Skip to content

chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0#433

Merged
izadoesdev merged 2 commits into
stagingfrom
dependabot/github_actions/staging/aquasecurity/trivy-action-0.36.0
Jun 30, 2026
Merged

chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0#433
izadoesdev merged 2 commits into
stagingfrom
dependabot/github_actions/staging/aquasecurity/trivy-action-0.36.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Copy link
Copy Markdown
Contributor

Bumps aquasecurity/trivy-action from 0.35.0 to 0.36.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits
  • ed142fd chore: update action version to v0.36.0 in examples (#563)
  • dea62cf chore(deps): Update trivy to v0.70.0 (#559)
  • 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
  • 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
  • dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
  • 4a2deec fix: use portable shebang in entrypoint.sh (#545)
  • 1994662 chore(deps): bump the actions group with 5 updates (#558)
  • 6b36659 chore: add zizmor config (#557)
  • 316aa5a ci: add dependabot config (#556)
  • 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 29, 2026
@dependabot
dependabot Bot requested a review from izadoesdev as a code owner April 29, 2026 04:31
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 29, 2026
@vercel

vercel Bot commented Apr 29, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dashboard Ready Ready Preview, Comment Jun 30, 2026 8:53pm
databuddy-status Ready Ready Preview, Comment Jun 30, 2026 8:53pm
documentation Ready Ready Preview, Comment Jun 30, 2026 8:53pm

@unkey-deploy

unkey-deploy Bot commented Apr 29, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Unkey Deploy

Name Status Preview Inspect Updated (UTC)
api (preview) Ready Visit Preview Inspect Jun 30, 2026 8:51pm

@izadoesdev

Copy link
Copy Markdown
Member

Triage update before merge: this PR only updates the pinned aquasecurity/trivy-action SHA in .github/workflows/docker-publish.yml from 0.35.0 to 0.36.0. I verified ed142fd0673e97e23eac54620cfb913e5ce36c25 is the dereferenced v0.36.0 tag from aquasecurity/trivy-action. The old red lint/type checks were stale workflow-base failures, so I updated the branch onto current staging; local pre-push bun run test passed and fresh GitHub checks are green: Lint, Check Types, Test, CodeQL/Analyze, Socket, Dependabot config, and Vercel previews.

@izadoesdev izadoesdev left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved after updating onto staging. Diff is limited to the pinned Trivy action v0.36.0 commit, tag target verified, and fresh CI is green.

@izadoesdev
izadoesdev merged commit 2393dfc into staging Jun 30, 2026
13 checks passed
@izadoesdev
izadoesdev deleted the dependabot/github_actions/staging/aquasecurity/trivy-action-0.36.0 branch June 30, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant