chore(deps): update actions/dependency-review-action action to v4

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	major	v3 -> v4

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/dependency-review-action	4.*.*	🟢 6.1	Details Check Score Reason Code-Review 🟢 5 found 5 unreviewed changesets out of 10 -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/actions/dependency-review-action	3.*.*	🟢 6.1	Details Check Score Reason Code-Review 🟢 5 found 5 unreviewed changesets out of 10 -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/ci.yml

• actions/dependency-review-action@4.*.*
• actions/dependency-review-action@3.*.*

[mend-for-github-com]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 4.x releases. But if you manually upgrade to 4.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.