chore(deps): bump actions/dependency-review-action from 4.5.0 to 4.7.3

[dependabot]

Bumps actions/dependency-review-action from 4.5.0 to 4.7.3.

Release notes

Sourced from actions/dependency-review-action's releases.

4.7.3

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in actions/dependency-review-action#966
• Claire153/fix spamming mentioned issue by @​claire153 in actions/dependency-review-action#974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

4.7.2

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in actions/dependency-review-action#945
• Deprecate deny lists by @​claire153 in actions/dependency-review-action#958
• Address discrepancy between docs and reality by @​ahpook in actions/dependency-review-action#960

New Contributors

• @​KyFaSt made their first contribution in actions/dependency-review-action#945
• @​claire153 made their first contribution in actions/dependency-review-action#958
• @​ahpook made their first contribution in actions/dependency-review-action#960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in actions/dependency-review-action#870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in actions/dependency-review-action#876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in actions/dependency-review-action#878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in actions/dependency-review-action#877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in actions/dependency-review-action#891
• Allow deny package removal by @​ellenfieldn in actions/dependency-review-action#888
• Fix typos by @​omahs in actions/dependency-review-action#893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in actions/dependency-review-action#900
• Bump octokit and related dependencies by @​RomanIakovlev in actions/dependency-review-action#904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in actions/dependency-review-action#905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in actions/dependency-review-action#899
• Update transitive dependency spdx-license-ids by @​ailox in actions/dependency-review-action#855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in actions/dependency-review-action#884
• Improve usage of this action in dependency-review.yml by @​fabasoad in actions/dependency-review-action#883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in actions/dependency-review-action#902
• Prepare 4.6.0 Release candidate by @​brrygrdn in actions/dependency-review-action#910

New Contributors

• @​AshelyTC made their first contribution in actions/dependency-review-action#891
• @​ellenfieldn made their first contribution in actions/dependency-review-action#888

... (truncated)

Commits

• 595b5ae Update package version (#975)
• fc5fd66 Claire153/fix spamming mentioned issue (#974)
• d38d1a4 Merge pull request #965 from actions/dependabot/npm_and_yarn/multi-c22e25d29b
• 8d420b8 Merge branch 'main' into dependabot/npm_and_yarn/multi-c22e25d29b
• bde0129 Merge pull request #966 from actions/ashelytc/add-permissions
• ab52490 remove ruby
• ef00a0a add permissions to workflows
• 74c8179 Bump brace-expansion
• bc41886 Cut 4.7.2 version release (#964)
• 1c73553 Merge pull request #960 from ahpook/ahpook/address-docs-dashes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

PR-Codex overview

This PR updates the version of the actions/dependency-review-action used in the .github/workflows/dependency-review.yml file from v4.5.0 to v4.7.3, likely to incorporate improvements and bug fixes from the newer version.

Detailed summary

• Updated actions/dependency-review-action from v4.5.0 to v4.7.3.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[netlify]

❌ Deploy Preview for kleros-v2-neo failed. Why did it fail? →

Name	Link
🔨 Latest commit	62a330d
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-neo/deploys/68be6378c0ebd40008805bc2

[netlify]

✅ Deploy Preview for kleros-v2-testnet ready!

Name	Link
🔨 Latest commit	62a330d
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet/deploys/68be63787cf8b30008848518
😎 Deploy Preview	https://deploy-preview-2128--kleros-v2-testnet.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)

• chore(deps):

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

❌ Deploy Preview for kleros-v2-university failed. Why did it fail? →

Name	Link
🔨 Latest commit	62a330d
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-university/deploys/68be6378ca540d0008cae2d2

[netlify]

✅ Deploy Preview for kleros-v2-testnet-devtools ready!

Name	Link
🔨 Latest commit	62a330d
🔍 Latest deploy log	https://app.netlify.com/projects/kleros-v2-testnet-devtools/deploys/68be6378102fd200084ef017
😎 Deploy Preview	https://deploy-preview-2128--kleros-v2-testnet-devtools.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.