starred/pbs-exporter
1
0
Fork 0
mirror of https://github.com/natrontech/pbs-exporter.git synced 2026-04-26 10:55:50 +03:00
Code Issues 12 Projects Releases 5 Packages Wiki Activity

[PR #109] [CLOSED] 🌱 Bump google/osv-scanner-action from 1.9.2 to 2.0.1 #107

New issue
Closed
opened 2026-03-03 16:28:16 +03:00 by kerem · 0 comments
kerem commented 2026-03-03 16:28:16 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/natrontech/pbs-exporter/pull/109
Author: @dependabot[bot]
Created: 4/7/2025
Status: Closed

Base: mainHead: dependabot/github_actions/google/osv-scanner-action-2.0.1

📝 Commits (1)

  • 40005f3 🌱 Bump google/osv-scanner-action from 1.9.2 to 2.0.1

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/osv-scan.yml (+1 -1)

📄 Description

Bumps google/osv-scanner-action from 1.9.2 to 2.0.1.

Release notes

Sourced from google/osv-scanner-action's releases.

v2.0.1

What's Changed

Full Changelog: https://github.com/google/osv-scanner-action/compare/v2.0.0...v2.0.1

v2.0.0

What's Changed

Breaking changes

By default, osv-scanner-action no longer scans the HEAD git hash. This means if there are no other lockfiles found to scan, then osv-scanner-action will fail the workflow, as it is likely it's setup incorrectly.

To match the previous behavior, pass --include-git-root to scan-args, e.g.

  osv-scan:
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.0"
    with:
      scan-args: |-
        --include-git-root
        --recursive
        ./

Full Changelog: https://github.com/google/osv-scanner-action/compare/v1.9.2...v2.0.0

Commits
  • 6fc7144 Merge pull request #69 from google/update-to-v2.0.1
  • ce2f529 Update unified workflow example to point to v2.0.1 reusable workflows
  • afa2aef Update reusable workflows to point to v2.0.1 actions
  • 19734b4 Update actions to use v2.0.1 osv-scanner image
  • 98b584e Merge pull request #63 from renovate-bot/renovate/workflows
  • 256cd6a chore(deps): update github/codeql-action action to v3.28.11
  • 90fad54 Merge pull request #64 from google/update-to-v2.0.0
  • f9d9b03 Include git root
  • 6e516af Update unified workflow example to point to v2.0.0 reusable workflows
  • 4299e5f Update reusable workflows to point to v2.0.0 actions
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/natrontech/pbs-exporter/pull/109 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/7/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/github_actions/google/osv-scanner-action-2.0.1` --- ### 📝 Commits (1) - [`40005f3`](https://github.com/natrontech/pbs-exporter/commit/40005f3f1209a00e93c464bd1fa41a031fde06b4) :seedling: Bump google/osv-scanner-action from 1.9.2 to 2.0.1 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/osv-scan.yml` (+1 -1) </details> ### 📄 Description Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.9.2 to 2.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action's releases</a>.</em></p> <blockquote> <h2>v2.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update to v2.0.1 by <a href="https://github.com/michaelkedar"><code>@​michaelkedar</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/69">google/osv-scanner-action#69</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/osv-scanner-action/compare/v2.0.0...v2.0.1">https://github.com/google/osv-scanner-action/compare/v2.0.0...v2.0.1</a></p> <h2>v2.0.0</h2> <h2>What's Changed</h2> <ul> <li>Updated to support OSV-Scanner V2</li> <li>Workflows, add support for matrix strategies by <a href="https://github.com/GeoDerp"><code>@​GeoDerp</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/52">google/osv-scanner-action#52</a></li> <li>Support checking out submodules by <a href="https://github.com/faern"><code>@​faern</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/57">google/osv-scanner-action#57</a></li> </ul> <h2>Breaking changes</h2> <p>By default, osv-scanner-action no longer scans the HEAD git hash. This means if there are no other lockfiles found to scan, then osv-scanner-action will fail the workflow, as it is likely it's setup incorrectly.</p> <p>To match the previous behavior, pass <code>--include-git-root</code> to <code>scan-args</code>, e.g.</p> <pre><code> osv-scan: uses: &quot;google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.0&quot; with: scan-args: |- --include-git-root --recursive ./ </code></pre> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/osv-scanner-action/compare/v1.9.2...v2.0.0">https://github.com/google/osv-scanner-action/compare/v1.9.2...v2.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/osv-scanner-action/commit/6fc714450122bda9d00e4ad5d639ad6a39eedb1f"><code>6fc7144</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/69">#69</a> from google/update-to-v2.0.1</li> <li><a href="https://github.com/google/osv-scanner-action/commit/ce2f52987d90daed6f20b7407981e42825e53274"><code>ce2f529</code></a> Update unified workflow example to point to v2.0.1 reusable workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/afa2aef66399b657ea10657432914835474a8882"><code>afa2aef</code></a> Update reusable workflows to point to v2.0.1 actions</li> <li><a href="https://github.com/google/osv-scanner-action/commit/19734b480e0819e9fe058cb345d77fa08c55189f"><code>19734b4</code></a> Update actions to use v2.0.1 osv-scanner image</li> <li><a href="https://github.com/google/osv-scanner-action/commit/98b584ee2ed2da3935ccce10e06739d54cdcd20b"><code>98b584e</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/63">#63</a> from renovate-bot/renovate/workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/256cd6a9fe070e8cc443188861a7066e506f3eea"><code>256cd6a</code></a> chore(deps): update github/codeql-action action to v3.28.11</li> <li><a href="https://github.com/google/osv-scanner-action/commit/90fad544eb4036129491f76db3161ffdc2956748"><code>90fad54</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/64">#64</a> from google/update-to-v2.0.0</li> <li><a href="https://github.com/google/osv-scanner-action/commit/f9d9b03ebbfc80ebc41ce7c0fd09267184979008"><code>f9d9b03</code></a> Include git root</li> <li><a href="https://github.com/google/osv-scanner-action/commit/6e516aff2e1c300b4c4880549bcfec528e300dfb"><code>6e516af</code></a> Update unified workflow example to point to v2.0.0 reusable workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/4299e5fdcc642221d700a4211ac7af48b83353f1"><code>4299e5f</code></a> Update reusable workflows to point to v2.0.0 actions</li> <li>Additional commits viewable in <a href="https://github.com/google/osv-scanner-action/compare/764c91816374ff2d8fc2095dab36eecd42d61638...6fc714450122bda9d00e4ad5d639ad6a39eedb1f">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/osv-scanner-action&package-manager=github_actions&previous-version=1.9.2&new-version=2.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-03 16:28:16 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/github-actions-6b600656ea
v0.9.0
v0.8.0
v0.7.1
v0.7.0
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.5.0-rc.0
0.4.0
0.3.0
0.2.0
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
0.0.1
Labels
Clear labels   
dependencies

   
enhancement

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security
No labels
dependencies
enhancement
enhancement
pull-request
question
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/pbs-exporter#107
No description provided.