(chore): add dependency-review action in workflow #PR1 (#12585)

* (chore): add dependency-review action in workflow #PR1

.github/workflows/callable-dependency-review.yml

@@ -0,0 +1,19 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: Test Github Actions
+on: workflow_call
+
+jobs:
+  dependency_review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@e2a5a1afd5d7305b13671410c52a31819ab9fad9 # v4.0.0 https://github.com/actions/checkout/commit/e2a5a1afd5d7305b13671410c52a31819ab9fad9
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3 https://github.com/actions/dependency-review-action/commit/7bbfa034e752445ea40215fff1c3bf9597993d3f

.github/workflows/pr.yml

@@ -36,6 +36,9 @@ jobs:
   tsc-compliance-test:
     needs: prebuild
     uses: ./.github/workflows/callable-test-tsc-compliance.yml
+  dependency-review:
+    needs: prebuild
+    uses: ./.github/workflows/callable-dependency-review.yml
   all-unit-tests-pass:
     name: Unit and Bundle tests have passed
     needs:
@@ -44,6 +47,7 @@ jobs:
       - license-test
       - github-actions-test
       - tsc-compliance-test
+      - dependency-review
     runs-on: ubuntu-latest
     if: success() # only run when all checks have passed
     # store success output flag for ci job