OSV inline reviews can block merge if "all conversations must be resolved" is set in branch protections

[jhrozek]

Describe the issue

When the OSV PR check catches an issue and the review is dismissed without resolving the inline conversation and at the same time the branch protection says that all conversations must be resolved, we do correctly dismiss the old review, but do not resolve the conversation. This might still block PR acceptance.

To Reproduce

1. Set branch protection to require conversation resolution
2. Push a patch with a dependency that adds a vulnerability. Make sure that Minder catches that and adds an inline comment
3. Resolve the CVE with another mean than accepting the inline comment, e.g. by pushing a new version
4. the review will be dismissed but the conversation will still not be resolved which will block the PR

Minder should probably resolve the conversation as well.

What version are you using?

No response