🌱 Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2

[dependabot]

Bumps github.com/google/osv-scanner from 1.4.1 to 1.4.2.

Release notes

Sourced from github.com/google/osv-scanner's releases.

v1.4.2:

Some minor fixes in this release.

Fixes

• [Bug #574](google/osv-scanner#574) Support versions with build metadata in yarn.lock files
• [Bug #599](google/osv-scanner#599) Add name field to sarif rule output

Full Changelog: google/osv-scanner@v1.4.1...v1.4.2

Changelog

Sourced from github.com/google/osv-scanner's changelog.

v1.4.2:

Fixes

• [Bug #574](google/osv-scanner#574) Support versions with build metadata in yarn.lock files
• [Bug #599](google/osv-scanner#599) Add name field to sarif rule output

Commits

• 1372552 Prepare for 1.4.2 release (#609)
• dfef890 chore: don't trim trailing whitespace on fixture snapshots (#608)
• cf948ee Update release pipeline (#602)
• 32ad454 fix: trim leading and trailing newlines off SARIF output (#606)
• c00f630 Add name field to sarif rule output (#600)
• 6bc8b22 chore(deps): update dependency jekyll-feed to v0.17.0 (#579)
• 2aa1336 chore(deps): update golang:alpine docker digest to 926f7f7 (#591)
• 8cfa4dc chore(deps): update workflows (#592)
• 7de70e2 Make scheduled and PR scanning only scan the relevant files and ignore fixtur...
• ff1e2cf Update docs to add in saving to file option (#593)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #3608 (5549eb3) into main (50d2466) will decrease coverage by 5.88%.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3608      +/-   ##
==========================================
- Coverage   76.09%   70.22%   -5.88%     
==========================================
  Files         199      199              
  Lines       13741    13741              
==========================================
- Hits        10456     9649     -807     
- Misses       2674     3532     +858     
+ Partials      611      560      -51     

[spencerschrock]

@dependabot rebase