build(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 in /.github/workflows#16260
Conversation
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.34.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
github-actions
bot
added
devops
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🚫 [actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2129:style:2:3: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
datahub/.github/workflows/docker-unified.yml
Line 150 in 3c4b8ff
There was a problem hiding this comment.
🚫 [actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2116:style:4:23: Useless echo? Instead of 'cmd $(echo foo)', just use 'cmd foo' [shellcheck]
datahub/.github/workflows/docker-unified.yml
Line 499 in 3c4b8ff
There was a problem hiding this comment.
shellcheck reported issue in this script: SC2309:warning:1:7: -gt treats this as a variable. Use > to compare as string (or expand explicitly with $var) [shellcheck]
datahub/.github/workflows/docker-unified.yml
Line 499 in 3c4b8ff
There was a problem hiding this comment.
🚫 [actionlint] reported by reviewdog 🐶
"github.head_ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details [expression]
datahub/.github/workflows/docker-unified.yml
Line 823 in 3c4b8ff
datahub-cyborg
bot
added
the
needs-review
Bumps aquasecurity/trivy-action from 0.33.1 to 0.34.0.
Release notes
Sourced from aquasecurity/trivy-action's releases.
Commits
c1824fdchore(deps): Update trivy to v0.69.1 (#506)bc61dc5Merge commit from fork5eb7ef2ci: use checks bundle v2 in sync workflow (#505)22438a4Merge pull request #496 from aquasecurity/bump-trivy-17654310740024b3fchore(deps): Update trivy to v0.68.183690f7ci: install trivy in bump-trivy workflow and update tests (#495)df65449chore: update README (#493)0317097ci: use setup-bats in bump-trivy workflow (#494)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.