chore: apply supply chain security defaults #19

	name: Dependency Review

	on: [pull_request]

	permissions:
	contents: read
	pull-requests: write

	jobs:
	dependency-review:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Dependency Review
	uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
	with:
	# Block pull requests with vulnerabilities at low severity or higher
	fail-on-severity: low
	# Post detailed summary in PR comments
	comment-summary-in-pr: on-failure

Provide feedback