chore: bump github.com/aquasecurity/trivy from 0.37.3 to 0.38.1 #57

dependabot · 2023-03-06T13:10:31Z

Bumps github.com/aquasecurity/trivy from 0.37.3 to 0.38.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.38.1

Changelog

497c955a4 feat(misconf): Add support to show policy bundle version (#3743)

5d54310d7 fix(python): fix error with optional dependencies in pyproject.toml (#3741)

44cf1e2f5 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.212 (#3740)

743b4b0d9 add id for package.json files (#3750)

6de43855f chore(deps): bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#3738)

9a0ceef16 chore(deps): bump actions/cache from 3.2.4 to 3.2.6 (#3725)

0501b46d4 chore(deps): bump github.com/google/go-containerregistry (#3731)

ee3004d29 chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#3732)

5c8e604f5 chore(deps): bump alpine from 3.17.1 to 3.17.2 (#3723)

v0.38.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#3719

Changelog

bc0836623 fix(cli): pass integer to exit-on-eol (#3716)

23cdac02e feat: add kubernetes pss compliance (#3498)

302c8ae24 feat: Adding --module-dir and --enable-modules (#3677)

34120f420 feat: add special IDs for filtering secrets (#3702)

e399ed843 chore(deps): Update defsec (#3713)

ef7b762e4 docs(misconf): Add guide on input schema (#3692)

00daebc16 feat(go): support dependency graph and show only direct dependencies in the tree (#3691)

98d103155 feat: docker multi credential support (#3631)

b79136287 feat: summarize vulnerabilities in compliance reports (#3651)

719fdb1b1 feat(python): parse pyproject.toml alongside poetry.lock (#3695)

3ff5699b4 feat(python): add dependency tree for poetry lock file (#3665)

33909d9df fix(cyclonedx): incompliant affect ref (#3679)

d85a3e087 chore(helm): update skip-db-update environment variable (#3657)

551899c24 fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675)

3aaa2cfb7 fix(sbom): export empty dependencies in CycloneDX (#3664)

9d1300c3e docs: java-db air-gap doc tweaks (#3561)

793cc43d4 feat(go): license support (#3683)

6a3294e47 feat(ruby): add dependency tree/location support for Gemfile.lock (#3669)

e9dc21d88 fix(k8s): k8s label size (#3678)

12976d42d fix(cyclondx): fix array empty value, null to [] (#3676)

1dc2b349c refactor: rewrite gomod analyzer as post-analyzer (#3674)

92eaf636c feat: config outdated-api result filtered by k8s version (#3578)

9af436b99 fix: Update to Alpine 3.17.2 (#3655)

88ee68d0c feat: add support for virtual files (#3654)

75c96bd96 feat: add post-analyzers (#3640)

baea3997d chore(deps): updates wazero to 1.0.0-pre.9 (#3653)

7ca0db17e chore(deps): bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#3528)

866999e45 chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 (#3633)

b7bfb9a20 feat(python): add dependency locations for Pipfile.lock (#3614)

9badef27a chore(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (#3648)

d856595b8 fix(java): fix groupID selection by ArtifactID for jar files. (#3644)

fe7c26a74 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.85.0 (#3607)

... (truncated)

Commits

497c955 feat(misconf): Add support to show policy bundle version (#3743)
5d54310 fix(python): fix error with optional dependencies in pyproject.toml (#3741)
44cf1e2 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.212 (#3740)
743b4b0 add id for package.json files (#3750)
6de4385 chore(deps): bump github.com/containerd/containerd from 1.6.18 to 1.6.19 (#3738)
9a0ceef chore(deps): bump actions/cache from 3.2.4 to 3.2.6 (#3725)
0501b46 chore(deps): bump github.com/google/go-containerregistry (#3731)
ee3004d chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#3732)
5c8e604 chore(deps): bump alpine from 3.17.1 to 3.17.2 (#3723)
bc08366 fix(cli): pass integer to exit-on-eol (#3716)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.37.3 to 0.38.1. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](aquasecurity/trivy@v0.37.3...v0.38.1) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

codecov-commenter · 2023-03-06T13:15:49Z

Codecov Report

Patch and project coverage have no change.

Comparison is base (3b4a6ac) 34.45% compared to head (81f1912) 34.45%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #57   +/-   ##
=======================================
  Coverage   34.45%   34.45%           
=======================================
  Files          12       12           
  Lines        1126     1126           
=======================================
  Hits          388      388           
  Misses        717      717           
  Partials       21       21

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

…ect-copacetic#57) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot requested review from CodeMonkeyLeet, jeremyrickard, salaxander and sozercan as code owners March 6, 2023 13:10

dependabot bot added dependencies Pull requests that update a dependency file go labels Mar 6, 2023

sozercan approved these changes Mar 6, 2023

View reviewed changes

sozercan merged commit de97d1d into main Mar 6, 2023

dependabot bot deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.38.1 branch March 6, 2023 21:25

ashnamehrotra pushed a commit to ashnamehrotra/copacetic that referenced this pull request Aug 25, 2023

chore: bump github.com/aquasecurity/trivy from 0.37.3 to 0.38.1 (proj…

dbaf318

…ect-copacetic#57) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump github.com/aquasecurity/trivy from 0.37.3 to 0.38.1 #57

chore: bump github.com/aquasecurity/trivy from 0.37.3 to 0.38.1 #57

dependabot bot commented on behalf of github Mar 6, 2023

codecov-commenter commented Mar 6, 2023

chore: bump github.com/aquasecurity/trivy from 0.37.3 to 0.38.1 #57

chore: bump github.com/aquasecurity/trivy from 0.37.3 to 0.38.1 #57

Conversation

dependabot bot commented on behalf of github Mar 6, 2023

v0.38.1

Changelog

v0.38.0

⚡Release highlights and summary⚡

Changelog

codecov-commenter commented Mar 6, 2023

Codecov Report