:seedling: Bump github.com/google/osv-scanner from 1.7.3 to 1.7.4

[dependabot[bot]]

Bumps github.com/google/osv-scanner from 1.7.3 to 1.7.4.

Release notes

Sourced from github.com/google/osv-scanner's releases.

v1.7.4:

Features:

• [Feature #943](google/osv-scanner#943) Support scanning gradle/verification-metadata.xml files.

Misc:

• [Bug #968](google/osv-scanner#968) Hide unimportant Debian vulnerabilities to reduce noise.

New Contributors

• @​khorben made their first contribution in google/osv-scanner#969

Full Changelog: https://github.com/google/osv-scanner/compare/v1.7.3...v1.7.4

Changelog

Sourced from github.com/google/osv-scanner's changelog.

v1.7.4:

Features:

• [Feature #943](google/osv-scanner#943) Support scanning gradle/verification-metadata.xml files.

Misc:

• [Bug #968](google/osv-scanner#968) Hide unimportant Debian vulnerabilities to reduce noise.

Commits

• d4657bf Remove feature from changelog as it's still blocked on #769 (#1006)
• 8614400 V1.7.4 changelog (#1001)
• 18e4585 Update typo in supported_languages_and_lockfiles.md (#998)
• 0550916 feat: support comparing Alpine versions locally (#980)
• 588dda2 Now that we have updated to go1.21.10, we can remove the ignore line from osv...
• 804589a chore(deps): update workflows (major) (#897)
• b178a88 fix(deps): update osv-scanner minor (#994)
• 8fd05b4 chore(deps): update alpine docker tag to v3.20 (#993)
• fc58bed Update test snapshots (#992)
• 33e7f93 test: add cases for output functions (#937)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[spencerschrock]

/scdiff generate Vulnerabilities

[github-actions[bot]]

Here's a link to the scdiff run