[release/v7.4.15] Bump actions/dependency-review-action from 4.8.3 to 4.9.0#27142
Merged
adityapatwardhan merged 1 commit intoApr 3, 2026
Conversation
adityapatwardhan
added
the
CL-BuildPackaging
adityapatwardhan
added
the
CL-BuildPackaging
Contributor
There was a problem hiding this comment.
Pull request overview
Backport to release/v7.4.15 updating the pinned actions/dependency-review-action version used by the Dependency Review GitHub Actions workflow.
Changes:
- Update
actions/dependency-review-actionpin to the v4.9.0 commit SHA in.github/workflows/dependency-review.yml.
Comment on lines
21
to
+22
| - name: 'Dependency Review' | ||
| uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 | ||
| uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 |
There was a problem hiding this comment.
The PR title/description says this is a bump from actions/dependency-review-action v4.8.3 to v4.9.0, but the workflow is actually changing from v2.5.1 to v4.9.0. Please update the PR metadata to reflect the actual starting version on this branch (or confirm the intent to do a major-version jump and document it in the PR description/risk section).
TravisEz13
approved these changes
Apr 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #26938 to release/v7.4.15
Triggered by @adityapatwardhan on behalf of @app/dependabot
Original CL Label: CL-BuildPackaging
/cc @PowerShell/powershell-maintainers
Impact
REQUIRED: Choose either Tooling Impact or Customer Impact (or both). At least one checkbox must be selected.
Tooling Impact
Updates the dependency review GitHub Action pin on the release branch so security/dependency review checks use the intended version.
Customer Impact
Regression
REQUIRED: Check exactly one box.
This is not a regression.
Testing
Verified the backport cherry-pick applies cleanly to release/v7.4.15 after conflict resolution, and confirmed the workflow file contains the expected dependency-review-action v4.9.0 pin.
Risk
REQUIRED: Check exactly one box.
Single-line workflow action pin update with no runtime product code changes; impact is limited to CI dependency review behavior.
Merge Conflicts
Resolved one conflict in .github/workflows/dependency-review.yml by preserving the release branch checkout action pin and applying only the dependency-review-action bump to v4.9.0.