From 7a9c6c3b396a326b4c32a3bde29dea591aad4369 Mon Sep 17 00:00:00 2001
From: Markus Waldheim <mawa@if.de>
Date: Wed, 10 Jun 2026 11:35:54 +0200
Subject: [PATCH] fix: upgrade dependency-review to v5, skip on unsupported
 repos

- Bumps actions/dependency-review-action to @v5 (latest)
- Adds fail-on-unsupported-repos: false so the check exits
  cleanly instead of failing when Dependency graph is not enabled

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/workflows/security.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 9c28ca0..c3b42ff 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -20,7 +20,9 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v6
       - name: Review dependency changes
-        uses: actions/dependency-review-action@v4
+        uses: actions/dependency-review-action@v5
+        with:
+          fail-on-unsupported-repos: false
 
   reuse:
     name: REUSE compliance