future-architect / vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
https://vuls.io/
GNU General Public License v3.0
11.01k stars 1.16k forks source link

chore(deps): bump github.com/aquasecurity/trivy from 0.56.2 to 0.57.0 #2057

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 3 weeks ago

Bumps github.com/aquasecurity/trivy from 0.56.2 to 0.57.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.57.0

⚡Release highlights and summary⚡

👉https://github.com/aquasecurity/trivy/discussions/7857

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0570-2024-10-31

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.57.0 (2024-10-31)

⚠ BREAKING CHANGES

  • k8s: support k8s multi container (#7444)

Features

  • add end of life date for Ubuntu 24.10 (#7787) (ad3c09e)
  • cli: add trivy auth (#7664) (27117f8)
  • cli: error out when ignore file cannot be found (#7624) (cb0b3a9)
  • cli: rename trivy auth to trivy registry (#7727) (633a7ab)
  • cyclonedx: add file checksums to CycloneDX reports (#7507) (c225883)
  • db: append errors (#7843) (5e78b6c)
  • misconf: export unresolvable field of IaC types to Rego (#7765) (9514148)
  • misconf: public network support for Azure Storage Account (#7601) (ad91412)
  • misconf: Show misconfig ID in output (#7762) (f75c0d1)
  • misconf: ssl_mode support for GCP SQL DB instance (#7564) (2eaa17e)
  • parser: ignore white space in pom.xml files (#7747) (a7baa93)
  • report: update gitlab template to populate operating_system value (#7735) (c0d79fa)

Bug Fixes

  • cli: clean --all deletes only relevant dirs (#7704) (672e886)
  • cli: add config name to skip-policy-update alias (#7820) (b661d68)
  • db: fix javadb downloading error handling (#7642) (2c87f0c)
  • enable usestdlibvars linter (#7770) (57e24aa)
  • go: Do not trim v prefix from versions in Go Mod Analyzer (#7733) (e872ec0)
  • helm: properly handle multiple archived dependencies (#7782) (6fab88d)
  • java: correctly inherit version and scope from upper/root depManagement and dependencies into parents (#7541) (778df82)
  • k8s: skip resources without misconfigs (#7797) (7882776)
  • k8s: support k8s multi container (#7444) (c434775)
  • k8s: support kubernetes v1.31 (#7810) (7a4f4d8)
  • license: fix license normalization for Universal Permissive License (#7766) (f6acdf7)
  • misconf: change default ACL of digitalocean_spaces_bucket to private (#7577) (9da84f5)
  • misconf: check if property is not nil before conversion (#7578) (c8c14d3)
  • misconf: fix for Azure Storage Account network acls adaptation (#7602) (35fd018)
  • misconf: properly expand dynamic blocks (#7612) (8d5dbc9)
  • redhat: include arch in PURL qualifiers (#7654) (a585e95)
  • repo: git clone output to Stderr (#7561) (fdf203c)
  • report: Fix invalid URI in SARIF report (#7645) (015bb88)
  • sbom: add options for DBs in private registries (#7660) (1f2e91b)
  • sbom: use Annotation instead of AttributionTexts for SPDX formats (#7811) (f2bb9c6)

0.56.0 (2024-10-03)

Features

... (truncated)

Commits


Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | github.com/aquasecurity/trivy | [>= 0.50.2.a, < 0.50.3] | | github.com/aquasecurity/trivy | [< 0.51, > 0.50.1] |

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)