Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/aquasecurity/trivy from 0.35.0 to 0.42.0 #9

Closed
wants to merge 1 commit into from
Closed

Bump github.com/aquasecurity/trivy from 0.35.0 to 0.42.0 #9

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 5, 2023

Bumps github.com/aquasecurity/trivy from 0.35.0 to 0.42.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.42.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#4541

Changelog

  • 854b63940 chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
  • 59e1a8664 chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
  • 9ef01133c feat: add SBOM analyzer (#4210)
  • dadd1e10c fix(sbom): update logic for work with files in spdx format (#4513)
  • 1a658210a feat: azure workload identity support (#4489)
  • 411862c90 feat(ubuntu): add eol date for 18.04 ESM (#4524)
  • 62a1aaf03 fix(misconf): Update required extensions for terraformplan (#4523)
  • 48b2e15c2 refactor(cyclonedx): add intermediate representation (#4490)
  • c15f269a9 fix(misconf): Remove debug print while scanning (#4521)
  • b6ee08e55 fix(java): remove duplicates of jar libs (#4515)
  • d4740401a fix(java): fix overwriting project props in pom.xml (#4498)
  • 4cf2f94d0 docs: Update compilation instructions (#4512)
  • 18ce1c336 fix(nodejs): update logic for parsing pnpm lock files (#4502)
  • 87eed38c6 fix(secret): remove aws-account-id rule (#4494)
  • b0c591ef6 feat(oci): add support for referencing an input image by digest (#4470)
  • b84b5ecfc chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#4338)
  • 305255a49 docs: fixed the format (#4503)
  • d586de585 fix(java): add support of * for exclusions for pom.xml files (#4501)
  • de6eef3b0 feat: adding issue template for documentation (#4453)
  • 83a9c4a4c docs: switch glad to ghsa for Go (#4493)
  • 537272257 chore(deps): Update defsec to v0.89.0 (#4474)
  • 6fcd1538d feat(misconf): Add terraformplan support (#4342)
  • 72e302cf8 feat(debian): add digests for dpkg (#4445)
  • 7e99d08a1 chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4478)
  • 12a1789be feat(k8s): exclude node scanning by node labels (#4459)
  • 919e8c92b docs: add info about multi-line mode for regexp from custom secret rules (#4159)
  • 50fe43f14 feat(cli): convert JSON reports into a different format (#4452)
  • 09db1d438 feat(image): add logic to guess base layer for docker-cis scan (#4344)
  • 3f0721ff6 fix(cyclonedx): set original names for packages (#4306)
  • 0ef0dadb1 feat: group subcommands (#4449)
  • 3a7717fde feat(cli): add retry to cache operations (#4189)
  • 63cfb2714 fix(vuln): report architecture for apk packages (#4247)
  • e1361368a refactor: enable cases where return values are not needed in pipeline (#4443)
  • 29b5f7e8e fix(image): resolve scan deadlock when error occurs in slow mode (#4336)
  • 92ed344e8 docs(misconf): Update docs for kubernetes file patterns (#4435)
  • 16af41be1 test: k8s integration tests (#4423)
  • cab8569cd feat(redhat): add package digest for rpm (#4410)
  • 92f9e98d0 feat(misconf): Add --reset-policy-bundle for policy bundle (#4167)
  • 33fb04763 fix: typo (#4431)
  • 8b162f287 add user instruction to imgconf (#4429)
  • 3b7c9198d fix(k8s): add image sources (#4411)
  • c75d35ff6 docs(scanning): Add versioning banner (#4415)
  • d298415c0 feat(cli): add mage command to update golden integration test files (#4380)
  • 1a56295ff feat: node-collector custom namespace support (#4407)

... (truncated)

Commits
  • 854b639 chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
  • 59e1a86 chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
  • 9ef0113 feat: add SBOM analyzer (#4210)
  • dadd1e1 fix(sbom): update logic for work with files in spdx format (#4513)
  • 1a65821 feat: azure workload identity support (#4489)
  • 411862c feat(ubuntu): add eol date for 18.04 ESM (#4524)
  • 62a1aaf fix(misconf): Update required extensions for terraformplan (#4523)
  • 48b2e15 refactor(cyclonedx): add intermediate representation (#4490)
  • c15f269 fix(misconf): Remove debug print while scanning (#4521)
  • b6ee08e fix(java): remove duplicates of jar libs (#4515)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/aquasecurity/trivy from 0.35.0 to 0.42.0
0c38e03 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.35.0 to 0.42.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.35.0...v0.42.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 5, 2023
@dependabot dependabot bot mentioned this pull request Jun 5, 2023
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jun 12, 2023

Superseded by #10.

@dependabot dependabot bot closed this Jun 12, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/main/github.com/aquasecurity/trivy-0.42.0 branch June 12, 2023 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants