Bump github.com/aquasecurity/trivy from 0.48.3 to 0.53.0 in /hack/tools

[dependabot[bot]]

Bumps github.com/aquasecurity/trivy from 0.48.3 to 0.53.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.53.0

Changelog

• c55b0e6ca release: v0.53.0 [main] (#6855)
• 654217a65 feat(conda): add licenses support for environment.yml files (#6953)
• 3d4ae8b5b fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
• 55ccd06df feat: add memory cache backend (#7048)
• 14d71ba63 fix(sbom): use package UIDs for uniqueness (#7042)
• edc556b85 feat(php): add installed.json file support (#4865)
• 4f8b3996e docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
• 137c91642 fix: use embedded when command path not found (#7037)
• 9e4927ee1 chore(deps): bump trivy-kubernetes version (#7012)
• 4be02bab8 refactor: use google/wire for cache (#7024)
• e9fc3e339 fix(cli): show info message only when --scanners is available (#7032)
• 0ccdbfbb6 chore: enable float-compare rule from testifylint (#6967)
• 9045f2445 docs: Add sudo on commands, chmod before mv on install docs (#7009)
• 3d02a31b4 fix(plugin): respect --insecure (#7022)
• 8d618e48a feat(k8s)!: node-collector dynamic commands support (#6861)
• a76e3286c fix(sbom): take pkg name from purl for maven pkgs (#7008)
• eb636c1b3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#7018)
• 8d0ae1f5d feat!: add clean subcommand (#6993)
• de201dc77 chore: use ! for breaking changes (#6994)
• 979e118a9 feat(aws)!: Remove aws subcommand (#6995)
• 648ead955 refactor: replace global cache directory with parameter passing (#6986)
• 7eabb92ec fix(sbom): use purl for bitnami pkg names (#6982)
• 333087c9e chore: bump Go toolchain version (#6984)
• 6dff4223e refactor: unify cache implementations (#6977)
• 9dc8a2ba6 docs: non-packaged and sbom clarifications (#6975)
• b58d42dc9 BREAKING(aws): Deprecate trivy aws as subcmd in favour of a plugin (#6819)
• 6469d37cc docs: delete unknown URL (#6972)
• 30bcb9535 refactor: use version-specific URLs for documentation references (#6966)
• e493fc931 refactor: delete db mock (#6940)
• 983ac15f2 ci: add depguard (#6963)
• dfe757e37 refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726)
• f144e912d feat: Add local ImageID to SARIF metadata (#6522)
• 5ee4e9d30 fix(suse): Add SLES 15.6 and Leap 15.6 (#6964)
• f18d035ae feat(java): add support for sbt projects using sbt-dependency-lock (#6882)
• 1f8fca1fc feat(java): add support for maven-metadata.xml files for remote snapshot repositories. (#6950)
• 2d85a003b fix(purl): add missed os types (#6955)
• 417212e09 fix(cyclonedx): trim non-URL info for advisory.url (#6952)
• 38b35dd3c fix(c): don't skip conan files from file-patterns and scan .conan2 cache dir (#6949)
• eb6d0d977 ci: correctly handle categories (#6943)
• 0af5730cb fix(image): parse image.inspect.Created field only for non-empty values (#6948)
• c3192f061 fix(misconf): handle source prefix to ignore (#6945)
• ec68c9ab4 fix(misconf): fix parsing of engine links and frameworks (#6937)
• bc3741ae2 feat(misconf): support of selectors for all providers for Rego (#6905)
• 735aadf2d ci: don't run tests for release-please PRs (#6936)
• 52f7aa54b fix(license): return license separation using separators ,, or, etc. (#6916)
• d77d9ce38 ci: use ubuntu-latest-m runner (#6918)
• 55fa6109c feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755)
• cd360dde2 BREAKING(misconf): flatten recursive types (#6862)

... (truncated)

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.53.0 (2024-07-01)

⚠ BREAKING CHANGES

• k8s: node-collector dynamic commands support (#6861)
• add clean subcommand (#6993)
• aws: Remove aws subcommand (#6995)

