From 669060beb711abf4602e530a9359abc5b1dd0bf4 Mon Sep 17 00:00:00 2001
From: Michael Cuomo <mcuomo@specterops.io>
Date: Mon, 2 Mar 2026 12:57:57 -0500
Subject: [PATCH 1/2] fix: remove pull request target from cla

---
 .github/workflows/cla.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
index 89f62d6..8b9d8e3 100644
--- a/.github/workflows/cla.yml
+++ b/.github/workflows/cla.yml
@@ -2,7 +2,7 @@ name: "CLA Assistant"
 on:
   issue_comment:
     types: [created, edited]
-  pull_request_target:
+  pull_request:
     types: [opened,closed,synchronize]
 
 jobs:
@@ -33,7 +33,7 @@ jobs:
           echo "org_members=$ALL_MEMBERS" >> $GITHUB_OUTPUT
         
       - name: "CLA Assistant"
-        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request'
         uses: contributor-assistant/github-action@v2.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From c47890114cdc3465f61ed716a937fd096fcfeba2 Mon Sep 17 00:00:00 2001
From: Michael Cuomo <mcuomo@specterops.io>
Date: Mon, 2 Mar 2026 13:05:35 -0500
Subject: [PATCH 2/2] fix: bump trivy action version

---
 .github/workflows/vuln-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
index fc026c4..02e6915 100644
--- a/.github/workflows/vuln-scan.yml
+++ b/.github/workflows/vuln-scan.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run vulnerability scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        uses: aquasecurity/trivy-action@0.34.2
         with:
           scan-type: "repo"
           scan-ref: "./"
@@ -26,4 +26,4 @@ jobs:
           ignore-unfixed: true
         env:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
-          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
\ No newline at end of file
+          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db