Skip to content

ci(deps): bump google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.2.1 to 2.3.8#16

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/google/osv-scanner-action/dot-github/workflows/osv-scanner-reusable.yml-2.3.8
Open

ci(deps): bump google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.2.1 to 2.3.8#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/google/osv-scanner-action/dot-github/workflows/osv-scanner-reusable.yml-2.3.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.2.1 to 2.3.8.

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's releases.

v2.3.8

What's Changed

This updates OSV-Scanner to v2.3.8.

Full Changelog: google/osv-scanner-action@v2.3.5...v2.3.8

v2.3.5

This updates OSV-Scanner to v2.3.5.

What's Changed

New Contributors

Full Changelog: google/osv-scanner-action@v2.3.3...v2.3.5

v2.3.3

This updates OSV-Scanner to v2.3.3.

What's Changed

New Contributors

Full Changelog: google/osv-scanner-action@v2.3.2...v2.3.3

v2.3.2

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

Misc:

... (truncated)

Commits
  • 9a49870 Update unified workflow example to point to v2.3.8 reusable workflows
  • 3adb4b1 Update reusable workflows to point to v2.3.8 actions
  • 8dc0919 "Update actions to use v2.3.8 osv-scanner image"
  • 43f380b Merge pull request #125 from google/update-to-v2.3.6
  • dcf4ddd Update unified workflow example to point to v2.3.6 reusable workflows
  • b9dbb7e Update reusable workflows to point to v2.3.6 actions
  • fe54858 "Update actions to use v2.3.6 osv-scanner image"
  • eb5b619 Merge pull request #100 from thomasleplus/main
  • 9517144 feat: output results in reusable workflow
  • f17cd09 Merge branch 'main' into main
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 22, 2026
@dependabot dependabot Bot requested a review from RBKunnela as a code owner May 22, 2026 17:01
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 22, 2026

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/google/osv-scanner-action/dot-github/workflows/osv-scanner-reusable.yml-2.3.8 branch from a78eaf6 to 17555c6 Compare May 22, 2026 19:06
@RBKunnela RBKunnela mentioned this pull request May 22, 2026
Merged
RBKunnela added a commit that referenced this pull request May 22, 2026
@RBKunnela
ci: gate paybot-sdk on npm test (closes #4) (#35)
b4de4e7 
Wire vitest run into the build matrix between type-check and build,
across Node 18 + 20. paybot-sdk auto-publishes to npm on every push
to main; before this change CI never ran the test suite, so code
could ship to customers without its own tests ever executing.

Test suite: 102 tests / 7 files in tests/, vitest.config.ts scoped
to tests/**/*.test.ts. Local: 102/102 pass in 1.72s.

Not in this PR (deliberately split per Orion routing during Phase 1
discovery):
- Task #14: dual-mode dead-code bug in src/x402-v2.ts:251
  (no-dupe-else-if surfaces it; requires semantic decision on what
  dual-mode should emit — separate @dev story)
- Task #15: coverage gate at 80% threshold + tests for x402-v2.ts
  and payment-engine.ts (currently 0% covered, 805 LOC combined)
- Task #16: coverage/ gitignore hygiene

No change to required_status_checks contexts: the new step runs
inside the existing build (18) + build (20) matrix entries, adding
substance without adding new context names.

5th application of automated-pr-merge-authority.md.
@dependabot dependabot Bot force-pushed the dependabot/github_actions/google/osv-scanner-action/dot-github/workflows/osv-scanner-reusable.yml-2.3.8 branch 2 times, most recently from 312f863 to 57854e5 Compare May 22, 2026 22:54
@RBKunnela RBKunnela mentioned this pull request May 22, 2026
Merged
RBKunnela added a commit that referenced this pull request May 22, 2026
@RBKunnela
chore(ci): gate paybot-sdk on npm run lint (#39)
5dff725 
Add `npm run lint` as a CI step in the build matrix job, positioned
between `npm ci` (install) and `npm run type-check` so lint failures
fast-fail before downstream type-check/test/coverage/build steps.

Now possible because Task #14 (dual-mode dead-code fix in PR #36)
eliminated the no-dupe-else-if blocker on `src/x402-v2.ts:251`.
Lint passes clean on main (verified locally pre-commit).

Why lint gate matters: paybot-sdk auto-publishes to npm on main push.
Without a CI lint gate, lint regressions could ship to the registry.

Note on Task #16 (coverage/ in .gitignore): already present on line 12
of `.gitignore`. No-op; not included in this PR.

Closes #17
Refs #16 (no-op, pre-existing)
@dependabot dependabot Bot force-pushed the dependabot/github_actions/google/osv-scanner-action/dot-github/workflows/osv-scanner-reusable.yml-2.3.8 branch from 57854e5 to 81007ed Compare May 22, 2026 23:07
@dependabot
ci(deps): bump google/osv-scanner-action/.github/workflows/osv-scanne…
657fae8 
…r-reusable.yml

Bumps [google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml](https://github.com/google/osv-scanner-action) from 2.2.1 to 2.3.8.
- [Release notes](https://github.com/google/osv-scanner-action/releases)
- [Commits](google/osv-scanner-action@456ceb7...9a49870)

---
updated-dependencies:
- dependency-name: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml
  dependency-version: 2.3.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/google/osv-scanner-action/dot-github/workflows/osv-scanner-reusable.yml-2.3.8 branch from 81007ed to 657fae8 Compare May 23, 2026 11:46
@RBKunnela RBKunnela added the friendlyai-review-refresh Trigger FriendlyAI Review on existing PRs label May 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RBKunnela RBKunnela Awaiting requested review from RBKunnela RBKunnela is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file friendlyai-review-refresh Trigger FriendlyAI Review on existing PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RBKunnela