[BUG] Dependency Review reports the Vulnerability which we are updating.

[Shweta4398]

Describe the bug Hello ,

I had a quick question , if the changes are made to package.json file does dependency scans for lock file as well ?? But in the PR there is no changes made to the lock file.

Here , we saw an issue with there was a PR raised by dependabot to bump the body parser version from 1.20.2 to 1.20.3 . PR is making the change but the dependency review check is failing here , I don't understand why ??

Please find the attach screenshots!!

To Reproduce Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Action version What version of the action are you using in your workflow?

Note: if you're not running the latest release please try that first!

Examples If possible, please link to a public example of the issue that you're encountering, or a copy of the workflow that you're using to run the action.

If you have encountered a problem with a specific package (e.g. issue with license or attributions data) please share details about the package, as well as a link to the manifest where it's being referenced.

Additional context Add any other context about the problem here.