[PR #326] chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 #2281

New Issue

Open

opened 2026-05-03 05:59:30 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-05-03 05:59:30 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/newt/pull/326
Author: @dependabot[bot]
Created: 4/27/2026
Status: 🔄 Open

Base: main ← Head: dependabot/github_actions/aquasecurity/trivy-action-0.36.0

---

📝 Commits (1)

• 22f86f6 chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/cicd.yml (+1 -1)

📄 Description

Bumps aquasecurity/trivy-action from 0.35.0 to 0.36.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

• chore(ci): update bump-trivy workflow by @​DmitriyLewen in aquasecurity/trivy-action#546
• ci: use action.yaml as single source of truth for Trivy version by @​nikpivkin in aquasecurity/trivy-action#552
• ci: replace peter-evans/create-pull-request with gh CLI by @​nikpivkin in aquasecurity/trivy-action#550
• test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @​nikpivkin in aquasecurity/trivy-action#555
• ci: add dependabot config by @​nikpivkin in aquasecurity/trivy-action#556
• chore: add zizmor config by @​nikpivkin in aquasecurity/trivy-action#557
• chore(deps): bump the actions group with 5 updates by @​dependabot[bot] in aquasecurity/trivy-action#558
• fix: use portable shebang in entrypoint.sh by @​Hayao0819 in aquasecurity/trivy-action#545
• Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @​patrik-csak in aquasecurity/trivy-action#547
• Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @​Aditya09-cse in aquasecurity/trivy-action#548
• chore: use GitHub Actions as git commit author in bump-trivy workflow by @​nikpivkin in aquasecurity/trivy-action#561
• chore(deps): Update trivy to v0.70.0 by @​Argon-DevOps-Mgt in aquasecurity/trivy-action#559
• chore: update action version to v0.36.0 in examples by @​nikpivkin in aquasecurity/trivy-action#563

New Contributors

• @​dependabot[bot] made their first contribution in aquasecurity/trivy-action#558
• @​Hayao0819 made their first contribution in aquasecurity/trivy-action#545
• @​patrik-csak made their first contribution in aquasecurity/trivy-action#547
• @​Aditya09-cse made their first contribution in aquasecurity/trivy-action#548
• @​Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0

