Bump github.com/aquasecurity/trivy-operator from 0.17.1 to 0.18.1

[dependabot[bot]]

Bumps github.com/aquasecurity/trivy-operator from 0.17.1 to 0.18.1.

Release notes

Sourced from github.com/aquasecurity/trivy-operator's releases.

v0.18.1

Changelog

🐛 Notable Fixes 🐛

• 7ab16c7438f6e7806a6794faab6319978aa94351: fix: sbom duplicate vol name (#1748) (@​chen-keinan)
• f30e8615fcb5a55a4b45a68bf5f88f604511b9f5: fix: set audit config plugin trivy by default (#1746) (@​chen-keinan)

👮 Security updates👮

• f79231b526bc647922ba501f2e547ffd4eebb8c5: sec: fix CVE GHSA-9763-4f94-gfch (#1759) (@​chen-keinan)

👷 Other work 👷

• cebd1c049ce4cbe194d25cacfd86ad264878365e: Update trivy.yaml to support cve list (#1741) (@​gerbil)
• 49a8be864784691850702c057f22c9fb464a2ae0: build(deps): bump github.com/aquasecurity/trivy from 0.48.1 to 0.48.2 (#1749) (@​dependabot[bot])
• 8815129f3a9c463942ce09c5809bcdb68e188ad7: build(deps): bump github.com/aws/aws-sdk-go from 1.49.13 to 1.49.16 (#1750) (@​dependabot[bot])

v0.18.0

Changelog

✨ Notable Changes ✨

• 1ecf6a07fc41b574929761251b3992d3b414cab3: feat: add dbRepositoryUsername and dbRepositoryPassword for dbReposit… (#1657) (@​juergen-fast)
• 67e96c69741ee1e3cdab25b0def55db1d565b87a: feat: ingress resource on config-scan support (#1726) (@​chen-keinan)
• e058b99405df4a6f82e994e01ae90cf7c58bb192: feat: retrieve sbom specified sources from oci registries (#1732) (@​chen-keinan)
• 3c3cd0211f6cca0f0ee5b4834d41ce37e65196a9: feat: kbom and k8s core component scan (#1646) (@​chen-keinan)
• 53e6b0d8b2ebc9473fbed46e1d6ee6a02c0c94fb: feat: trivy fs -include-dev-deps support (#1669) (@​chen-keinan)

🐛 Notable Fixes 🐛

• 3f77e6ba9077b07512238b7a189b9f437ff5efb6: fix: service monitor cause operator to crash (#1729) (@​chen-keinan)
• 8278eadeae9ed3d9c4de8cb4aa6b40b6276b8552: fix: hang node collector node shutdown (#1714) (@​chen-keinan)
• 3911b5635070be32c34d60c1eafc248efff565b1: fix: kubelet checks via config resource (#1712) (@​chen-keinan)
• b38cd493e4c3e0ebcaad2dead459c3695046fec4: fix: missing reports on via cluster sbom cache (#1713) (@​chen-keinan)
• e4aba4514f39030bbd46d10852f79f6c7a43bf67: fix: remove duplicate entry in the CRDs list (#1684) (@​BenjaminHerbert)
• 9fea2e71d6b3339aaa69da144f781c4d6735a611: fix: sbom secret size limit (#1683) (@​chen-keinan)

🔧 Miscellaneous 🔧

• 42dfa7d2f3b9977bcb97e0a3af6ea32afbc1cfd6: chore: trivy 0.48.1 dep update (#1715) (@​chen-keinan)

👮 Security updates👮

• b82a141e36ab2669a0be9b11495410b8da131a69: sec: fix CVE-2023-49568 (#1723) (@​chen-keinan)

👷 Other work 👷

• 99d02b163d5382e2575021c8daf910e8da2142ff: build(deps): bump github.com/aws/aws-sdk-go from 1.49.9 to 1.49.13 (#1727) (@​dependabot[bot])
• ee47e024e6d0e342d0e74e28099cf7160c6d81a1: build(deps): bump github.com/prometheus/client_golang (#1728) (@​dependabot[bot])
• 551ffee226273346f6011eb520a058699f89acf3: Fix typo in nav (#1686) (@​evankanderson)
• 5680146c2a71e1efdf1732e393b7df12d51e83ca: build(deps): bump actions/setup-go from 4 to 5 (#1691) (@​dependabot[bot])
• 44ea898744ced1ab900afc2878c38fb126d38a25: build(deps): bump actions/setup-python from 4.7.1 to 5.0.0 (#1690) (@​dependabot[bot])
• 1df3205f58b9e3321e601aee282e07fd6274ad36: build(deps): bump actions/stale from 8 to 9 (#1692) (@​dependabot[bot])
• 3f44cec8ffe29b589f0e76a201528592dad634af: build(deps): bump github.com/aws/aws-sdk-go from 1.48.11 to 1.48.16 (#1693) (@​dependabot[bot])
• ade4a3859f87bb53ab8053f31db7e481a2f62e19: build(deps): bump github.com/aws/aws-sdk-go from 1.48.16 to 1.49.4 (#1705) (@​dependabot[bot])
• 6e4690ceff9b00baf5288aa07de4b3434f01787a: build(deps): bump github.com/aws/aws-sdk-go from 1.48.4 to 1.48.11 (#1672) (@​dependabot[bot])
• 6c84b5084075190233b1089086d1559f56b9ec4b: build(deps): bump github.com/aws/aws-sdk-go from 1.49.4 to 1.49.9 (#1719) (@​dependabot[bot])
• 3e317db1a2665a36af5253fc4a3c2e23325145cc: build(deps): bump github.com/go-logr/logr from 1.3.0 to 1.4.1 (#1718) (@​dependabot[bot])
• 592c5d47b7bf979fb2670203b7c9721baefbdc2d: build(deps): bump github.com/google/go-containerregistry (#1671) (@​dependabot[bot])
• c11b4a502281eccaad78b65d0e946cdbae42274d: build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#1717) (@​dependabot[bot])
• 945fec9614687c2bc17d70d25f103b8cbf8d8c71: build(deps): bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.13.2 (#1674) (@​dependabot[bot])
• d85e9565b10f2b698968faa2958a6f1524ca36c3: build(deps): bump golang.org/x/net from 0.18.0 to 0.19.0 (#1673) (@​dependabot[bot])
• 1e6b951cdcac931f91953f9d805c9bda03b553dd: build(deps): bump k8s.io/apiextensions-apiserver from 0.28.3 to 0.29.0 (#1716) (@​dependabot[bot])
• d72e8c4f83e417d7a4dd1816cb76e8eb6362de3c: build(deps): bump k8s.io/cli-runtime from 0.28.4 to 0.29.0 (#1704) (@​dependabot[bot])
• 952a187dff110486be72d8d1a21d008e3f5bb9b8: build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1689) (@​dependabot[bot])

... (truncated)

Commits

• f79231b sec: fix CVE GHSA-9763-4f94-gfch (#1759)
• 38a9a6a release: prepare v0.18.1 (#1757)
• 6e43799 release: prepare v0.18.1 (#1756)
• 9e752d5 release: prepare v0.18.1 (#1755)
• bffe623 release: prepare v0.18.1 (#1754)
• 89e422a release: prepare v0.18.1 (#1753)
• 53a55d8 release: prepare v0.18.1 (#1752)
• 7ab16c7 fix: sbom duplicate vol name (#1748)
• 49a8be8 build(deps): bump github.com/aquasecurity/trivy from 0.48.1 to 0.48.2 (#1749)
• 8815129 build(deps): bump github.com/aws/aws-sdk-go from 1.49.13 to 1.49.16 (#1750)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #295.