chore(deps): update actions/dependency-review-action action to v4.6.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	minor	v4.5.0 -> v4.6.0

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in https://github.com/actions/dependency-review-action/pull/877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in https://github.com/actions/dependency-review-action/pull/891
• Allow deny package removal by @​ellenfieldn in https://github.com/actions/dependency-review-action/pull/888
• Fix typos by @​omahs in https://github.com/actions/dependency-review-action/pull/893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/900
• Bump octokit and related dependencies by @​RomanIakovlev in https://github.com/actions/dependency-review-action/pull/904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in https://github.com/actions/dependency-review-action/pull/905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/899
• Update transitive dependency spdx-license-ids by @​ailox in https://github.com/actions/dependency-review-action/pull/855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in https://github.com/actions/dependency-review-action/pull/884
• Improve usage of this action in dependency-review.yml by @​fabasoad in https://github.com/actions/dependency-review-action/pull/883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in https://github.com/actions/dependency-review-action/pull/902
• Prepare 4.6.0 Release candidate by @​brrygrdn in https://github.com/actions/dependency-review-action/pull/910

New Contributors

• @​AshelyTC made their first contribution in https://github.com/actions/dependency-review-action/pull/891
• @​ellenfieldn made their first contribution in https://github.com/actions/dependency-review-action/pull/888
• @​omahs made their first contribution in https://github.com/actions/dependency-review-action/pull/893
• @​RomanIakovlev made their first contribution in https://github.com/actions/dependency-review-action/pull/904
• @​ailox made their first contribution in https://github.com/actions/dependency-review-action/pull/855
• @​fabasoad made their first contribution in https://github.com/actions/dependency-review-action/pull/884
• @​Pantelis-Santorinios made their first contribution in https://github.com/actions/dependency-review-action/pull/902
• @​brrygrdn made their first contribution in https://github.com/actions/dependency-review-action/pull/910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/dependency-review-action	ce3cf9537a52e8119d91fd484ab5b8a807627bf8	🟢 7.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• .github/workflows/dependency-review.yml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud