build(deps): Bump aquasecurity/trivy-action from 0.34.0 to 0.35.0

[dependabot]

Bumps aquasecurity/trivy-action from 0.34.0 to 0.35.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.35.0

What's Changed

• chore(deps): Update trivy to v0.69.3 by @​aqua-bot in aquasecurity/trivy-action#519

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

v0.34.2

What's Changed

• feat: add YAML support for trivyignores by @​nikpivkin in aquasecurity/trivy-action#508
• chore: bump default Trivy version to v0.69.2 by @​nick-the-nuke in aquasecurity/trivy-action#513
• chore: bump Trivy version to v0.69.2 in test workflow and README by @​DmitriyLewen in aquasecurity/trivy-action#515

New Contributors

• @​nick-the-nuke made their first contribution in aquasecurity/trivy-action#513

Full Changelog: aquasecurity/trivy-action@0.34.1...0.34.2

v0.34.1

What's Changed

• ci(test): add zizmor security linter for GitHub Actions by @​DmitriyLewen in aquasecurity/trivy-action#502

Full Changelog: aquasecurity/trivy-action@0.34.0...0.34.1

Commits

• 57a97c7 chore(deps): Update trivy to v0.69.3 (#519)
• 97e0b38 chore: bump Trivy version to v0.69.2 in test workflow and README (#515)
• 4c61e63 chore: bump default Trivy version to v0.69.2 (#513)
• 1bd0625 Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file
• bce3086 remove unused init-cache target
• 5a9fbb1 supress progress bar when download db
• 1615450 update trivyignores input description
• df85774 add comment about fd3
• 56c8dae remove unused variable
• e368e32 ci(test): add zizmor security linter for GitHub Actions (#502)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Low Risk
Low risk dependency bump limited to GitHub Actions workflows; the main risk is CI behavior changes in Trivy scan results or failures due to the updated scanner version.

Overview
Updates GitHub Actions security scanning to use aquasecurity/trivy-action@0.35.0 (from 0.34.0) for the container image scan in container-publish.yml and the filesystem/config scans in security.yml.

RCA: The workflows were pinned to an older Trivy action, leaving CI scans running on an outdated Trivy engine and vulnerability database behavior. This increases the chance of missing/incorrect findings compared to current releases.

The Fix: Bump the pinned action version in all Trivy steps so CI uses the newer Trivy release bundled with 0.35.0.

The Proof: No tests or coverage signals are changed/added in this PR, and this repo change does not provide a way to confirm "coverage >80%" from the diff; validation is limited to the workflows running successfully post-merge.

Telemetry Added: None.

^{Written by Cursor Bugbot for commit 1e8a4ef. This will update automatically on new commits. Configure here.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #16.