Bump actions/dependency-review-action from 1 to 2

[dependabot[bot]]

Bumps actions/dependency-review-action from 1 to 2.

Release notes

Sourced from actions/dependency-review-action's releases.

2.0.0

Major version update! We are introducing a few configuration options to make the action more useful in a broader set of scenarios:

• fail-on-severity: Specify the minimum security vulnerability threshold before failing workflow runs.
• allow-licenses: An allowlist for dependency licenses.
• deny-licenses: A blocklist for dependency licenses.

You can read more about these options in the "Configuration" section of the README.

1.0.2

• Clarify error messages for private repos
• Update NPM dependencies.

v1.0.1

We're starting to use semantic versioning for our project.

Commits

• 1c59cdf Fix the unknown licenses error message
• 29fc7a2 Merge pull request #117 from actions/readme-capitalisation
• 903977c branding!
• aabd50a Bumping version to 2.0.1
• 981c44c Merge pull request #116 from actions/unknown-licenses
• c0d3293 Adding dist.
• 963fe80 Always print null licenses.
• bf94d94 Remove old TODO.
• 43ce5df Update CONTRIBUTING.md
• 24bc5e9 Updating the CONTRIBUTING.md docs.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #208 (93d2e0d) into main (039a6ee) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #208   +/-   ##
=======================================
  Coverage   99.13%   99.13%           
=======================================
  Files           2        2           
  Lines         345      345           
=======================================
  Hits          342      342           
  Misses          3        3           

:mega: Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.