Bump actions/dependency-review-action from 3.1.5 to 4.3.4

[dependabot]

Bumps actions/dependency-review-action from 3.1.5 to 4.3.4.

Release notes

Sourced from actions/dependency-review-action's releases.

v4.3.4

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in actions/dependency-review-action#783
• Update SPDX Expression Parsing by @​febuiles in actions/dependency-review-action#719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

Notes for v4.3.3

What's Changed

• Allow slashes in purl package names by @​juxtin in actions/dependency-review-action#765
• use the v3 version of the deps.dev API by @​josieang in actions/dependency-review-action#741
• PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @​am-stead in actions/dependency-review-action#773
• fix show-openssf-scorecard-levels input by @​ramann in actions/dependency-review-action#776
• Updates to the contribution guidelines by @​jonjanego in actions/dependency-review-action#778
• Create issue templates by @​jonjanego in actions/dependency-review-action#777
• Fix the max comment length issue by @​jhutchings1 and @​elireisman in actions/dependency-review-action#767
• Bump project version to 4.3.3 in prep for a release by @​elireisman in actions/dependency-review-action#781

New Contributors

• @​josieang made their first contribution in actions/dependency-review-action#741
• @​am-stead made their first contribution in actions/dependency-review-action#773
• @​ramann made their first contribution in actions/dependency-review-action#776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in actions/dependency-review-action#761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See actions/dependency-review-action#753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in actions/dependency-review-action#735
• Fix extra https:// in summary by @​jhutchings1 in actions/dependency-review-action#748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in actions/dependency-review-action#744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in actions/dependency-review-action#737
• Show denied packages with red X by @​juxtin in actions/dependency-review-action#750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in actions/dependency-review-action#733

... (truncated)

Commits

• 5a2ce3f Merge pull request #791 from actions/juxtin/update-version
• ac6a6ad Prepare even more for v4.3.4
• 3e2b917 Merge pull request #790 from actions/juxtin/update-version
• d9ab9c8 Update version in package.json
• 8c152c7 Merge pull request #769 from actions/dependabot/npm_and_yarn/zod-3.23.8
• 0085d30 Update dist
• 08b5bf2 Bump zod from 3.22.4 to 3.23.8
• 986fce9 Merge pull request #784 from actions/dependabot/npm_and_yarn/got-14.4.1
• 28743f8 Merge pull request #719 from actions/change-spdx-parser
• d6f34c3 Merge pull request #789 from actions/dependabot/npm_and_yarn/braces-3.0.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[claudiol]

/lgtm
Approving and merging

[claudiol]

/lgtm
Approving and Merging

[mergify]

This Pull Request needs all checks to run successfully. Could you fix it @dependabot[bot]? 🙏

[mergify]

This Pull Request needs all checks to run successfully. Could you fix it @dependabot[bot]? 🙏