Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump github.com/aquasecurity/trivy from 0.52.1-0.20240619054236-36b3b772df21 to 0.53.0 #170

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 1, 2024

Bumps github.com/aquasecurity/trivy from 0.52.1-0.20240619054236-36b3b772df21 to 0.53.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.53.0

Changelog

  • c55b0e6ca release: v0.53.0 [main] (#6855)
  • 654217a65 feat(conda): add licenses support for environment.yml files (#6953)
  • 3d4ae8b5b fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
  • 55ccd06df feat: add memory cache backend (#7048)
  • 14d71ba63 fix(sbom): use package UIDs for uniqueness (#7042)
  • edc556b85 feat(php): add installed.json file support (#4865)
  • 4f8b3996e docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
  • 137c91642 fix: use embedded when command path not found (#7037)
  • 9e4927ee1 chore(deps): bump trivy-kubernetes version (#7012)
  • 4be02bab8 refactor: use google/wire for cache (#7024)
  • e9fc3e339 fix(cli): show info message only when --scanners is available (#7032)
  • 0ccdbfbb6 chore: enable float-compare rule from testifylint (#6967)
  • 9045f2445 docs: Add sudo on commands, chmod before mv on install docs (#7009)
  • 3d02a31b4 fix(plugin): respect --insecure (#7022)
  • 8d618e48a feat(k8s)!: node-collector dynamic commands support (#6861)
  • a76e3286c fix(sbom): take pkg name from purl for maven pkgs (#7008)
  • eb636c1b3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#7018)
  • 8d0ae1f5d feat!: add clean subcommand (#6993)
  • de201dc77 chore: use ! for breaking changes (#6994)
  • 979e118a9 feat(aws)!: Remove aws subcommand (#6995)
  • 648ead955 refactor: replace global cache directory with parameter passing (#6986)
  • 7eabb92ec fix(sbom): use purl for bitnami pkg names (#6982)
  • 333087c9e chore: bump Go toolchain version (#6984)
  • 6dff4223e refactor: unify cache implementations (#6977)
  • 9dc8a2ba6 docs: non-packaged and sbom clarifications (#6975)
  • b58d42dc9 BREAKING(aws): Deprecate trivy aws as subcmd in favour of a plugin (#6819)
  • 6469d37cc docs: delete unknown URL (#6972)
  • 30bcb9535 refactor: use version-specific URLs for documentation references (#6966)
  • e493fc931 refactor: delete db mock (#6940)
  • 983ac15f2 ci: add depguard (#6963)
  • dfe757e37 refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726)
  • f144e912d feat: Add local ImageID to SARIF metadata (#6522)
  • 5ee4e9d30 fix(suse): Add SLES 15.6 and Leap 15.6 (#6964)
  • f18d035ae feat(java): add support for sbt projects using sbt-dependency-lock (#6882)
  • 1f8fca1fc feat(java): add support for maven-metadata.xml files for remote snapshot repositories. (#6950)
  • 2d85a003b fix(purl): add missed os types (#6955)
  • 417212e09 fix(cyclonedx): trim non-URL info for advisory.url (#6952)
  • 38b35dd3c fix(c): don't skip conan files from file-patterns and scan .conan2 cache dir (#6949)
  • eb6d0d977 ci: correctly handle categories (#6943)
  • 0af5730cb fix(image): parse image.inspect.Created field only for non-empty values (#6948)
  • c3192f061 fix(misconf): handle source prefix to ignore (#6945)
  • ec68c9ab4 fix(misconf): fix parsing of engine links and frameworks (#6937)
  • bc3741ae2 feat(misconf): support of selectors for all providers for Rego (#6905)
  • 735aadf2d ci: don't run tests for release-please PRs (#6936)
  • 52f7aa54b fix(license): return license separation using separators ,, or, etc. (#6916)
  • d77d9ce38 ci: use ubuntu-latest-m runner (#6918)
  • 55fa6109c feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755)
  • cd360dde2 BREAKING(misconf): flatten recursive types (#6862)

... (truncated)

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.53.0 (2024-07-01)

⚠ BREAKING CHANGES

  • k8s: node-collector dynamic commands support (#6861)
  • add clean subcommand (#6993)
  • aws: Remove aws subcommand (#6995)

Features

  • add clean subcommand (#6993) (8d0ae1f)
  • Add local ImageID to SARIF metadata (#6522) (f144e91)
  • add memory cache backend (#7048) (55ccd06)
  • aws: Remove aws subcommand (#6995) (979e118)
  • conda: add licenses support for environment.yml files (#6953) (654217a)
  • dart: use first version of constraint for dependencies using SDK version (#6239) (042d6b0)
  • image: Set User-Agent header for Trivy container registry requests (#6868) (9b31697)
  • java: add support for maven-metadata.xml files for remote snapshot repositories. (#6950) (1f8fca1)
  • java: add support for sbt projects using sbt-dependency-lock (#6882) (f18d035)
  • k8s: node-collector dynamic commands support (#6861) (8d618e4)
  • misconf: add metadata to Cloud schema (#6831) (02d5404)
  • misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) (55fa610)
  • misconf: API Gateway V1 support for CloudFormation (#6874) (8491469)
  • misconf: support of selectors for all providers for Rego (#6905) (bc3741a)
  • php: add installed.json file support (#4865) (edc556b)
  • plugin: add support for nested archives (#6845) (622c67b)
  • sbom: migrate to CycloneDX v1.6 (#6903) (09e50ce)

Bug Fixes

  • c: don't skip conan files from file-patterns and scan .conan2 cache dir (#6949) (38b35dd)
  • cli: show info message only when --scanners is available (#7032) (e9fc3e3)
  • cyclonedx: trim non-URL info for advisory.url (#6952) (417212e)
  • debian: take installed files from the origin layer (#6849) (089b953)
  • image: parse image.inspect.Created field only for non-empty values (#6948) (0af5730)
  • license: return license separation using separators ,, or, etc. (#6916) (52f7aa5)
  • misconf: fix caching of modules in subdirectories (#6814) (0bcfedb)
  • misconf: fix parsing of engine links and frameworks (#6937) (ec68c9a)
  • misconf: handle source prefix to ignore (#6945) (c3192f0)
  • misconf: parsing numbers without fraction as int (#6834) (8141a13)
  • nodejs: fix infinite loop when package link from package-lock.json file is broken (#6858) (cf5aa33)
  • nodejs: fix infinity loops for pnpm with cyclic imports (#6857) (7d083bc)
  • plugin: respect --insecure (#7022) (3d02a31)
  • purl: add missed os types (#6955) (2d85a00)
  • python: compare pkg names from poetry.lock and pyproject.toml in lowercase (#6852) (faa9d92)
  • sbom: don't overwrite srcEpoch when decoding SBOM files (#6866) (04af59c)
  • sbom: fix panic when scanning SBOM file without root component into SBOM format (#7051) (3d4ae8b)
  • sbom: take pkg name from purl for maven pkgs (#7008) (a76e328)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.52.1-0.20240619054236-36b3b772df21 to 0.53.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aquasecurity/trivy/commits/v0.53.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from simar7 as a code owner July 1, 2024 15:45
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 5, 2024

Superseded by #209.

@dependabot dependabot bot closed this Aug 5, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.53.0 branch August 5, 2024 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants