Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump github.com/aquasecurity/trivy from 0.45.0 to 0.47.0 #155

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump github.com/aquasecurity/trivy from 0.45.0 to 0.47.0 #155

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 4, 2023

Bumps github.com/aquasecurity/trivy from 0.45.0 to 0.47.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.47.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#5520

Changelog

  • d6df5fbcd docs: add info that license scanning supports file-patterns flag (#5484)
  • 156d4cc60 docs: add Zora integration into Ecosystem session (#5490)
  • 772d1d08f fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
  • df47073fa ci: use maximize build space for K8s tests (#5387)
  • fed471018 fix: correct error mismatch causing race in fast walks (#5516)
  • 46f1b9e7d docs: k8s vulnerability scanning (#5515)
  • fdb3a15b2 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)
  • d0d956fdc chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)
  • 68b0797e5 docs: remove glad for java datasources (#5508)
  • 474167c47 chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)
  • 7299867c2 chore: remove unused logger attribute in amazon detector (#5476)
  • 8656bd9f7 fix: correct error mismatch causing race in fast walks (#5482)
  • 2e10cd2eb chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)
  • 13df74652 chore(deps): bump docker/build-push-action from 4 to 5 (#5500)
  • b0141cfba chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)
  • 520830b51 fix(server): add licenses to BlobInfo message (#5382)
  • 9a6e125c7 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)
  • 6e5927266 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)
  • f3de7bc3b feat: scan vulns on k8s core component apps (#5418)
  • e2fb3dd58 fix(java): fix infinite loop when relativePath field points to pom.xml being scanned (#5470)
  • 3e833be7d chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)
  • ca50b77a3 fix(sbom): save digests for package/application when scanning SBOM files (#5432)
  • 048150d43 docs: fix the broken link (#5454)
  • 013d90199 docs: fix error when installing PyYAML for gh pages (#5462)
  • 26b495954 fix(java): download java-db once (#5442)
  • 57fa701a8 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
  • 53c9a7d76 docs(misconf): Update --tf-exclude-downloaded-modules description (#5419)
  • 01c98d151 feat(misconf): Support --ignore-policy in config scans (#5359)
  • 05b3c86a1 docs(misconf): fix broken table for Use container image section (#5425)
  • 1a15a3adb feat(dart): add graph support (#5374)
  • f2a12f5f9 refactor: define a new struct for scan targets (#5397)
  • 6040d9f43 fix(sbom): add missed primaryURL and source severity for CycloneDX (#5399)
  • e5317c7bc fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)
  • 9fba79f0b chore(deps): move to aws-sdk-go-v2 (#5381)
  • 00f2059e5 docs: remove --scanners none (#5384)
  • 57a102231 docs: Update container_image.md #5182 (#5193)
  • 5b2b4ea38 feat(report): Add InstalledFiles field to Package (#4706)

v0.46.1

Changelog

  • 27a3e55e8 fix(java): download java-db once (#5442)
  • d22373265 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)

... (truncated)

Commits
  • d6df5fb docs: add info that license scanning supports file-patterns flag (#5484)
  • 156d4cc docs: add Zora integration into Ecosystem session (#5490)
  • 772d1d0 fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
  • df47073 ci: use maximize build space for K8s tests (#5387)
  • fed4710 fix: correct error mismatch causing race in fast walks (#5516)
  • 46f1b9e docs: k8s vulnerability scanning (#5515)
  • fdb3a15 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.2...
  • d0d956f chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)
  • 68b0797 docs: remove glad for java datasources (#5508)
  • 474167c chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localst...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/aquasecurity/trivy from 0.45.0 to 0.47.0
f5dc8a9 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.45.0 to 0.47.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.45.0...v0.47.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from rchincha as a code owner December 4, 2023 12:33
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 4, 2023
@dependabot dependabot bot mentioned this pull request Dec 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rchincha rchincha Awaiting requested review from rchincha rchincha is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants