Bump actions/dependency-review-action from 2.2.0 to 2.3.0

[dependabot]

Bumps actions/dependency-review-action from 2.2.0 to 2.3.0.

Release notes

Sourced from actions/dependency-review-action's releases.

2.3.0

We're adding back support for an external configuration file. You can use the config-file configuration string to specify a path to a YAML configuration file where you can specify any options you want:

  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v2
        with: 
          - config-file: ./.github/dependency-review-config.yml

Commits

• 2843194 Updating version.
• 6944531 Update README.md
• 29cdbbe Merge pull request #228 from actions/external-config
• 88502ba Update README.md
• ff7c97a adding dist
• 4d3b8e5 Clarify code a bit.
• 38ee6e8 Improve scopes example in new docs.
• 54cd9a7 Merge branch 'main' into external-config
• c4693c0 Raise errors for invalid values in the external config.
• e89f113 add callout to checkout main when updating major version tag
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #1072 (8e53e49) into main (25f429c) will increase coverage by 0.08%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1072      +/-   ##
==========================================
+ Coverage   41.01%   41.09%   +0.08%     
==========================================
  Files          71       71              
  Lines        7061     7061              
==========================================
+ Hits         2896     2902       +6     
+ Misses       3858     3854       -4     
+ Partials      307      305       -2     

Impacted Files	Coverage Δ
pkg/types/alpine/v0.0.1/entry.go	54.87% <0.00%> (+2.43%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.