ci: update trivy-action to v0.35.0 after supply chain incident

pranavjain97 · claude · pranavjain97 · commit 7d267ba9f42a · 2026-03-31T16:15:44.000-04:00
The previous pin (v0.33.1) was affected by the March 2026 Trivy supply
chain attack and its install script can no longer download the binary.
Update to v0.35.0, the first clean release after remediation.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
@@ -129,7 +129,7 @@ jobs:
         run: npm ci
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
