https://github.com/josemaia) in [#6029](external-secrets/external-secrets#6029) - feat(providers): Nebius MysteryBox integration by [@greenmapc](https://github.com/greenmapc) in [#5868](external-secrets/external-secrets#5868) ##### Dependencies - chore(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5986](external-secrets/external-secrets#5986) - chore(deps): bump mkdocs-material from 9.7.1 to 9.7.2 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5992](external-secrets/external-secrets#5992) - chore(deps): bump ubi9/ubi from `b8923f5` to `cecb1cd` by [@dependabot](https://github.com/dependabot)\[bot] in [#5984](external-secrets/external-secrets#5984) - chore(deps): bump helm/kind-action from 1.13.0 to 1.14.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5985](external-secrets/external-secrets#5985) - chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#5990](external-secrets/external-secrets#5990) - chore(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by [@dependabot](https://github.com/dependabot)\[bot] in [#5989](external-secrets/external-secrets#5989) - chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5987](external-secrets/external-secrets#5987) - chore(deps): bump regex from 2026.1.15 to 2026.2.19 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5991](external-secrets/external-secrets#5991) - chore(deps): bump actions/stale from 10.1.1 to 10.2.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5988](external-secrets/external-secrets#5988) - chore(deps): bump regex from 2026.2.19 to 2026.2.28 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#6012](external-secrets/external-secrets#6012) - chore(deps): bump mkdocs-material from 9.7.2 to 9.7.3 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#6014](external-secrets/external-secrets#6014) - chore(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6015](external-secrets/external-secrets#6015) - chore(deps): bump anchore/sbom-action from 0.22.2 to 0.23.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6016](external-secrets/external-secrets#6016) - chore(deps): bump certifi from 2026.1.4 to 2026.2.25 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#6013](external-secrets/external-secrets#6013) - chore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6010](external-secrets/external-secrets#6010) - chore(deps): bump hashicorp/setup-terraform from [`ce70bcf`](external-secrets/external-secrets@ce70bcf) to [`5e8dbf3`](external-secrets/external-secrets@5e8dbf3) by [@dependabot](https://github.com/dependabot)\[bot] in [#6011](external-secrets/external-secrets#6011) - chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6009](external-secrets/external-secrets#6009) - chore(deps): bump distroless/static from `972618c` to `28efbe9` by [@dependabot](https://github.com/dependabot)\[bot] in [#6008](external-secrets/external-secrets#6008) #### New Contributors - [@nutmos](https://github.com/nutmos) made their first contribution in [#5863](external-secrets/external-secrets#5863) - [@rajsinghtech](https://github.com/rajsinghtech) made their first contribution in [#5961](external-secrets/external-secrets#5961) - [@illrill](https://github.com/illrill) made their first contribution in [#5972](external-secrets/external-secrets#5972) - [@Saku2](https://github.com/Saku2) made their first contribution in [#5973](external-secrets/external-secrets#5973) - [@greenmapc](https://github.com/greenmapc) made their first contribution in [#5868](external-secrets/external-secrets#5868) **Full Changelog**: <external-secrets/external-secrets@v2.0.1...v2.1.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4491 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `2.0.1` → `2.1.0` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v2.1.0`](https://github.com/external-secrets/external-secrets/releases/tag/v2.1.0) [Compare Source](external-secrets/external-secrets@v2.0.1...v2.1.0) Image: `ghcr.io/external-secrets/external-secrets:v2.1.0` Image: `ghcr.io/external-secrets/external-secrets:v2.1.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v2.1.0-ubi-boringssl`  #### What's Changed ##### General - chore(release): Update helm chart by [@evrardj-roche](https://github.com/evrardj-roche) in [#5981](external-secrets/external-secrets#5981) - fix: cosign verify does not use signing config by [@gusfcarvalho](https://github.com/gusfcarvalho) in [#5982](external-secrets/external-secrets#5982) - docs: Update release process by [@evrardj-roche](https://github.com/evrardj-roche) in [#5980](external-secrets/external-secrets#5980) - fix: allow cross-namespace push with ClusterSecretStore objects by [@Skarlso](https://github.com/Skarlso) in [#5998](external-secrets/external-secrets#5998) - feat(charts): add new flag enable leader for cert-manager by [@nutmos](https://github.com/nutmos) in [#5863](external-secrets/external-secrets#5863) - feat(kubernetes): fall back to system CA roots when no CA is configured by [@rajsinghtech](https://github.com/rajsinghtech) in [#5961](external-secrets/external-secrets#5961) - feat: dedup sbom but keep it monolithic by [@moolen](https://github.com/moolen) in [#6004](external-secrets/external-secrets#6004) - fix: add missing metrics and fundamentally fix the caching logic by [@Skarlso](https://github.com/Skarlso) in [#5894](external-secrets/external-secrets#5894) - docs: designate Oracle Vault provider as 'stable' by [@anders-swanson](https://github.com/anders-swanson) in [#6020](external-secrets/external-secrets#6020) - docs: Oracle Vault provider capabilities by [@anders-swanson](https://github.com/anders-swanson) in [#6023](external-secrets/external-secrets#6023) - docs(azurekv): cert-manager pushsecret example and cleanups by [@illrill](https://github.com/illrill) in [#5972](external-secrets/external-secrets#5972) - feat(kubernetes): implement SecretExists by [@Saku2](https://github.com/Saku2) in [#5973](external-secrets/external-secrets#5973) - fix(charts): Fix wrongly set annotations for cert-controller metrics service by [@josemaia](https://github.com/josemaia) in [#6029](external-secrets/external-secrets#6029) - feat(providers): Nebius MysteryBox integration by [@greenmapc](https://github.com/greenmapc) in [#5868](external-secrets/external-secrets#5868) ##### Dependencies - chore(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5986](external-secrets/external-secrets#5986) - chore(deps): bump mkdocs-material from 9.7.1 to 9.7.2 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5992](external-secrets/external-secrets#5992) - chore(deps): bump ubi9/ubi from `b8923f5` to `cecb1cd` by [@dependabot](https://github.com/dependabot)\[bot] in [#5984](external-secrets/external-secrets#5984) - chore(deps): bump helm/kind-action from 1.13.0 to 1.14.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5985](external-secrets/external-secrets#5985) - chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#5990](external-secrets/external-secrets#5990) - chore(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by [@dependabot](https://github.com/dependabot)\[bot] in [#5989](external-secrets/external-secrets#5989) - chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5987](external-secrets/external-secrets#5987) - chore(deps): bump regex from 2026.1.15 to 2026.2.19 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5991](external-secrets/external-secrets#5991) - chore(deps): bump actions/stale from 10.1.1 to 10.2.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5988](external-secrets/external-secrets#5988) - chore(deps): bump regex from 2026.2.19 to 2026.2.28 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#6012](external-secrets/external-secrets#6012) - chore(deps): bump mkdocs-material from 9.7.2 to 9.7.3 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#6014](external-secrets/external-secrets#6014) - chore(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6015](external-secrets/external-secrets#6015) - chore(deps): bump anchore/sbom-action from 0.22.2 to 0.23.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6016](external-secrets/external-secrets#6016) - chore(deps): bump certifi from 2026.1.4 to 2026.2.25 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#6013](external-secrets/external-secrets#6013) - chore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6010](external-secrets/external-secrets#6010) - chore(deps): bump hashicorp/setup-terraform from [`ce70bcf`](external-secrets/external-secrets@ce70bcf) to [`5e8dbf3`](external-secrets/external-secrets@5e8dbf3) by [@dependabot](https://github.com/dependabot)\[bot] in [#6011](external-secrets/external-secrets#6011) - chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#6009](external-secrets/external-secrets#6009) - chore(deps): bump distroless/static from `972618c` to `28efbe9` by [@dependabot](https://github.com/dependabot)\[bot] in [#6008](external-secrets/external-secrets#6008) #### New Contributors - [@nutmos](https://github.com/nutmos) made their first contribution in [#5863](external-secrets/external-secrets#5863) - [@rajsinghtech](https://github.com/rajsinghtech) made their first contribution in [#5961](external-secrets/external-secrets#5961) - [@illrill](https://github.com/illrill) made their first contribution in [#5972](external-secrets/external-secrets#5972) - [@Saku2](https://github.com/Saku2) made their first contribution in [#5973](external-secrets/external-secrets#5973) - [@greenmapc](https://github.com/greenmapc) made their first contribution in [#5868](external-secrets/external-secrets#5868) **Full Changelog**: <external-secrets/external-secrets@v2.0.1...v2.1.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4516 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

