chore: bump osv scanner to 1.9.2 (#4956)

* docs: how to connect to an OIDC provider with a self-signed cert (#4889)

update oidc docs

Signed-off-by: Huabing Zhao <[email protected]>

* remove override

Signed-off-by: Huabing Zhao <[email protected]>

* address comment

Signed-off-by: Huabing Zhao <[email protected]>

* continue on errors

Signed-off-by: Huabing Zhao <[email protected]>

* continue on errors

Signed-off-by: Huabing Zhao <[email protected]>

* add space

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

Author: zhaohuabing

.github/workflows/license-scan.yml

@@ -18,7 +18,8 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
     - name: Run scanner
-      uses: google/osv-scanner-action/osv-scanner-action@19ec1116569a47416e11a45848722b1af31a857b  # v1.9.0
+      uses: google/osv-scanner-action/osv-scanner-action@f8115f2f28022984d4e8070d2f0f85abcf6f3458  # v1.9.2
+      continue-on-error: true  # remove this after https://github.com/google/deps.dev/issues/146 has been resolved
       with:
         scan-args: |-
           --skip-git

.github/workflows/osv-scanner.yml

@@ -21,7 +21,7 @@ jobs:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b"  # v1.9.0
+    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458"  # v1.9.2
       with:
         scan-args: |-
           --skip-git
@@ -37,10 +37,7 @@ jobs:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/setup-go@v5
-      with:
-        go-version: '1.23.4'
-    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b"  # v1.9.0
+    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458"  # v1.9.2
       with:
         scan-args: |-
           --skip-git

tools/osv-scanner/license-scan-config.toml

@@ -1,8 +1,8 @@
 # Ignore vulnerabilities on license scan
 [[PackageOverrides]]
 ecosystem = "Go"
-# TODO uncomment once osv-scanner-action is updated to v1.9.1
-# vulnerability.ignore = true
+
+vulnerability.ignore = true
 
 [[PackageOverrides]]
 name = "github.com/AdaLogics/go-fuzz-headers"