Bump google/osv-scanner-action from 1.8.3 to 1.8.4 (#54797)

dependabot[bot] · web-flow · commit c571d9a3f80f · 2024-08-27T06:28:22.000Z
Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.8.3 to 1.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action's releases</a>.</em></p> <blockquote> <h2>v1.8.4</h2> <p>Bump OSV-Scanner version <a href="https://github.com/google/osv-scanner/releases/tag/v1.8.4">https://github.com/google/osv-scanner/releases/tag/v1.8.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/osv-scanner-action/commit/678a866dcba398c8ed0124a09928d250f187b52a"><code>678a866</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/39">#39</a> from google/update-to-v1.8.4</li> <li><a href="https://github.com/google/osv-scanner-action/commit/6a315dbacc8e2677a392ead400a973202264cbfa"><code>6a315db</code></a> Update unified workflow example to point to v1.8.4 reusable workflows</li> <li><a href="https://github.com/google/osv-scanner-action/commit/712a57b5f042cd42c534f88b387f93fcec14394a"><code>712a57b</code></a> Update reusable workflows to point to v1.8.4 actions</li> <li><a href="https://github.com/google/osv-scanner-action/commit/fa6b69996424da9c1cebadc9bf67a02010433218"><code>fa6b699</code></a> Update actions to use v1.8.4 osv-scanner image</li> <li><a href="https://github.com/google/osv-scanner-action/commit/b756d11dcf3070ebb0d7437e18e45daa1fb70514"><code>b756d11</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/30">#30</a> from google/update-script</li> <li><a href="https://github.com/google/osv-scanner-action/commit/c63eeb74bc1559c734a6ca6ca8ff53988df4d933"><code>c63eeb7</code></a> Big multiline string</li> <li><a href="https://github.com/google/osv-scanner-action/commit/dd8ff8fe0ee6a43af9d8069ec3502c92b9e49ede"><code>dd8ff8f</code></a> Fix string format</li> <li><a href="https://github.com/google/osv-scanner-action/commit/336764a25a00167ed3148a6841d5a75d82b313a0"><code>336764a</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/38">#38</a> from google/renovate_ignore</li> <li><a href="https://github.com/google/osv-scanner-action/commit/ff89c579713ae6af72e89e10447063a2b2289cc4"><code>ff89c57</code></a> Update package name</li> <li><a href="https://github.com/google/osv-scanner-action/commit/12abe438b36d9400db564ae2e213692bcb7c7b3a"><code>12abe43</code></a> chore: disable renovate bot updating osv-scanner-action package.</li> <li>Additional commits viewable in <a href="https://github.com/google/osv-scanner-action/compare/v1.8.3...v1.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/osv-scanner-action&package-manager=github_actions&previous-version=1.8.3&new-version=1.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
diff --git a/.github/workflows/third_party_scan.yml b/.github/workflows/third_party_scan.yml
@@ -41,7 +41,7 @@ jobs:
     name: Vulnerability scanning
     needs:
       extract-deps
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.3"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4"
     with:
       # Download the artifact uploaded in extract-deps step
       download-artifact: osv-lockfile-${{github.sha}}
