🩺(trivy) add trivyignore file and add minimatch CVE

We added a .trivyignore file to ignore the
CVE-2026-26996 vulnerability coming from the y-provider
image.
We also updated the docker-hub.yml workflow to
use this .trivyignore file when scanning our
Docker images with Trivy.

.github/.trivyignore

@@ -0,0 +1 @@
+CVE-2026-26996

.github/workflows/docker-hub.yml

@@ -16,6 +16,9 @@ on:
 env:
   DOCKER_USER: 1001:127
 
+permissions:
+  contents: read
+
 jobs:
   build-and-push-backend:
     runs-on: ubuntu-latest
@@ -42,6 +45,7 @@ jobs:
         with:
           docker-build-args: "--target backend-production -f Dockerfile"
           docker-image-name: "docker.io/lasuite/impress-backend:${{ github.sha }}"
+          trivyignores: ./.github/.trivyignore
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
@@ -83,6 +87,7 @@ jobs:
         with:
           docker-build-args: "-f src/frontend/Dockerfile --target frontend-production"
           docker-image-name: "docker.io/lasuite/impress-frontend:${{ github.sha }}"
+          trivyignores: ./.github/.trivyignore
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
@@ -124,6 +129,7 @@ jobs:
         with:
           docker-build-args: "-f src/frontend/servers/y-provider/Dockerfile --target y-provider"
           docker-image-name: "docker.io/lasuite/impress-y-provider:${{ github.sha }}"
+          trivyignores: ./.github/.trivyignore
       - name: Build and push
         uses: docker/build-push-action@v6
         with:

CHANGELOG.md

@@ -16,6 +16,7 @@ and this project adheres to
 - 👷(CI) add GHCR workflow for forked repo testing #1851
 - ✨(backend) allow the duplication of subpages #1893
 - ✨(backend) Onboarding docs for new users #1891
+- 🩺(trivy) add trivyignore file and add minimatch CVE #1915
 
 ### Changed