Commits

• ed142fd chore: update action version to v0.36.0 in examples (#563)
• dea62cf chore(deps): Update trivy to v0.70.0 (#559)
• 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
• 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
• dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
• 4a2deec fix: use portable shebang in entrypoint.sh (#545)
• 1994662 chore(deps): bump the actions group with 5 updates (#558)
• 6b36659 chore: add zizmor config (#557)
• 316aa5a ci: add dependabot config (#556)
• 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/newt/pull/326 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/27/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/github_actions/aquasecurity/trivy-action-0.36.0` --- ### 📝 Commits (1) - [`22f86f6`](https://github.com/fosrl/newt/commit/22f86f69c29512e8247c52fcc0aa2e942e763ee6) chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/cicd.yml` (+1 -1) </details> ### 📄 Description Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's releases</a>.</em></p> <blockquote> <h2>v0.36.0</h2> <h2>What's Changed</h2> <ul> <li>chore(ci): update bump-trivy workflow by <a href="https://github.com/DmitriyLewen"><code>@​DmitriyLewen</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/546">aquasecurity/trivy-action#546</a></li> <li>ci: use action.yaml as single source of truth for Trivy version by <a href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/552">aquasecurity/trivy-action#552</a></li> <li>ci: replace peter-evans/create-pull-request with gh CLI by <a href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/550">aquasecurity/trivy-action#550</a></li> <li>test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by <a href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/555">aquasecurity/trivy-action#555</a></li> <li>ci: add dependabot config by <a href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/556">aquasecurity/trivy-action#556</a></li> <li>chore: add zizmor config by <a href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/557">aquasecurity/trivy-action#557</a></li> <li>chore(deps): bump the actions group with 5 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/558">aquasecurity/trivy-action#558</a></li> <li>fix: use portable shebang in entrypoint.sh by <a href="https://github.com/Hayao0819"><code>@​Hayao0819</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/545">aquasecurity/trivy-action#545</a></li> <li>Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by <a href="https://github.com/patrik-csak"><code>@​patrik-csak</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/547">aquasecurity/trivy-action#547</a></li> <li>Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes <a href="https://redirect.github.com/aquasecurity/trivy-action/issues/549">#549</a> by <a href="https://github.com/Aditya09-cse"><code>@​Aditya09-cse</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/548">aquasecurity/trivy-action#548</a></li> <li>chore: use GitHub Actions as git commit author in bump-trivy workflow by <a href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/561">aquasecurity/trivy-action#561</a></li> <li>chore(deps): Update trivy to v0.70.0 by <a href="https://github.com/Argon-DevOps-Mgt"><code>@​Argon-DevOps-Mgt</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/559">aquasecurity/trivy-action#559</a></li> <li>chore: update action version to v0.36.0 in examples by <a href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/563">aquasecurity/trivy-action#563</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/558">aquasecurity/trivy-action#558</a></li> <li><a href="https://github.com/Hayao0819"><code>@​Hayao0819</code></a> made their first contribution in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/545">aquasecurity/trivy-action#545</a></li> <li><a href="https://github.com/patrik-csak"><code>@​patrik-csak</code></a> made their first contribution in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/547">aquasecurity/trivy-action#547</a></li> <li><a href="https://github.com/Aditya09-cse"><code>@​Aditya09-cse</code></a> made their first contribution in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/548">aquasecurity/trivy-action#548</a></li> <li><a href="https://github.com/Argon-DevOps-Mgt"><code>@​Argon-DevOps-Mgt</code></a> made their first contribution in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/559">aquasecurity/trivy-action#559</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0">https://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aquasecurity/trivy-action/commit/ed142fd0673e97e23eac54620cfb913e5ce36c25"><code>ed142fd</code></a> chore: update action version to v0.36.0 in examples (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/563">#563</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/dea62cf79abc269fc35dfd161a4539f0d1f92293"><code>dea62cf</code></a> chore(deps): Update trivy to v0.70.0 (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/559">#559</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/128d9a8815401077119ad09f6ca1892d422c387b"><code>128d9a8</code></a> chore: use GitHub Actions as git commit author in bump-trivy workflow (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/561">#561</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/876cf04c63f65e9799bcf1043b584e72469c7143"><code>876cf04</code></a> Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes <a href="https://redirect.github.com/aquasecurity/trivy-action/issues/549">#549</a> (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/548">#548</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/dada78485d6b2b310d433af366da35a70cf01102"><code>dada784</code></a> Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/547">#547</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/4a2deec9100bbbee6320e9a33fc9216b5e444e0b"><code>4a2deec</code></a> fix: use portable shebang in entrypoint.sh (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/545">#545</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/1994662b5555670344cd84d29ed3cad4bd26f31c"><code>1994662</code></a> chore(deps): bump the actions group with 5 updates (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/558">#558</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/6b36659d99b5bc1a27d44e8be2e3b007f91b033c"><code>6b36659</code></a> chore: add zizmor config (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/557">#557</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/316aa5aebe03b45a43ade3ec18d7b9c7f9ccb464"><code>316aa5a</code></a> ci: add dependabot config (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/556">#556</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/264c9c5e188ea085e7377fd77abd17bfbd4e5926"><code>264c9c5</code></a> test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/555">#555</a>)</li> <li>Additional commits viewable in <a href="https://github.com/aquasecurity/trivy-action/compare/57a97c7e7821a5776cebc9bb87c984fa69cba8f1...ed142fd0673e97e23eac54620cfb913e5ce36c25">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-05-03 05:59:30 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

fix-nix

dependabot/github_actions/actions/setup-go-6.4.0

dependabot/github_actions/docker/build-push-action-7.1.0

dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.0

dependabot/github_actions/softprops/action-gh-release-3.0.0

logging-provision

1.12.3

1.12.2

v1.12.2

1.12.1

v1.12.1

1.12.0

v1.12.0

v1.12.0-rc.1

1.12.0-rc.0

1.11.0

v1.11.0

1.10.4

1.10.3

v1.10.3

1.10.2

v1.10.2

1.10.1

v1.10.1

1.10.0

v1.10.0

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

v1.9.0

1.8.1

v1.8.1

v1.8.0

1.8.0

1.8.0-rc.0

1.7.0

1.6.1

1.7.0-rc.0

1.6.0

v1.0.1

1.4.9

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

dependencies

enhancement

good first issue

help wanted

Improvement

needs investigating

pull-request

Mirrored from GitHub Pull Request

stale

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#2281