Bump actions/dependency-review-action from 2.5.1 to 3.0.4 (#56)

Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 2.5.1 to 3.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>3.0.4</h2>
<h2>What's New?</h2>
<p>The Action can now publish a comment in the pull request if the
<code>comment-summary-in-pr</code> option is set. More information can
be found in the <a
href="https://github.com/actions/dependency-review-action#configuration-options">README</a>.</p>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/davelosert"><code>@​davelosert</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/393">actions/dependency-review-action#393</a></li>
</ul>
<h2>Changelog</h2>
<ul>
<li>Write Summary as comment to the pull request by <a
href="https://github.com/davelosert"><code>@​davelosert</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/393">actions/dependency-review-action#393</a></li>
<li>Adjust summary format by <a
href="https://github.com/davelosert"><code>@​davelosert</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/416">actions/dependency-review-action#416</a></li>
<li>Security updates.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v3...v3.0.4">https://github.com/actions/dependency-review-action/compare/v3...v3.0.4</a></p>
<h2>3.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Use cache in check-dist.yml by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/359">actions/dependency-review-action#359</a></li>
<li>Fix Dependency Review API response error handling by <a
href="https://github.com/felickz"><code>@​felickz</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/370">actions/dependency-review-action#370</a></li>
<li>Security updates</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jongwooo"><code>@​jongwooo</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/359">actions/dependency-review-action#359</a></li>
<li><a href="https://github.com/felickz"><code>@​felickz</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/370">actions/dependency-review-action#370</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v3...v3.0.3">https://github.com/actions/dependency-review-action/compare/v3...v3.0.3</a></p>
<h2>3.0.2</h2>
<p>This release fixes spelling errors <a
href="https://redirect.github.com/actions/dependency-review-action/pull/348">actions/dependency-review-action#348</a>
and upgrades dependencies to fix known vulnerabilities</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v3...v3.0.2">https://github.com/actions/dependency-review-action/compare/v3...v3.0.2</a></p>
<h2>3.0.1</h2>
<p>This release contains the following bugfixes:</p>
<ul>
<li>Fixing API URL for GHES: <a
href="https://redirect.github.com/actions/dependency-review-action/pull/331">actions/dependency-review-action#331</a></li>
<li>Improve list handling for external config files: <a
href="https://redirect.github.com/actions/dependency-review-action/pull/330">actions/dependency-review-action#330</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v3...v3.0.1">https://github.com/actions/dependency-review-action/compare/v3...v3.0.1</a></p>
<h2>3.0.0</h2>
<h2>Breaking Changes</h2>
<p>By default the action now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses</a>
everywhere. If you were previously using license names in the allow or
deny lists make sure they're valid!</p>
<h2>What's Changed</h2>
<h3>Support for external configuration files</h3>
<p>You can now specify a <a
href="https://github.com/actions/dependency-review-action/#configuration-file">configuration
file external to your repository</a>. This allows organizations to have
a single configuration file for all their repos.</p>
<h3>Broader license support</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e"><code>f46c48e</code></a>
bumping version</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/1ac6f5d754298eed9b7403c3f677ad94074cc934"><code>1ac6f5d</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/437">#437</a>
from actions/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/30049aaf023a53013e012428e55bfaf4218c169b"><code>30049aa</code></a>
Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.54.1 to
5.55.0</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/02b3fbad1c4b388ed5a43ee113c7fa92dfc8d263"><code>02b3fba</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/436">#436</a>
from actions/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/5c5feeb63df0fc51022e9d12cd9ee1aaab37bf38"><code>5c5feeb</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/435">#435</a>
from actions/dependabot/npm_and_yarn/types/node-16.18.16</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/85bb8372bf8d3931f8e2d6a7443561e2834492ee"><code>85bb837</code></a>
Bump <code>@​typescript-eslint/parser</code> from 5.54.1 to 5.55.0</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/463aece43a696b7a8561f30f1976dc255b7a9d95"><code>463aece</code></a>
Bump <code>@​types/node</code> from 16.18.14 to 16.18.16</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/e3fb5152be474702523c77d8f5ecd4c0a5bde872"><code>e3fb515</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/426">#426</a>
from actions/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/4b088f072a399e404e69adec19606a01843f172b"><code>4b088f0</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/427">#427</a>
from actions/dependabot/npm_and_yarn/zod-3.21.4</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/e46d65f4382cb9029208128332e3747530d48ef8"><code>e46d65f</code></a>
Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.54.0 to
5.54.1</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/0efb1d1d84fc9633afcdaad14c485cbbc90ef46c...f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2.5.1&new-version=3.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/dependency-review.yml

@@ -19,4 +19,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+        uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4