Skip to content

chore(deps): bump github.com/aquasecurity/trivy from 0.30.3 to 0.38.1 #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): bump github.com/aquasecurity/trivy from 0.30.3 to 0.38.1 #104

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 6, 2023

Bumps github.com/aquasecurity/trivy from 0.30.3 to 0.38.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.38.1

Changelog

  • 497c955a4 feat(misconf): Add support to show policy bundle version (#3743)
  • 5d54310d7 fix(python): fix error with optional dependencies in pyproject.toml (#3741)
  • 44cf1e2f5 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.212 (#3740)
  • 743b4b0d9 add id for package.json files (#3750)
  • 6de43855f chore(deps): bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#3738)
  • 9a0ceef16 chore(deps): bump actions/cache from 3.2.4 to 3.2.6 (#3725)
  • 0501b46d4 chore(deps): bump github.com/google/go-containerregistry (#3731)
  • ee3004d29 chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#3732)
  • 5c8e604f5 chore(deps): bump alpine from 3.17.1 to 3.17.2 (#3723)

v0.38.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#3719

Changelog

  • bc0836623 fix(cli): pass integer to exit-on-eol (#3716)
  • 23cdac02e feat: add kubernetes pss compliance (#3498)
  • 302c8ae24 feat: Adding --module-dir and --enable-modules (#3677)
  • 34120f420 feat: add special IDs for filtering secrets (#3702)
  • e399ed843 chore(deps): Update defsec (#3713)
  • ef7b762e4 docs(misconf): Add guide on input schema (#3692)
  • 00daebc16 feat(go): support dependency graph and show only direct dependencies in the tree (#3691)
  • 98d103155 feat: docker multi credential support (#3631)
  • b79136287 feat: summarize vulnerabilities in compliance reports (#3651)
  • 719fdb1b1 feat(python): parse pyproject.toml alongside poetry.lock (#3695)
  • 3ff5699b4 feat(python): add dependency tree for poetry lock file (#3665)
  • 33909d9df fix(cyclonedx): incompliant affect ref (#3679)
  • d85a3e087 chore(helm): update skip-db-update environment variable (#3657)
  • 551899c24 fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675)
  • 3aaa2cfb7 fix(sbom): export empty dependencies in CycloneDX (#3664)
  • 9d1300c3e docs: java-db air-gap doc tweaks (#3561)
  • 793cc43d4 feat(go): license support (#3683)
  • 6a3294e47 feat(ruby): add dependency tree/location support for Gemfile.lock (#3669)
  • e9dc21d88 fix(k8s): k8s label size (#3678)
  • 12976d42d fix(cyclondx): fix array empty value, null to [] (#3676)
  • 1dc2b349c refactor: rewrite gomod analyzer as post-analyzer (#3674)
  • 92eaf636c feat: config outdated-api result filtered by k8s version (#3578)
  • 9af436b99 fix: Update to Alpine 3.17.2 (#3655)
  • 88ee68d0c feat: add support for virtual files (#3654)
  • 75c96bd96 feat: add post-analyzers (#3640)
  • baea3997d chore(deps): updates wazero to 1.0.0-pre.9 (#3653)
  • 7ca0db17e chore(deps): bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#3528)
  • 866999e45 chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 (#3633)
  • b7bfb9a20 feat(python): add dependency locations for Pipfile.lock (#3614)
  • 9badef27a chore(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (#3648)
  • d856595b8 fix(java): fix groupID selection by ArtifactID for jar files. (#3644)
  • fe7c26a74 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.85.0 (#3607)

... (truncated)

Commits
  • 497c955 feat(misconf): Add support to show policy bundle version (#3743)
  • 5d54310 fix(python): fix error with optional dependencies in pyproject.toml (#3741)
  • 44cf1e2 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.212 (#3740)
  • 743b4b0 add id for package.json files (#3750)
  • 6de4385 chore(deps): bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#3738)
  • 9a0ceef chore(deps): bump actions/cache from 3.2.4 to 3.2.6 (#3725)
  • 0501b46 chore(deps): bump github.com/google/go-containerregistry (#3731)
  • ee3004d chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#3732)
  • 5c8e604 chore(deps): bump alpine from 3.17.1 to 3.17.2 (#3723)
  • bc08366 fix(cli): pass integer to exit-on-eol (#3716)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/aquasecurity/trivy from 0.30.3 to 0.38.1
2ae8c61 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.3 to 0.38.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.30.3...v0.38.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 6, 2023
@dependabot dependabot bot mentioned this pull request Mar 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant