fix(ci): correct trivy-action commit SHA to valid v0.35.0 SHA

Copilot · rohit-sourcefuse · Sourav-kashyap · commit 0c31ee8d6c57 · 2026-04-14T14:55:15.000+05:30
Agent-Logs-Url: https://github.com/sourcefuse/loopback4-notifications/sessions/e04a6e1d-b349-40c1-aa8f-15cd0f16fb4b Co-authored-by: rohit-sourcefuse <16935898+rohit-sourcefuse@users.noreply.github.com>
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -13,8 +13,8 @@ jobs:
       matrix:
         node-version: [20, 22, 24]
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install Dependencies
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -13,7 +13,7 @@ jobs:
     # environment: production  # Uncomment if you set an environment name in npm trusted publisher settings
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # fetch-depth is necessary to get all tags
           # otherwise lerna can't detect the changes and will end up bumping the versions for all packages
diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml
@@ -18,13 +18,13 @@ jobs:
 
     steps:
       - name: Checkout Extension Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{env.GITHUB_TOKEN}}
           path: './extension/'
 
       - name: Checkout Docs Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{env.GITHUB_TOKEN}}
           repository: ${{env.DOCS_REPO}}
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -19,10 +19,10 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@57a97c7e8b8c6e9c1a7a20db8c5e540c31cf79a8 # v0.35.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '${{ github.workspace }}'
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -157,7 +157,7 @@
     },
     "twilio": {
       "jsonwebtoken": "9.0.0",
-      "axios": "1.12.2"
+      "axios": "1.15.0"
     },
     "body-parser": {
       "debug": "^4.3.4"
