ci(actions): bump trivy-action to v0.36.0 and codecov-action to v6

.github/workflows/docker.yml

@@ -76,7 +76,7 @@ jobs:
           tags: drone-ssh:scan
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: "drone-ssh:scan"
           format: "sarif"

.github/workflows/testing.yml

@@ -50,6 +50,6 @@ jobs:
           make test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         with:
           flags: go-${{ matrix.go-version }}

.github/workflows/trivy.yml

@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner (repo)
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -70,7 +70,7 @@ jobs:
           tags: drone-ssh:scan
 
       - name: Run Trivy vulnerability scanner (image)
-        uses: aquasecurity/trivy-action@v0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: "drone-ssh:scan"
           format: "sarif"