ci: configure Trusted Publishing for prereleases #1737

	name: Dependency Review

	on:
	pull_request:

	permissions:
	contents: read
	pull-requests: write

	jobs:
	dependency-review:
	runs-on: ubuntu-latest
	name: Review Dependencies
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
	with:
	egress-policy: block
	allowed-endpoints: >
	api.deps.dev:443
	api.github.com:443
	api.securityscorecards.dev:443
	github.com:443

	- name: Check out the source code
	uses: actions/checkout@v6

	- name: Review dependencies
	uses: actions/dependency-review-action@v4.8.2
	with:
	comment-summary-in-pr: true
	show-openssf-scorecard: true
	vulnerability-check: true

Provide feedback