Commit c993ab0
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump google/osv-scanner-action from 2.1.0 to 2.2.1 (#1102)
Bumps
[google/osv-scanner-action](https://github.com/google/osv-scanner-action)
from 2.1.0 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>What's Changed</h2>
<p>OSV-Scanner now supports all OSV-Scalibr features behind experimental
flags (<code>--experimental-plugins</code>, see details <a
href="https://google.github.io/osv-scanner/experimental/manual-plugin-selection/">here</a>)!</p>
<h3>Features:</h3>
<ul>
<li>[Feature <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2146">#2146</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2146">google/osv-scanner#2146</a>)
Allow manual OSV-Scalibr plugin selection.</li>
<li>[Feature <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2144">#2144</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2144">google/osv-scanner#2144</a>)
Add OSV-Scalibr version to osv-scanner --version output.</li>
<li>[Feature <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2021">#2021</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2021">google/osv-scanner#2021</a>)
Add experimental support for running OSV-Scalibr detectors.</li>
<li>[Feature <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2079">#2079</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2079">google/osv-scanner#2079</a>)
Fall back to offline extractor if the transitive one fails, so at least
direct dependencies are returned.</li>
<li>[Feature <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2032">#2032</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2032">google/osv-scanner#2032</a>)
Add summary section at the top of outputs and a 'Fixed Version'
column.</li>
<li>[Feature <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2076">#2076</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2076">google/osv-scanner#2076</a>)
Support Ubuntu severity type.</li>
</ul>
<h3>Fixes:</h3>
<ul>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2141">#2141</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2141">google/osv-scanner#2141</a>)
Fix OSV-Scanner json scans not matching with correct ecosystem.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2084">#2084</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2084">google/osv-scanner#2084</a>)
Show absolute paths when scanning containers.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2126">#2126</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2126">google/osv-scanner#2126</a>)
Log and preserve package count before continuing on db error.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2095">#2095</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2095">google/osv-scanner#2095</a>)
Pass through plugin capabilities correctly.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2051">#2051</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2051">google/osv-scanner#2051</a>)
Properly flag if running on Linux or Mac OSs for plugin
compatibility.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2072">#2072</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2072">google/osv-scanner#2072</a>)
Add missing "text" property in description fields.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2068">#2068</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2068">google/osv-scanner#2068</a>)
Change links in output to go to the specific vulnerability page instead
of the list page.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2064">#2064</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2064">google/osv-scanner#2064</a>)
Fix SARIF v3 output to include results.</li>
<li>[Bug <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2151">#2151</a>](<a
href="https://redirect.github.com/google/osv-scanner/issues/2151">google/osv-scanner#2151</a>)
Filter by ecosystem before querying.</li>
</ul>
<h3>API Changes:</h3>
<ul>
<li>[API Change <a
href="https://redirect.github.com/google/osv-scanner-action/issues/2096">#2096</a>](<a
href="https://redirect.github.com/google/osv-scanner/pull/2096">google/osv-scanner#2096</a>)
Allow log handler to be overridden.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/osv-scanner-action/commit/6c57776178c26313323dcdf6c082ed195314fd17"><code>6c57776</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/85">#85</a>
from google/update-to-v2.2.1</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/b51c588a83869ed93907071736a53315ab773391"><code>b51c588</code></a>
Update unified workflow example to point to v2.2.1 reusable
workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/5aa4a2601a3ce3dbcf36e1679fdb1df7cc2487fd"><code>5aa4a26</code></a>
Update reusable workflows to point to v2.2.1 actions</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/a0e5dd4ee828f4e99760a98cac452a29afe27cb8"><code>a0e5dd4</code></a>
"Update actions to use v2.2.1 osv-scanner image"</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/bd4cb2b5b68051324740d0cc5e698ff76a0c136b"><code>bd4cb2b</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/84">#84</a>
from google/update-to-v2.2.0</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/5b201dc975c4121896f7cf37fad381a8927afade"><code>5b201dc</code></a>
Update unified workflow example to point to v2.2.0 reusable
workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/1df8ae2361e6a905834717cf09f5e89314721672"><code>1df8ae2</code></a>
Update reusable workflows to point to v2.2.0 actions</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/d5323f9c66ecdcb845c92443ff4717041ed3b0e4"><code>d5323f9</code></a>
Update actions to use v2.2.0 osv-scanner image</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/6845bf6e5face26d6601e66c667852bc25fbfb2e"><code>6845bf6</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/83">#83</a>
from renovate-bot/renovate/workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/cf9b8dce7996c340bfe97afae0d48ec2337bf26e"><code>cf9b8dc</code></a>
chore(deps): update github/codeql-action action to v3.29.5</li>
<li>Additional commits viewable in <a
href="https://github.com/google/osv-scanner-action/compare/b00f71e051ddddc6e46a193c31c8c0bf283bf9e6...6c57776178c26313323dcdf6c082ed195314fd17">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent fd4fe73 commit c993ab0
1 file changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
82 | 82 | | |
83 | 83 | | |
84 | 84 | | |
85 | | - | |
| 85 | + | |
86 | 86 | | |
87 | 87 | | |
88 | 88 | | |
| |||
99 | 99 | | |
100 | 100 | | |
101 | 101 | | |
102 | | - | |
| 102 | + | |
103 | 103 | | |
104 | 104 | | |
105 | 105 | | |
| |||
110 | 110 | | |
111 | 111 | | |
112 | 112 | | |
113 | | - | |
| 113 | + | |
114 | 114 | | |
115 | 115 | | |
116 | 116 | | |
| |||
0 commit comments