chore: bump osv scanner to 1.9.2 (#4956)

* docs: how to connect to an OIDC provider with a self-signed cert (#4889) update oidc docs Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * remove override Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * continue on errors Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * continue on errors Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * add space Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
envoyproxy · Dec 31, 2024 · 57e6b52 · 57e6b52
1 parent c6d5a54
commit 57e6b52
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 8 deletions.
diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml
@@ -18,7 +18,8 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
     - name: Run scanner
-      uses: google/osv-scanner-action/osv-scanner-action@19ec1116569a47416e11a45848722b1af31a857b  # v1.9.0
+      uses: google/osv-scanner-action/osv-scanner-action@f8115f2f28022984d4e8070d2f0f85abcf6f3458  # v1.9.2
+      continue-on-error: true  # remove this after https://github.com/google/deps.dev/issues/146 has been resolved
       with:
         scan-args: |-
           --skip-git

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -21,7 +21,7 @@ jobs:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b"  # v1.9.0
+    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458"  # v1.9.2
       with:
         scan-args: |-
           --skip-git
@@ -37,10 +37,7 @@ jobs:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/setup-go@v5
-      with:
-        go-version: '1.23.4'
-    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b"  # v1.9.0
+    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458"  # v1.9.2
       with:
         scan-args: |-
           --skip-git

diff --git a/tools/osv-scanner/license-scan-config.toml b/tools/osv-scanner/license-scan-config.toml
@@ -1,8 +1,8 @@
 # Ignore vulnerabilities on license scan
 [[PackageOverrides]]
 ecosystem = "Go"
-# TODO uncomment once osv-scanner-action is updated to v1.9.1
-# vulnerability.ignore = true
+
+vulnerability.ignore = true
 
 [[PackageOverrides]]
 name = "github.com/AdaLogics/go-fuzz-headers"