release: v1.5.0 — daily PyPI poll for newer engine + version realignment #63

	name: Dependency Review

	# Fails any PR that adds a dependency with a known CVE or an
	# incompatible license. Cheap, PR-only, no secrets required.

	on:
	pull_request:
	branches: [main]

	permissions:
	contents: read
	pull-requests: write

	jobs:
	review:
	timeout-minutes: 30
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	persist-credentials: false

	- uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v4
	with:
	fail-on-severity: high
	comment-summary-in-pr: on-failure
	allow-licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, CC0-1.0, Unlicense

Provide feedback