From c16f0095977e35ef599137209b3e3fe0e8b5fb9e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 31 May 2026 08:13:00 +0000
Subject: [PATCH] ci: bump the github-actions group across 1 directory with 2
 updates

Bumps the github-actions group with 2 updates in the / directory: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) and [creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml](https://github.com/creatornader/oss-security-scan).


Updates `dependabot/fetch-metadata` from 2 to 3
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v2...v3)

Updates `creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml` from 0.1.0 to 0.2.0
- [Changelog](https://github.com/creatornader/oss-security-scan/blob/main/CHANGELOG.md)
- [Commits](https://github.com/creatornader/oss-security-scan/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: dependabot/fetch-metadata
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependabot-auto-merge.yml | 2 +-
 .github/workflows/security-scan.yml         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index be15306..1b20cea 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -34,7 +34,7 @@ jobs:
     steps:
       - name: Get Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2
+        uses: dependabot/fetch-metadata@v3
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index d2bcddb..e819161 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -23,7 +23,7 @@ permissions:
 
 jobs:
   scan:
-    uses: creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml@v0.1.0
+    uses: creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml@v0.2.0
     with:
       run-osv-scanner: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}