Skip to content

chore(deps): bump the actions-updates group across 1 directory with 3 updates#113

Open
dependabot[bot] wants to merge 1 commit intoQA-Testfrom
dependabot/github_actions/QA-Test/actions-updates-451699765a
Open

chore(deps): bump the actions-updates group across 1 directory with 3 updates#113
dependabot[bot] wants to merge 1 commit intoQA-Testfrom
dependabot/github_actions/QA-Test/actions-updates-451699765a

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026

Bumps the actions-updates group with 3 updates in the / directory: actions/dependency-review-action, ossf/scorecard-action and crytic/slither-action.

Updates actions/dependency-review-action from 4.3.3 to 4.8.3

Release notes

Sourced from actions/dependency-review-action's releases.

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Minor fixes:

Dependency Review Action v4.8.1

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

What's Changed

New Contributors

... (truncated)

Commits
  • 05fe457 Merge pull request #1054 from actions/ahpook/release-4.8.3
  • 3a8496c Update generated package files for v4.8.3
  • 0f22a01 Update CONTRIBUTING for new release process
  • 58be343 Updating package versions for 4.8.3
  • 9284e0c Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-20...
  • 8b76656 Bump spdx-expression-parse in the spdx-licenses group across 1 directory
  • 43f5f02 Merge pull request #1052 from actions/juxtin/fix-long-summaries
  • f0033fc Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser...
  • b379e2e Bump fast-xml-parser from 5.3.5 to 5.3.6
  • 2e1cf54 Properly truncate long summaries and catch errors
  • Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.0 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

v2.4.1

What's Changed

  • This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
  • Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
  • Some errors were made into annotations to make them more visible
  • There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.
  • The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

Docs

New Contributors

Commits
  • 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
  • 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
  • 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
  • 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
  • 92083b5 📖 Fix recommended command to test the image in development (#1583)
  • 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
  • 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
  • 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
  • c3f1350 🌱 Improve printing options (#1584)
  • 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
  • Additional commits viewable in compare view

Updates crytic/slither-action from 0.3.0 to 0.4.2

Release notes

Sourced from crytic/slither-action's releases.

v0.4.2

0.4.2 - 2026-01-16

This is a patch release for the Slither Action - the Github Action for Slither.

What's Changed

Full Changelog: crytic/slither-action@v0.4.1...v0.4.2

v0.4.1

0.4.1 - 2025-03-21

This is a patch release for the Slither Action - the Github Action for Slither.

What's Changed

Full Changelog: crytic/slither-action@v0.4.0...v0.4.1

v0.4.0

0.4.0 - 2024-05-01

This is a minor release for the Slither Action - the Github Action for Slither.

This release introduces one new feature -- support for external Slither plugins.

Plugin support

You can now use the new slither-plugins property to point to a pip requirements file to install alongside Slither. This may be used to install additional third-party or in-house detectors. Refer to the new example in the README for a sample workflow using this new feature.

What's Changed

Full Changelog: crytic/slither-action@v0.3.2...v0.4.0

v0.3.2

0.3.2 - 2024-04-01

This is a patch release for the Slither Action - the Github Action for Slither.

What's Changed

Full Changelog: crytic/slither-action@v0.3.1...v0.3.2

... (truncated)

Commits
  • b52cc1c Merge pull request #99 from crytic/dev-readme
  • 083e5be Update action README for v0.4.2
  • 92f27ba Merge pull request #98 from crytic/py310
  • 310f76e Bump Python version to 3.10
  • 4fd765a Merge pull request #95 from crytic/dev-update-readme
  • 6bbb739 Update action README for v0.4.1
  • 4c869f5 Merge pull request #93 from crytic/dev-foundryup-update
  • 3eef552 Update foundryup
  • f197989 Merge pull request #83 from crytic/dev-readme-040
  • e97f27d Update reference to other action in README
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the actions-updates group across 1 directory with 3…
dc24ab4 
… updates

Bumps the actions-updates group with 3 updates in the / directory: [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [ossf/scorecard-action](https://github.com/ossf/scorecard-action) and [crytic/slither-action](https://github.com/crytic/slither-action).


Updates `actions/dependency-review-action` from 4.3.3 to 4.8.3
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@72eb03d...05fe457)

Updates `ossf/scorecard-action` from 2.4.0 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@62b2cac...4eaacf0)

Updates `crytic/slither-action` from 0.3.0 to 0.4.2
- [Release notes](https://github.com/crytic/slither-action/releases)
- [Commits](crytic/slither-action@6ef3a33...b52cc1c)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.8.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-updates
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-updates
- dependency-name: crytic/slither-action
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants