From 9cadb84410dcd900d28430ee5ccb794688915165 Mon Sep 17 00:00:00 2001
From: Bo-Yi Wu <appleboy.tw@gmail.com>
Date: Sat, 25 Apr 2026 16:51:03 +0800
Subject: [PATCH] ci(actions): bump trivy-action to v0.36.0 and codecov-action
 to v6

---
 .github/workflows/docker.yml  | 2 +-
 .github/workflows/testing.yml | 2 +-
 .github/workflows/trivy.yml   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 1d33cfb..967ff5b 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -76,7 +76,7 @@ jobs:
           tags: drone-scp:scan
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: "drone-scp:scan"
           format: "sarif"
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 34bb3e3..85ed547 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -58,4 +58,4 @@ jobs:
           make test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index f9d612c..47eac5b 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner (repo)
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -70,7 +70,7 @@ jobs:
           tags: drone-scp:scan
 
       - name: Run Trivy vulnerability scanner (image)
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: "drone-scp:scan"
           format: "sarif"