Dependency Review #1036

	# Dependency Review Action
	#
	# This Action will scan dependency manifest files that change as part of a Pull Request,
	# surfacing known-vulnerable versions of the packages declared or updated in the PR.
	# Once installed, if the workflow run is marked as required,
	# PRs introducing known-vulnerable packages will be blocked from merging.
	#
	# Source repository: https://github.com/actions/dependency-review-action
	name: "Dependency Review"
	on:
	pull_request:
	merge_group:

	permissions:
	contents: read

	jobs:
	dependency-review:
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
	with:
	egress-policy: audit

	- name: "Checkout Repository"
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- name: "Dependency Review"
	uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1

Provide feedback