feat: Phase 4+5 — World-class documentation + compliance audit #3

	# Dependency Review
	# Scans PRs for vulnerable or license-restricted dependencies.
	# Blocks PRs that introduce moderate+ severity vulnerabilities.

	name: Dependency Review

	on:
	pull_request:
	branches: [main]

	permissions:
	contents: read
	pull-requests: write

	jobs:
	review:
	runs-on: ubuntu-latest
	timeout-minutes: 10

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Dependency Review
	uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
	with:
	fail-on-severity: moderate
	comment-summary-in-pr: always

Provide feedback