chore(deps): bump actions/dependency-review-action from 4.5.0 to 4.8.0

[dependabot]

Bumps actions/dependency-review-action from 4.5.0 to 4.8.0.

Release notes

Sourced from actions/dependency-review-action's releases.

v4.8.0

What's Changed

• Make Ruby Code Scannable by @​ljones140 in actions/dependency-review-action#978
• Batch some contributions for release by @​brrygrdn in actions/dependency-review-action#986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in actions/dependency-review-action#978
• @​jasperkamerling made their first contribution in actions/dependency-review-action#986
• @​MattMencel made their first contribution in actions/dependency-review-action#986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

4.7.3

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in actions/dependency-review-action#966
• Claire153/fix spamming mentioned issue by @​claire153 in actions/dependency-review-action#974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

4.7.2

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in actions/dependency-review-action#945
• Deprecate deny lists by @​claire153 in actions/dependency-review-action#958
• Address discrepancy between docs and reality by @​ahpook in actions/dependency-review-action#960

New Contributors

• @​KyFaSt made their first contribution in actions/dependency-review-action#945
• @​claire153 made their first contribution in actions/dependency-review-action#958
• @​ahpook made their first contribution in actions/dependency-review-action#960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in actions/dependency-review-action#870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in actions/dependency-review-action#876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in actions/dependency-review-action#878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in actions/dependency-review-action#877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in actions/dependency-review-action#891
• Allow deny package removal by @​ellenfieldn in actions/dependency-review-action#888

... (truncated)

Commits

• 56339e5 Merge pull request #988 from actions/brrygrdn/rc-4.8.0
• 1688b74 Bump to a 4.8.0
• 31c9f17 Merge pull request #987 from actions/rc-4.7.4
• eacde78 Update version
• 8151009 Merge pull request #986 from actions/brrygrdn/rc-4.7.4
• b472ec9 Add a quick regression test for the artefact summary
• e0cedc5 feat: add large summary handling with artifact upload
• e3fdf0f This ensures large allow or deny lists don't create huge comments
• 6fad417 Merge pull request #978 from actions/ljones140/make-ruby-code-scannable
• e86e969 Update scripts/scan_pr_lib.rb
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

PR-Codex overview

This PR updates the version of the actions/dependency-review-action in the .github/workflows/dependency-review.yml file from version v4.5.0 to v4.8.0, ensuring the workflow uses the latest features and fixes.

Detailed summary

• Updated actions/dependency-review-action from 3b139cfc5fae8b618d3eae3675e383bb1769c019 (v4.5.0) to 56339e523c0409420f6c2c9a2f4292bbb3c07dd3 (v4.8.0).

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)

• chore(deps):

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

❌ Deploy Preview for kleros-v2-testnet-devtools failed. Why did it fail? →

Name	Link
🔨 Latest commit	8473958
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet-devtools/deploys/68da168375fa970008715c41

[netlify]

✅ Deploy Preview for kleros-v2-testnet ready!

Name	Link
🔨 Latest commit	8473958
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet/deploys/68da1683912a6c00089742de
😎 Deploy Preview	https://deploy-preview-2147--kleros-v2-testnet.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for kleros-v2-neo ready!

Name	Link
🔨 Latest commit	8473958
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-neo/deploys/68da16831e6dda00084e8482
😎 Deploy Preview	https://deploy-preview-2147--kleros-v2-neo.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.