ci: bump actions/dependency-review-action from 4.9.0 to 5.0.0

dependabot[bot] · web-flow · commit d0f7eaf3a025 · 2026-05-14T14:13:11.000Z
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.9.0 to 5.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@2031cfc...a1d282b) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -30,7 +30,7 @@ jobs:
         with:
           persist-credentials: false
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4
+        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v4
         # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
         # No PR comment output to keep permissions read-only.
         #   fail-on-severity: moderate
