Skip to content

chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0#191

Open
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/github_actions/aquasecurity/trivy-action-0.36.0
Open

chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0#191
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/github_actions/aquasecurity/trivy-action-0.36.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown

Bumps aquasecurity/trivy-action from 0.35.0 to 0.36.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits
  • ed142fd chore: update action version to v0.36.0 in examples (#563)
  • dea62cf chore(deps): Update trivy to v0.70.0 (#559)
  • 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
  • 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
  • dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
  • 4a2deec fix: use portable shebang in entrypoint.sh (#545)
  • 1994662 chore(deps): bump the actions group with 5 updates (#558)
  • 6b36659 chore: add zizmor config (#557)
  • 316aa5a ci: add dependabot config (#556)
  • 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 18, 2026
@github-actions

Copy link
Copy Markdown

🧠 Code Complexity Report

Average cyclomatic complexity: A (2.261465923703386)
High-complexity blocks (C+): 19
Low maintainability files: 3

High-complexity blocks (grade C and above)
src/flight_blender/utils/spatial_geo_fence.py
    F 21:0 toFromUTM - C (11)
src/flight_blender/api/routers/rid_api.py
    F 151:0 get_flight_data - C (12)
    F 118:0 dss_isa_callback - C (11)
src/flight_blender/clients/dss_scd_client.py
    M 1166:4 SCDOperations.create_and_submit_operational_intent_reference - C (16)
    M 1500:4 DSSOperationalIntentsCreator.submit_flight_declaration_to_dss - C (12)
src/flight_blender/clients/dss_rid_client.py
    M 172:4 RemoteIDOperations.create_dss_isa - C (15)
src/flight_blender/clients/dss_constraint_client.py
    M 28:4 ConstraintOperations.get_nearby_constraints - D (21)
src/flight_blender/services/geo_fence_svc.py
    M 179:4 GeoFenceOperations.check_geozones - C (15)
src/flight_blender/services/flight_feed_svc.py
    M 101:4 FlightFeedOperations.get_air_traffic - C (12)
src/flight_blender/services/rid_svc.py
    F 160:0 rid_flight_from_observation - C (12)
src/flight_blender/services/conformance_svc.py
    M 815:4 FlightBlenderConformanceEngine.is_operation_conformant_via_telemetry - D (21)
src/flight_blender/services/uss_svc.py
    F 266:0 get_uss_flights - C (19)
src/flight_blender/services/surveillance_svc.py
    M 460:4 SurveillanceMetricCalculator.calculate_sensor_health_metrics - D (22)
    M 240:4 SurveillanceOperations._calculate_sensor_health_metrics - C (20)
src/flight_blender/tasks/rid_task.py
    F 107:0 _async_process_requested_flight - D (25)
    F 430:0 _async_stream_rid_test_data - C (14)
testing/interuss/scripts/report_to_summary.py
    F 88:0 _format_report - D (25)
    F 26:0 _walk_checks - C (12)
testing/interuss/scripts/generate_result_badges.py
    F 47:0 _suite_result - C (11)

19 blocks (classes, functions, methods) analyzed.
Average complexity: C (16.105263157894736)
Low maintainability files
src/flight_blender/clients/dss_scd_client.py - C (6.71)
src/flight_blender/services/flight_declarations_svc.py - C (0.00)
src/flight_blender/services/conformance_svc.py - C (0.00)

@github-actions

Copy link
Copy Markdown

📜 License Compliance

⚠️ 1 dependencies with copyleft licenses found.

"codespell","2.4.2","GPL-2.0-only"
Full license report
Name Version License URL
arrow 1.3.0 Apache Software License https://github.com/arrow-py/arrow
flight-blender 0.1.0 Apache Software License UNKNOWN
http-message-signatures 0.5.0 Apache Software License https://github.com/pyauth/http-message-signatures
requests 2.34.2 Apache Software License https://github.com/psf/requests
requests-file 3.0.1 Apache Software License https://codeberg.org/dashea/requests-file
sortedcontainers 2.4.0 Apache Software License http://www.grantjenks.com/docs/sortedcontainers/
uas_standards 3.4.0 Apache Software License https://github.com/interuss/uas_standards
python-dateutil 2.9.0.post0 Apache Software License; BSD License https://github.com/dateutil/dateutil
uvloop 0.22.1 Apache Software License; MIT License UNKNOWN
asyncpg 0.31.0 Apache-2.0 UNKNOWN
bandit 1.9.4 Apache-2.0 https://bandit.readthedocs.io/
coverage 7.14.1 Apache-2.0 https://github.com/coveragepy/coveragepy
implicitdict 4.0.1 Apache-2.0 https://github.com/interuss/implicitdict
pbr 7.0.3 Apache-2.0 https://docs.openstack.org/pbr/latest/
pytest-asyncio 1.4.0 Apache-2.0 https://github.com/pytest-dev/pytest-asyncio
stevedore 5.8.0 Apache-2.0 https://docs.openstack.org/stevedore
types-python-dateutil 2.9.0.20260518 Apache-2.0 https://github.com/python/typeshed
tzdata 2026.2 Apache-2.0 https://github.com/python/tzdata
packaging 26.2 Apache-2.0 OR BSD-2-Clause https://github.com/pypa/packaging
cryptography 48.0.1 Apache-2.0 OR BSD-3-Clause https://github.com/pyca/cryptography
amqp 5.3.1 BSD License http://github.com/celery/py-amqp
billiard 4.2.4 BSD License https://github.com/celery/billiard
click-plugins 1.1.1.2 BSD License https://github.com/click-contrib/click-plugins
geojson 3.2.0 BSD License https://github.com/jazzband/geojson
httpx 0.28.1 BSD License https://github.com/encode/httpx
nodeenv 1.10.0 BSD License https://github.com/ekalinin/nodeenv
numpy 2.3.4 BSD License https://numpy.org
pandas 3.0.3 BSD License https://pandas.pydata.org
pika 1.3.2 BSD License https://pika.readthedocs.io
prompt_toolkit 3.0.52 BSD License https://github.com/prompt-toolkit/python-prompt-toolkit
shapely 2.1.2 BSD License https://github.com/shapely/shapely
vine 5.1.0 BSD License https://github.com/celery/vine
Pygments 2.20.0 BSD-2-Clause https://pygments.org
MarkupSafe 3.0.3 BSD-3-Clause https://github.com/pallets/markupsafe/
celery 5.6.3 BSD-3-Clause https://docs.celeryq.dev/
click 8.4.1 BSD-3-Clause https://github.com/pallets/click/
fakeredis 2.36.0 BSD-3-Clause https://github.com/cunla/fakeredis-py
httpcore 1.0.9 BSD-3-Clause https://www.encode.io/httpcore/
idna 3.18 BSD-3-Clause https://github.com/kjd/idna
jsonpickle 4.1.2 BSD-3-Clause https://jsonpickle.readthedocs.io/
kombu 5.6.2 BSD-3-Clause https://kombu.readthedocs.io
pycparser 3.0 BSD-3-Clause https://github.com/eliben/pycparser
python-dotenv 1.2.2 BSD-3-Clause https://github.com/theskumar/python-dotenv
starlette 1.3.1 BSD-3-Clause https://github.com/Kludex/starlette
tldextract 5.3.1 BSD-3-Clause https://github.com/john-kurkowski/tldextract
uvicorn 0.49.0 BSD-3-Clause https://uvicorn.dev/
websockets 16.0 BSD-3-Clause https://github.com/python-websockets/websockets
psycopg2-binary 2.9.12 GNU Library or Lesser General Public License (LGPL) https://psycopg.org/
codespell 2.4.2 GPL-2.0-only https://github.com/codespell-project/codespell
jwcrypto 1.5.7 LGPL-3.0-or-later https://github.com/latchset/jwcrypto
PyJWT 2.13.0 MIT https://github.com/jpadilla/pyjwt
SQLAlchemy 2.0.50 MIT https://www.sqlalchemy.org
alembic 1.18.4 MIT https://alembic.sqlalchemy.org
annotated-doc 0.0.4 MIT https://github.com/fastapi/annotated-doc
anyio 4.13.0 MIT https://anyio.readthedocs.io/en/stable/versionhistory.html
attrs 26.1.0 MIT https://www.attrs.org/en/stable/changelog.html
cffi 2.0.0 MIT https://cffi.readthedocs.io/en/latest/whatsnew.html
cfgv 3.5.0 MIT https://github.com/asottile/cfgv
charset-normalizer 3.4.7 MIT https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md
click-repl 0.3.0 MIT https://github.com/untitaker/click-repl
fastapi 0.136.3 MIT https://github.com/fastapi/fastapi
filelock 3.29.0 MIT https://github.com/tox-dev/py-filelock
httptools 0.8.0 MIT https://github.com/MagicStack/httptools
identify 2.6.19 MIT https://github.com/pre-commit/identify
iniconfig 2.3.0 MIT https://github.com/pytest-dev/iniconfig
jsonschema 4.26.0 MIT https://github.com/python-jsonschema/jsonschema
jsonschema-specifications 2025.9.1 MIT https://github.com/python-jsonschema/jsonschema-specifications
platformdirs 4.10.0 MIT https://github.com/tox-dev/platformdirs
pre_commit 4.6.0 MIT https://github.com/pre-commit/pre-commit
pydantic 2.13.4 MIT https://github.com/pydantic/pydantic
pydantic-settings 2.14.1 MIT https://github.com/pydantic/pydantic-settings
pydantic_core 2.46.4 MIT https://github.com/pydantic
pyproj 3.7.2 MIT https://pyproj4.github.io/pyproj/
pyright 1.1.410 MIT https://github.com/RobertCraigie/pyright-python
pytest 9.0.3 MIT https://docs.pytest.org/en/latest/
pytest-cov 7.1.0 MIT https://pytest-cov.readthedocs.io/en/latest/changelog.html
redis 7.0.1 MIT https://github.com/redis/redis-py
referencing 0.37.0 MIT https://github.com/python-jsonschema/referencing
rpds-py 2026.5.1 MIT https://github.com/crate-py/rpds
ruff 0.15.15 MIT https://docs.astral.sh/ruff
typing-inspection 0.4.2 MIT https://github.com/pydantic/typing-inspection
tzlocal 5.4 MIT https://github.com/regebro/tzlocal/blob/master/CHANGES.txt
urllib3 2.7.0 MIT https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
virtualenv 21.4.2 MIT https://github.com/pypa/virtualenv
greenlet 3.5.1 MIT AND PSF-2.0 https://greenlet.readthedocs.io
Mako 1.3.12 MIT License https://www.makotemplates.org/
PyYAML 6.0.3 MIT License https://pyyaml.org/
aiosqlite 0.22.1 MIT License https://aiosqlite.omnilib.dev
annotated-types 0.7.0 MIT License https://github.com/annotated-types/annotated-types
click-didyoumean 0.3.1 MIT License https://github.com/click-contrib/click-didyoumean
dacite 1.9.2 MIT License https://github.com/konradhalas/dacite
h11 0.16.0 MIT License https://github.com/python-hyper/h11
http_sfv 0.9.9 MIT License https://github.com/mnot/http_sfv
jschema-to-python 1.2.3 MIT License https://github.com/microsoft/jschema-to-python
loguru 0.7.3 MIT License https://github.com/Delgan/loguru
markdown-it-py 4.2.0 MIT License https://github.com/executablebooks/markdown-it-py
marshmallow 4.1.2 MIT License https://github.com/marshmallow-code/marshmallow
mdurl 0.1.2 MIT License https://github.com/executablebooks/mdurl
pluggy 1.6.0 MIT License UNKNOWN
pytest-env 1.6.0 MIT License https://github.com/pytest-dev/pytest-env
python-discovery 1.4.0 MIT License https://github.com/tox-dev/python-discovery
pytimeparse 1.1.8 MIT License https://github.com/wroberts/pytimeparse
rich 15.0.0 MIT License https://github.com/Textualize/rich
rtree 1.4.0 MIT License https://github.com/Toblerity/rtree
sarif-om 1.0.4 MIT License https://github.com/microsoft/sarif-python-om
six 1.17.0 MIT License https://github.com/benjaminp/six
wait-for-it 2.3.0 MIT License https://github.com/hartwork/wait-for-it
watchfiles 1.2.0 MIT License https://github.com/samuelcolvin/watchfiles
certifi 2026.5.20 Mozilla Public License 2.0 (MPL 2.0) https://github.com/certifi/python-certifi
typing_extensions 4.15.0 PSF-2.0 https://github.com/python/typing_extensions
distlib 0.4.1 Python Software Foundation License https://github.com/pypa/distlib