Features

• add clean subcommand (#6993) (8d0ae1f)
• Add local ImageID to SARIF metadata (#6522) (f144e91)
• add memory cache backend (#7048) (55ccd06)
• aws: Remove aws subcommand (#6995) (979e118)
• conda: add licenses support for environment.yml files (#6953) (654217a)
• dart: use first version of constraint for dependencies using SDK version (#6239) (042d6b0)
• image: Set User-Agent header for Trivy container registry requests (#6868) (9b31697)
• java: add support for maven-metadata.xml files for remote snapshot repositories. (#6950) (1f8fca1)
• java: add support for sbt projects using sbt-dependency-lock (#6882) (f18d035)
• k8s: node-collector dynamic commands support (#6861) (8d618e4)
• misconf: add metadata to Cloud schema (#6831) (02d5404)
• misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) (55fa610)
• misconf: API Gateway V1 support for CloudFormation (#6874) (8491469)
• misconf: support of selectors for all providers for Rego (#6905) (bc3741a)
• php: add installed.json file support (#4865) (edc556b)
• plugin: add support for nested archives (#6845) (622c67b)
• sbom: migrate to CycloneDX v1.6 (#6903) (09e50ce)

Bug Fixes

• c: don't skip conan files from file-patterns and scan .conan2 cache dir (#6949) (38b35dd)
• cli: show info message only when --scanners is available (#7032) (e9fc3e3)
• cyclonedx: trim non-URL info for advisory.url (#6952) (417212e)
• debian: take installed files from the origin layer (#6849) (089b953)
• image: parse image.inspect.Created field only for non-empty values (#6948) (0af5730)
• license: return license separation using separators ,, or, etc. (#6916) (52f7aa5)
• misconf: fix caching of modules in subdirectories (#6814) (0bcfedb)
• misconf: fix parsing of engine links and frameworks (#6937) (ec68c9a)
• misconf: handle source prefix to ignore (#6945) (c3192f0)
• misconf: parsing numbers without fraction as int (#6834) (8141a13)
• nodejs: fix infinite loop when package link from package-lock.json file is broken (#6858) (cf5aa33)
• nodejs: fix infinity loops for pnpm with cyclic imports (#6857) (7d083bc)
• plugin: respect --insecure (#7022) (3d02a31)
• purl: add missed os types (#6955) (2d85a00)
• python: compare pkg names from poetry.lock and pyproject.toml in lowercase (#6852) (faa9d92)
• sbom: don't overwrite srcEpoch when decoding SBOM files (#6866) (04af59c)
• sbom: fix panic when scanning SBOM file without root component into SBOM format (#7051) (3d4ae8b)
• sbom: take pkg name from purl for maven pkgs (#7008) (a76e328)

... (truncated)

Commits

• c55b0e6 release: v0.53.0 [main] (#6855)
• 654217a feat(conda): add licenses support for environment.yml files (#6953)
• 3d4ae8b fix(sbom): fix panic when scanning SBOM file without root component into SBOM...
• 55ccd06 feat: add memory cache backend (#7048)
• 14d71ba fix(sbom): use package UIDs for uniqueness (#7042)
• edc556b feat(php): add installed.json file support (#4865)
• 4f8b399 docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
• 137c916 fix: use embedded when command path not found (#7037)
• 9e4927e chore(deps): bump trivy-kubernetes version (#7012)
• 4be02ba refactor: use google/wire for cache (#7024)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot] Once this PR has been reviewed and has the lgtm label, please assign mkumatag for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[netlify[bot]]

❌ Deploy Preview for kubernetes-sigs-cluster-api-ibmcloud failed.

Name	Link
🔨 Latest commit	98ee19fa5ccb18d08d850efd8cf260688fb7eb4b
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-ibmcloud/deploys/66832f4b5718cd0008c5b817

[k8s-ci-robot]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-ibmcloud-verify	98ee19fa5ccb18d08d850efd8cf260688fb7eb4b	link	true	/test pull-cluster-api-provider-ibmcloud-verify
pull-cluster-api-provider-ibmcloud-build	98ee19fa5ccb18d08d850efd8cf260688fb7eb4b	link	true	/test pull-cluster-api-provider-ibmcloud-build
pull-cluster-api-provider-ibmcloud-test	98ee19fa5ccb18d08d850efd8cf260688fb7eb4b	link	true	/test pull-cluster-api-provider-ibmcloud-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[Amulyam24]

/close

[k8s-ci-robot]

@Amulyam24: Closed this PR.

In response to [this](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/pull/1864#issuecomment-2202013406): >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.