chore(deps): bump github.com/aquasecurity/trivy from 0.51.2 to 0.51.4

[dependabot[bot]]

Bumps github.com/aquasecurity/trivy from 0.51.2 to 0.51.4.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.51.4

Changelog

• c06f467e6 chore: downgrade trivy-checks and trivy-aws
• df4f7604a build: use main package instead of main.go (#6766)
• bf7a8ede3 chore(deps): bump the common group across 1 directory with 29 updates (#6756)
• acb22c60a chore(deps): bump the aws group with 8 updates (#6738)
• 9a3510ffd chore(deps): bump the docker group with 2 updates (#6739)
• 7806b37e2 ci: add generic dir to deb deploy script (#6636)

Commits

• c06f467 chore: downgrade trivy-checks and trivy-aws
• df4f760 build: use main package instead of main.go (#6766)
• bf7a8ed chore(deps): bump the common group across 1 directory with 29 updates (#6756)
• acb22c6 chore(deps): bump the aws group with 8 updates (#6738)
• 9a3510f chore(deps): bump the docker group with 2 updates (#6739)
• 7806b37 ci: add generic dir to deb deploy script (#6636)
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

| Dependency Name | Ignore Conditions | | --- | --- | | github.com/aquasecurity/trivy | [>= 0.50.2.a, < 0.50.3] | | github.com/aquasecurity/trivy | [< 0.51, > 0.50.1] |

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[shino]

Compare the results from v0.25.4 and this PR binaries for gobinary and war (cf. integration/int-config.toml)

No significant chages are found.

Go binary:

% diff pr1938.json v0.25.4.json L
19c19
<     "scannedAt": "2024-05-29T16:02:56.925629946+09:00",
---
>     "scannedAt": "2024-05-29T16:04:09.37816666+09:00",
22c22
<     "scannedRevision": "build-20240529_144521_09df7ba",
---
>     "scannedRevision": "build-20240522_141523_878c25b",
29c29
<     "reportedAt": "2024-05-29T16:02:59.322143918+09:00",
---
>     "reportedAt": "2024-05-29T16:04:13.62755145+09:00",
31c31
<     "reportedRevision": "build-20240529_144521_09df7ba",
---
>     "reportedRevision": "build-20240522_141523_878c25b",

war:

% diff war-pr1938.json war-v0.25.4.json L
19c19
<     "scannedAt": "2024-05-29T16:34:32.201881289+09:00",
---
>     "scannedAt": "2024-05-29T16:36:24.395367335+09:00",
22c22
<     "scannedRevision": "build-20240529_144521_09df7ba",
---
>     "scannedRevision": "build-20240522_141523_878c25b",
29c29
<     "reportedAt": "2024-05-29T16:34:45.598907903+09:00",
---
>     "reportedAt": "2024-05-29T16:36:28.987870932+09:00",
31c31
<     "reportedRevision": "build-20240529_144521_09df7ba",
---
>     "reportedRevision": "build-20240522_141523_878c25b",