Update actions/dependency-review-action action to v4.3.5 #3711

	name: Deploy

	on:
	push:

	permissions:
	contents: read

	jobs:
	publish:
	runs-on: ubuntu-24.04
	if: github.repository_owner == 'harryzcy'
	permissions:
	contents: read
	deployments: write
	name: Publish to Cloudflare Pages
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.cloudflare.com:443
	api.github.com:443
	github.com:443
	objects.githubusercontent.com:443
	registry.npmjs.org:443

	- name: Checkout
	uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
	with:
	fetch-depth: 0

	- name: Setup Node
	uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
	with:
	node-version: 20
	check-latest: true

	- name: Extract branch name
	shell: bash
	run: \|
	if [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then
	echo "branch=main" >> "$GITHUB_OUTPUT"
	else
	echo "branch=${GITHUB_REF#refs/heads/}" >> "$GITHUB_OUTPUT"
	fi
	id: extract_branch

	- name: Build
	run: \|
	make build-cloudflare

	- name: Publish to Cloudflare Pages
	uses: cloudflare/wrangler-action@9681c2997648301493e78cacbfb790a9f19c833f # v3.9.0
	if: ${{ github.actor != 'dependabot[bot]' }}
	with:
	apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
	accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
	command: pages deploy --project-name mailbox-browser --branch ${{ steps.extract_branch.outputs.branch }} dist
	workingDirectory: cloudflare
	wranglerVersion: "3"

Provide feedback