ci: bump codecov-action to v6 and trivy-action to v0.35.0

- Upgrade codecov/codecov-action from v5 to v6 for Node 24 runtime
- Align aquasecurity/trivy-action tag to v0.35.0 prefix convention

Author: appleboy

.github/workflows/docker.yml

@@ -68,7 +68,7 @@ jobs:
             VERSION=${{ steps.docker-meta.outputs.version }}
 
       - name: Run Trivy vulnerability scanner on Docker image
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.35.0
         with:
           image-ref: ${{ env.REPO }}:scan
           ignore-unfixed: true

.github/workflows/security.yml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.35.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -39,7 +39,7 @@ jobs:
           sarif_file: "trivy-results.sarif"
 
       - name: Run Trivy vulnerability scanner (table output)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.35.0
         if: always()
         with:
           scan-type: "fs"

.github/workflows/testing.yml

@@ -78,7 +78,7 @@ jobs:
           make test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         with:
           flags: ${{ matrix.os }},go-${{ matrix.go }}
           token: ${{ secrets.CODECOV_TOKEN }}