build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 #8334

dependabot · 2025-11-01T04:04:48Z

Bumps peter-evans/create-or-update-comment from 4.0.0 to 5.0.0.

Release notes

Sourced from peter-evans/create-or-update-comment's releases.

Create or Update Comment v5.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

build(deps): bump peter-evans/create-or-update-comment from 3 to 4 by @dependabot[bot] in peter-evans/create-or-update-comment#307

build(deps-dev): bump @types/node from 18.19.8 to 18.19.11 by @dependabot[bot] in peter-evans/create-or-update-comment#308

build(deps): bump peter-evans/slash-command-dispatch from 3 to 4 by @dependabot[bot] in peter-evans/create-or-update-comment#310

build(deps): bump peter-evans/create-pull-request from 5 to 6 by @dependabot[bot] in peter-evans/create-or-update-comment#309

build(deps-dev): bump @types/node from 18.19.11 to 18.19.14 by @dependabot[bot] in peter-evans/create-or-update-comment#311

build(deps-dev): bump prettier from 3.2.4 to 3.2.5 by @dependabot[bot] in peter-evans/create-or-update-comment#312

build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.8.0 by @dependabot[bot] in peter-evans/create-or-update-comment#313

build(deps-dev): bump @types/node from 18.19.14 to 18.19.15 by @dependabot[bot] in peter-evans/create-or-update-comment#314

build(deps-dev): bump @types/node from 18.19.15 to 18.19.17 by @dependabot[bot] in peter-evans/create-or-update-comment#315

build(deps-dev): bump eslint-plugin-jest from 27.8.0 to 27.9.0 by @dependabot[bot] in peter-evans/create-or-update-comment#316

build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @dependabot[bot] in peter-evans/create-or-update-comment#318

build(deps-dev): bump @types/node from 18.19.17 to 18.19.19 by @dependabot[bot] in peter-evans/create-or-update-comment#319

build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot[bot] in peter-evans/create-or-update-comment#320

build(deps-dev): bump @types/node from 18.19.19 to 18.19.21 by @dependabot[bot] in peter-evans/create-or-update-comment#321

build(deps-dev): bump @types/node from 18.19.21 to 18.19.23 by @dependabot[bot] in peter-evans/create-or-update-comment#322

build(deps-dev): bump @types/node from 18.19.23 to 18.19.26 by @dependabot[bot] in peter-evans/create-or-update-comment#325

build(deps-dev): bump @types/node from 18.19.26 to 18.19.29 by @dependabot[bot] in peter-evans/create-or-update-comment#326

build(deps-dev): bump @types/node from 18.19.29 to 18.19.31 by @dependabot[bot] in peter-evans/create-or-update-comment#327

build(deps): bump chuhlomin/render-template from 1.9 to 1.10 by @dependabot[bot] in peter-evans/create-or-update-comment#328

build(deps-dev): bump @types/node from 18.19.31 to 18.19.32 by @dependabot[bot] in peter-evans/create-or-update-comment#329

build(deps-dev): bump @types/node from 18.19.32 to 18.19.33 by @dependabot[bot] in peter-evans/create-or-update-comment#330

build(deps-dev): bump prettier from 3.2.5 to 3.3.0 by @dependabot[bot] in peter-evans/create-or-update-comment#332

build(deps-dev): bump @types/node from 18.19.33 to 18.19.34 by @dependabot[bot] in peter-evans/create-or-update-comment#333

build(deps-dev): bump prettier from 3.3.0 to 3.3.2 by @dependabot[bot] in peter-evans/create-or-update-comment#334

build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot[bot] in peter-evans/create-or-update-comment#335

build(deps-dev): bump ws from 7.5.9 to 7.5.10 by @dependabot[bot] in peter-evans/create-or-update-comment#336

build(deps-dev): bump @types/node from 18.19.34 to 18.19.36 by @dependabot[bot] in peter-evans/create-or-update-comment#337

build(deps-dev): bump @types/node from 18.19.36 to 18.19.39 by @dependabot[bot] in peter-evans/create-or-update-comment#338

build(deps-dev): bump @types/node from 18.19.39 to 18.19.40 by @dependabot[bot] in peter-evans/create-or-update-comment#340

build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @dependabot[bot] in peter-evans/create-or-update-comment#339

build(deps-dev): bump @types/node from 18.19.40 to 18.19.42 by @dependabot[bot] in peter-evans/create-or-update-comment#342

build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @dependabot[bot] in peter-evans/create-or-update-comment#343

build(deps-dev): bump @types/node from 18.19.42 to 18.19.43 by @dependabot[bot] in peter-evans/create-or-update-comment#345

build(deps-dev): bump @types/node from 18.19.43 to 18.19.44 by @dependabot[bot] in peter-evans/create-or-update-comment#347

build(deps-dev): bump @types/node from 18.19.44 to 18.19.45 by @dependabot[bot] in peter-evans/create-or-update-comment#348

build(deps-dev): bump @types/node from 18.19.45 to 18.19.47 by @dependabot[bot] in peter-evans/create-or-update-comment#349

