ci: bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#472)

Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 2.5.1 to 3.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>3.0.0</h2>
<h2>Breaking Changes</h2>
<p>By default the action now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses</a>
everywhere. If you were previously using license names in the allow or
deny lists make sure they're valid!</p>
<h2>What's Changed</h2>
<h3>Support for external configuration files</h3>
<p>You can now specify a <a
href="https://github.com/actions/dependency-review-action/#configuration-file">configuration
file external to your repository</a>. This allows organizations to have
a single configuration file for all their repos.</p>
<h3>Broader license support</h3>
<p>We've added support for a much broader set of project licenses by
using GitHub's <a
href="https://docs.github.com/en/rest/licenses">Licenses API</a>.</p>
<h3>SPDX Compliance</h3>
<p>All of our license-related code now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses or
expressions</a>. This allows us to standardize on a license naming
scheme that already supports <code>OR</code>/<code>AND</code>
expressions.</p>
<h3>Disable individual checks</h3>
<p>You can now use the boolean options <code>license-check</code> and
<code>vulnerability-check</code> to disable either one of the checks.
More information in <a
href="https://github.com/actions/dependency-review-action/#configuration-options">our
configuration options</a>.</p>
<h2>Thanks</h2>
<p>Contributors for this release include:</p>
<ul>
<li><a
href="https://github.com/cnagadya"><code>@​cnagadya</code></a></li>
<li><a
href="https://github.com/courtneycl"><code>@​courtneycl</code></a></li>
<li><a
href="https://github.com/ericcornelissen"><code>@​ericcornelissen</code></a></li>
<li><a
href="https://github.com/elireisman"><code>@​elireisman</code></a></li>
<li><a href="https://github.com/hmaurer"><code>@​hmaurer</code></a></li>
</ul>
<p>Thanks everyone!
<strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3.0.0">https://github.com/actions/dependency-review-action/compare/v2...v3.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/30d582111533d59ab793fd9f971817241654f3ec"><code>30d5821</code></a>
Bumping version number</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/6e42c3395a80c4f7519b12a545f0848373039e0e"><code>6e42c33</code></a>
Remove defaults from the recently added fields.</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/a3074cd69966a0aed6bc666d73ca406262fda359"><code>a3074cd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/327">#327</a>
from actions/adding-extra-options</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/51a29d6960861d139fbbab032848494553797d03"><code>51a29d6</code></a>
Updating action.yml to include <code>*-check</code> config</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/235a221cf40bec2750c6a87ab87f604e12eca4e7"><code>235a221</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/324">#324</a>
from actions/readme-update</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/9b3a7f61dd4fbd3b6757cc7876ba1c900244da9c"><code>9b3a7f6</code></a>
Minor README tweaks.</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/a4761312ac8cd71b4ce101ba780165af3d17e864"><code>a476131</code></a>
Add <code>pull_request</code> to the list of events that don't need
refs.</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/28c7c8c3143bbab053a8419206b7b30b046f446e"><code>28c7c8c</code></a>
Set the correct default for license-check in README.</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/9da0fd4871b9808ca86f37f2cf5f240bc37b965a"><code>9da0fd4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/325">#325</a>
from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/fe45fd66456a8ef0152070d3e6e5cc66ac10abe9"><code>fe45fd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/326">#326</a>
from actions/dependabot/npm_and_yarn/esbuild-register...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/v2.5.1...v3.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2.5.1&new-version=3.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/dependency-review.yml

@@ -13,4 +13,4 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/dependency-review-action@v2.5.1
+      - uses: actions/dependency-review-action@v3.0.0