From 9d120276d179d0b3e8c31f9c97cb68cb035fa556 Mon Sep 17 00:00:00 2001
From: Hardy <luohoufu@infinilabs.com>
Date: Wed, 12 Feb 2025 17:33:18 +0800
Subject: [PATCH] chore: update osv-scanner to 1.9.1 (#111)

* chore: update osv-scanner to 1.9.1

update osv-scanner to 1.9.1

* fix: actions permissions

---------

Co-authored-by: hardy <luohf@infinilabs.com>
---
 .github/workflows/osv-scanner.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
index c6b6a21e..fef30c64 100644
--- a/.github/workflows/osv-scanner.yml
+++ b/.github/workflows/osv-scanner.yml
@@ -16,14 +16,16 @@ on:
     branches: [ "main" ]
 
 permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
   # Require writing security events to upload SARIF file to security tab
   security-events: write
-  # Read commit contents
+  # Only need to read contents
   contents: read
 
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.9.1"
     with:
       # Example of specifying custom arguments
       scan-args: |-