build(deps-dev): bump @types/node from 18.19.47 to 18.19.49 by @dependabot[bot] in peter-evans/create-or-update-comment#350

build(deps): bump peter-evans/create-pull-request from 6 to 7 by @dependabot[bot] in peter-evans/create-or-update-comment#351

build(deps-dev): bump @types/node from 18.19.49 to 18.19.50 by @dependabot[bot] in peter-evans/create-or-update-comment#352

build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by @dependabot[bot] in peter-evans/create-or-update-comment#353

build(deps-dev): bump @vercel/ncc from 0.38.1 to 0.38.2 by @dependabot[bot] in peter-evans/create-or-update-comment#354

build(deps-dev): bump @types/node from 18.19.50 to 18.19.51 by @dependabot[bot] in peter-evans/create-or-update-comment#355

Update distribution by @actions-bot in peter-evans/create-or-update-comment#356

build(deps-dev): bump @types/node from 18.19.51 to 18.19.54 by @dependabot[bot] in peter-evans/create-or-update-comment#357

build(deps-dev): bump @types/node from 18.19.54 to 18.19.55 by @dependabot[bot] in peter-evans/create-or-update-comment#359

build(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in peter-evans/create-or-update-comment#360

... (truncated)

Commits

e8674b0 feat: v5 (#439)
fffe59e build(deps-dev): bump @types/node from 18.19.127 to 18.19.129 (#438)
076d572 build(deps-dev): bump @types/node from 18.19.126 to 18.19.127 (#437)
86a2645 build(deps-dev): bump @vercel/ncc from 0.38.3 to 0.38.4 (#436)
be17e0c build(deps-dev): bump @types/node from 18.19.124 to 18.19.126 (#435)
ef75eae build(deps-dev): bump @types/node from 18.19.123 to 18.19.124 (#433)
82a7ad0 build(deps): bump actions/setup-node from 4 to 5 (#432)
f7c845d build(deps-dev): bump @types/node from 18.19.122 to 18.19.123 (#430)
5da8e07 build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#428)
2de7f66 build(deps-dev): bump @types/node from 18.19.121 to 18.19.122 (#427)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 4.0.0 to 5.0.0. - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](peter-evans/create-or-update-comment@71345be...e8674b0) --- updated-dependencies: - dependency-name: peter-evans/create-or-update-comment dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

socket-security · 2025-11-01T04:08:11Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Vulnerability	Quality
	remark-html@10.0.0
	remark-vdom@8.0.0
	remark-lint-no-trailing-spaces@3.0.2
	proxyquire-universal@2.1.0
	mathjax-node-sre@3.0.3
	process@0.11.10
	tap-summary@4.0.0
	parse-link-header@1.0.1
	vdom-to-html@2.3.1
	mathjax-node@2.1.1
	remark-lint-no-auto-link-without-protocol@1.0.4
	remark-lint-no-inline-padding@1.0.5
	tap-xunit@2.4.1
	remark-slug@5.1.2
	to-vfile@6.1.0
	tap-spec@5.0.0
	virtual-dom@2.1.1
	mkdirp@0.5.6
	read-installed@4.0.3
	proxyquireify@3.2.1
	proxyquire@2.1.3
	unist-util-visit@2.0.3
	plato@1.7.0
	remark-unlink@2.1.2
	remark-lint-linebreak-style@1.0.4
	remark-lint-no-html@1.0.4
	rehype@9.0.1
	remark-lint-no-paragraph-content-indent@1.0.7
	remark-frontmatter@1.3.3
	uglifyify@5.0.2
	remark-cli@7.0.1
	yaml@1.10.2
	minimist@0.0.5 ⏵ 1.2.8	⁺⁷⁵	⁺⁹
	mustache@4.2.0
See 72 more rows in the dashboard

View full report

socket-security · 2025-11-01T04:08:12Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: Unsafe defaults in `npm` remark-html`` CVE: GHSA-9q5w-79cv-947m Unsafe defaults in `remark-html` (CRITICAL) Affected versions: = 14.0.0; < 13.0.2; >= 14.0.0 < 14.0.1 Patched version: 13.0.2 From: package.json → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `safer-buffer` is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: `?` → `npm/[email protected]` → `npm/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot bot added Dependencies Issue or pull request related to project dependencies. github_actions Pull requests that update GitHub Actions code. labels Nov 1, 2025

stdlib-bot added Needs Review A pull request which needs code review. Good First PR A pull request resolving a Good First Issue. labels Nov 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 #8334

build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 #8334

dependabot bot commented on behalf of github Nov 1, 2025

Uh oh!

socket-security bot commented Nov 1, 2025

Uh oh!

socket-security bot commented Nov 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 #8334

Are you sure you want to change the base?

build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 #8334

Conversation

dependabot bot commented on behalf of github Nov 1, 2025

Create or Update Comment v5.0.0

What's Changed

Uh oh!

socket-security bot commented Nov 1, 2025

Uh oh!

socket-security bot commented Nov 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants