From dc5b9d2f27140e4233ad714be0b32870001d6387 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Mar 2026 03:51:12 +0000
Subject: [PATCH 1/2] Bump aquasecurity/trivy-action from 0.34.0 to 0.35.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.0 to 0.35.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.35.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/python.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/python.yaml b/.github/workflows/python.yaml
index d241420..73c6ee0 100644
--- a/.github/workflows/python.yaml
+++ b/.github/workflows/python.yaml
@@ -241,7 +241,7 @@ jobs:
           fi
       # this comes as last or scan results won't be uploaded
       - name: Run Trivy vulnerability scanner (security treshold)
-        uses: aquasecurity/trivy-action@0.34.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: fs
           scan-ref: .

From 0943bfe426235519d32561b851ecf7b0fe869e56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Mar 2026 03:51:55 +0000
Subject: [PATCH 2/2] docs(release_notes): update RELEASE_NOTES.md [dependabot
 skip]

---
 RELEASE_NOTES.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index d21469b..8fb21d8 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -86,9 +86,11 @@
 
 ### Dependencies
 
+- Bump docker/metadata-action from 5 to 6 (PR #256 by @dependabot[bot])
 - Bump docker/build-push-action from 6 to 7 (PR #254 by @dependabot[bot])
 - Bump docker/setup-buildx-action from 3 to 4 (PR #258 by @dependabot[bot])
-- Bump docker/metadata-action from 5 to 6 (PR #256 by @dependabot[bot])
+- Bump aquasecurity/trivy-action from 0.34.0 to 0.35.0 (PR #257 by
+  @dependabot[bot])
 - Bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 (PR #247 by
   @dependabot[bot])
 - Bump reproducible-containers/buildkit-cache-dance from 3.3.1 to 3.3.2 (PR #252