chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.49.1 to 0.50.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.50.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#6340

Changelog

• 8ec3938e0 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
• f6c5d5800 feat(java): add support licenses and graph for gradle lock files (#6140)
• c4022d61b feat(vex): consider root component for relationships (#6313)
• 317792433 fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
• dd9620ef3 chore: updates wazero to v1.7.0 (#6301)
• eb3ceb323 feat(sbom): Support license detection for SBOM scan (#6072)
• ab74caa87 refactor(sbom): use intermediate representation for SPDX (#6310)
• 71da44f7e docs(terraform): improve documentation for filtering by inline comments (#6284)
• 102b6df73 fix(terraform): fix policy document retrieval (#6276)
• aa19aaf4e refactor(terraform): remove unused custom error (#6303)
• 8fcef352b refactor(sbom): add intermediate representation for BOM (#6240)
• fb8c516de fix(amazon): check only major version of AL to find advisories (#6295)
• 96bd7ac59 fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#6219)
• 12c5bf080 fix(nodejs): add name validation for package name from package.json (#6268)
• d6c40ce05 docs: Added install instructions for FreeBSD (#6293)
• 9d2057a7c feat(image): customer podman host or socket option (#6256)
• 2a9d9bd21 chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290)
• 617c3e31b feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#6213)
• 56cedc0d6 fix(license): reorder logic of how python package licenses are acquired (#6220)
• d7d7265eb test(terraform): skip cached modules (#6281)
• 663991166 feat(secret): Support for detecting Hugging Face Access Tokens (#6236)
• 337cb7535 fix(cloudformation): support of all SSE algorithms for s3 (#6270)
• 9361cdb7e feat(terraform): Terraform Plan snapshot scanning support (#6176)
• ee01e6e2f chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249)
• 3d2f583ec fix: typo function name and comment optimization (#6200)
• c4b5ab788 fix(java): don't ignore runtime scope for pom.xml files (#6223)
• 355c1b583 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242)
• 7244ece53 chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6243)
• 5cd056684 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#6251)
• ebb74a5de chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#6253)
• 24a8d6aaa chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#6250)
• 9d0d7ad88 chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#6247)
• e8230e19d chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#6246)
• 04535b554 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215)
• 939e34e37 chore(deps): Upgrade iac deps (#6255)
• 7cb6c02a4 feat: add info log message about dev deps suppression (#6211)
• c1d26ec33 test(k8s): use test-db for k8s integration tests (#6222)
• 4f70468bd ci: add maximize-build-space for Test job (#6221)
• 1dfece89d fix(terraform): fix root module search (#6160)
• e1ea02c7b test(parser): squash test data for yarn (#6203)
• 64926d842 fix(terraform): do not re-expand dynamic blocks (#6151)
• eb54bb5da docs: update ecosystem page reporting with db app (#6201)
• dc76c6e4f fix: k8s summary separate infra and user finding results (#6120)
• 1b7e47424 fix: add context to target finding on k8s table view (#6099)

... (truncated)

Commits

• 8ec3938 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
• f6c5d58 feat(java): add support licenses and graph for gradle lock files (#6140)
• c4022d6 feat(vex): consider root component for relationships (#6313)
• 3177924 fix: increase the default buffer size for scanning dpkg status files by 2 tim...
• dd9620e chore: updates wazero to v1.7.0 (#6301)
• eb3ceb3 feat(sbom): Support license detection for SBOM scan (#6072)
• ab74caa refactor(sbom): use intermediate representation for SPDX (#6310)
• 71da44f docs(terraform): improve documentation for filtering by inline comments (#6284)
• 102b6df fix(terraform): fix policy document retrieval (#6276)
• aa19aaf refactor(terraform): remove unused custom error (#6303)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[MaineK00n]

run $ make diff

• before

for jsonfile in ''/home/mainek00n/github.com/vuls/integration/results'/2024-03-27T05-14-45+0900'/*.json ;  do echo $jsonfile; cat $jsonfile | jq ".scannedCves | length" ; done
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/bundler.json
107
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/cargo.json
42
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/composer.json
25
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/conan.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/dart.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/dotnet-deps.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/dotnet-package-props.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/elixir.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/gobinary.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/gomod.json
26
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/gosum.json
0
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/gradle.json
67
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/jar-wrong-name-log4j-core.json
5
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/jar.json
5
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/npm.json
45
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/nuget-config.json
8
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/nuget-lock.json
8
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/pip.json
4
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/pipenv.json
23
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/pnpm.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/poetry.json
20
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/pom.json
4
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/rust-binary.json
4
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/swift-cocoapods.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/swift-swift.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/war.json
32
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-45+0900/yarn.json
78

• after

for jsonfile in ''/home/mainek00n/github.com/vuls/integration/results'/2024-03-27T05-14-46+0900'/*.json ;  do echo $jsonfile; cat $jsonfile | jq ".scannedCves | length" ; done
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/bundler.json
107
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/cargo.json
42
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/composer.json
25
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/conan.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/dart.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/dotnet-deps.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/dotnet-package-props.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/elixir.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/gobinary.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/gomod.json
26
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/gosum.json
0
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/gradle.json
67
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/jar-wrong-name-log4j-core.json
5
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/jar.json
5
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/npm.json
45
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/nuget-config.json
8
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/nuget-lock.json
8
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/pip.json
4
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/pipenv.json
23
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/pnpm.json
3
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/poetry.json
20
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/pom.json
4
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/rust-binary.json
4
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/swift-cocoapods.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/swift-swift.json
1
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/war.json
32
/home/mainek00n/github.com/vuls/integration/results/2024-03-27T05-14-46+0900/yarn.json
78

[shino]

It seems go-dep-parser is now included in Trivy code base.
Can we remove it from go.mod?

[MaineK00n]

It seems go-dep-parser is now included in Trivy code base. Can we remove it from go.mod?

I changed it like this.
https://github.com/future-architect/vuls/compare/2279288d9d7aa46e76d772e73bf25ec06ca38874..50ec366f2cb1c528b7f9275272520b4d2ef3b36a

[shino]

Fabulous!!