ci: Update ci-actions #24

	name: Dependency Review

	on:
	pull_request:
	branches: [main]

	permissions:
	contents: read
	pull-requests: write

	jobs:
	dependency-review:
	runs-on: ubuntu-latest
	timeout-minutes: 5
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	persist-credentials: false

	- name: Dependency Review
	uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
	with:
	fail-on-severity: high
	# Gate runtime, development, and unknown-scope deps. Without this
	# the action defaults to runtime-only, which would miss
	# additions under pyproject.toml [project.optional-dependencies]
	# (dev/release groups).
	fail-on-scopes: runtime, development, unknown
	deny-licenses: >-
	AGPL-3.0-only,
	AGPL-3.0-or-later,
	GPL-2.0-only,
	GPL-2.0-or-later,
	GPL-3.0-only,
	GPL-3.0-or-later
	comment-summary-in-pr: on-failure

Provide feedback