From 57e6b52c3b37e3becafed703f84c16d1edb5a66c Mon Sep 17 00:00:00 2001 From: "Huabing (Robin) Zhao" Date: Tue, 31 Dec 2024 14:41:36 +0800 Subject: [PATCH] chore: bump osv scanner to 1.9.2 (#4956) * docs: how to connect to an OIDC provider with a self-signed cert (#4889) update oidc docs Signed-off-by: Huabing Zhao * remove override Signed-off-by: Huabing Zhao * address comment Signed-off-by: Huabing Zhao * continue on errors Signed-off-by: Huabing Zhao * continue on errors Signed-off-by: Huabing Zhao * add space Signed-off-by: Huabing Zhao --------- Signed-off-by: Huabing Zhao --- .github/workflows/license-scan.yml | 3 ++- .github/workflows/osv-scanner.yml | 7 ++----- tools/osv-scanner/license-scan-config.toml | 4 ++-- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml index c6dea873862..f637db6dbe5 100644 --- a/.github/workflows/license-scan.yml +++ b/.github/workflows/license-scan.yml @@ -18,7 +18,8 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run scanner - uses: google/osv-scanner-action/osv-scanner-action@19ec1116569a47416e11a45848722b1af31a857b # v1.9.0 + uses: google/osv-scanner-action/osv-scanner-action@f8115f2f28022984d4e8070d2f0f85abcf6f3458 # v1.9.2 + continue-on-error: true # remove this after https://github.com/google/deps.dev/issues/146 has been resolved with: scan-args: |- --skip-git diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index bea1c1a15fd..2269c05777c 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -21,7 +21,7 @@ jobs: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} runs-on: ubuntu-latest steps: - - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458" # v1.9.2 with: scan-args: |- --skip-git @@ -37,10 +37,7 @@ jobs: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} runs-on: ubuntu-latest steps: - - uses: actions/setup-go@v5 - with: - go-version: '1.23.4' - - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458" # v1.9.2 with: scan-args: |- --skip-git diff --git a/tools/osv-scanner/license-scan-config.toml b/tools/osv-scanner/license-scan-config.toml index 3b96c10fe7e..8d253111381 100644 --- a/tools/osv-scanner/license-scan-config.toml +++ b/tools/osv-scanner/license-scan-config.toml @@ -1,8 +1,8 @@ # Ignore vulnerabilities on license scan [[PackageOverrides]] ecosystem = "Go" -# TODO uncomment once osv-scanner-action is updated to v1.9.1 -# vulnerability.ignore = true + +vulnerability.ignore = true [[PackageOverrides]] name = "github.com/AdaLogics/go-fuzz-headers"