pgxtutorial icon indicating copy to clipboard operation
pgxtutorial copied to clipboard
verified publisher icon henvic

chore(deps): bump google/osv-scanner-action from 1.9.1 to 2.0.2

Open dependabot[bot] opened this issue 8 months ago • 0 comments

Bumps google/osv-scanner-action from 1.9.1 to 2.0.2.

Release notes

Sourced from google/osv-scanner-action's releases.

v2.0.2

Update osv-scanner to v2.0.2

v2.0.1

What's Changed

Full Changelog: https://github.com/google/osv-scanner-action/compare/v2.0.0...v2.0.1

v2.0.0

What's Changed

Breaking changes

By default, osv-scanner-action no longer scans the HEAD git hash. This means if there are no other lockfiles found to scan, then osv-scanner-action will fail the workflow, as it is likely it's setup incorrectly.

To match the previous behavior, pass --include-git-root to scan-args, e.g.

  osv-scan:
    uses: "google/osv-scanner-action/.github/workflows/[email protected]"
    with:
      scan-args: |-
        --include-git-root
        --recursive
        ./

Full Changelog: https://github.com/google/osv-scanner-action/compare/v1.9.2...v2.0.0

v1.9.2

What's Changed

Full Changelog: https://github.com/google/osv-scanner-action/compare/v1.9.1...v1.9.2

Commits
  • e69cc6c Merge pull request #73 from google/update-to-v2.0.2
  • 0c4f697 Update unified workflow example to point to v2.0.2 reusable workflows
  • 840c9d6 Update reusable workflows to point to v2.0.2 actions
  • 8dded71 Update actions to use v2.0.2 osv-scanner image
  • bd2db87 Merge pull request #70 from google/allow-ref-customisation
  • 35f462b Allow customisation of which branch scheduled scans run on
  • f289e0c Merge pull request #67 from renovate-bot/renovate/workflows
  • db92f4e chore(deps): update workflows
  • 6fc7144 Merge pull request #69 from google/update-to-v2.0.1
  • ce2f529 Update unified workflow example to point to v2.0.1 reusable workflows
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar May 06 '25 00:05 dependabot[bot]