Closed renovate[bot] closed 9 months ago
This PR contains the following updates:
0.47.0
0.48.2
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
0.47.0->0.48.2Release Notes
aquasecurity/trivy (trivy)
### [`v0.48.2`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.48.2) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.48.1...v0.48.2) #### Changelog - [`4cdff0e`](https://togithub.com/aquasecurity/trivy/commit/4cdff0e57) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 ([#5822](https://togithub.com/aquasecurity/trivy/issues/5822)) - [`be969d4`](https://togithub.com/aquasecurity/trivy/commit/be969d413) chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 ([#5809](https://togithub.com/aquasecurity/trivy/issues/5809)) - [`81748f5`](https://togithub.com/aquasecurity/trivy/commit/81748f5ad) chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 ([#5805](https://togithub.com/aquasecurity/trivy/issues/5805)) ### [`v0.48.1`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.48.1) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.48.0...v0.48.1) #### Changelog - [`ba825b2`](https://togithub.com/aquasecurity/trivy/commit/ba825b2ae) chore(deps): bump trivy-iac to v0.7.1 ([#5797](https://togithub.com/aquasecurity/trivy/issues/5797)) - [`abf227e`](https://togithub.com/aquasecurity/trivy/commit/abf227e06) fix(bitnami): use a different comparer for detecting vulnerabilities ([#5633](https://togithub.com/aquasecurity/trivy/issues/5633)) - [`df49ea4`](https://togithub.com/aquasecurity/trivy/commit/df49ea4a1) refactor(sbom): disable html escaping for CycloneDX ([#5764](https://togithub.com/aquasecurity/trivy/issues/5764)) - [`f25e2df`](https://togithub.com/aquasecurity/trivy/commit/f25e2df1c) refactor(purl): use `pub` from `package-url` ([#5784](https://togithub.com/aquasecurity/trivy/issues/5784)) - [`b5e3b77`](https://togithub.com/aquasecurity/trivy/commit/b5e3b77f0) docs(python): add note to using `pip freeze` for `compatible releases` ([#5760](https://togithub.com/aquasecurity/trivy/issues/5760)) - [`6cc00c2`](https://togithub.com/aquasecurity/trivy/commit/6cc00c2f0) fix(report): use OS information for OS packages purl in `github` template ([#5783](https://togithub.com/aquasecurity/trivy/issues/5783)) - [`c317fe8`](https://togithub.com/aquasecurity/trivy/commit/c317fe828) fix(report): fix error if miconfigs are empty ([#5782](https://togithub.com/aquasecurity/trivy/issues/5782)) - [`9b4bced`](https://togithub.com/aquasecurity/trivy/commit/9b4bcedf0) refactor(vuln): don't remove VendorSeverity in JSON report ([#5761](https://togithub.com/aquasecurity/trivy/issues/5761)) - [`be5a550`](https://togithub.com/aquasecurity/trivy/commit/be5a55049) fix(report): don't mark misconfig passed tests as failed in junit.tpl ([#5767](https://togithub.com/aquasecurity/trivy/issues/5767)) - [`01edbda`](https://togithub.com/aquasecurity/trivy/commit/01edbda34) docs(k8s): replace --scanners config with --scanners misconfig in docs ([#5746](https://togithub.com/aquasecurity/trivy/issues/5746)) - [`eb97419`](https://togithub.com/aquasecurity/trivy/commit/eb9741954) fix(report): update Gitlab template ([#5721](https://togithub.com/aquasecurity/trivy/issues/5721)) - [`be1c554`](https://togithub.com/aquasecurity/trivy/commit/be1c55497) feat(secret): add support of GitHub fine-grained tokens ([#5740](https://togithub.com/aquasecurity/trivy/issues/5740)) - [`a5342da`](https://togithub.com/aquasecurity/trivy/commit/a5342da06) fix(misconf): add an image misconf to result ([#5731](https://togithub.com/aquasecurity/trivy/issues/5731)) - [`108a5b0`](https://togithub.com/aquasecurity/trivy/commit/108a5b05c) feat(secret): added support of Docker registry credentials ([#5720](https://togithub.com/aquasecurity/trivy/issues/5720)) - [`6080e24`](https://togithub.com/aquasecurity/trivy/commit/6080e245c) chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 ([#5717](https://togithub.com/aquasecurity/trivy/issues/5717)) - [`e27ec32`](https://togithub.com/aquasecurity/trivy/commit/e27ec3261) chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 ([#5701](https://togithub.com/aquasecurity/trivy/issues/5701)) ### [`v0.48.0`](https://togithub.com/aquasecurity/trivy/releases/tag/v0.48.0) [Compare Source](https://togithub.com/aquasecurity/trivy/compare/v0.47.0...v0.48.0) #### ⚡Release highlights and summary⚡ 👉 [https://github.com/aquasecurity/trivy/discussions/5724](https://togithub.com/aquasecurity/trivy/discussions/5724) #### Changelog - [`f2aa9bf`](https://togithub.com/aquasecurity/trivy/commit/f2aa9bf3e) chore(deps): bump sigstore/cosign-installer from [`4a86152`](https://togithub.com/aquasecurity/trivy/commit/4a861528be5e691840a69536975ada1d4c30349d) to [`1fc5bd3`](https://togithub.com/aquasecurity/trivy/commit/1fc5bd396d372bee37d608f955b336615edf79c8) ([#5696](https://togithub.com/aquasecurity/trivy/issues/5696)) - [`6d7e2f8`](https://togithub.com/aquasecurity/trivy/commit/6d7e2f811) chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 ([#5694](https://togithub.com/aquasecurity/trivy/issues/5694)) - [`0ff5f96`](https://togithub.com/aquasecurity/trivy/commit/0ff5f96bb) feat: filter k8s core components vuln results ([#5713](https://togithub.com/aquasecurity/trivy/issues/5713)) - [`a54d1e9`](https://togithub.com/aquasecurity/trivy/commit/a54d1e95f) feat(vuln): remove duplicates in Fixed Version ([#5596](https://togithub.com/aquasecurity/trivy/issues/5596)) - [`99c04c4`](https://togithub.com/aquasecurity/trivy/commit/99c04c438) feat(report): output plugin ([#4863](https://togithub.com/aquasecurity/trivy/issues/4863)) - [`70078b9`](https://togithub.com/aquasecurity/trivy/commit/70078b9c0) chore(deps): bump alpine from 3.18.4 to 3.18.5 ([#5700](https://togithub.com/aquasecurity/trivy/issues/5700)) - [`49e83a6`](https://togithub.com/aquasecurity/trivy/commit/49e83a6ad) chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 ([#5704](https://togithub.com/aquasecurity/trivy/issues/5704)) - [`af32cb3`](https://togithub.com/aquasecurity/trivy/commit/af32cb310) chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 ([#5699](https://togithub.com/aquasecurity/trivy/issues/5699)) - [`1766271`](https://togithub.com/aquasecurity/trivy/commit/176627192) chore(deps): bump actions/github-script from 6 to 7 ([#5697](https://togithub.com/aquasecurity/trivy/issues/5697)) - [`7ee8547`](https://togithub.com/aquasecurity/trivy/commit/7ee854767) chore(deps): bump easimon/maximize-build-space from 8 to 9 ([#5695](https://togithub.com/aquasecurity/trivy/issues/5695)) - [`654147f`](https://togithub.com/aquasecurity/trivy/commit/654147fc6) docs: typo in modules.md ([#5712](https://togithub.com/aquasecurity/trivy/issues/5712)) - [`2569575`](https://togithub.com/aquasecurity/trivy/commit/256957523) feat: Add flag to configure node-collector image ref ([#5710](https://togithub.com/aquasecurity/trivy/issues/5710)) - [`c061009`](https://togithub.com/aquasecurity/trivy/commit/c0610097a) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 ([#5702](https://togithub.com/aquasecurity/trivy/issues/5702)) - [`aedbd85`](https://togithub.com/aquasecurity/trivy/commit/aedbd85d6) chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 ([#5698](https://togithub.com/aquasecurity/trivy/issues/5698)) - [`e018b9c`](https://togithub.com/aquasecurity/trivy/commit/e018b9c42) chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 ([#5706](https://togithub.com/aquasecurity/trivy/issues/5706)) - [`b5874e3`](https://togithub.com/aquasecurity/trivy/commit/b5874e3ad) feat(misconf): Add `--misconfig-scanners` option ([#5670](https://togithub.com/aquasecurity/trivy/issues/5670)) - [`075d8f6`](https://togithub.com/aquasecurity/trivy/commit/075d8f628) chore: bump Go to 1.21 ([#5662](https://togithub.com/aquasecurity/trivy/issues/5662)) - [`16b757d`](https://togithub.com/aquasecurity/trivy/commit/16b757d18) feat: Packagesprops support ([#5605](https://togithub.com/aquasecurity/trivy/issues/5605)) - [`372efc9`](https://togithub.com/aquasecurity/trivy/commit/372efc9ec) chore(deps): Bump up trivy misconf deps ([#5656](https://togithub.com/aquasecurity/trivy/issues/5656)) - [`edad5f6`](https://togithub.com/aquasecurity/trivy/commit/edad5f690) docs: update adopters discussion template ([#5632](https://togithub.com/aquasecurity/trivy/issues/5632)) - [`ed9d340`](https://togithub.com/aquasecurity/trivy/commit/ed9d34030) docs: terraform tutorial links updated to point to correct loc ([#5661](https://togithub.com/aquasecurity/trivy/issues/5661)) - [`8ff574e`](https://togithub.com/aquasecurity/trivy/commit/8ff574e3f) fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` ([#5647](https://togithub.com/aquasecurity/trivy/issues/5647)) - [`ad977a4`](https://togithub.com/aquasecurity/trivy/commit/ad977a425) fix(nodejs): support protocols for dependency section in yarn.lock files ([#5612](https://togithub.com/aquasecurity/trivy/issues/5612)) - [`b1dc60b`](https://togithub.com/aquasecurity/trivy/commit/b1dc60b88) fix(secret): exclude upper case before secret for `alibaba-access-key-id` ([#5618](https://togithub.com/aquasecurity/trivy/issues/5618)) - [`65351d4`](https://togithub.com/aquasecurity/trivy/commit/65351d4f2) docs: Update Arch Linux package URL in installation.md ([#5619](https://togithub.com/aquasecurity/trivy/issues/5619)) - [`c866f1c`](https://togithub.com/aquasecurity/trivy/commit/c866f1c4e) chore: add prefix to image errors ([#5601](https://togithub.com/aquasecurity/trivy/issues/5601)) - [`ed0022b`](https://togithub.com/aquasecurity/trivy/commit/ed0022b91) docs(vuln): fix link anchor ([#5606](https://togithub.com/aquasecurity/trivy/issues/5606)) - [`3c81727`](https://togithub.com/aquasecurity/trivy/commit/3c8172703) docs: Add Dagger integration section and cleanup Ecosystem CICD docs page ([#5608](https://togithub.com/aquasecurity/trivy/issues/5608)) - [`2145464`](https://togithub.com/aquasecurity/trivy/commit/214546427) fix: k8s friendly error messages kbom non cluster scans ([#5594](https://togithub.com/aquasecurity/trivy/issues/5594)) - [`44d0b28`](https://togithub.com/aquasecurity/trivy/commit/44d0b28ad) feat: set InstalledFiles for DEB and RPM packages ([#5488](https://togithub.com/aquasecurity/trivy/issues/5488)) - [`ae4bcf6`](https://togithub.com/aquasecurity/trivy/commit/ae4bcf6a0) fix(report): use time.Time for CreatedAt ([#5598](https://togithub.com/aquasecurity/trivy/issues/5598)) - [`b6fafa0`](https://togithub.com/aquasecurity/trivy/commit/b6fafa04a) test: retry containerd initialization ([#5597](https://togithub.com/aquasecurity/trivy/issues/5597)) - [`1336223`](https://togithub.com/aquasecurity/trivy/commit/13362233c) feat(misconf): Expose misconf engine debug logs with `--debug` option ([#5550](https://togithub.com/aquasecurity/trivy/issues/5550)) - [`7105186`](https://togithub.com/aquasecurity/trivy/commit/71051863c) test: mock VM walker ([#5589](https://togithub.com/aquasecurity/trivy/issues/5589)) - [`d9d7f3f`](https://togithub.com/aquasecurity/trivy/commit/d9d7f3f19) chore: bump node-collector v0.0.9 ([#5591](https://togithub.com/aquasecurity/trivy/issues/5591)) - [`e3c28f8`](https://togithub.com/aquasecurity/trivy/commit/e3c28f8ee) feat(misconf): Add support for `--cf-params` for CFT ([#5507](https://togithub.com/aquasecurity/trivy/issues/5507)) - [`ac0e327`](https://togithub.com/aquasecurity/trivy/commit/ac0e32749) feat(flag): replace '--slow' with '--parallel' ([#5572](https://togithub.com/aquasecurity/trivy/issues/5572)) - [`5372067`](https://togithub.com/aquasecurity/trivy/commit/537206761) fix(report): add escaping for Sarif format ([#5568](https://togithub.com/aquasecurity/trivy/issues/5568)) - [`a389529`](https://togithub.com/aquasecurity/trivy/commit/a3895298d) chore: show a deprecation notice for `--scanners config` ([#5587](https://togithub.com/aquasecurity/trivy/issues/5587)) - [`f4dd062`](https://togithub.com/aquasecurity/trivy/commit/f4dd062f5) feat(report): Add CreatedAt to the JSON report. ([#5542](https://togithub.com/aquasecurity/trivy/issues/5542)) ([#5549](https://togithub.com/aquasecurity/trivy/issues/5549)) - [`d005f5a`](https://togithub.com/aquasecurity/trivy/commit/d005f5af2) test: mock RPM DB ([#5567](https://togithub.com/aquasecurity/trivy/issues/5567)) - [`a96ec35`](https://togithub.com/aquasecurity/trivy/commit/a96ec3557) feat: add aliases to '--scanners' ([#5558](https://togithub.com/aquasecurity/trivy/issues/5558)) - [`950e431`](https://togithub.com/aquasecurity/trivy/commit/950e431f0) refactor: reintroduce output writer ([#5564](https://togithub.com/aquasecurity/trivy/issues/5564)) - [`2310f0d`](https://togithub.com/aquasecurity/trivy/commit/2310f0dd6) chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 ([#5543](https://togithub.com/aquasecurity/trivy/issues/5543)) - [`04b93e9`](https://togithub.com/aquasecurity/trivy/commit/04b93e9fd) chore: not load plugins for auto-generating docs ([#5569](https://togithub.com/aquasecurity/trivy/issues/5569)) - [`cccaa15`](https://togithub.com/aquasecurity/trivy/commit/cccaa15cc) chore: sort supported AWS services ([#5570](https://togithub.com/aquasecurity/trivy/issues/5570)) - [`3891e3d`](https://togithub.com/aquasecurity/trivy/commit/3891e3d5d) fix: no schedule toleration ([#5562](https://togithub.com/aquasecurity/trivy/issues/5562)) - [`138feb0`](https://togithub.com/aquasecurity/trivy/commit/138feb024) fix(cli): set correct `scanners` for `k8s` target ([#5561](https://togithub.com/aquasecurity/trivy/issues/5561)) - [`cb241a8`](https://togithub.com/aquasecurity/trivy/commit/cb241a800) fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX ([#5533](https://togithub.com/aquasecurity/trivy/issues/5533)) - [`e7f6a5c`](https://togithub.com/aquasecurity/trivy/commit/e7f6a5c80) refactor(misconf): Update refactored dependencies ([#5245](https://togithub.com/aquasecurity/trivy/issues/5245)) - [`2f5afa5`](https://togithub.com/aquasecurity/trivy/commit/2f5afa5f2) feat(secret): add built-in rule for JWT tokens ([#5480](https://togithub.com/aquasecurity/trivy/issues/5480)) - [`91fc8da`](https://togithub.com/aquasecurity/trivy/commit/91fc8dac9) fix: trivy k8s parse ecr image with arn ([#5537](https://togithub.com/aquasecurity/trivy/issues/5537)) - [`05df244`](https://togithub.com/aquasecurity/trivy/commit/05df24477) fix: fail k8s resource scanning ([#5529](https://togithub.com/aquasecurity/trivy/issues/5529)) - [`a1b4744`](https://togithub.com/aquasecurity/trivy/commit/a1b47441a) refactor(misconf): don't remove Highlighted in json format ([#5531](https://togithub.com/aquasecurity/trivy/issues/5531)) - [`7712f8f`](https://togithub.com/aquasecurity/trivy/commit/7712f8f21) docs(k8s): fix link in kubernetes.md ([#5524](https://togithub.com/aquasecurity/trivy/issues/5524)) - [`043fbfc`](https://togithub.com/aquasecurity/trivy/commit/043fbfcd3) docs(k8s): fix whitespace in list syntax ([#5525](https://togithub.com/aquasecurity/trivy/issues/5525))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.