merlimat opened a new pull request, #25372: URL: https://github.com/apache/pulsar/pull/25372
## Motivation The `aquasecurity/trivy-action` repository was compromised in a supply chain attack where an attacker force-pushed malicious payloads to 75 out of 76 version tags. Version 0.35.0 is the first safe release after the incident. References: - https://github.com/aquasecurity/trivy-action/issues/541 - https://github.com/aquasecurity/trivy-action/releases/tag/v0.35.0 - https://github.com/aquasecurity/trivy/discussions/10265 ## Modifications Upgrade `aquasecurity/trivy-action` from `0.26.0` to `0.35.0` in CI workflow. ## Documentation - [x] `doc-not-needed` ## Matching PR in forked repository _No response_ ### Label checklist - [x] `ready-to-test` - [x] `area/test` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