@github-actions

Copy link
Copy Markdown

🚨 Bandit results

0 issues found ()

Show details
Run started:2026-06-18 18:44:28.506198+00:00

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 16598
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 25

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

@github-actions

Copy link
Copy Markdown

🛡️ pip-audit results

✅ No vulnerabilities found.

@github-actions

Copy link
Copy Markdown

📊 Test Coverage Report

🟡 Overall coverage: 72.2%

Files with lowest coverage (<50%)
File Coverage
src/flight_blender/clients/dss_rid_client.py 15.4%
src/flight_blender/auth/dss_auth.py 18.6%
src/flight_blender/clients/dss_constraint_client.py 19.4%
src/flight_blender/repositories/constraint_repo.py 23.1%
src/flight_blender/auth/pki.py 26.3%
src/flight_blender/clients/dss_scd_client.py 38.2%
src/flight_blender/tasks/flight_declarations_task.py 40.0%
src/flight_blender/auth/token_cache.py 48.0%

@github-actions

Copy link
Copy Markdown

🐳 Trivy Container Scan

✅ No vulnerabilities found (CRITICAL/HIGH/MEDIUM).

@github-actions

Copy link
Copy Markdown

InterUSS Qualification Report

Workflow run: https://github.com/openutm/flight-blender/actions/runs/27781690405

InterUSS uss_qualifier — f3548

Codebase: interuss/monitoring/v0.30.0 (commit d1166f192120)

Started: 2026-06-18T18:45:46.199092Z
Ended: 2026-06-18T18:47:50.956960Z

Overall result: ✅ PASS

Check results

Result Count
✅ Pass 5628
❌ Fail 2
Total 5630 (100% pass)
Per-scenario breakdown
Scenario ✅ Pass ❌ Fail Execution error
Get system versions 2 0 No
ASTM F3548 flight planners preparation 38 0 No
ASTM SCD DSS: Operational Intent Explicit Subscription handling 45 0 No
ASTM SCD DSS: Implicit Subscription handling 121 0 No
ASTM SCD DSS: Operational Intent Reference Simple 114 0 No
ASTM SCD DSS: Constraint Reference Simple 10 0 No
ASTM SCD DSS: Constraint Reference Synchronization 227 0 No
ASTM SCD DSS: USS Availability Synchronization 37 0 No
ASTM F3548-21 UTM DSS Operational Intent Reference State Transitions 17 0 No
ASTM SCD DSS: Subscription and entity deletion interaction 73 0 No
ASTM SCD DSS: Subscription and entity interaction 102 0 No
ASTM SCD DSS: Operational Intent Reference Key Validation 32 0 No
ASTM SCD DSS: Operational Intent Reference Synchronization 126 0 No
ASTM SCD DSS: Interfaces authentication 182 0 No
ASTM SCD DSS: Subscription Simple 403 0 No
ASTM SCD DSS: Subscription Validation 7 0 No
ASTM F3548-21 UTM DSS Operational Intent Reference Access Control 18 0 No
ASTM F3548-21 UTM DSS interoperability 2 0 No
ASTM SCD DSS: Subscription Synchronization 398 0 No
? 0 0 No
OVN Request Optional Extension to ASTM F3548-21 12 0 No
ASTM SCD DSS: Report 2 0 No
ASTM Availability DSS: USS Availability Mutation 4 0 No
ASTM SCD DSS: Operational Intent Explicit Subscription handling 45 0 No
ASTM SCD DSS: Implicit Subscription handling 121 0 No
ASTM SCD DSS: Operational Intent Reference Simple 114 0 No
ASTM SCD DSS: Constraint Reference Simple 10 0 No
ASTM SCD DSS: Constraint Reference Synchronization 227 0 No
ASTM SCD DSS: USS Availability Synchronization 38 0 No
ASTM F3548-21 UTM DSS Operational Intent Reference State Transitions 17 0 No
ASTM SCD DSS: Subscription and entity deletion interaction 73 0 No
ASTM SCD DSS: Subscription and entity interaction 102 0 No
ASTM SCD DSS: Operational Intent Reference Key Validation 32 0 No
ASTM SCD DSS: Operational Intent Reference Synchronization 126 0 No
ASTM SCD DSS: Interfaces authentication 182 0 No
ASTM SCD DSS: Subscription Simple 403 0 No
ASTM SCD DSS: Subscription Validation 7 0 No
ASTM F3548-21 UTM DSS Operational Intent Reference Access Control 18 0 No
ASTM F3548-21 UTM DSS interoperability 2 0 No
ASTM SCD DSS: Subscription Synchronization 398 0 No
? 0 0 No
OVN Request Optional Extension to ASTM F3548-21 12 0 No
ASTM SCD DSS: Report 2 0 No
ASTM Availability DSS: USS Availability Mutation 4 0 No
Validation of operational intents 36 0 No
Validation of operational intents 38 0 No
Nominal planning: conflict with higher priority 180 1 No
Nominal planning: conflict with higher priority 179 1 No
Nominal planning: conflict with higher priority 178 0 No
Nominal planning: conflict with higher priority 175 0 No
Nominal planning: not permitted conflict with equal priority 141 0 No
Nominal planning: not permitted conflict with equal priority 128 0 No
Nominal planning: not permitted conflict with equal priority 144 0 No
Nominal planning: not permitted conflict with equal priority 131 0 No
Data Validation of GET operational intents by USS 52 0 No
Data Validation of GET operational intents by USS 53 0 No
Awareness of relevant operational intents 67 0 No
Awareness of relevant operational intents 69 0 No
Off-Nominal planning: down USS 28 0 No
Off-Nominal planning: down USS 29 0 No
Off-Nominal planning: down USS with equal priority conflicts not permitted 20 0 No
Off-Nominal planning: down USS with equal priority conflicts not permitted 20 0 No
ASTM F3548 flight planners preparation 38 0 No
ASTM F3548 makeUssReport 2 0 No
ASTM F3548-21 evaluate system versions 9 0 No
ASTM F3548 UTM aggregate checks 6 0 No

