[PR #141] [MERGED] 🌱 bump google/osv-scanner-action from 2.0.3 to 2.2.1 #138

New issue

Closed

opened 2026-03-03 16:28:26 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 16:28:26 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/natrontech/pbs-exporter/pull/141
Author: @dependabot[bot]
Created: 8/12/2025
Status: ✅ Merged
Merged: 9/2/2025
Merged by: @janfuhrer

Base: main ← Head: dependabot/github_actions/google/osv-scanner-action-2.2.1

📝 Commits (1)

5bd79d6 🌱 bump google/osv-scanner-action from 2.0.3 to 2.2.1

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/osv-scan.yml (+1 -1)

📄 Description

Bumps google/osv-scanner-action from 2.0.3 to 2.2.1.

Release notes

Sourced from google/osv-scanner-action's releases.

v2.2.1

What's Changed

OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!

Features:

[Feature #2146](google/osv-scanner#2146) Allow manual OSV-Scalibr plugin selection.

[Feature #2144](google/osv-scanner#2144) Add OSV-Scalibr version to osv-scanner --version output.

[Feature #2021](google/osv-scanner#2021) Add experimental support for running OSV-Scalibr detectors.

[Feature #2079](google/osv-scanner#2079) Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.

[Feature #2032](google/osv-scanner#2032) Add summary section at the top of outputs and a 'Fixed Version' column.

[Feature #2076](google/osv-scanner#2076) Support Ubuntu severity type.

Fixes:

[Bug #2141](google/osv-scanner#2141) Fix OSV-Scanner json scans not matching with correct ecosystem.

[Bug #2084](google/osv-scanner#2084) Show absolute paths when scanning containers.

[Bug #2126](google/osv-scanner#2126) Log and preserve package count before continuing on db error.

[Bug #2095](google/osv-scanner#2095) Pass through plugin capabilities correctly.

[Bug #2051](google/osv-scanner#2051) Properly flag if running on Linux or Mac OSs for plugin compatibility.

[Bug #2072](google/osv-scanner#2072) Add missing "text" property in description fields.

[Bug #2068](google/osv-scanner#2068) Change links in output to go to the specific vulnerability page instead of the list page.

[Bug #2064](google/osv-scanner#2064) Fix SARIF v3 output to include results.

[Bug #2151](google/osv-scanner#2151) Filter by ecosystem before querying.

API Changes:

[API Change #2096](google/osv-scanner#2096) Allow log handler to be overridden.

v2.1.0

What's Changed

chore(deps): update github/codeql-action action to v3.29.0 by @renovate-bot in google/osv-scanner-action#76

Update to v2.1.0 by @michaelkedar in google/osv-scanner-action#81

Full Changelog: https://github.com/google/osv-scanner-action/compare/v2.0.3...v2.1.0

