ci: bump actions/dependency-review-action from 1 to 2

[dependabot]

Bumps actions/dependency-review-action from 1 to 2.

Release notes

Sourced from actions/dependency-review-action's releases.

2.0.0

Major version update! We are introducing a few configuration options to make the action more useful in a broader set of scenarios:

• fail-on-severity: Specify the minimum security vulnerability threshold before failing workflow runs.
• allow-licenses: An allowlist for dependency licenses.
• deny-licenses: A blocklist for dependency licenses.

You can read more about these options in the README.

PS: No breaking changes since v1.

1.0.2

• Clarify error messages for private repos
• Update NPM dependencies.

v1.0.1

We're starting to use semantic versioning for our project.

Commits

• aabd50a Bumping version to 2.0.1
• 981c44c Merge pull request #116 from actions/unknown-licenses
• c0d3293 Adding dist.
• 963fe80 Always print null licenses.
• bf94d94 Remove old TODO.
• 43ce5df Update CONTRIBUTING.md
• 24bc5e9 Updating the CONTRIBUTING.md docs.
• 97790d2 update version in package.json
• 74dbdf9 Merge pull request #112 from actions/move-config-file
• f3f3519 Merge branch 'main' into move-config-file
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Base: 97.85% // Head: 100.00% // Increases project coverage by +2.14% 🎉

Coverage data is based on head (9ea3e00) compared to base (bd5a5ed).
Patch has no changes to coverable lines.

Additional details and impacted files

@@             Coverage Diff             @@
##             main      #593      +/-   ##
===========================================
+ Coverage   97.85%   100.00%   +2.14%     
===========================================
  Files           7         7              
  Lines         140       140              
  Branches       20        20              
===========================================
+ Hits          137       140       +3     
+ Misses          3         0       -3     

Impacted Files	Coverage Δ
src/installer.ts	100.00% <0.00%> (+5.88%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.