# On PRs: checks dependency changes for known vulnerabilities.
# Useful when Dependabot or manual dependency updates are used in PRs.

name: Dependency Review

on:
  pull_request:
    branches: [main, master]

permissions:
  contents: read
  pull-requests: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Dependency Review
        uses: actions/dependency-review-action@v4