Bump the github-actions group with 2 updates (#388)

dependabot[bot] · davidcollom · web-flow · commit c5a91ff07a00 · 2025-07-01T09:18:24.000+01:00
Signed-off-by: dependabot[bot] &lt;support@github.com&gt;
Co-authored-by: dependabot[bot] &lt;49699333+dependabot[bot]@users.noreply.github.com&gt;
Co-authored-by: David Collom &lt;david.collom@jetstack.io&gt;
diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml
@@ -40,7 +40,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.30.0
+        uses: aquasecurity/trivy-action@0.31.0
         continue-on-error: true
         with:
           scan-type: "fs"
@@ -147,7 +147,7 @@ jobs:
             type=provenance,mode=max
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.30.0
+        uses: aquasecurity/trivy-action@0.31.0
         with:
           input: ./.oci-image
           format: "table"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -207,7 +207,7 @@ jobs:
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb #v3.8.2
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac #v3.9.1
         with:
           cosign-release: "v2.2.4"
 
