Bump google/osv-scanner-action from 1.6.2.pre.beta1 to 1.7.1 (flutter#52147)

dependabot[bot] · web-flow · commit 5487ce15dbf7 · 2024-04-16T06:10:14.000Z
Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.6.2.pre.beta1 to 1.7.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action's releases</a>.</em></p> <blockquote> <h2>v1.7.1</h2> <p>First full release of osv-scanner, currently using v1.7.1 of osv-scanner. See <a href="https://github.com/google/osv-scanner-action/blob/main/README.md">README.md</a> or <a href="https://google.github.io/osv-scanner/github-action/">documentation</a> for usage instructions.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/osv-scanner-action/commit/1f1242919d8a60496dd1874b24b62b2370ed4c78"><code>1f12429</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/4">#4</a> from google/update-to-v1.7.1</li> <li><a href="https://github.com/google/osv-scanner-action/commit/5c2a8dd5ce305749a9690018082c5501dbe1de2a"><code>5c2a8dd</code></a> Update to v1.7.1</li> <li><a href="https://github.com/google/osv-scanner-action/commit/c94002860c9902ef660a8f74095e9a9c1b2263ff"><code>c940028</code></a> Merge pull request <a href="https://redirect.github.com/google/osv-scanner-action/issues/3">#3</a> from google/update-to-v.1.7.0</li> <li><a href="https://github.com/google/osv-scanner-action/commit/604d5422a484a5a778b7174f15f7a785fc10aacc"><code>604d542</code></a> Add exit code</li> <li><a href="https://github.com/google/osv-scanner-action/commit/d878ed51344d215187c6e4cdde91ebfdc7b06868"><code>d878ed5</code></a> Add error troubleshotting step</li> <li><a href="https://github.com/google/osv-scanner-action/commit/fcd6c0a9e3710c09280b04dc5c1379d9af331c33"><code>fcd6c0a</code></a> v1.7.0-beta1</li> <li>See full diff in <a href="https://github.com/google/osv-scanner-action/compare/v1.6.2-beta1...v1.7.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/osv-scanner-action&package-manager=github_actions&previous-version=1.6.2.pre.beta1&new-version=1.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
diff --git a/.github/workflows/third_party_scan.yml b/.github/workflows/third_party_scan.yml
@@ -41,7 +41,7 @@ jobs:
     name: Vulnerability scanning
     needs:
       extract-deps
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.6.2-beta1"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.1"
     with:
       # Download the artifact uploaded in extract-deps step
       download-artifact: osv-lockfile-${{github.sha}}
