fix(ci): upgrade actions to resolve security vulnerabilities

- super-linter/super-linter/slim v8.0.0 → v8.5.0 (command injection via crafted filenames)
- aquasecurity/trivy-action 0.33.1 → 0.35.0 (script injection via sourced env file)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: appleboy

.github/workflows/docker.yml

@@ -74,7 +74,7 @@ jobs:
           tags: ${{ env.REPO }}:scan
 
       - name: Run Trivy vulnerability scanner on Docker image
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: ${{ env.REPO }}:scan
           ignore-unfixed: true

.github/workflows/security.yml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -39,7 +39,7 @@ jobs:
           sarif_file: "trivy-results.sarif"
 
       - name: Run Trivy vulnerability scanner (table output)
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
         if: always()
         with:
           scan-type: "fs"

.github/workflows/testing.yml

@@ -101,7 +101,7 @@ jobs:
           # list of files that changed across commits
           fetch-depth: 0
       - name: "Super-linter"
-        uses: super-linter/super-linter/slim@v8.0.0
+        uses: super-linter/super-linter/slim@v8.5.0
         env:
           # To report GitHub Actions status checks
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}