Failed checks per participant

Participant Failed checks Unique requirements
flight_blender 2 1
Failed checks (2 total, showing first 2)
Check Participants Requirements Summary
🔵 Rejected modification flight_blender astm.f3548.v21.SCD0030 Warning (not a failure): modification got rejected but a pre-existing conflict w
🔵 Rejected modification flight_blender astm.f3548.v21.SCD0030 Warning (not a failure): modification got rejected but a pre-existing conflict w

InterUSS uss_qualifier — netrid_v22a

Codebase: interuss/monitoring/v0.30.0 (commit d1166f192120)

Started: 2026-06-18T18:48:05.951459Z
Ended: 2026-06-18T18:54:04.507311Z

Overall result: ✅ PASS

Check results

Result Count
✅ Pass 10581
❌ Fail 0
Total 10581 (100% pass)
Per-scenario breakdown
Scenario ✅ Pass ❌ Fail Execution error
? 0 0 No
ASTM NetRID Service Provider operator notification under slow update rate 8 0 No
ASTM NetRID Display Provider behavior 19 0 No
ASTM NetRID networked UAS disconnection 122 0 No
ASTM NetRID Service Provider operator notification on missing fields 58 0 No
ASTM NetRID Service Provider notification behavior 11 0 No
ASTM NetRID nominal behavior 3168 0 No
ASTM NetRID SP clients misbehavior handling 16 0 No
ASTM NetRID DSS: Endpoint encryption 0 0 No
ASTM NetRID DSS: Simple ISA 80 0 No
ASTM NetRID DSS: Submitted ISA Validations 10 0 No
ASTM NetRID DSS: ISA Expiry 6 0 No
ASTM NetRID DSS: ISA Subscription Interactions 30 0 No
ASTM NetRID DSS: Subscription Validation 19 0 No
ASTM NetRID DSS: Subscription Simple 382 0 No
ASTM F3411-22a NetRID DSS interoperability 125 0 No
ASTM NetRID DSS: Token Validation 25 0 No
? 0 0 No
ASTM NetRID DSS: Concurrent Requests 2910 0 No
ASTM NetRID DSS: Endpoint encryption 0 0 No
ASTM NetRID DSS: Simple ISA 80 0 No
ASTM NetRID DSS: Submitted ISA Validations 10 0 No
ASTM NetRID DSS: ISA Expiry 6 0 No
ASTM NetRID DSS: ISA Subscription Interactions 30 0 No
ASTM NetRID DSS: Subscription Validation 19 0 No
ASTM NetRID DSS: Subscription Simple 382 0 No
ASTM F3411-22a NetRID DSS interoperability 125 0 No
ASTM NetRID DSS: Token Validation 25 0 No
? 0 0 No
ASTM NetRID DSS: Concurrent Requests 2910 0 No
ASTM F3411-22a NetRID aggregate checks 5 0 No

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants