Bump the actions group with 2 updates #2648

	name: 'Dependency Review'

	on:
	pull_request:
	branches:
	- master

	permissions: {}

	jobs:
	dependency-review:
	runs-on: ubuntu-latest

	permissions:
	contents: read

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	github.com:443
	api.securityscorecards.dev:443
	api.deps.dev:443

	- name: 'Checkout Repository'
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false

	- name: 'Dependency Review'
	uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0

Provide feedback