[PR #127] [MERGED] 🌱 Bump google/osv-scanner-action from 1.9.2 to 2.0.3 #125

New issue

Closed

opened 2026-03-03 16:28:22 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 16:28:22 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/natrontech/pbs-exporter/pull/127
Author: @dependabot[bot]
Created: 6/16/2025
Status: ✅ Merged
Merged: 7/14/2025
Merged by: @nicololuescher

Base: main ← Head: dependabot/github_actions/google/osv-scanner-action-2.0.3

📝 Commits (1)

9a99f15 🌱 Bump google/osv-scanner-action from 1.9.2 to 2.0.3

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/osv-scan.yml (+1 -1)

📄 Description

Bumps google/osv-scanner-action from 1.9.2 to 2.0.3.

Release notes

Sourced from google/osv-scanner-action's releases.

v2.0.3

Update to use osv-scanner v2.0.3

Notable changes:

There's now a flag --allow-no-lockfiles you can pass to osv-scanner to avoid getting an error when running against a repo with no lockfiles.

We no longer ignore general errors when they occur on osv-scanner-action, and will fail the workflow (e.g. invalid flags passed in)

v2.0.2

Update osv-scanner to v2.0.2

v2.0.1

What's Changed

Update to v2.0.1 by @michaelkedar in google/osv-scanner-action#69

Full Changelog: https://github.com/google/osv-scanner-action/compare/v2.0.0...v2.0.1

v2.0.0

What's Changed

Updated to support OSV-Scanner V2

Workflows, add support for matrix strategies by @GeoDerp in google/osv-scanner-action#52

Support checking out submodules by @faern in google/osv-scanner-action#57

Breaking changes

By default, osv-scanner-action no longer scans the HEAD git hash. This means if there are no other lockfiles found to scan, then osv-scanner-action will fail the workflow, as it is likely it's setup incorrectly.

To match the previous behavior, pass --include-git-root to scan-args, e.g.
  osv-scan:
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.0"
    with:
      scan-args: |-
        --include-git-root
        --recursive
        ./
Full Changelog: https://github.com/google/osv-scanner-action/compare/v1.9.2...v2.0.0

