Skip to content

Pin trivy action version to v0.35.0#2293

Merged
tomkralidis merged 1 commit intomasterfrom
francbartoli-trivy-action-patch
Mar 24, 2026
Merged

Pin trivy action version to v0.35.0#2293
tomkralidis merged 1 commit intomasterfrom
francbartoli-trivy-action-patch

Conversation

@francbartoli
Copy link
Copy Markdown
Contributor

@francbartoli francbartoli commented Mar 24, 2026

Pin trivy to a safe version before the incident GHSA-69fq-xp46-6x23

Overview

Related Issue / discussion

Additional information

Dependency policy (RFC2)

  • I have ensured that this PR meets RFC2 requirements

Updates to public demo

Contributions and licensing

(as per https://github.com/geopython/pygeoapi/blob/master/CONTRIBUTING.md#contributions-and-licensing)

  • I'd like to contribute [feature X|bugfix Y|docs|something else] to pygeoapi. I confirm that my contributions to pygeoapi will be compatible with the pygeoapi license guidelines at the time of contribution
  • I have already previously agreed to the pygeoapi Contributions and Licensing Guidelines

@francbartoli
Pin trivy action version to v0.35.0
a0227ae 
Pin trivy to a safe version before the incident GHSA-69fq-xp46-6x23
@francbartoli francbartoli self-assigned this Mar 24, 2026
@tomkralidis tomkralidis added this to the 0.24.0 milestone Mar 24, 2026
@tomkralidis tomkralidis added the security Security label Mar 24, 2026
@tomkralidis tomkralidis merged commit a478147 into master Mar 24, 2026
9 checks passed
@tomkralidis tomkralidis deleted the francbartoli-trivy-action-patch branch March 24, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomkralidis tomkralidis tomkralidis approved these changes

Assignees

@francbartoli francbartoli

Labels

security Security

Projects

None yet

Milestone

0.24.0

Development

Successfully merging this pull request may close these issues.

2 participants

@francbartoli @tomkralidis