Bump actions/dependency-review-action from 2 to 3 (#50)

Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>3.0.0</h2>
<h2>Breaking Changes</h2>
<p>By default the action now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses</a>
everywhere. If you were previously using license names in the allow or
deny lists make sure they're valid!</p>
<h2>What's Changed</h2>
<h3>Support for external configuration files</h3>
<p>You can now specify a <a
href="https://github.com/actions/dependency-review-action/#configuration-file">configuration
file external to your repository</a>. This allows organizations to have
a single configuration file for all their repos.</p>
<h3>Broader license support</h3>
<p>We've added support for a much broader set of project licenses by
using GitHub's <a
href="https://docs.github.com/en/rest/licenses">Licenses API</a>.</p>
<h3>SPDX Compliance</h3>
<p>All of our license-related code now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses or
expressions</a>. This allows us to standardize on a license naming
scheme that already supports <code>OR</code>/<code>AND</code>
expressions.</p>
<h3>Disable individual checks</h3>
<p>You can now use the boolean options <code>license-check</code> and
<code>vulnerability-check</code> to disable either one of the checks.
More information in <a
href="https://github.com/actions/dependency-review-action/#configuration-options">our
configuration options</a>.</p>
<h2>Thanks</h2>
<p>Contributors for this release include:</p>
<ul>
<li><a
href="https://github.com/cnagadya"><code>@​cnagadya</code></a></li>
<li><a
href="https://github.com/courtneycl"><code>@​courtneycl</code></a></li>
<li><a
href="https://github.com/ericcornelissen"><code>@​ericcornelissen</code></a></li>
<li><a
href="https://github.com/elireisman"><code>@​elireisman</code></a></li>
<li><a href="https://github.com/hmaurer"><code>@​hmaurer</code></a></li>
</ul>
<p>Thanks everyone!
<strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3.0.0">https://github.com/actions/dependency-review-action/compare/v2...v3.0.0</a></p>
<h2>2.5.1</h2>
<p>Adding some quality-of-life improvements to the local development
experience. You can now pass a flag to the <code>scripts/scan_pr</code>
script using the <code>-c/--config-file</code> flags to use an external
configuration file:</p>
<p>Example:</p>
<pre><code> scripts/scan_pr
actions/dependency-review-action#294
</code></pre>
<h2>2.5.0</h2>
<p>Fallback on GitHub Licenses API data for missing Dependency Review
API Licenses. This should improve our license coverage.</p>
<h2>2.4.1</h2>
<p>This patch release fixes the bugs below:</p>
<ul>
<li>Display the dependency name instead of the manifest name in the
detailed list of dependents.</li>
<li>Fix an issue where undefined GHSAs would remove filter out all
changes.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/11310527b429536e263dc6cc47873e608189ba21"><code>1131052</code></a>
bumping version</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/ea0f46928bec821731931bf6fd8a83381a5ce4cd"><code>ea0f469</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/330">#330</a>
from actions/errors-for-external-configs</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/369356e2e7f3abb7549df131bd54083ad572d326"><code>369356e</code></a>
Fixing merge conflict in dist/</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/13fe21bc0a6b1ad7d37ee67be878d2de13d41723"><code>13fe21b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/331">#331</a>
from actions/octokit/enterprise</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/136c0838bfc0dddbb218b2e080001e705f4f837b"><code>136c083</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/332">#332</a>
from actions/dependabot/npm_and_yarn/typescript-4.9.3</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/8ed85b37572465ac976c07a00b9a6a0005c9a428"><code>8ed85b3</code></a>
Bump typescript from 4.8.4 to 4.9.3</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/a952d7b1b713a66455943fe278e79b724b4e1726"><code>a952d7b</code></a>
adding dist</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/b8e622f102742ba074a9c91cbe63e5b0e0740459"><code>b8e622f</code></a>
Move test out of failing block.</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/ac059c649cce97dc5cc26d574a11b3d58bb0e155"><code>ac059c6</code></a>
Checkpoint!</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/93652d7af097f472b9ffde6f8c903368d47277cd"><code>93652d7</code></a>
Fix failing tests.</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Monty Bot <[email protected]>

Author: dependabot[bot]

.github/workflows/dependency-review.yml

@@ -17,4 +17,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v3
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v2
+        uses: actions/dependency-review-action@v3

news/202212010715.bugfix

@@ -0,0 +1 @@
+Dependency upgrade: dependency-review-action-3