Bump github.com/google/osv-scanner from 1.6.1 to 1.7.3

[dependabot]

Bumps github.com/google/osv-scanner from 1.6.1 to 1.7.3.

Release notes

Sourced from github.com/google/osv-scanner's releases.

v1.7.3:

Features:

• [Feature #934](google/osv-scanner#934) add support for PNPM v9 lockfiles.

Fixes:

• [Bug #938](google/osv-scanner#938) Ensure the sarif output has a stable order.
• [Bug #922](google/osv-scanner#922) Support filtering on alias IDs in Guided Remediation.

Full Changelog: google/osv-scanner@v1.7.2...v1.7.3

v1.7.2:

Fixes:

• [Bug #899](google/osv-scanner#899) Guided Remediation: Parse paths in npmrc auth fields correctly.
• [Bug #908](google/osv-scanner#908) Fix rust call analysis by explicitly disabling stripping of debug info.
• [Bug #914](google/osv-scanner#914) Fix regression for go call analysis introduced in 1.7.0.

v1.7.1:

(There was no Github release for this version)

Fixes

• [Bug #856](google/osv-scanner#856) Add retry logic to make calls to OSV.dev API more resilient. This combined with changes in OSV.dev's API should result in much less timeout errors.

API Features

• [Feature #781](google/osv-scanner#781) add MakeVersionRequestsWithContext()
• [Feature #857](google/osv-scanner#857) API and networking related errors now has their own error and exit code (Exit Code 129)

New Contributors

• @​DavidKorczynski made their first contribution in google/osv-scanner#846
• @​tuananh made their first contribution in google/osv-scanner#781
• @​omercnet made their first contribution in google/osv-scanner#874
• @​Dor1s made their first contribution in google/osv-scanner#877

Full Changelog: google/osv-scanner@v1.7.0...v1.7.2

v1.7.0

This version introduces our new guided remediation feature for npm! Try it with osv-scanner fix today!

... (truncated)

Changelog

Sourced from github.com/google/osv-scanner's changelog.

v1.7.3:

Features:

• [Feature #934](google/osv-scanner#934) add support for PNPM v9 lockfiles.

Fixes:

• [Bug #938](google/osv-scanner#938) Ensure the sarif output has a stable order.
• [Bug #922](google/osv-scanner#922) Support filtering on alias IDs in Guided Remediation.

v1.7.2:

Fixes:

• [Bug #899](google/osv-scanner#899) Guided Remediation: Parse paths in npmrc auth fields correctly.
• [Bug #908](google/osv-scanner#908) Fix rust call analysis by explicitly disabling stripping of debug info.
• [Bug #914](google/osv-scanner#914) Fix regression for go call analysis introduced in 1.7.0.

v1.7.1:

(There is no Github release for this version)

Fixes

• [Bug #856](google/osv-scanner#856) Add retry logic to make calls to OSV.dev API more resilient. This combined with changes in OSV.dev's API should result in much less timeout errors.

API Features

• [Feature #781](google/osv-scanner#781) add MakeVersionRequestsWithContext()
• [Feature #857](google/osv-scanner#857) API and networking related errors now has their own error and exit code (Exit Code 129)

v1.7.0:

Features

• [Feature #352](google/osv-scanner#352) Guided Remediation Introducing our new experimental guided remediation feature on osv-scanner fix subcommand. See our docs for detailed usage instructions.

• [Feature #805](google/osv-scanner#805) Include CVSS MaxSeverity in JSON output.

Fixes

• [Bug #818](google/osv-scanner#818) Align GoVulncheck Go version with go.mod.

... (truncated)

Commits

• 645d5b0 chore(deps): update golang:1.21-alpine3.19 docker digest to b3aea8d (#973)
• 90e628c v1.7.3 changelog and version bump (#972)
• f86f846 Update gomod go version (#971)
• 3be8eff Fix tests; add newly discovered vulns (#970)
• e2adeb5 Update go.mod to 1.21.9 (#907)
• cc7261e chore: import sys in Python generators (#966)
• 9fee150 ci: upgrade golangci/golangci-lint-action to v5 (#964)
• 94dc496 chore: only extract versions from packages in the generator ecosystem (#957)
• cbc9678 refactor: encapsulate getting the working directory in a helper function (#961)
• 9df6829 refactor: apply Rubocop to Ruby generator (#956)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)