copacetic icon indicating copy to clipboard operation
copacetic copied to clipboard

Published 20 hours ago • verified publisher icon project-copacetic

chore: bump github.com/aquasecurity/trivy from 0.45.1 to 0.46.1

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps github.com/aquasecurity/trivy from 0.45.1 to 0.46.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.46.1

Changelog

  • 27a3e55e8 fix(java): download java-db once (#5442)
  • d22373265 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)

v0.46.0

âš¡Release highlights and summaryâš¡

👉 https://github.com/aquasecurity/trivy/discussions/5377

Changelog

  • cbbd1ce1f feat(k8s): add support for vulnerability detection (#5268)
  • 24a0d9214 fix(python): override BOM in requirements.txt files (#5375)
  • 0c3e2f08b docs: add kbom documentation (#5363)
  • 6c12f0428 test: use maximize build space for VM tests (#5362)
  • c4134224a chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
  • 20ab7033b fix(report): add escaping quotes in misconfig Title for asff template (#5351)
  • 91841f59b ci: add workflow to check Go versions of dependencies (#5340)
  • 57ba05c76 chore(deps): Upgrade defsec to v0.93.1 (#5348)
  • fef3ed435 chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
  • ced54aced fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
  • 2798df916 fix: add config files to FS for post-analyzers (#5333)
  • af485b33f fix: fix MIME warnings after updating to Go 1.20 (#5336)
  • 008babfb8 build: fix a compile error with Go 1.21 (#5339)
  • 00d9c4666 feat: added Metadata into the k8s resource's scan report (#5322)
  • 03b6787c4 ci: check only PR's in actions/stale (#5337)
  • e6d5889ed chore: update adopters template (#5330)
  • 74dbd8a1f ci: do not trigger tests on the push event (#5313)
  • 393bfdc1a fix(sbom): use PURL or Group and Name in case of Java (#5154)
  • 76eb8a57b docs: add buildkite repository to ecosystem page (#5316)
  • 6c74ee11f chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
  • 6119878de chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
  • a346587b8 chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
  • 7e613cc5f chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
  • f05bc4be4 chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
  • 3be5e6b24 chore: enable go-critic (#5302)
  • f6cd21c87 chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
  • f7b975187 chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
  • 18d168769 close java-db client (#5273)
  • eb60e9f3c chore(deps): bump docker/login-action from 2 to 3 (#5291)
  • 5a92055e1 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
  • 46afe65ee chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
  • 0bf2a11a2 chore(deps): bump github.com/opencontainers/image-spec (#5295)
  • 23b5fece0 fix(report): removes git::http from uri in sarif (#5244)
  • 4f1d576e5 Improve the meaning of sentence (#5301)
  • 6ab2bdfa7 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
  • 4217cffb5 chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
  • 184058470 add app nil check (#5274)
  • c5ae9f265 typo: in secret.md (#5281)
  • 562723f0a docs: add info about github format (#5265)

... (truncated)

Commits
  • 27a3e55 fix(java): download java-db once (#5442)
  • d223732 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
  • cbbd1ce feat(k8s): add support for vulnerability detection (#5268)
  • 24a0d92 fix(python): override BOM in requirements.txt files (#5375)
  • 0c3e2f0 docs: add kbom documentation (#5363)
  • 6c12f04 test: use maximize build space for VM tests (#5362)
  • c413422 chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
  • 20ab703 fix(report): add escaping quotes in misconfig Title for asff template (#5351)
  • 91841f5 ci: add workflow to check Go versions of dependencies (#5340)
  • 57ba05c chore(deps): Upgrade defsec to v0.93.1 (#5348)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Oct 30 '23 12:10 dependabot[bot]

A newer version of github.com/aquasecurity/trivy exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

dependabot[bot] avatar Nov 06 '23 12:11 dependabot[bot]

This error is blocking me from upgrading trivy in my project. Are there any plans to look into this?

ChristofferNissen avatar May 25 '24 22:05 ChristofferNissen

Raised a PR #635 to resolve this issue

ChristofferNissen avatar May 27 '24 09:05 ChristofferNissen

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar May 29 '24 15:05 dependabot[bot]