From 9a26b935a884909e2d62a0f4bc1afe5970a8588e Mon Sep 17 00:00:00 2001
From: Kevin Riehl <kevinriehl@gmail.com>
Date: Fri, 8 May 2026 18:05:58 -0700
Subject: [PATCH] fix(ci): bump Trivy to v0.70.0 (v0.58.1 was never released)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous pin to v0.58.1 returned a 404 — that tag doesn't exist in
the trivy releases. Latest is v0.70.0; pinning to that. Verified the
asset naming convention (trivy_X.Y.Z_Linux-64bit.tar.gz) is unchanged.
---
 .gitea/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 04ffc73..8fe25c6 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -60,7 +60,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Install and run Trivy (filesystem)
         run: |
-          TRIVY_VERSION=0.58.1
+          TRIVY_VERSION=0.70.0
           curl -sSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
             | tar xz -C /tmp trivy
           /tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --ignore-unfixed --no-progress .
@@ -97,7 +97,7 @@ jobs:
           cache-from: type=gha
       - name: Install and run Trivy (image)
         run: |
-          TRIVY_VERSION=0.58.1
+          TRIVY_VERSION=0.70.0
           curl -sSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
             | tar xz -C /tmp trivy
           /tmp/trivy image --severity HIGH,CRITICAL --exit-code 1 --ignore-unfixed --no-progress \