chore(deps): update docker.io/aquasec/trivy docker tag to v0.49.0
This MR contains the following updates:
Package | Update | Change | OpenSSF |
---|---|---|---|
docker.io/aquasec/trivy (source) | minor |
0.48.3 -> 0.49.0
|
Release Notes
aquasecurity/trivy (docker.io/aquasec/trivy)
v0.49.0
⚡ Release highlights and summary⚡
Changelog
-
729a051
fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) -
884745b
chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029) -
59e5433
fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) -
5924c02
feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) -
4df9363
docs: add note about Bun (#6001) -
70dd572
fix(report): useAWS_REGION
env for secrets inasff
template (#6011) -
13f797f
fix: check returned error before deferring f.Close() (#6007) -
adfde63
feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) -
e2eb70e
feat(vuln): enable--vex
for all targets (#5992) -
f9da021
docs: update link to data sources (#6000) -
b4b90cf
feat(java): add support for line numbers for pom.xml files (#5991) -
fb36c4e
refactor(sbom): use newmetadata.tools
struct for CycloneDX (#5981) -
f6be42b
docs: Update troubleshooting guide with image not found error (#5983) -
bb6caea
style: update band logos (#5968) -
189a46a
chore(deps): Update misconfig deps (#5956) -
91a2547
docs: update cosign tutorial and commands, update kyverno policy (#5929) -
a96f66f
docs: update command to scan go binary (#5969) -
2212d14
fix: handle non-parsable images names (#5965) -
7cad04b
chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693) -
fbc1a83
fix(amazon): save system files for pkgs containingamzn
in src (#5951) -
260aa28
fix(alpine): Add EOL support for alpine 3.19. (#5938) -
2c9d7c6
feat: allow end-users to adjust K8S client QPS and burst (#5910) -
ffe2ca7
chore(deps): bump go-ebs-file (#5934) -
f90d4ee
fix(nodejs): find licenses for packages with slash (#5836) -
c75143f
fix(sbom): usegroup
field for pom.xml and nodejs files for CycloneDX reports (#5922) -
a3fac90
fix: ignore no init containers (#5939) -
b1b4734
docs: Fix documentation of ecosystem (#5940) -
a2b6549
docs(misconf): multiple ignores in comment (#5926) -
ae134a9
fix(secret): find aws secrets ending with a comma or dot (#5921) -
c8c55fe
chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885) -
4d2e785
docs:✨ Updated ecosystem docs with reference to new community app (#5918) -
7895657
fix(java): don't remove excluded deps from upper pom's (#5838) -
37e7e3e
fix(java): check if a version exists when determining GAV by file name forjar
files (#5630) -
d0c81e2
feat(vex): add PURL matching for CSAF VEX (#5890) -
958e1f1
fix(secret):AWS Secret Access Key
must include only secrets withaws
text. (#5901) -
56c4e24
revert(report): don't escape new line characters for sarif format (#5897) -
92d9b3d
docs: improve filter by rego (#5402) -
a626cdf
chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892) -
47b6c28
docs: add_scan2html_to_trivy_ecosystem (#5875) -
0ebb6c4
fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) -
c47ed0d
feat(vex): Add support for CSAF format (#5535) -
2cdd65d
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880) -
cba67d1
chore(deps): bump actions/setup-go from 4 to 5 (#5845) -
d990e70
chore(deps): bump actions/stale from 8 to 9 (#5846) -
c72dfbf
chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853) -
1218984
chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847) -
682210a
chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854) -
e1a60cc
chore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849) -
b508414
chore(deps): bump actions/setup-python from 4 to 5 (#5848) -
df3e90a
feat(python): parse licenses from dist-info folder (#4724) -
fa2e883
chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852) -
30eff9c
feat(nodejs): add yarn alias support (#5818) -
013df4c
chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850) -
b1489f3
chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856) -
7f2e422
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855) -
da597c4
refactor: propagate time through context values (#5858) -
1607eee
refactor: move PkgRef under PkgIdentifier (#5831) -
b3d516e
fix(cyclonedx): fix unmarshal for licenses (#5828) -
c17b660
chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830) -
1f0d629
feat(vuln): include pkg identifier on detected vulnerabilities (#5439)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.