Skip to content

chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
satyakwok merged 1 commit into from
May 23, 2026
Merged

chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 #20

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
steps:
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5

- uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4
- uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v4
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

PINNED_SHA="a1d282b36b6f3519aa1f3fc636f609c47dddb294"
REPO="actions/dependency-review-action"

echo "Pinned SHA: $PINNED_SHA"
echo

echo "Resolve tag commit SHAs (commit objects) for v4 and v5:"
gh api "/repos/${REPO}/tags?per_page=100" \
  --jq '.[] | select(.name=="v4" or .name=="v5" or .name=="v5.0.0" or .name=="v4.9.0") | {name: .name, commit: .commit.sha}'

echo
echo "Check if pinned SHA matches one of those commits:"
gh api "/repos/${REPO}/tags?per_page=100" \
  --jq --arg pin "$PINNED_SHA" '.[] | select(.commit.sha==$pin) | {matched_tag: .name, commit: .commit.sha}'

Repository: Sentriscloud/sentrix-grpc-wasm

Length of output: 422

Update the inline annotation to reflect the actual pinned version.

The pinned SHA a1d282b36b6f3519aa1f3fc636f609c47dddb294 correctly resolves to v5.0.0 (not v4), but the inline comment still reads # v4. This should be updated to # v5.0.0 to align with the actual commit.

Suggested fix 
      - uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/dependency-review.yml at line 24, Update the inline
comment on the GitHub Actions step that pins the dependency-review-action to the
commit SHA a1d282b36b6f3519aa1f3fc636f609c47dddb294 so the comment matches the
actual resolved release; change the trailing comment from "# v4" to "# v5.0.0"
in the line containing "uses:
actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294".

with:
fail-on-severity: high
# Mirror deny.toml [licenses].allow.
Expand Down
Loading