Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump github.com/aquasecurity/trivy from 0.51.4 to 0.53.0 #684

Closed
wants to merge 1 commit into from
Closed

chore: bump github.com/aquasecurity/trivy from 0.51.4 to 0.53.0 #684

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 1, 2024
edited
Loading

Bumps github.com/aquasecurity/trivy from 0.51.4 to 0.53.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.53.0

Changelog

  • c55b0e6ca release: v0.53.0 [main] (#6855)
  • 654217a65 feat(conda): add licenses support for environment.yml files (#6953)
  • 3d4ae8b5b fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
  • 55ccd06df feat: add memory cache backend (#7048)
  • 14d71ba63 fix(sbom): use package UIDs for uniqueness (#7042)
  • edc556b85 feat(php): add installed.json file support (#4865)
  • 4f8b3996e docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
  • 137c91642 fix: use embedded when command path not found (#7037)
  • 9e4927ee1 chore(deps): bump trivy-kubernetes version (#7012)
  • 4be02bab8 refactor: use google/wire for cache (#7024)
  • e9fc3e339 fix(cli): show info message only when --scanners is available (#7032)
  • 0ccdbfbb6 chore: enable float-compare rule from testifylint (#6967)
  • 9045f2445 docs: Add sudo on commands, chmod before mv on install docs (#7009)
  • 3d02a31b4 fix(plugin): respect --insecure (#7022)
  • 8d618e48a feat(k8s)!: node-collector dynamic commands support (#6861)
  • a76e3286c fix(sbom): take pkg name from purl for maven pkgs (#7008)
  • eb636c1b3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#7018)
  • 8d0ae1f5d feat!: add clean subcommand (#6993)
  • de201dc77 chore: use ! for breaking changes (#6994)
  • 979e118a9 feat(aws)!: Remove aws subcommand (#6995)
  • 648ead955 refactor: replace global cache directory with parameter passing (#6986)
  • 7eabb92ec fix(sbom): use purl for bitnami pkg names (#6982)
  • 333087c9e chore: bump Go toolchain version (#6984)
  • 6dff4223e refactor: unify cache implementations (#6977)
  • 9dc8a2ba6 docs: non-packaged and sbom clarifications (#6975)
  • b58d42dc9 BREAKING(aws): Deprecate trivy aws as subcmd in favour of a plugin (#6819)
  • 6469d37cc docs: delete unknown URL (#6972)
  • 30bcb9535 refactor: use version-specific URLs for documentation references (#6966)
  • e493fc931 refactor: delete db mock (#6940)
  • 983ac15f2 ci: add depguard (#6963)
  • dfe757e37 refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726)
  • f144e912d feat: Add local ImageID to SARIF metadata (#6522)
  • 5ee4e9d30 fix(suse): Add SLES 15.6 and Leap 15.6 (#6964)
  • f18d035ae feat(java): add support for sbt projects using sbt-dependency-lock (#6882)
  • 1f8fca1fc feat(java): add support for maven-metadata.xml files for remote snapshot repositories. (#6950)
  • 2d85a003b fix(purl): add missed os types (#6955)
  • 417212e09 fix(cyclonedx): trim non-URL info for advisory.url (#6952)
  • 38b35dd3c fix(c): don't skip conan files from file-patterns and scan .conan2 cache dir (#6949)
  • eb6d0d977 ci: correctly handle categories (#6943)
  • 0af5730cb fix(image): parse image.inspect.Created field only for non-empty values (#6948)
  • c3192f061 fix(misconf): handle source prefix to ignore (#6945)
  • ec68c9ab4 fix(misconf): fix parsing of engine links and frameworks (#6937)
  • bc3741ae2 feat(misconf): support of selectors for all providers for Rego (#6905)
  • 735aadf2d ci: don't run tests for release-please PRs (#6936)
  • 52f7aa54b fix(license): return license separation using separators ,, or, etc. (#6916)
  • d77d9ce38 ci: use ubuntu-latest-m runner (#6918)
  • 55fa6109c feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755)
  • cd360dde2 BREAKING(misconf): flatten recursive types (#6862)

... (truncated)

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.53.0 (2024-07-01)

⚠ BREAKING CHANGES

  • k8s: node-collector dynamic commands support (#6861)
  • add clean subcommand (#6993)
  • aws: Remove aws subcommand (#6995)

