Bump aquasecurity/trivy-action from 0.19.0 to 0.23.0

[dependabot[bot]]

Bumps aquasecurity/trivy-action from 0.19.0 to 0.23.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.23.0

What's Changed

• Upgrade trivy to v0.52.2 by @​Dr-DevOps in aquasecurity/trivy-action#367

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.22.0...0.23.0

v0.22.0

What's Changed

• chore(docs): Reference the use of a pinned version by @​simar7 in aquasecurity/trivy-action#356
• Upgrade trivy to v0.52.0 by @​Keralin in aquasecurity/trivy-action#364

New Contributors

• @​Keralin made their first contribution in aquasecurity/trivy-action#364

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.21.0...0.22.0

v0.21.0

What's Changed

• bump trivy version to v0.51.2 by @​Dr-DevOps in aquasecurity/trivy-action#360

New Contributors

• @​Dr-DevOps made their first contribution in aquasecurity/trivy-action#360

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.20.0...0.21.0

v0.20.0

What's Changed

• Make 'hide-progress' input working again by @​uridium in aquasecurity/trivy-action#323
• feat(image): add --docker-host option for GH Action users by @​calinmarina in aquasecurity/trivy-action#267
• Browse Trivy reports without GitHub Advanced Security license by @​uridium in aquasecurity/trivy-action#328
• Fix docker host bug by @​admiralAwkbar in aquasecurity/trivy-action#329
• Bump trivy version to v0.50.2 by @​pdefreitas in aquasecurity/trivy-action#341
• update tests by @​nikpivkin in aquasecurity/trivy-action#334
• bump trivy version to v0.51.1 by @​simar7 in aquasecurity/trivy-action#353

New Contributors

• @​uridium made their first contribution in aquasecurity/trivy-action#323
• @​calinmarina made their first contribution in aquasecurity/trivy-action#267
• @​admiralAwkbar made their first contribution in aquasecurity/trivy-action#329
• @​pdefreitas made their first contribution in aquasecurity/trivy-action#341

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.19.0...0.20.0

Commits

• 7c2007b Upgrade trivy to v0.52.2 (#367)
• 595be6a Upgrade trivy to v0.52.0 (#364)
• 841fb37 chore(docs): Reference the use of a pinned version (#356)
• fd25fed bump trivy version to v0.51.2 (#360)
• b2933f5 bump trivy version to v0.51.1 (#353)
• b2cd5ff Update bump-trivy.yaml
• 6f8c237 update tests (#334)
• 7088d18 Revert "fix: 🐛 allow trivy-config and other options to be used together (#338)"
• ee6a4f5 fix: 🐛 allow trivy-config and other options to be used together (#338)
• b5f4977 Bump trivy version to v0.50.2 (#341)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[JackPGreen]

Vulnerability scans still fail, but in the same way as before so I think is ok.

[nishaatr]

interesting went from 19 to 23.

[JackPGreen]

interesting went from 19 to 23.

Dependabot was paused due to inactivity, which is why the PR I merged yesterday wasn't up-to-date.

[nishaatr]

interesting went from 19 to 23.

Dependabot was paused due to inactivity, which is why the PR I merged yesterday wasn't up-to-date.

I see. cool