chore: bump github.com/aquasecurity/trivy from 0.43.1 to 0.44.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.43.1 to 0.44.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.44.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#4903

Changelog

• d19c7d9f2 feat(repo): support local repositories (#4890)
• 3c1976187 bump go-dep-parser (#4893)
• e1c2a8c80 fix(misconf): add missing fields to proto (#4861)
• 8b8e0e83d fix: remove trivy-db package replacement (#4877)
• f9efe44fd chore(test): bump the integration test timeout to 15m (#4880)
• 7271d682f chore(deps): Update defsec to v0.91.0 (#4886)
• c3bc67c89 chore: update CODEOWNERS (#4871)
• 232ba823e feat(vuln): support vulnerability status (#4867)
• 11618c940 feat(misconf): Support custom URLs for policy bundle (#4834)
• 07075696d refactor: replace with sortable packages (#4858)
• fbe1c9eb1 docs: correct license scanning sample command (#4855)
• 20c2246a6 fix(report): close the file (#4842)
• 24a3e547d feat(nodejs): add support for include-dev-deps flag for yarn (#4812)
• a7bd7bb65 feat(misconf): Add support for independently enabling libraries (#4070)
• 4aa9ea096 feat(secret): add secret config file for cache calculation (#4837)
• 5d349d814 Fix a link in gitlab-ci.md (#4850)
• a61531c1f fix(flag): use globalstar to skip directories (#4854)
• 78cc20937 chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)
• 93996041b fix(license): using common way for splitting licenses (#4434)
• 3e2416d77 fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
• ce77bb46c remove govulndb (#4783)
• c05caae43 fix(java): inherit licenses from parents (#4817)
• aca11b95d refactor: add allowed values for CLI flags (#4800)
• 4cecd17ea add example regex to allow rules (#4827)
• 4bc8d29c1 feat(misconf): Support custom data for rego policies for cloud (#4745)
• 88243a0ad docs: correcting the trivy k8s tutorial (#4815)
• 3c7d988d7 feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
• fd0fd104f fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
• d0d543b88 feat(misconf): enable --policy flag to accept directory and files both (#4777)
• b43a3e623 feat(python): add license fields (#4722)
• aef7b148a fix: support trivy k8s-version on k8s sub-command (#4786)

Commits

• d19c7d9 feat(repo): support local repositories (#4890)
• 3c19761 bump go-dep-parser (#4893)
• e1c2a8c fix(misconf): add missing fields to proto (#4861)
• 8b8e0e8 fix: remove trivy-db package replacement (#4877)
• f9efe44 chore(test): bump the integration test timeout to 15m (#4880)
• 7271d68 chore(deps): Update defsec to v0.91.0 (#4886)
• c3bc67c chore: update CODEOWNERS (#4871)
• 232ba82 feat(vuln): support vulnerability status (#4867)
• 11618c9 feat(misconf): Support custom URLs for policy bundle (#4834)
• 0707569 refactor: replace with sortable packages (#4858)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (5659b81) 34.72% compared to head (46deccf) 34.72%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #231   +/-   ##
=======================================
  Coverage   34.72%   34.72%           
=======================================
  Files          12       12           
  Lines        1146     1146           
=======================================
  Hits          398      398           
  Misses        727      727           
  Partials       21       21           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.