[DO NOT MERGE] Test: dependency review workflow #3

	name: Dependency Review

	on:
	pull_request:
	types: [opened, synchronize, reopened, ready_for_review]

	jobs:
	dependency-review:
	runs-on: ubuntu-latest
	if: ${{ github.event.pull_request.draft == false }}
	permissions:
	contents: read
	pull-requests: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	submodules: false

	- name: Scan dependency changes for vulnerabilities
	uses: actions/dependency-review-action@v4
	with:
	fail-on-severity: high
	comment-summary-in-pr: always
	show-patched-versions: true
	show-openssf-scorecard: false

Provide feedback