Fix dependency review workflow

Author: eexit

.github/workflows/codeql-analysis.yml

@@ -38,11 +38,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/dependency-review.yml

@@ -0,0 +1,16 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: Dependency review
+        uses: actions/dependency-review-action@v2
+        with:
+          fail-on-severity: high

.github/workflows/test.yml

@@ -13,7 +13,7 @@ jobs:
       matrix:
         node-version: [14, 16]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Node.js ${{ matrix.node-version }}
       uses: actions/setup-node@v2
       with:
@@ -34,8 +34,3 @@ jobs:
       with:
         coverageCommand: yarn coverage
         coverageLocations: ${{ github.workspace }}/coverage/lcov.info:lcov
-    - name: Dependency review
-      if: ${{ startsWith(matrix.node-version, '16') }}
-      uses: actions/dependency-review-action@v2
-      with:
-        fail-on-severity: high