ci: bump aquasecurity/trivy-action from 0.33.1 to 0.34.0

dependabot[bot] · github-actions[bot] · commit 4f96d1c1237b · 2026-02-18T12:42:22.000Z
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@b6643a2...c1824fd) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -101,7 +101,7 @@ jobs:
           docker run --rm --entrypoint which phpbu:ci-full gpg
 
       - name: Run Trivy on minimal
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
         with:
           image-ref: phpbu:ci
           format: 'sarif'
@@ -110,7 +110,7 @@ jobs:
           exit-code: '1'
 
       - name: Run Trivy on full
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
         with:
           image-ref: phpbu:ci-full
           format: 'sarif'
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -37,7 +37,7 @@ jobs:
           load: true
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
         with:
           image-ref: phpbu:${{ matrix.variant }}
           format: 'sarif'
