From 29131858797526430b4a81f74737016105317ca8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Apr 2026 18:08:34 +0000
Subject: [PATCH] Bump google/osv-scanner-action from 1.9.0 to 2.3.5

Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.9.0 to 2.3.5.
- [Commits](https://github.com/google/osv-scanner-action/compare/v1.9.0...v2.3.5)

---
updated-dependencies:
- dependency-name: google/osv-scanner-action
  dependency-version: 2.3.5
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yml               | 2 +-
 .github/workflows/security-nightly.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 71ecbe5..8cdaf89 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -144,7 +144,7 @@ jobs:
         # Complements npm audit by hitting OSV's broader vulnerability index
         # (covers ecosystems npm audit doesn't and reflects newly-published
         # advisories faster than the npm registry's mirror).
-        uses: google/osv-scanner-action/osv-scanner-action@v1.9.0
+        uses: google/osv-scanner-action/osv-scanner-action@v2.3.5
         with:
           scan-args: |-
             --recursive
diff --git a/.github/workflows/security-nightly.yml b/.github/workflows/security-nightly.yml
index 3912560..e4484f2 100644
--- a/.github/workflows/security-nightly.yml
+++ b/.github/workflows/security-nightly.yml
@@ -63,7 +63,7 @@ jobs:
           category: trivy-nightly
 
       - name: OSV scan
-        uses: google/osv-scanner-action/osv-scanner-action@v1.9.0
+        uses: google/osv-scanner-action/osv-scanner-action@v2.3.5
         with:
           scan-args: |-
             --recursive