Skip to content

🌱 Fix CVEs rated critical and high#320

Merged
piepmatz merged 6 commits into
mainfrom
dependabot/github_actions/aquasecurity/trivy-action-0.33.1
Mar 25, 2026
Merged

🌱 Fix CVEs rated critical and high#320
piepmatz merged 6 commits into
mainfrom
dependabot/github_actions/aquasecurity/trivy-action-0.33.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Sep 4, 2025
edited by piepmatz
Loading

Bumps

  • aquasecurity/trivy-action from 0.30.0 to v0.35.0
  • google.golang.org/grpc from v1.70.0 to v1.79.3
  • go.opentelemetry.io/otel/sdk from v1.32.0 to 1.41.0

Builds the image using Go 1.25.8.

@dependabot
🌱 Bump aquasecurity/trivy-action from 0.30.0 to 0.33.1
3110856 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.30.0 to 0.33.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@0.30.0...0.33.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 4, 2025
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Sep 4, 2025
@dependabot dependabot Bot added the github_actions Pull requests that update GitHub Actions code label Sep 4, 2025
@dependabot dependabot Bot mentioned this pull request Sep 4, 2025
Closed
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Sep 4, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
4 Security Hotspots

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 25, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@piepmatz piepmatz changed the title 🌱 Bump aquasecurity/trivy-action from 0.30.0 to 0.33.1 🌱 Fix CVEs rated critical and high Mar 25, 2026
@piepmatz piepmatz merged commit 7ee32e4 into main Mar 25, 2026
9 of 10 checks passed
@piepmatz piepmatz deleted the dependabot/github_actions/aquasecurity/trivy-action-0.33.1 branch March 25, 2026 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@piepmatz piepmatz piepmatz approved these changes

@gfariasalves-ionos gfariasalves-ionos Awaiting requested review from gfariasalves-ionos gfariasalves-ionos is a code owner

@mcbenjemaa mcbenjemaa Awaiting requested review from mcbenjemaa mcbenjemaa is a code owner

@wikkyk wikkyk Awaiting requested review from wikkyk wikkyk is a code owner

@jriedel-ionos jriedel-ionos Awaiting requested review from jriedel-ionos jriedel-ionos is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@piepmatz