fix: update Trivy action to latest version and improve SARIF upload step

.github/workflows/trivy-scan.yml

@@ -42,7 +42,7 @@ jobs:
           cache-to: type=gha,mode=max,scope=trivy-${{ matrix.image.name }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ matrix.image.name }}:scan
           format: sarif
@@ -51,7 +51,7 @@ jobs:
           exit-code: '1'
 
       - name: Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-${{ matrix.image.name }}.sarif
@@ -64,7 +64,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Scan npm dependencies with Trivy
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: fs
           scan-ref: .
@@ -74,7 +74,7 @@ jobs:
           scanners: vuln
 
       - name: Upload dependency scan results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-deps.sarif
@@ -87,7 +87,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Scan Dockerfiles for misconfigurations
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: config
           scan-ref: .
@@ -96,7 +96,7 @@ jobs:
           severity: CRITICAL,HIGH
 
       - name: Upload config scan results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-config.sarif