Features

  • add clean subcommand (#6993) (8d0ae1f)
  • Add local ImageID to SARIF metadata (#6522) (f144e91)
  • add memory cache backend (#7048) (55ccd06)
  • aws: Remove aws subcommand (#6995) (979e118)
  • conda: add licenses support for environment.yml files (#6953) (654217a)
  • dart: use first version of constraint for dependencies using SDK version (#6239) (042d6b0)
  • image: Set User-Agent header for Trivy container registry requests (#6868) (9b31697)
  • java: add support for maven-metadata.xml files for remote snapshot repositories. (#6950) (1f8fca1)
  • java: add support for sbt projects using sbt-dependency-lock (#6882) (f18d035)
  • k8s: node-collector dynamic commands support (#6861) (8d618e4)
  • misconf: add metadata to Cloud schema (#6831) (02d5404)
  • misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) (55fa610)
  • misconf: API Gateway V1 support for CloudFormation (#6874) (8491469)
  • misconf: support of selectors for all providers for Rego (#6905) (bc3741a)
  • php: add installed.json file support (#4865) (edc556b)
  • plugin: add support for nested archives (#6845) (622c67b)
  • sbom: migrate to CycloneDX v1.6 (#6903) (09e50ce)

Bug Fixes

  • c: don't skip conan files from file-patterns and scan .conan2 cache dir (#6949) (38b35dd)
  • cli: show info message only when --scanners is available (#7032) (e9fc3e3)
  • cyclonedx: trim non-URL info for advisory.url (#6952) (417212e)
  • debian: take installed files from the origin layer (#6849) (089b953)
  • image: parse image.inspect.Created field only for non-empty values (#6948) (0af5730)
  • license: return license separation using separators ,, or, etc. (#6916) (52f7aa5)
  • misconf: fix caching of modules in subdirectories (#6814) (0bcfedb)
  • misconf: fix parsing of engine links and frameworks (#6937) (ec68c9a)
  • misconf: handle source prefix to ignore (#6945) (c3192f0)
  • misconf: parsing numbers without fraction as int (#6834) (8141a13)
  • nodejs: fix infinite loop when package link from package-lock.json file is broken (#6858) (cf5aa33)
  • nodejs: fix infinity loops for pnpm with cyclic imports (#6857) (7d083bc)
  • plugin: respect --insecure (#7022) (3d02a31)
  • purl: add missed os types (#6955) (2d85a00)
  • python: compare pkg names from poetry.lock and pyproject.toml in lowercase (#6852) (faa9d92)
  • sbom: don't overwrite srcEpoch when decoding SBOM files (#6866) (04af59c)
  • sbom: fix panic when scanning SBOM file without root component into SBOM format (#7051) (3d4ae8b)
  • sbom: take pkg name from purl for maven pkgs (#7008) (a76e328)

... (truncated)

Commits
  • c55b0e6 release: v0.53.0 [main] (#6855)
  • 654217a feat(conda): add licenses support for environment.yml files (#6953)
  • 3d4ae8b fix(sbom): fix panic when scanning SBOM file without root component into SBOM...
  • 55ccd06 feat: add memory cache backend (#7048)
  • 14d71ba fix(sbom): use package UIDs for uniqueness (#7042)
  • edc556b feat(php): add installed.json file support (#4865)
  • 4f8b399 docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
  • 137c916 fix: use embedded when command path not found (#7037)
  • 9e4927e chore(deps): bump trivy-kubernetes version (#7012)
  • 4be02ba refactor: use google/wire for cache (#7024)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot requested a review from jeremyrickard as a code owner July 1, 2024 12:21
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 1, 2024
@dependabot dependabot bot requested a review from sozercan as a code owner July 1, 2024 12:21
@dependabot dependabot bot added the go Pull requests that update Go code label Jul 1, 2024
@dependabot dependabot bot requested a review from ashnamehrotra as a code owner July 1, 2024 12:21
@dependabot dependabot bot mentioned this pull request Jul 1, 2024
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/aquasecurity/trivy-0.53.0 branch 3 times, most recently from fed176c to eb9acb0 Compare July 12, 2024 17:04
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/aquasecurity/trivy-0.53.0 branch 4 times, most recently from d751a3f to 120dbdc Compare July 23, 2024 18:21
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/aquasecurity/trivy-0.53.0 branch from 120dbdc to 1a1d6f7 Compare July 29, 2024 16:15
@dependabot
chore: bump github.com/aquasecurity/trivy from 0.51.4 to 0.53.0
50f94af 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.51.4 to 0.53.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.51.4...v0.53.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/aquasecurity/trivy-0.53.0 branch from 1a1d6f7 to 50f94af Compare July 29, 2024 17:42
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 5, 2024

Superseded by #729.

@dependabot dependabot bot closed this Aug 5, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.53.0 branch August 5, 2024 12:47
@jpayne3506 jpayne3506 mentioned this pull request Aug 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard jeremyrickard is a code owner

@sozercan sozercan Awaiting requested review from sozercan sozercan is a code owner

@ashnamehrotra ashnamehrotra Awaiting requested review from ashnamehrotra ashnamehrotra is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
Copacetic Workboard
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants