[release/v7.5.6] Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by adityapatwardhan · Pull Request #27158 · PowerShell/PowerShell

Backport of #26938 to release/v7.5.6

Triggered by @adityapatwardhan on behalf of @app/dependabot

Original CL Label: CL-BuildPackaging

/cc @PowerShell/powershell-maintainers

Impact

REQUIRED: Choose either Tooling Impact or Customer Impact (or both). At least one checkbox must be selected.

Tooling Impact

• Required tooling change
• Optional tooling change (include reasoning)

Updates the pinned GitHub Actions dependency review action on the release branch to keep CI security tooling current.

Customer Impact

• Customer reported
• Found internally

Regression

REQUIRED: Check exactly one box.

• Yes
• No

This is not a regression.

Testing

Verified the cherry-picked workflow change only updates actions/dependency-review-action pin in .github/workflows/dependency-review.yml and preserves release/v7.5.6-specific checkout pin. Cherry-pick completed cleanly after resolving one workflow-line conflict.

Risk

REQUIRED: Check exactly one box.

• High
• Medium
• Low

Single-line workflow action version bump in CI/security tooling; scoped change with no product runtime impact.

Merge Conflicts

Conflict in .github/workflows/dependency-review.yml on the dependency-review-action pin due branch drift. Resolved by keeping release/v7.5.6 checkout pin and applying the intended dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 update.