ci: bump actions/dependency-review-action from 4 to 5 in the actions group across 1 directory #740

	name: Run ASH
	on:
	pull_request:
	branches:
	- "*"
	merge_group:
	workflow_dispatch: {}
	env:
	PYTHON_VERSION: "3.12"

	permissions:
	contents: read

	jobs:
	ash:
	# uses: awslabs/automated-security-helper/.github/workflows/run-ash-security-scan.yml@v3.0.0-beta
	uses: ./.github/workflows/run-ash-security-scan.yml
	permissions:
	contents: read # Required to read the repository contents in order to scan them with ASH
	checks: write # Required for writing CI check runs
	pull-requests: write # Required for writing comments with scan results to pull requests
	security-events: write # Required for collection of SARIF code scanning results for GitHub Advanced Security checks
	with:
	# For PR runs, install ASH from the PR's head repo and branch so fork PRs work.
	# For non-PR runs (workflow_dispatch, push), use the current repo and ref.
	ash-version: ${{ github.head_ref \|\| github.ref_name }}
	ash-repo: ${{ github.event.pull_request.head.repo.full_name \|\| github.repository }}
	# This repo uses GitHub Advanced Security. If you do not use GitHub Advanced Security,
	# it is recommended to set this to `false` to prevent failures during SARIF report
	# collection.
	collect-sarif-report: true
	# Set this to `false` if you would prefer that ASH does not comment on PRs with the findings.
	post-pr-comment: true
	# Set this to `false` if you prefer less verbose log output
	verbose: true
	# Install Grype and Syft for comprehensive vulnerability scanning
	install-grype: true
	install-syft: true
	install-opengrep: true

Provide feedback