build(deps): Bump aquasecurity/trivy-action from 0.34.0 to 0.35.0 in /.github/workflows in the github_actions group across 1 directory

[dependabot]

Bumps the github_actions group with 1 update in the /.github/workflows directory: aquasecurity/trivy-action.

Updates aquasecurity/trivy-action from 0.34.0 to 0.35.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

Release: 0.35.0

What's Changed

• chore(deps): Update trivy to v0.69.3 by @​aqua-bot in aquasecurity/trivy-action#519

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

Release: v0.35.0

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Low risk dependency bump limited to GitHub Actions workflow configuration. Main risk is CI security scanning behavior changing due to the updated Trivy action/engine version.

Overview
RCA: The workflows pinned aquasecurity/trivy-action to an older release, leaving CI security scans running on an outdated action/Trivy version. This increases the chance of missing or misreporting vulnerabilities due to stale scanner behavior.

The Fix: Bumps aquasecurity/trivy-action from 0.34.0 to 0.35.0 in container-publish.yml (image scan) and security.yml (filesystem + config scans), with no other workflow logic changes.

The Proof: No application tests/coverage were changed or can be asserted from this diff; verification is that the updated workflows run successfully in CI (coverage >80% is not applicable here).

Telemetry Added: None (no new OTel spans or Loki logs added).

^{Written by Cursor Bugbot for commit 5d025a6. This will update automatically on new commits. Configure here.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud