ci: bump actions/dependency-review-action from 1 to 2

[dependabot]

Bumps actions/dependency-review-action from 1 to 2.

Release notes

Sourced from actions/dependency-review-action's releases.

2.0.0

Major version update! We are introducing a few configuration options to make the action more useful in a broader set of scenarios:

• fail-on-severity: Specify the minimum security vulnerability threshold before failing workflow runs.
• allow-licenses: An allowlist for dependency licenses.
• deny-licenses: A blocklist for dependency licenses.

You can read more about these options in the README.

PS: No breaking changes since v1.

1.0.2

• Clarify error messages for private repos
• Update NPM dependencies.

v1.0.1

We're starting to use semantic versioning for our project.

Commits

• 97790d2 update version in package.json
• 74dbdf9 Merge pull request #112 from actions/move-config-file
• f3f3519 Merge branch 'main' into move-config-file
• 216910d Merge pull request #113 from actions/dependabot/npm_and_yarn/prettier-2.7.0
• eb561ba Bump prettier from 2.6.2 to 2.7.0
• 3f24686 Merge pull request #114 from actions/dependabot/npm_and_yarn/types/node-17.0.43
• faa63c3 adding dist
• dfd5196 Update schemas.ts
• 871f406 adding doc for protected branches
• d6f6abd Bump @​types/node from 17.0.42 to 17.0.43
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #762 (0d1dfaf) into main (414c92c) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #762   +/-   ##
=======================================
  Coverage   61.45%   61.45%           
=======================================
  Files           4        4           
  Lines         275      275           
  Branches       45       45           
=======================================
  Hits          169      169           
  Misses        105      105           
  Partials        1        1           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update da72d05...0d1dfaf. Read the comment docs.