chore: bump github.com/aquasecurity/trivy from 0.38.3 to 0.39.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.38.3 to 0.39.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.39.0

Changelog

• ed590966a docs(cli): added makefile and go file to create docs (#3930)
• a2f39a34c chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
• 5a1063102 chore: ignore gpg key (#3943)
• 4072115e5 feat(cyclonedx): support dependency graph (#3177)
• 7cad265b7 chore(deps): Bump defsec to v0.85.0 (#3940)
• f8b573311 feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
• 10796a291 feat(server): redis with public TLS certs support (#3783)
• abff1398c feat(flag): Add glob support to --skip-dirs and --skip-files (#3866)
• b40f60c40 chore: replace make with mage (#3932)
• 67236f6aa fix(sbom): add checksum to files (#3888)
• 00de24b16 chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3928)
• 5976d1fa0 chore: remove unused mount volumes (#3927)
• f14bed453 feat: add auth support for downloading OCI artifacts (#3915)
• 1ee05189f refactor(purl): use epoch in qualifier (#3913)
• 0000252ce chore(deps): bump github.com/in-toto/in-toto-golang from 0.5.0 to 0.7.0 (#3727)
• ca0d972cd feat(image): add registry options (#3906)
• 033655577 feat(rust): dependency tree and line numbers support for cargo lock file (#3746)
• dd9cd9528 chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3905)
• edb06826b feat(php): add support for location, licenses and graph for composer.lock files (#3873)
• c02b15b37 chore(deps): updates wazero to 1.0.0 (#3904)
• 63ef760c6 feat(image): discover SBOM in OCI referrers (#3768)
• 3fa703c03 docs: change cache-dir key in config file (#3897)
• 4d78747c4 fix(sbom): use release and epoch for SPDX package version (#3896)
• 67572dff6 ci: add gpg signing for RPM packages (#3612)
• e76d5ff98 docs: Update incorrect comment for skip-update flag (#3878)
• 011ea60db refactor(misconf): simplify policy filesystem (#3875)
• 6445309de feat(nodejs): parse package.json alongside yarn.lock (#3757)
• 6e9c2c36d fix(spdx): add PkgDownloadLocation field (#3879)
• 18eeea2f6 fix(report): try to guess direct deps for dependency tree (#3852)
• 02b691421 chore(amazon): update EOL (#3876)
• 79096e116 fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877)
• fc2e80cfe feat(amazon): add al2023 support (#3854)
• 5f8d69d72 chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (#3736)
• 7916aafff docs(misconf): Add information about selectors (#3703)
• 1b1ed39c7 docs(cli): update CLI docs with cobra (#3815)
• 234a360a7 feat: k8s parallel processing (#3693)
• b864b3b92 docs: add DefectDojo in the Security Management section (#3871)
• ad34c989d chore(deps): updates wazero to 1.0.0-rc.2 (#3853)
• 7148de325 refactor: add pipeline (#3868)
• 927acf957 feat(cli): add javadb metadata to version info (#3835)
• 33074cfab chore(deps): Move compliance types to defsec (#3842)
• ba9b0410c feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849)
• a754a04e2 feat: add node toleration option (#3823)
• 9e4b57fb4 fix: allow mapfs to open dirs (#3867)
• 09fd299f9 fix(report): update uri only for os class targets (#3846)
• 09e13022c feat(nodejs): Add v3 npm lock file support (#3826)
• 52cbfebcd feat(nodejs): parse package.json files alongside package-lock.json (#2916)
• d6a2d6369 docs(misconf): Fix links to built in policies (#3841)

Commits

• ed59096 docs(cli): added makefile and go file to create docs (#3930)
• a2f39a3 chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)
• 5a10631 chore: ignore gpg key (#3943)
• 4072115 feat(cyclonedx): support dependency graph (#3177)
• 7cad265 chore(deps): Bump defsec to v0.85.0 (#3940)
• f8b5733 feat(rust): remove dev deps and find direct deps for Cargo.lock (#3919)
• 10796a2 feat(server): redis with public TLS certs support (#3783)
• abff139 feat(flag): Add glob support to --skip-dirs and --skip-files (#3866)
• b40f60c chore: replace make with mage (#3932)
• 67236f6 fix(sbom): add checksum to files (#3888)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Patch and project coverage have no change.

Comparison is base (56e2c9b) 35.17% compared to head (031473e) 35.17%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #93   +/-   ##
=======================================
  Coverage   35.17%   35.17%           
=======================================
  Files          12       12           
  Lines        1143     1143           
=======================================
  Hits          402      402           
  Misses        720      720           
  Partials       21       21           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.