fix: bump trivy-action from 0.34.1 to 0.35.0

[gandalf-at-lerian]

Problem

The aquasecurity/trivy-action@0.34.1 version no longer resolves, causing all security-scan jobs to fail immediately with:

Unable to resolve action `aquasecurity/trivy-action@0.34.1`, unable to find version `0.34.1`

Spotted in midaz#1930 — both security_scan (ledger) and security_scan (transaction) jobs failed with this error, unrelated to the PR changes.

Fix

Bumps all 5 occurrences of trivy-action in pr-security-scan.yml from 0.34.1 → 0.35.0 (latest release).

Summary by CodeRabbit

• Chores
  • Updated security scanning dependencies to the latest stable versions, enhancing the effectiveness of vulnerability and secret detection in continuous integration workflows.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: ASSERTIVE

Plan: Pro

Run ID: c40c6bf3-a81b-476e-b668-4b28b536f3c7

📥 Commits

Reviewing files that changed from the base of the PR and between 9caaf4c and c6e7059.

📒 Files selected for processing (1)

• .github/workflows/pr-security-scan.yml

---

Walkthrough

Updated the Trivy GitHub Action from version 0.34.1 to 0.35.0 across five scan steps in the PR security scan workflow. These include filesystem secret scans, Docker image vulnerability scans, and filesystem vulnerability scans with varying output formats (table, SARIF, JSON). All scan configurations and parameters remain unchanged.

Changes

Cohort / File(s)	Summary
Trivy Action Version Bump .github/workflows/pr-security-scan.yml	Updated aquasecurity/trivy-action from 0.34.1 to 0.35.0 across 5 scan steps: secret scan (filesystem/table), secret scan (filesystem/SARIF), vulnerability scan (Docker/table), vulnerability scan (Docker/SARIF), and vulnerability scan (filesystem/JSON).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	Description clearly explains the problem (0.34.1 no longer resolves), the fix (bump to 0.35.0), and includes a reference to the affected caller repo, but the PR lacks the required template structure and testing validation checkboxes.	Complete the PR template: select chore as the type of change, check testing validation steps completed (especially 'YAML syntax validated locally'), and confirm workflow execution if possible.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately describes the main change: bumping trivy-action from 0.34.1 to 0.35.0 across all workflow steps.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/bump-trivy-action-0.35.0

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[bedatty]

Is already in main release @gandalf-at-lerian