Consider combining this action with `dependabot/fetch-metadata` to support multi-dependency updates

[AlCalzone]

I've noticed that this action fails when Dependabot creates a single PR for multiple updates. It is possible though to combine this with a helper-action from Dependabot to fetch the update metadata in a standardized format, making a lot of parsing here unnecessary:

# ...
      - name: Dependabot metadata
        id: dependabot-metadata
        uses: dependabot/fetch-metadata@v1
        with:
          github-token: ${{ secrets.PAT }} # This must be a personal access token to fetch if a PR closes a security issue

The result can then be passed to this action:

# ...
        env:
          updatedDependenciesJson: ${{ steps.dependabot-metadata.outputs.updated-dependencies-json }}

which can then be parsed using JSON.parse and contains something like this:

[
	{
		dependencyName: 'prettier',
		dependencyType: 'direct:development',
		updateType: 'version-update:semver-patch',
		directory: '/prettier-and-types',
		packageEcosystem: 'npm_and_yarn',
		targetBranch: 'master',
		prevVersion: '',
		newVersion: '',
		compatScore: 0,
		alertState: '',
		ghsaId: '',
		cvss: 0
	},
	{
		dependencyName: '@types/prettier',
		dependencyType: 'direct:development',
		updateType: 'version-update:semver-patch',
		directory: '/',
		packageEcosystem: 'npm_and_yarn',
		targetBranch: 'master',
		prevVersion: '',
		newVersion: '',
		compatScore: 0,
		alertState: '', // <-- THIS will be "OPEN" if there is an open security issue
		ghsaId: '',
		cvss: 0
	}
]