From d831efeac554cfd8da23fa81852fae84e84eeb2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Nov 2024 12:07:49 +0000
Subject: [PATCH 1/2] Bump bufbuild/buf-setup-action in the github-actions
 group

Bumps the github-actions group with 1 update: [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action).


Updates `bufbuild/buf-setup-action` from 1.46.0 to 1.47.2
- [Release notes](https://github.com/bufbuild/buf-setup-action/releases)
- [Commits](https://github.com/bufbuild/buf-setup-action/compare/v1.46.0...v1.47.2)

---
updated-dependencies:
- dependency-name: bufbuild/buf-setup-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/automatic-api-update.yaml | 2 +-
 .github/workflows/manual-api-update.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/automatic-api-update.yaml b/.github/workflows/automatic-api-update.yaml
index d9f5042..e73df24 100644
--- a/.github/workflows/automatic-api-update.yaml
+++ b/.github/workflows/automatic-api-update.yaml
@@ -23,7 +23,7 @@ jobs:
         run: |
           echo "Update status: $UPDATED_STATUS"
       - name: "Install buf"
-        uses: "bufbuild/buf-setup-action@v1.46.0"
+        uses: "bufbuild/buf-setup-action@v1.47.2"
         with:
           github_token: "${{ secrets.GITHUB_TOKEN }}"
         if: "steps.buf-update.outputs.updated == 'true'"
diff --git a/.github/workflows/manual-api-update.yaml b/.github/workflows/manual-api-update.yaml
index 39894bc..45baddb 100644
--- a/.github/workflows/manual-api-update.yaml
+++ b/.github/workflows/manual-api-update.yaml
@@ -27,7 +27,7 @@ jobs:
         run: |
           echo "Update status: $UPDATED_STATUS"
       - name: "Install buf"
-        uses: "bufbuild/buf-setup-action@v1.46.0"
+        uses: "bufbuild/buf-setup-action@v1.47.2"
         with:
           github_token: "${{ secrets.GITHUB_TOKEN }}"
         if: "steps.buf-update.outputs.updated == 'true'"

From 68ac5c159d9d1735053dc8198ddca40ba008e012 Mon Sep 17 00:00:00 2001
From: Tanner Stirrat <tstirrat@gmail.com>
Date: Tue, 19 Nov 2024 12:23:55 -0700
Subject: [PATCH 2/2] Use trivy public registry

---
 .github/workflows/lint.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 70865c7..1fcb062 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -1,6 +1,6 @@
 ---
 name: "Lint"
-on: # yamllint disable-line rule:truthy
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - "main"
@@ -71,6 +71,9 @@ jobs:
           format: "sarif"
           output: "trivy-results.sarif"
           severity: "CRITICAL"
+        env:
+          TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db"
+          TRIVY_JAVA_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-java-db"
       - name: "Upload Trivy scan results to GitHub Security tab"
         uses: "github/codeql-action/upload-sarif@v3"
         with: