From 95beb64b09c7dd553c838de509fdf874c9656fde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Mar 2026 00:59:44 +0000 Subject: [PATCH 1/2] chore(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/b6643a29fecd7f34b3597bc6acb0a98b03d33ff8...c1824fd6edce30d7ab345a9989de00bbd46ef284) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 3082333..517eb0c 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -759,7 +759,7 @@ jobs: cosign public-key --key env://COSIGN_PRIVATE_KEY >/dev/null - name: Generate SBOM (SPDX JSON) from GHCR digest - uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2 + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 with: image-ref: ${{ env.GHCR_REF }} format: spdx-json From dbc6b7b2eb2ce741409fbd002aed4832853f2c21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Wed, 18 Mar 2026 01:01:16 +0000 Subject: [PATCH 2/2] chore(nix): fix hash for updated go dependencies --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 356be7c..d557147 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ version = "0.1.0"; src = ./.; - vendorHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + vendorHash = "sha256-MDvmhbzoVP4FIapKnEiRIXRSuE5hvUBz7opyVD7wRJI="; ldflags = [ "-s"