chore(deps)!: Update GitHub Actions (major)#30
Conversation
|
Warning Review limit reached
Next review available in: 53 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
|
There was a problem hiding this comment.
Pull request overview
Updates the repository’s dependency review GitHub Actions workflows to use actions/dependency-review-action v5, keeping the action pinned to a specific commit SHA.
Changes:
- Bump
actions/dependency-review-actionfromv4.9.0tov5.0.0in the dedicated dependency review workflow. - Bump
actions/dependency-review-actionfromv4.9.0tov5.0.0in the CI workflow’s dependency review job.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/dependency-review.yml |
Updates dependency review action to v5 (pinned SHA). |
.github/workflows/ci.yml |
Updates dependency review action to v5 (pinned SHA) in CI. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Dependency Review | ||
| uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 | ||
| uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 | ||
| with: |
c139adc to
0d1ff50
Compare
0d1ff50 to
f5674ee
Compare
|



Summary
Why
Scheduled patch update, bug fixes and security patches with no API changes.
Changes
This PR contains the following updates:
v6.0.2→v7.0.0v4.9.0→v5.0.0Impact
Acceptance Criteria
Testing
Notes
Release Notes
actions/checkout (actions/checkout)
v7.0.0Compare Source
v7Compare Source
v6.0.3Compare Source
actions/dependency-review-action (actions/dependency-review-action)
v5.0.0: 5.0.0Compare Source
This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.
What's Changed
New Contributors
Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.