chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0#433
Conversation
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@57a97c7...ed142fd) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
The latest updates on your projects. Learn more about Unkey Deploy
|
|
Triage update before merge: this PR only updates the pinned |
izadoesdev
left a comment
There was a problem hiding this comment.
Approved after updating onto staging. Diff is limited to the pinned Trivy action v0.36.0 commit, tag target verified, and fresh CI is green.
Bumps aquasecurity/trivy-action from 0.35.0 to 0.36.0.
Release notes
Sourced from aquasecurity/trivy-action's releases.
Commits
ed142fdchore: update action version to v0.36.0 in examples (#563)dea62cfchore(deps): Update trivy to v0.70.0 (#559)128d9a8chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)876cf04Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)dada784Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)4a2deecfix: use portable shebang in entrypoint.sh (#545)1994662chore(deps): bump the actions group with 5 updates (#558)6b36659chore: add zizmor config (#557)316aa5aci: add dependabot config (#556)264c9c5test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)