chore(deps): update actions/dependency-review-action action to v4.5.0 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	minor	v4.4.0 -> v4.5.0

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.5.0

Compare Source

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in https://github.com/actions/dependency-review-action/pull/844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in https://github.com/actions/dependency-review-action/pull/847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in https://github.com/actions/dependency-review-action/pull/849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/850
• fix: add summary comment on failure when warn-only: true by @​ebickle in https://github.com/actions/dependency-review-action/pull/827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/851

New Contributors

• @​ebickle made their first contribution in https://github.com/actions/dependency-review-action/pull/827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/dependency-review-action	3b139cfc5fae8b618d3eae3675e383bb1769c019	🟢 7.2	Details Check Score Reason Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• .github/workflows/dependency-review.yml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (5ef6f40) to head (ab8bc1c).
Report is 11 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master     #1930   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           12        12           
  Lines          588       588           
  Branches        31        31           
=========================================
  Hits           588       588           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.