chore(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.3 (

#106)

* chore(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.3

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.1.3 to 4.2.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@9129d7d...0fa40c3)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(harden-runner): add api.deps.dev for dependency lookups

* fix(pre-commit): allow dependabot github_actions in branch name

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Dupuy <alex@dupuy.us>

.github/workflows/dependency-review.yaml

@@ -24,11 +24,12 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
+            api.deps.dev:443
             api.github.com:443
             github.com:443
 
       - name: 'Checkout repository'
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
 
       - name: 'Dependency review'
-        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
+        uses: actions/dependency-review-action@0fa40c3c10055986a88de3baa0d6ec17c5a894b3 # v4.2.3

.pre-commit-config.yaml

@@ -46,7 +46,7 @@ repos:
         args:
           - --branch=main
           - --branch=master
-          - --pattern=.*[^A-Za-z0-9/.-].*
+          - --pattern=.*[^A-Za-z0-9/._-].* # / . and _ for dependabot
       # - id: sort-simple-yaml
       - id: requirements-txt-fixer
         exclude: reliabot/requirements.txt