Change to notify privately

Author: jaydrogers

.github/workflows/action_publish-images-security-updates.yml

@@ -110,14 +110,20 @@ jobs:
     runs-on: ubuntu-24.04
     if: always()
     steps:
-      - name: Notify on success
+      - name: Notify maintainers privately
         if: needs.build-security-updates.result == 'success'
         uses: actions/github-script@v7
         with:
           script: |
-            github.rest.issues.create({
+            await github.rest.securityAdvisories.createPrivateVulnerabilityReport({
               owner: context.repo.owner,
               repo: context.repo.name,
-              title: '🔒 Security updates applied',
-              body: 'Security updates were automatically applied to the latest images.'
-            })
+              title: 'Automated Security Updates Applied',
+              description: `Security updates were automatically applied.\n\nAction Run: ${context.serverUrl}/${context.repo.owner}/${context.repo.name}/actions/runs/${context.runId}`,
+              state: 'closed',
+              severity: 'low',
+              identifiers: [{
+                type: 'GHSA',
+                value: `GHSA-auto-${context.runId}`
+              }]
+            });