search

kubernetes-sigs / cluster-api-provider-ibmcloud

Cluster API Provider for IBM Cloud
https://cluster-api-ibmcloud.sigs.k8s.io
Apache License 2.0
62 stars 79 forks source link

Bump github.com/aquasecurity/trivy from 0.48.3 to 0.51.2 in /hack/tools #1788

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps github.com/aquasecurity/trivy from 0.48.3 to 0.51.2.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.51.2

Changelog

  • eadc6fb64 fix: node-collector high and critical cves (#6707)
  • cc489b1af Merge pull request from GHSA-xcq4-m2r3-cmrj
  • 013f71a6a chore: auto-bump golang patch versions (#6711)
  • 113a5b216 fix(misconf): don't shift ignore rule related to code (#6708)
  • 733e5ac1f fix(go): include only .version|.ver (no prefixes) ldflags for gobinaries (#6705)
  • d311e49bc fix(go): add only non-empty root modules for gobinaries (#6710)
  • cf1a7bf30 refactor: unify package addition and vulnerability scanning (#6579)
  • d465d9d1e fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696)
  • 0af225ccf fix(conda): add support pip deps for environment.yml files (#6675)
  • 6f64d5518 fix(misconf): skip Rego errors with a nil location (#6666)
  • 8c27430a2 fix(misconf): skip Rego errors with a nil location (#6638)
  • c2b46d3c2 refactor: unify Library and Package structs (#6633)
  • 4368f11e0 fix: use of specified context to obtain cluster name (#6645)
  • 5ec62f863 docs: fix usage of image-config-scanners (#6635)

v0.51.1

Changelog

  • 8016b821a fix(fs): handle default skip dirs properly (#6628)
  • 7a25dadb4 fix(misconf): load cached tf modules (#6607)
  • 9c794c0ff fix(misconf): do not use semver for parsing tf module versions (#6614)

v0.51.0

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6622

Changelog

  • 14c1024b4 refactor: move setting scanners when using compliance reports to flag parsing (#6619)
  • 998f75043 feat: introduce package UIDs for improved vulnerability mapping (#6583)
  • 770b14113 perf(misconf): Improve cause performance (#6586)
  • 3ccb1a0f1 docs: trivy-k8s new experiance remove un-used section (#6608)
  • 58cfd1b07 chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#6612)
  • 715963d75 docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
  • 37da98df4 feat(misconf): Use updated terminology for misconfiguration checks (#6476)
  • cdee7030a chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#6593)
  • 6a2225b42 docs: use generic link from trivy-repo (#6606)
  • a2a02de7c docs: update trivy k8s with new experience (#6465)
  • e739ab850 feat: support --skip-images scanning flag (#6334)
  • c6d5d856c BREAKING: add support for k8s disable-node-collector flag (#6311)
  • 194a81468 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#6601)
  • 03830c50c chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#6599)
  • 8e814fa23 chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#6597)
  • 2dc76ba78 chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#6588)
  • c17176ba9 chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#6595)
  • bce70af36 chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#6596)
  • 4369a19af feat: add ubuntu 23.10 and 24.04 support (#6573)
  • 5566548b7 chore(deps): bump azure/setup-helm from 3.5 to 4 (#6590)
  • a8af76a47 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#6587)

... (truncated)

Commits
  • eadc6fb fix: node-collector high and critical cves (#6707)
  • cc489b1 Merge pull request from GHSA-xcq4-m2r3-cmrj
  • 013f71a chore: auto-bump golang patch versions (#6711)
  • 113a5b2 fix(misconf): don't shift ignore rule related to code (#6708)
  • 733e5ac fix(go): include only .version|.ver (no prefixes) ldflags for `gobinaries...
  • d311e49 fix(go): add only non-empty root modules for gobinaries (#6710)
  • cf1a7bf refactor: unify package addition and vulnerability scanning (#6579)
  • d465d9d fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696)
  • 0af225c fix(conda): add support pip deps for environment.yml files (#6675)
  • 6f64d55 fix(misconf): skip Rego errors with a nil location (#6666)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
k8s-ci-robot commented 4 months ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot] Once this PR has been reviewed and has the lgtm label, please assign mkumatag for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
k8s-ci-robot commented 4 months ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
netlify[bot] commented 4 months ago

Deploy Preview for kubernetes-sigs-cluster-api-ibmcloud failed.

Name Link
Latest commit 6ed3261d7034b059ff4f5ff13631e3368dc9aa6b
Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-cluster-api-ibmcloud/deploys/664bcbca365f8a000832ede6
k8s-ci-robot commented 4 months ago

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-cluster-api-provider-ibmcloud-verify 6ed3261d7034b059ff4f5ff13631e3368dc9aa6b link true /test pull-cluster-api-provider-ibmcloud-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
Amulyam24 commented 4 months ago

/close Avoid updating until update to go version 1.22

k8s-ci-robot commented 4 months ago

@Amulyam24: Closed this PR.

In response to [this](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/pull/1788#issuecomment-2122582644): >/close >Avoid updating until update to go version 1.22 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
dependabot[bot] commented 4 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.