external-secrets#5990) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.2 to 4.8.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@3c4e3dc...05fe457) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: AlexOQ <30403857+AlexOQ@users.noreply.github.com>

external-secrets#5990) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.2 to 4.8.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@3c4e3dc...05fe457) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 23, 2026

github-project-automation bot added this to External Secrets Feb 23, 2026

github-actions bot added kind/dependency dependabot and upgrades component/github-actions area/deps kind/chore Categorizes Pull Requests for chore activities (like bumping versions) size/xs labels Feb 23, 2026

eso-service-account-app bot approved these changes Feb 23, 2026

View reviewed changes

eso-service-account-app bot enabled auto-merge (squash) February 23, 2026 08:27

dependabot bot force-pushed the dependabot/github_actions/actions/dependency-review-action-4.8.3 branch from 5b1d81c to bf97fef Compare February 24, 2026 21:28

eso-service-account-app bot merged commit 53e09aa into main Feb 24, 2026
18 checks passed

eso-service-account-app bot deleted the dependabot/github_actions/actions/dependency-review-action-4.8.3 branch February 24, 2026 21:28

github-project-automation bot moved this to Done in External Secrets Feb 24, 2026

eso-service-account-app bot approved these changes Feb 24, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3#5990

chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3#5990
eso-service-account-app[bot] merged 1 commit intomainfrom
dependabot/github_actions/actions/dependency-review-action-4.8.3

dependabot bot commented on behalf of github Feb 23, 2026 •

edited

Loading

Uh oh!

Uh oh!

sonarqubecloud bot commented Feb 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

4.8.3

Dependency Review Action v4.8.3

What's Changed

Uh oh!

Uh oh!

sonarqubecloud bot commented Feb 24, 2026

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Feb 23, 2026 •

edited

Loading