GitHub rolls out dependency review, vulnerability alerts for pull requests

The aim is to prevent vulnerable code from being added to dependencies by accident.