⬆️upgrade(ci): Bump actions/dependency-review-action from 3.0.2 to 3.0.3 in /.github/workflows

[dependabot[bot]]

Bumps actions/dependency-review-action from 3.0.2 to 3.0.3.

Release notes

Sourced from actions/dependency-review-action's releases.

3.0.3

What's Changed

• Use cache in check-dist.yml by @​jongwooo in actions/dependency-review-action#359
• Fix Dependency Review API response error handling by @​felickz in actions/dependency-review-action#370
• Security updates

New Contributors

• @​jongwooo made their first contribution in actions/dependency-review-action#359
• @​felickz made their first contribution in actions/dependency-review-action#370

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3...v3.0.3

Commits

• c090f4e release for 3.0.3
• 42ee3c8 Merge pull request #370 from felickz/fix-request-error-handling
• 6855e6e Merge branch 'main' of gh into fix-request-error-handling
• efd7880 Merge pull request #375 from actions/dependabot/npm_and_yarn/octokit-2.0.11
• e91b527 add json5 too
• f508195 Merge pull request #374 from actions/dependabot/npm_and_yarn/prettier-2.8.2
• ef8bfce linter suggestions
• 31cb4e0 Merge branch 'main' into dependabot/npm_and_yarn/prettier-2.8.2
• 7920884 Merge pull request #373 from actions/dependabot/npm_and_yarn/eslint-plugin-je...
• aae0422 Bump eslint-plugin-jest from 27.1.7 to 27.2.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

The following labels could not be found: source:💚github_actions, source:🤖bot.

[pull-request-quantifier-deprecated[bot]]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

``` Label : Extra Small Size : +1 -1 Percentile : 0.8% Total files changed: 1 Change summary by file extension: .yml : +1 -1 ``` > Change counts above are quantified counts, based on the [PullRequestQuantifier customizations](https://github.com/microsoft/PullRequestQuantifier/blob/main/docs/prquantifier-yaml.md).

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a balance between between PR complexity and PR review overhead. PRs within the optimal size (typical small, or medium sized PRs) mean: - Fast and predictable releases to production: - Optimal size changes are more likely to be reviewed faster with fewer iterations. - Similarity in low PR complexity drives similar review times. - Review quality is likely higher as complexity is lower: - Bugs are more likely to be detected. - Code inconsistencies are more likely to be detected. - Knowledge sharing is improved within the participants: - Small portions can be assimilated better. - Better engineering practices are exercised: - Solving big problems by dividing them in well contained, smaller problems. - Exercising separation of concerns within the code changes. #### What can I do to optimize my changes - Use the PullRequestQuantifier to quantify your PR accurately - Create a context profile for your repo using the [context generator](https://github.com/microsoft/PullRequestQuantifier/releases) - Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the `Excluded` section from your `prquantifier.yaml` context profile. - Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your `prquantifier.yaml` context profile. - Only use the labels that matter to you, [see context specification](./docs/prquantifier-yaml.md) to customize your `prquantifier.yaml` context profile. - Change your engineering behaviors - For PRs that fall outside of the desired spectrum, review the details and check if: - Your PR could be split in smaller, self-contained PRs instead - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR). #### How to interpret the change counts in git diff output - One line was added: `+1 -0` - One line was deleted: `+0 -1` - One line was modified: `+1 -1` (git diff doesn't know about modified, it will interpret that line like one addition plus one deletion) - Change percentiles: Change characteristics (addition, deletion, modification) of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? :thumbsup:  :ok_hand:  :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[dependabot[bot]]

Looks like actions/dependency-review-action is up-to-date now, so this is no longer needed.