Update actions/dependency-review-action action to v4.5.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
actions/dependency-review-action	action	minor	v4 -> v4.5.0

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.5.0

Compare Source

v4.4.0

Compare Source

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in https://github.com/actions/dependency-review-action/pull/766
• Create pull_request_template.md by @​jonjanego in https://github.com/actions/dependency-review-action/pull/794
• Update CONTRIBUTING.md by @​jonjanego in https://github.com/actions/dependency-review-action/pull/793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/815
• Upgrade transitive micromatch library by @​elireisman in https://github.com/actions/dependency-review-action/pull/829
• Do not list changed dependencies in summary by @​hmaurer in https://github.com/actions/dependency-review-action/pull/828
• Update stale.yaml by @​jonjanego in https://github.com/actions/dependency-review-action/pull/832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/840

New Contributors

• @​louis-bompart made their first contribution in https://github.com/actions/dependency-review-action/pull/766
• @​Ahmed3lmallah made their first contribution in https://github.com/actions/dependency-review-action/pull/840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in https://github.com/actions/dependency-review-action/pull/783
• Update SPDX Expression Parsing by @​febuiles in https://github.com/actions/dependency-review-action/pull/719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

v4.3.3: Notes for v4.3.3

Compare Source

What's Changed

• Allow slashes in purl package names by @​juxtin in https://github.com/actions/dependency-review-action/pull/765
• use the v3 version of the deps.dev API by @​josieang in https://github.com/actions/dependency-review-action/pull/741
• PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @​am-stead in https://github.com/actions/dependency-review-action/pull/773
• fix show-openssf-scorecard-levels input by @​ramann in https://github.com/actions/dependency-review-action/pull/776
• Updates to the contribution guidelines by @​jonjanego in https://github.com/actions/dependency-review-action/pull/778
• Create issue templates by @​jonjanego in https://github.com/actions/dependency-review-action/pull/777
• Fix the max comment length issue by @​jhutchings1 and @​elireisman in https://github.com/actions/dependency-review-action/pull/767
• Bump project version to 4.3.3 in prep for a release by @​elireisman in https://github.com/actions/dependency-review-action/pull/781

New Contributors

• @​josieang made their first contribution in https://github.com/actions/dependency-review-action/pull/741
• @​am-stead made their first contribution in https://github.com/actions/dependency-review-action/pull/773
• @​ramann made their first contribution in https://github.com/actions/dependency-review-action/pull/776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in https://github.com/actions/dependency-review-action/pull/761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See https://github.com/actions/dependency-review-action/pull/753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

Compare Source

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in https://github.com/actions/dependency-review-action/pull/735
• Fix extra https:// in summary by @​jhutchings1 in https://github.com/actions/dependency-review-action/pull/748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in https://github.com/actions/dependency-review-action/pull/744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/737
• Show denied packages with red X by @​juxtin in https://github.com/actions/dependency-review-action/pull/750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in https://github.com/actions/dependency-review-action/pull/733

New Contributors

• @​bteng22 made their first contribution in https://github.com/actions/dependency-review-action/pull/733
• @​lukehinds made their first contribution in https://github.com/actions/dependency-review-action/pull/735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

v4.2.5: 4.2.5

Compare Source

What's Changed

• Fixed a bug where some configuration options in external files were not being properly picked up -- https://github.com/actions/dependency-review-action/pull/722
• Bump eslint from 8.56.0 to 8.57.0

Full Changelog: actions/dependency-review-action@v4.2.4...v4.2.5

v4.2.4

Compare Source

What's Changed

Fixed a bug in the output of OpenSSF cards for GitHub Actions.

New Contributors

• @​sporkmonger made their first contribution in https://github.com/actions/dependency-review-action/pull/721

Full Changelog: actions/dependency-review-action@v4.2.3...v4.2.4

v4.2.3: 4.2.3

Compare Source

What's Changed

• Set comment as output by @​jsoref in https://github.com/actions/dependency-review-action/pull/698
• Add support for calculating OpenSSF Scorecards by @​jhutchings1 in https://github.com/actions/dependency-review-action/pull/709
• Add outputs for the changes data by @​laughedelic in https://github.com/actions/dependency-review-action/pull/707

New Contributors

• @​jhutchings1 made their first contribution in https://github.com/actions/dependency-review-action/pull/709
• @​laughedelic made their first contribution in https://github.com/actions/dependency-review-action/pull/707

Full Changelog: actions/dependency-review-action@v4.1.3...v4.2.3

v4.1.3: 4.1.3

Compare Source

Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see https://github.com/actions/dependency-review-action/issues/697).

Full Changelog: actions/dependency-review-action@v4.1.2...v4.1.3

v4.1.2: 4.1.2

Compare Source

What's Changed

• Expose dependency comment content by @​jsoref in https://github.com/actions/dependency-review-action/pull/696

Full Changelog: actions/dependency-review-action@v4.1.1...v4.1.2

v4.1.1: 4.1.1

Compare Source

What's Changed

• Bump undici to fix GHSA-wqq4-5wpv-mx2g
• Bump @​types/node from 20.11.17 to 20.11.19 by @​dependabot in https://github.com/actions/dependency-review-action/pull/693

Full Changelog: actions/dependency-review-action@v4.1.0...v4.1.1

v4.1.0: 4.1.0

Compare Source

What's Changed

• Add warn-only by @​tgrall in https://github.com/actions/dependency-review-action/pull/432

Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.

• Create stale.yaml by @​jonjanego in https://github.com/actions/dependency-review-action/pull/671
• Use manual codeql config by @​juxtin in https://github.com/actions/dependency-review-action/pull/678
• Multiple dependency updates (see the changelog below for more information)

New Contributors

• @​jonjanego made their first contribution in https://github.com/actions/dependency-review-action/pull/671
• @​tgrall made their first contribution in https://github.com/actions/dependency-review-action/pull/432

Full Changelog: actions/dependency-review-action@v4...v4.1.0

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.