build(deps): Bump actions/dependency-review-action from 3.1.0 to 3.1.3 (#61)

dependabot[bot] · skyzyx · web-flow · commit a0cabe1d4b26 · 2023-11-13T23:54:28.000-07:00
* build(deps): Bump actions/dependency-review-action from 3.1.0 to 3.1.3 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.0 to 3.1.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@6c5ccda...7bbfa03) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * test: Flip 'yes' (per docs) to 'true'. * test: Fuss with the 'golang/govulncheck-action' action. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan Parman <ryan@ryanparman.com>
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -34,4 +34,5 @@ jobs:
       - id: govulncheck
         uses: golang/govulncheck-action@7da72f730e37eeaad891fcff0a532d27ed737cd4 # v1.0.1
         with:
+          go-version-input: ">= 1.21"
           check-latest: true
diff --git a/.github/workflows/pr-dep-review.yml b/.github/workflows/pr-dep-review.yml
@@ -21,10 +21,10 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Dependency Review
-        uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
+        uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3
         with:
           fail-on-severity: low
           license-check: true
-          vulnerability-check: yes
+          vulnerability-check: true
           comment-summary-in-pr: on-failure
           allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, MIT
