Merge pull request #1214 from francbartoli/patch-1

Pin trivy action version to a safe version before the incident CVE-20…

Author: tomkralidis

.github/workflows/vulnerabilities.yml

@@ -24,7 +24,7 @@ jobs:
     - name: Checkout pycsw
       uses: actions/checkout@master
     - name: Scan vulnerabilities with trivy
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@v0.35.0
       with:
         scan-type: fs
         exit-code: 1
@@ -37,7 +37,7 @@ jobs:
       run: |
         docker buildx build -t ${{ github.repository }}:${{ github.sha }} --platform linux/amd64 --no-cache -f Dockerfile .
     - name: Scan locally built Docker image for vulnerabilities with trivy
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@v0.35.0
       with:
         scan-type: image
         exit-code: 1