Commits

40a8940 Merge pull request #75 from google/update-to-v2.0.3
ed3a1e5 Update unified workflow example to point to v2.0.3 reusable workflows
b1e3dfc Update reusable workflows to point to v2.0.3 actions
2b64df4 Update actions to use v2.0.3 osv-scanner image
3f1460c Merge pull request #72 from renovate-bot/renovate/workflows
8cbdeb3 chore(deps): update github/codeql-action action to v3.28.19
e69cc6c Merge pull request #73 from google/update-to-v2.0.2
0c4f697 Update unified workflow example to point to v2.0.2 reusable workflows
840c9d6 Update reusable workflows to point to v2.0.2 actions
8dded71 Update actions to use v2.0.2 osv-scanner image
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/natrontech/pbs-exporter/pull/127 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/16/2025 **Status:** ✅ Merged **Merged:** 7/14/2025 **Merged by:** [@nicololuescher](https://github.com/nicololuescher) **Base:** `main` ← **Head:** `dependabot/github_actions/google/osv-scanner-action-2.0.3` --- ### 📝 Commits (1) - [`9a99f15`](https://github.com/natrontech/pbs-exporter/commit/9a99f15d7ddf4178959b85f1c07a46ea6f16cb32) :seedling: Bump google/osv-scanner-action from 1.9.2 to 2.0.3 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/osv-scan.yml` (+1 -1) </details> ### 📄 Description Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.9.2 to 2.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action's releases</a>.</em></p> <blockquote> <h2>v2.0.3</h2> <p>Update to use osv-scanner v2.0.3</p> <p>Notable changes:</p> <ul> <li>There's now a flag <code>--allow-no-lockfiles</code> you can pass to osv-scanner to avoid getting an error when running against a repo with no lockfiles.</li> <li>We no longer ignore general errors when they occur on osv-scanner-action, and will fail the workflow (e.g. invalid flags passed in)</li> </ul> <h2>v2.0.2</h2> <p>Update osv-scanner to v2.0.2</p> <h2>v2.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update to v2.0.1 by <a href="https://github.com/michaelkedar"><code>@michaelkedar</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/69">google/osv-scanner-action#69</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/osv-scanner-action/compare/v2.0.0...v2.0.1">https://github.com/google/osv-scanner-action/compare/v2.0.0...v2.0.1</a></p> <h2>v2.0.0</h2> <h2>What's Changed</h2> <ul> <li>Updated to support OSV-Scanner V2</li> <li>Workflows, add support for matrix strategies by <a href="https://github.com/GeoDerp"><code>@GeoDerp</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/52">google/osv-scanner-action#52</a></li> <li>Support checking out submodules by <a href="https://github.com/faern"><code>@faern</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/57">google/osv-scanner-action#57</a></li> </ul> <h2>Breaking changes</h2> <p>By default, osv-scanner-action no longer scans the HEAD git hash. This means if there are no other lockfiles found to scan, then osv-scanner-action will fail the workflow, as it is likely it's setup incorrectly.</p> <p>To match the previous behavior, pass <code>--include-git-root</code> to <code>scan-args</code>, e.g.</p> <pre><code> osv-scan: uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.0" with: scan-args: |- --include-git-root --recursive ./ </code></pre> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/osv-scanner-action/compare/v1.9.2...v2.0.0">https://github.com/google/osv-scanner-action/compare/v1.9.2...v2.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/osv-scanner-action/commit/40a8940a65eab1544a6af759e43d936201a131a2"><code>40a8940</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/75">#75</a> from google/update-to-v2.0.3</li> <li><a href="https://github.com/google/osv-scanner-action/commit/ed3a1e593ddd30d8d53b3d44a6394561960a7887"><code>ed3a1e5</code></a> Update unified workflow example to point to v2.0.3 reusable workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/b1e3dfc70bb1e4f43c54aa888b390d13adf18411"><code>b1e3dfc</code></a> Update reusable workflows to point to v2.0.3 actions</li> <li><a href="https://github.com/google/osv-scanner-action/commit/2b64df4bbbe4e55a3a6cab3362485fbfaec5a2f8"><code>2b64df4</code></a> Update actions to use v2.0.3 osv-scanner image</li> <li><a href="https://github.com/google/osv-scanner-action/commit/3f1460c5fac5e53f8a743f8550539a576871a83c"><code>3f1460c</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/72">#72</a> from renovate-bot/renovate/workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/8cbdeb3df74b9dcd6998020adede8bb5f774c321"><code>8cbdeb3</code></a> chore(deps): update github/codeql-action action to v3.28.19</li> <li><a href="https://github.com/google/osv-scanner-action/commit/e69cc6c86b31f1e7e23935bbe7031b50e51082de"><code>e69cc6c</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/73">#73</a> from google/update-to-v2.0.2</li> <li><a href="https://github.com/google/osv-scanner-action/commit/0c4f697a535993527d7986c709e53fa1ae7f6986"><code>0c4f697</code></a> Update unified workflow example to point to v2.0.2 reusable workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/840c9d67af0fb6415e5969ba5516f234828b21cf"><code>840c9d6</code></a> Update reusable workflows to point to v2.0.2 actions</li> <li><a href="https://github.com/google/osv-scanner-action/commit/8dded7155905cd666190a12dc9997000e58d163d"><code>8dded71</code></a> Update actions to use v2.0.2 osv-scanner image</li> <li>Additional commits viewable in <a href="https://github.com/google/osv-scanner-action/compare/764c91816374ff2d8fc2095dab36eecd42d61638...40a8940a65eab1544a6af759e43d936201a131a2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/osv-scanner-action&package-manager=github_actions&previous-version=1.9.2&new-version=2.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>