Bump the version-updates group across 1 directory with 2 updates

[dependabot]

Bumps the version-updates group with 2 updates in the / directory: actions/dependency-review-action and softprops/action-gh-release.

Updates actions/dependency-review-action from 4.3.5 to 4.4.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.4.0

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

Commits

• 4081bf9 Merge pull request #846 from actions/merge-group-bug-fix
• 03e585e fixing minor typo
• 08b4117 updating dist code
• 9c3441f updating dist code
• 304a544 updating tests
• e99353b fixing merge_group schema bug
• See full diff in compare view

Updates softprops/action-gh-release from 2.0.8 to 2.0.9

Release notes

Sourced from softprops/action-gh-release's releases.

v2.0.9

What's Changed

• maintenance release with updated dependencies

New Contributors

• @​kbakdev made their first contribution in softprops/action-gh-release#521

Full Changelog: softprops/action-gh-release@v2...v2.0.9

Changelog

Sourced from softprops/action-gh-release's changelog.

2.0.9

• maintenance release with updated dependencies

2.0.8

Other Changes 🔄

• chore(deps): bump prettier from 2.8.0 to 3.3.3 by @​dependabot in softprops/action-gh-release#480
• chore(deps): bump @​types/node from 20.14.9 to 20.14.11 by @​dependabot in softprops/action-gh-release#483
• chore(deps): bump @​octokit/plugin-throttling from 9.3.0 to 9.3.1 by @​dependabot in softprops/action-gh-release#484
• chore(deps): bump glob from 10.4.2 to 11.0.0 by @​dependabot in softprops/action-gh-release#477
• refactor: write jest config in ts by @​chenrui333 in softprops/action-gh-release#485
• chore(deps): bump @​actions/github from 5.1.1 to 6.0.0 by @​dependabot in softprops/action-gh-release#470

2.0.7

Bug fixes 🐛

• Fix missing update release body by @​FirelightFlagboy in softprops/action-gh-release#365

Other Changes 🔄

• Bump @​octokit/plugin-retry from 4.0.3 to 7.1.1 by @​dependabot in softprops/action-gh-release#443
• Bump typescript from 4.9.5 to 5.5.2 by @​dependabot in softprops/action-gh-release#467
• Bump @​types/node from 20.14.6 to 20.14.8 by @​dependabot in softprops/action-gh-release#469
• Bump @​types/node from 20.14.8 to 20.14.9 by @​dependabot in softprops/action-gh-release#473
• Bump typescript from 5.5.2 to 5.5.3 by @​dependabot in softprops/action-gh-release#472
• Bump ts-jest from 29.1.5 to 29.2.2 by @​dependabot in softprops/action-gh-release#479
• docs: document that existing releases are updated by @​jvanbruegge in softprops/action-gh-release#474

2.0.6

• maintenance release with updated dependencies

2.0.5

• Factor in file names with spaces when upserting files #446 via @​MystiPanda
• Improvements to error handling #449 via @​till

2.0.4

• Minor follow up to #417. #425

2.0.3

• Declare make_latest as an input field in action.yml #419

2.0.2

• Revisit approach to #384 making unresolved pattern failures opt-in #417

... (truncated)

Commits

• e7a8f85 chore: release 2.0.9
• 04afa13 chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (#535)
• 894468a chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#534)
• 3bd23aa chore(deps): bump @​types/node from 22.7.5 to 22.8.2 (#533)
• 21eb2f9 chore(deps): bump @​types/jest from 29.5.13 to 29.5.14 (#532)
• cd8b57e remove unused imports (#521)
• 820a5ad chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#522)
• 9d04f90 chore(deps): bump @​octokit/plugin-throttling from 9.3.1 to 9.3.2 (#523)
• aaf1d5f chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 (#524)
• 7d33a7e chore(deps): bump @​types/node from 22.5.5 to 22.7.5 (#525)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/dependency-review-action	4081bf99e2866ebe428fc0477b69eb4fcda7220a	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 23 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/softprops/action-gh-release	e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 2 Found 1/5 approved changesets -- score normalized to 2 Maintained 🟢 10 21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• .github/workflows/dependency-review.yml
• .github/workflows/release.yml

[marcransome]

@dependabot merge.