Skip to content

chore(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.35.0 in /.github/workflows in the github_actions group across 1 directory#17

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github_actions-34786f325a
Closed

chore(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.35.0 in /.github/workflows in the github_actions group across 1 directory#17
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github_actions-34786f325a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the github_actions group with 1 update in the /.github/workflows directory: aquasecurity/trivy-action.

Updates aquasecurity/trivy-action from 0.34.0 to 0.35.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

Release: 0.35.0

What's Changed

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

Release: v0.35.0

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

Commits
  • 57a97c7 chore(deps): Update trivy to v0.69.3 (#519)
  • 97e0b38 chore: bump Trivy version to v0.69.2 in test workflow and README (#515)
  • 4c61e63 chore: bump default Trivy version to v0.69.2 (#513)
  • 1bd0625 Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file
  • bce3086 remove unused init-cache target
  • 5a9fbb1 supress progress bar when download db
  • 1615450 update trivyignores input description
  • df85774 add comment about fd3
  • 56c8dae remove unused variable
  • e368e32 ci(test): add zizmor security linter for GitHub Actions (#502)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the github_actions group with 1 update in the /.github/workflows directory: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `aquasecurity/trivy-action` from 0.34.0 to 0.35.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@v0.34.0...0.35.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.35.0
  dependency-type: direct:production
  dependency-group: github_actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 24, 2026
@dependabot dependabot Bot requested a review from jfreed-dev as a code owner March 24, 2026 18:02
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 24, 2026
@jfreed-dev

Copy link
Copy Markdown
Member

Superseded by PR #22 which manually bumped aquasecurity/trivy-action to v0.35.0 (pinned by SHA). Closing.

@jfreed-dev jfreed-dev closed this May 17, 2026
@dependabot @github

dependabot Bot commented on behalf of github May 17, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@jfreed-dev jfreed-dev deleted the dependabot/github_actions/dot-github/workflows/github_actions-34786f325a branch May 17, 2026 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant