Summary
The dependency-review.yml workflow pins dependency-review-action by SHA with a trailing version comment. Dependabot PR #942 updated the SHA to v4.9.0, but the trailing comment was left at # v4.3.4. The comment should be corrected to # v4.9.0 to accurately reflect the pinned version.
Context
Version-comment consistency is enforced by npm run lint:version-consistency. The stale comment creates a mismatch between the actual pinned version and what the comment advertises, which can mislead reviewers and automated tooling.
Changes Required
| File |
Change |
.github/workflows/dependency-review.yml |
Update trailing version comment from # v4.3.4 to # v4.9.0 |
Acceptance Criteria
Summary
The
dependency-review.ymlworkflow pinsdependency-review-actionby SHA with a trailing version comment. Dependabot PR #942 updated the SHA to v4.9.0, but the trailing comment was left at# v4.3.4. The comment should be corrected to# v4.9.0to accurately reflect the pinned version.Context
Version-comment consistency is enforced by
npm run lint:version-consistency. The stale comment creates a mismatch between the actual pinned version and what the comment advertises, which can mislead reviewers and automated tooling.Changes Required
.github/workflows/dependency-review.yml# v4.3.4to# v4.9.0Acceptance Criteria
npm run lint:version-consistencypasses