Bump github.com/aquasecurity/trivy from 0.48.3 to 0.55.0 in /hack/tools

dependabot[bot] commented 2 months ago

Bumps github.com/aquasecurity/trivy from 0.48.3 to 0.55.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.55.0

⚡Release highlights and summary⚡

👉https://github.com/aquasecurity/trivy/discussions/7440

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0550-2024-09-03

v0.54.1

Changelog

854c61d34a550a9fcbab3bc59e55b868c15d1962 release: v0.54.1 [release/v0.54] (#7282)

334a1c293bb3d490af2a6d80732f399efaac22f7 fix(flag): incorrect behavior for deprected flag --clear-cache [backport: release/v0.54] (#7285)

f61725c28b56d80fb46395479842a2ab0c517c5f fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283)

a7b7117fe2c9608e990b42e702cc83675c48f888 fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279)

v0.54.0

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/7268

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0540-2024-07-30

v0.53.0

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/7061

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0530-2024-07-01

v0.52.2

Changelog

8709d4f9c release: v0.52.2 [release/v0.52] (#6896)

a4b8ad767 ci: use ubuntu-latest-m runner [backport: release/v0.52] (#6933)

2b711bc26 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919)

191d31ef8 test: bump docker API to 1.45 [backport: release/v0.52] (#6922)

3f5874c8a ci: bump github.com/goreleaser/goreleaser to v2.0.0 [backport: release/v0.52] (#6893)

8f8c76a2a fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)

v0.52.1

Changelog

a3caf0658 release: v0.52.1 [release/v0.52] (#6877)

01dbb42ae fix(nodejs): fix infinite loop when package link from package-lock.json file is broken [backport: release/v0.52] (#6888)

f186d22bf fix(sbom): don't overwrite srcEpoch when decoding SBOM files [backport: release/v0.52] (#6881)

093c0ae02 fix(python): compare pkg names from poetry.lock and pyproject.toml in lowercase [backport: release/v0.52] (#6878)

6bfda7602 Merge pull request #6879 from aquasecurity/backport-pr-6864-to-release/v0.52

53850c8b2 docs: explain how VEX is applied (#6864)

221196202 Merge pull request #6875 from aquasecurity/backport-pr-6857-to-release/v0.52

a614b693d fix(nodejs): fix infinity loops for pnpm with cyclic imports (#6857)

... (truncated)

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.55.0 (2024-09-03)

⚠ BREAKING CHANGES

cli: delete deprecated SBOM flags (#7266)

Features

cli: delete deprecated SBOM flags (#7266) (7024572)

go: use toolchain as stdlib version for go.mod files (#7163) (2d80769)

java: add test scope support for pom.xml files (#7414) (2d97700)

misconf: Add support for using spec from on-disk bundle (#7179) (be86126)

misconf: ignore duplicate checks (#7317) (9ef05fc)

misconf: iterator argument support for dynamic blocks (#7236) (fe92072)

misconf: port and protocol support for EC2 networks (#7146) (98e136e)

misconf: scanning support for YAML and JSON (#7311) (efdbd8f)

misconf: support for ignore by nested attributes (#7205) (44e4686)

misconf: support for policy and bucket grants (#7284) (a817fae)

misconf: variable support for Terraform Plan (#7228) (db2c955)

python: use minimum version for pip packages (#7348) (e9b43f8)

report: export modified findings in JSON (#7383) (7aea79d)

sbom: set User-Agent header on requests to Rekor (#7396) (af1d257)

server: add internal --path-prefix flag for client/server mode (#7321) (24a4563)

server: Make Trivy Server Multiplexer Exported (#7389) (4c6e8ca)

vm: Support direct filesystem (#7058) (45b3f34)

vm: support the Ext2/Ext3 filesystems (#6983) (35c60f0)

vuln: Add --detection-priority flag for accuracy tuning (#7288) (fd8348d)

Bug Fixes

aws: handle ECR repositories in different regions (#6217) (feaef96)

flag: incorrect behavior for deprected flag --clear-cache (#7281) (2a0e529)

helm: explicitly define kind and apiVersion of volumeClaimTemplate element (#7362) (da4ebfa)

java: Return error when trying to find a remote pom to avoid segfault (#7275) (49d5270)

license: add license handling to JUnit template (#7409) (f80183c)

logger initialization before flags parsing (#7372) (c929290)

misconf: change default TLS values for the Azure storage account (#7345) (aadb090)

misconf: do not filter Terraform plan JSON by name (#7406) (9d7264a)

misconf: do not recreate filesystem map (#7416) (3a5d091)

misconf: do not register Rego libs in checks registry (#7420) (a5aa63e)

misconf: do not set default value for default_cache_behavior (#7234) (f0ed5e4)

misconf: fix infer type for null value (#7424) (0cac3ac)

misconf: init frameworks before updating them (#7376) (b65b32d)

misconf: load only submodule if it is specified in source (#7112) (a4180bd)

misconf: support deprecating for Go checks (#7377) (2a6c7ab)

misconf: use module to log when metadata retrieval fails (#7405) (0799770)

misconf: wrap Azure PortRange in iac types (#7357) (c5c62d5)

nodejs: check all importers to detect dev deps from pnpm-lock.yaml file (#7387) (fd9ed3a)

... (truncated)

Commits

7a1e8b8 release: v0.55.0 [main] (#7271)
2d80769 feat(go): use toolchain as stdlib version for go.mod files (#7163)
f80183c fix(license): add license handling to JUnit template (#7409)
2d97700 feat(java): add test scope support for pom.xml files (#7414)
870523d chore(deps): Bump trivy-checks and pin OPA (#7427)
da4ebfa fix(helm): explicitly define kind and apiVersion of volumeClaimTemplate...
af1d257 feat(sbom): set User-Agent header on requests to Rekor (#7396)
1a6295c test: add integration plugin tests (#7299)
fd9ed3a fix(nodejs): check all importers to detect dev deps from pnpm-lock.yaml fil...
c929290 fix: logger initialization before flags parsing (#7372)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

k8s-ci-robot commented 2 months ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

netlify[bot] commented 2 months ago

Deploy Preview for kubernetes-sigs-cluster-api-ibmcloud ready!

Name	Link
Latest commit	e9d3b26036eda43fea2de02f607569178beb0e59
Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-ibmcloud/deploys/66d95543d1dd5d00085650f1
Deploy Preview	https://deploy-preview-1945--kubernetes-sigs-cluster-api-ibmcloud.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

k8s-ci-robot commented 2 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dependabot[bot], mkumatag

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/OWNERS)~~ [mkumatag] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

kubernetes-sigs / cluster-api-provider-ibmcloud