[BUG] Dependency Review reports the Vulnerability which we are updating.

[Shweta4398]

Describe the bug
Hello ,

I had a quick question , if the changes are made to package.json file does dependency scans for lock file as well ?? But in the PR there is no changes made to the lock file.

Here , we saw an issue with there was a PR raised by dependabot to bump the body parser version from 1.20.2 to 1.20.3 . PR is making the change but the dependency review check is failing here , I don't understand why ??

Please find the attach screenshots!!

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Action version
What version of the action are you using in your workflow?

Note: if you're not running the latest release please try that first!

Examples
If possible, please link to a public example of the issue that you're encountering, or a copy of the workflow that you're using to run the action.

If you have encountered a problem with a specific package (e.g. issue with license or attributions data) please share details about the package, as well as a link to the manifest where it's being referenced.

Additional context
Add any other context about the problem here.

[github-actions]

👋 This issue has been marked as stale because it has been open with no activity for 180 days. You can: comment on the issue or remove the stale label to hold stalebot off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing, this issue will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details.

[github-actions]

👋 This issue has been closed by stalebot because it has been open with no activity for over 180 days. Please see CONTRIBUTING.md for more policy details.