Update actions/dependency-review-action action to v4.6.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	minor	v4.5.0 -> v4.6.0

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in https://github.com/actions/dependency-review-action/pull/877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in https://github.com/actions/dependency-review-action/pull/891
• Allow deny package removal by @​ellenfieldn in https://github.com/actions/dependency-review-action/pull/888
• Fix typos by @​omahs in https://github.com/actions/dependency-review-action/pull/893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/900
• Bump octokit and related dependencies by @​RomanIakovlev in https://github.com/actions/dependency-review-action/pull/904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in https://github.com/actions/dependency-review-action/pull/905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/899
• Update transitive dependency spdx-license-ids by @​ailox in https://github.com/actions/dependency-review-action/pull/855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in https://github.com/actions/dependency-review-action/pull/884
• Improve usage of this action in dependency-review.yml by @​fabasoad in https://github.com/actions/dependency-review-action/pull/883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in https://github.com/actions/dependency-review-action/pull/902
• Prepare 4.6.0 Release candidate by @​brrygrdn in https://github.com/actions/dependency-review-action/pull/910

New Contributors

• @​AshelyTC made their first contribution in https://github.com/actions/dependency-review-action/pull/891
• @​ellenfieldn made their first contribution in https://github.com/actions/dependency-review-action/pull/888
• @​omahs made their first contribution in https://github.com/actions/dependency-review-action/pull/893
• @​RomanIakovlev made their first contribution in https://github.com/actions/dependency-review-action/pull/904
• @​ailox made their first contribution in https://github.com/actions/dependency-review-action/pull/855
• @​fabasoad made their first contribution in https://github.com/actions/dependency-review-action/pull/884
• @​Pantelis-Santorinios made their first contribution in https://github.com/actions/dependency-review-action/pull/902
• @​brrygrdn made their first contribution in https://github.com/actions/dependency-review-action/pull/910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/dependency-review-action	ce3cf9537a52e8119d91fd484ab5b8a807627bf8	🟢 7.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• .github/workflows/dependency-review.yml

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.