From aa160fd264cbd1342edb92bc4996cf6652b0a476 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 29 Apr 2026 00:24:30 +0000
Subject: [PATCH] build(deps): bump the github-actions group across 1 directory
 with 3 updates

Bumps the github-actions group with 3 updates in the / directory: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

Updates `actions/download-artifact` from 5.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/634f93cb2916e3fdff6788551b99b062d0335ce0...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c)

Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/57a97c7e7821a5776cebc9bb87c984fa69cba8f1...ed142fd0673e97e23eac54620cfb913e5ce36c25)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build-image.yml   | 2 +-
 .github/workflows/ci.yml            | 6 +++---
 .github/workflows/lint-image.yml    | 2 +-
 .github/workflows/publish-image.yml | 2 +-
 .github/workflows/scan-image.yml    | 6 +++---
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 5b2a6ac..a4cfbc0 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -36,7 +36,7 @@ jobs:
         run: printf '%s\n' '${{ inputs.image }}' > '${{ runner.temp }}/image.txt'
 
       - name: Upload image artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: docker-image-${{ inputs.image }}
           path: |
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 28cf302..1630bdb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -41,7 +41,7 @@ jobs:
       images: ${{ steps.collect.outputs.images }}
     steps:
       - name: Download lint markers
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: lint-passed-*
           path: ${{ runner.temp }}/lint-markers
@@ -92,7 +92,7 @@ jobs:
       images: ${{ steps.collect.outputs.images }}
     steps:
       - name: Download build artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: docker-image-*
           path: ${{ runner.temp }}/build-artifacts
@@ -143,7 +143,7 @@ jobs:
       images: ${{ steps.collect.outputs.images }}
     steps:
       - name: Download scan markers
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: scan-passed-*
           path: ${{ runner.temp }}/scan-markers
diff --git a/.github/workflows/lint-image.yml b/.github/workflows/lint-image.yml
index 9a542ba..ce3d3a8 100644
--- a/.github/workflows/lint-image.yml
+++ b/.github/workflows/lint-image.yml
@@ -31,7 +31,7 @@ jobs:
 
       - name: Upload lint passed marker
         if: success()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: lint-passed-${{ inputs.image }}
           path: ${{ runner.temp }}/image.txt
diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
index 1694b0a..0d4bb0a 100644
--- a/.github/workflows/publish-image.yml
+++ b/.github/workflows/publish-image.yml
@@ -28,7 +28,7 @@ jobs:
           echo "image_ref=ghcr.io/trly/${{ inputs.image }}:$version" >> "$GITHUB_OUTPUT"
 
       - name: Download image artifact
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: docker-image-${{ inputs.image }}
           path: ${{ runner.temp }}/image
diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml
index bb2315f..ca8e6bb 100644
--- a/.github/workflows/scan-image.yml
+++ b/.github/workflows/scan-image.yml
@@ -27,7 +27,7 @@ jobs:
           echo "image_ref=ghcr.io/trly/${{ inputs.image }}:$version" >> "$GITHUB_OUTPUT"
 
       - name: Download image artifact
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: docker-image-${{ inputs.image }}
           path: ${{ runner.temp }}/image
@@ -36,7 +36,7 @@ jobs:
         run: gunzip -c "${{ runner.temp }}/image/image.tar.gz" | docker load
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           image-ref: ${{ steps.meta.outputs.image_ref }}
           format: table
@@ -52,7 +52,7 @@ jobs:
 
       - name: Upload scan passed marker
         if: success()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: scan-passed-${{ inputs.image }}
           path: ${{ runner.temp }}/image.txt