ci: bump actions/dependency-review-action from 1 to 2

[dependabot[bot]]

Bumps actions/dependency-review-action from 1 to 2.

Release notes

Sourced from actions/dependency-review-action's releases.

2.0.0

Major version update! We are introducing a few configuration options to make the action more useful in a broader set of scenarios:

• fail-on-severity: Specify the minimum security vulnerability threshold before failing workflow runs.
• allow-licenses: An allowlist for dependency licenses.
• deny-licenses: A blocklist for dependency licenses.

You can read more about these options in the README.

PS: No breaking changes since v1.

1.0.2

• Clarify error messages for private repos
• Update NPM dependencies.

v1.0.1

We're starting to use semantic versioning for our project.

Commits

• aabd50a Bumping version to 2.0.1
• 981c44c Merge pull request #116 from actions/unknown-licenses
• c0d3293 Adding dist.
• 963fe80 Always print null licenses.
• bf94d94 Remove old TODO.
• 43ce5df Update CONTRIBUTING.md
• 24bc5e9 Updating the CONTRIBUTING.md docs.
• 97790d2 update version in package.json
• 74dbdf9 Merge pull request #112 from actions/move-config-file
• f3f3519 Merge branch 'main' into move-config-file
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov[bot]]

Codecov Report

Merging #452 (8c4a334) into main (63c13da) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##              main      #452   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          105       105           
  Branches        14        14           
=========================================
  Hits           105       105           

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 2a84fe2...8c4a334. Read the comment docs.

[dependabot[bot]]

Superseded by #463.