Commits

6c57776 Merge pull request #85 from google/update-to-v2.2.1
b51c588 Update unified workflow example to point to v2.2.1 reusable workflows
5aa4a26 Update reusable workflows to point to v2.2.1 actions
a0e5dd4 "Update actions to use v2.2.1 osv-scanner image"
bd4cb2b Merge pull request #84 from google/update-to-v2.2.0
5b201dc Update unified workflow example to point to v2.2.0 reusable workflows
1df8ae2 Update reusable workflows to point to v2.2.0 actions
d5323f9 Update actions to use v2.2.0 osv-scanner image
6845bf6 Merge pull request #83 from renovate-bot/renovate/workflows
cf9b8dc chore(deps): update github/codeql-action action to v3.29.5
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/natrontech/pbs-exporter/pull/141 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 8/12/2025 **Status:** ✅ Merged **Merged:** 9/2/2025 **Merged by:** [@janfuhrer](https://github.com/janfuhrer) **Base:** `main` ← **Head:** `dependabot/github_actions/google/osv-scanner-action-2.2.1` --- ### 📝 Commits (1) - [`5bd79d6`](https://github.com/natrontech/pbs-exporter/commit/5bd79d6e26c0fcbe5178771c2ea679a7fd6b8ecb) :seedling: bump google/osv-scanner-action from 2.0.3 to 2.2.1 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/osv-scan.yml` (+1 -1) </details> ### 📄 Description Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 2.0.3 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <h2>What's Changed</h2> <p>OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (<code>--experimental-plugins</code>, see details <a href="https://google.github.io/osv-scanner/experimental/manual-plugin-selection/">here</a>)!</p> <h3>Features:</h3> <ul> <li>[Feature <a href="https://redirect.github.com/google/osv-scanner-action/issues/2146">#2146</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2146">google/osv-scanner#2146</a>) Allow manual OSV-Scalibr plugin selection.</li> <li>[Feature <a href="https://redirect.github.com/google/osv-scanner-action/issues/2144">#2144</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2144">google/osv-scanner#2144</a>) Add OSV-Scalibr version to osv-scanner --version output.</li> <li>[Feature <a href="https://redirect.github.com/google/osv-scanner-action/issues/2021">#2021</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2021">google/osv-scanner#2021</a>) Add experimental support for running OSV-Scalibr detectors.</li> <li>[Feature <a href="https://redirect.github.com/google/osv-scanner-action/issues/2079">#2079</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2079">google/osv-scanner#2079</a>) Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.</li> <li>[Feature <a href="https://redirect.github.com/google/osv-scanner-action/issues/2032">#2032</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2032">google/osv-scanner#2032</a>) Add summary section at the top of outputs and a 'Fixed Version' column.</li> <li>[Feature <a href="https://redirect.github.com/google/osv-scanner-action/issues/2076">#2076</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2076">google/osv-scanner#2076</a>) Support Ubuntu severity type.</li> </ul> <h3>Fixes:</h3> <ul> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2141">#2141</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2141">google/osv-scanner#2141</a>) Fix OSV-Scanner json scans not matching with correct ecosystem.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2084">#2084</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2084">google/osv-scanner#2084</a>) Show absolute paths when scanning containers.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2126">#2126</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2126">google/osv-scanner#2126</a>) Log and preserve package count before continuing on db error.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2095">#2095</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2095">google/osv-scanner#2095</a>) Pass through plugin capabilities correctly.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2051">#2051</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2051">google/osv-scanner#2051</a>) Properly flag if running on Linux or Mac OSs for plugin compatibility.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2072">#2072</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2072">google/osv-scanner#2072</a>) Add missing "text" property in description fields.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2068">#2068</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2068">google/osv-scanner#2068</a>) Change links in output to go to the specific vulnerability page instead of the list page.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2064">#2064</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2064">google/osv-scanner#2064</a>) Fix SARIF v3 output to include results.</li> <li>[Bug <a href="https://redirect.github.com/google/osv-scanner-action/issues/2151">#2151</a>](<a href="https://redirect.github.com/google/osv-scanner/issues/2151">google/osv-scanner#2151</a>) Filter by ecosystem before querying.</li> </ul> <h3>API Changes:</h3> <ul> <li>[API Change <a href="https://redirect.github.com/google/osv-scanner-action/issues/2096">#2096</a>](<a href="https://redirect.github.com/google/osv-scanner/pull/2096">google/osv-scanner#2096</a>) Allow log handler to be overridden.</li> </ul> <h2>v2.1.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): update github/codeql-action action to v3.29.0 by <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/76">google/osv-scanner-action#76</a></li> <li>Update to v2.1.0 by <a href="https://github.com/michaelkedar"><code>@michaelkedar</code></a> in <a href="https://redirect.github.com/google/osv-scanner-action/pull/81">google/osv-scanner-action#81</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/osv-scanner-action/compare/v2.0.3...v2.1.0">https://github.com/google/osv-scanner-action/compare/v2.0.3...v2.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/osv-scanner-action/commit/6c57776178c26313323dcdf6c082ed195314fd17"><code>6c57776</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/85">#85</a> from google/update-to-v2.2.1</li> <li><a href="https://github.com/google/osv-scanner-action/commit/b51c588a83869ed93907071736a53315ab773391"><code>b51c588</code></a> Update unified workflow example to point to v2.2.1 reusable workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/5aa4a2601a3ce3dbcf36e1679fdb1df7cc2487fd"><code>5aa4a26</code></a> Update reusable workflows to point to v2.2.1 actions</li> <li><a href="https://github.com/google/osv-scanner-action/commit/a0e5dd4ee828f4e99760a98cac452a29afe27cb8"><code>a0e5dd4</code></a> "Update actions to use v2.2.1 osv-scanner image"</li> <li><a href="https://github.com/google/osv-scanner-action/commit/bd4cb2b5b68051324740d0cc5e698ff76a0c136b"><code>bd4cb2b</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/84">#84</a> from google/update-to-v2.2.0</li> <li><a href="https://github.com/google/osv-scanner-action/commit/5b201dc975c4121896f7cf37fad381a8927afade"><code>5b201dc</code></a> Update unified workflow example to point to v2.2.0 reusable workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/1df8ae2361e6a905834717cf09f5e89314721672"><code>1df8ae2</code></a> Update reusable workflows to point to v2.2.0 actions</li> <li><a href="https://github.com/google/osv-scanner-action/commit/d5323f9c66ecdcb845c92443ff4717041ed3b0e4"><code>d5323f9</code></a> Update actions to use v2.2.0 osv-scanner image</li> <li><a href="https://github.com/google/osv-scanner-action/commit/6845bf6e5face26d6601e66c667852bc25fbfb2e"><code>6845bf6</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/83">#83</a> from renovate-bot/renovate/workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/cf9b8dce7996c340bfe97afae0d48ec2337bf26e"><code>cf9b8dc</code></a> chore(deps): update github/codeql-action action to v3.29.5</li> <li>Additional commits viewable in <a href="https://github.com/google/osv-scanner-action/compare/40a8940a65eab1544a6af759e43d936201a131a2...6c57776178c26313323dcdf6c082ed195314fd17">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/osv-scanner-action&package-manager=github_actions&previous-version=2.0.3&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>