Skip to content
Snippets Groups Projects

chore(deps): update docker.io/aquasec/trivy docker tag to v0.49.0

Merged chore(deps): update docker.io/aquasec/trivy docker tag to v0.49.0
renovate/docker.io-aquasec-trivy-0.x into main
Merged Botaniker (Bot) requested to merge renovate/docker.io-aquasec-trivy-0.x into main

This MR contains the following updates:

Package Update Change OpenSSF
docker.io/aquasec/trivy (source) minor 0.48.3 -> 0.49.0 OpenSSF Scorecard

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.49.0

Compare Source

Release highlights and summary

👉 https://github.com/aquasecurity/trivy/discussions/6033

Changelog

  • 729a051 fix(java): recursive check all nested depManagements with import scope for pom.xml files (#​5982)
  • 884745b chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#​6029)
  • 59e5433 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#​5843)
  • 5924c02 feat(rust): Support workspace.members parsing for Cargo.toml analysis (#​5285)
  • 4df9363 docs: add note about Bun (#​6001)
  • 70dd572 fix(report): use AWS_REGION env for secrets in asff template (#​6011)
  • 13f797f fix: check returned error before deferring f.Close() (#​6007)
  • adfde63 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#​5990)
  • e2eb70e feat(vuln): enable --vex for all targets (#​5992)
  • f9da021 docs: update link to data sources (#​6000)
  • b4b90cf feat(java): add support for line numbers for pom.xml files (#​5991)
  • fb36c4e refactor(sbom): use new metadata.tools struct for CycloneDX (#​5981)
  • f6be42b docs: Update troubleshooting guide with image not found error (#​5983)
  • bb6caea style: update band logos (#​5968)
  • 189a46a chore(deps): Update misconfig deps (#​5956)
  • 91a2547 docs: update cosign tutorial and commands, update kyverno policy (#​5929)
  • a96f66f docs: update command to scan go binary (#​5969)
  • 2212d14 fix: handle non-parsable images names (#​5965)
  • 7cad04b chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#​5693)
  • fbc1a83 fix(amazon): save system files for pkgs containing amzn in src (#​5951)
  • 260aa28 fix(alpine): Add EOL support for alpine 3.19. (#​5938)
  • 2c9d7c6 feat: allow end-users to adjust K8S client QPS and burst (#​5910)
  • ffe2ca7 chore(deps): bump go-ebs-file (#​5934)
  • f90d4ee fix(nodejs): find licenses for packages with slash (#​5836)
  • c75143f fix(sbom): use group field for pom.xml and nodejs files for CycloneDX reports (#​5922)
  • a3fac90 fix: ignore no init containers (#​5939)
  • b1b4734 docs: Fix documentation of ecosystem (#​5940)
  • a2b6549 docs(misconf): multiple ignores in comment (#​5926)
  • ae134a9 fix(secret): find aws secrets ending with a comma or dot (#​5921)
  • c8c55fe chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#​5885)
  • 4d2e785 docs: Updated ecosystem docs with reference to new community app (#​5918)
  • 7895657 fix(java): don't remove excluded deps from upper pom's (#​5838)
  • 37e7e3e fix(java): check if a version exists when determining GAV by file name for jar files (#​5630)
  • d0c81e2 feat(vex): add PURL matching for CSAF VEX (#​5890)
  • 958e1f1 fix(secret): AWS Secret Access Key must include only secrets with aws text. (#​5901)
  • 56c4e24 revert(report): don't escape new line characters for sarif format (#​5897)
  • 92d9b3d docs: improve filter by rego (#​5402)
  • a626cdf chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#​5892)
  • 47b6c28 docs: add_scan2html_to_trivy_ecosystem (#​5875)
  • 0ebb6c4 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#​5888)
  • c47ed0d feat(vex): Add support for CSAF format (#​5535)
  • 2cdd65d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#​5880)
  • cba67d1 chore(deps): bump actions/setup-go from 4 to 5 (#​5845)
  • d990e70 chore(deps): bump actions/stale from 8 to 9 (#​5846)
  • c72dfbf chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#​5853)
  • 1218984 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#​5847)
  • 682210a chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#​5854)
  • e1a60cc chore(deps): bump alpine from 3.18.5 to 3.19.0 (#​5849)
  • b508414 chore(deps): bump actions/setup-python from 4 to 5 (#​5848)
  • df3e90a feat(python): parse licenses from dist-info folder (#​4724)
  • fa2e883 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#​5852)
  • 30eff9c feat(nodejs): add yarn alias support (#​5818)
  • 013df4c chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#​5850)
  • b1489f3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#​5856)
  • 7f2e422 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#​5855)
  • da597c4 refactor: propagate time through context values (#​5858)
  • 1607eee refactor: move PkgRef under PkgIdentifier (#​5831)
  • b3d516e fix(cyclonedx): fix unmarshal for licenses (#​5828)
  • c17b660 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#​5830)
  • 1f0d629 feat(vuln): include pkg identifier on detected vulnerabilities (#​5439)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
Please register or sign in to reply