🌱 Update Builder Image group

[syself-bot]

This PR contains the following updates:

Package	Type	Update	Change
adrienverge/yamllint		minor	v1.33.0 -> v1.35.1
docker.io/aquasec/trivy (source)	stage	minor	0.48.0 -> 0.49.1
docker.io/library/alpine	stage	patch	3.19.0 -> 3.19.1
docker.io/library/golang	final	digest	5ebf282 -> 810dd33
golangci/golangci-lint		minor	v1.55.2 -> v1.56.2
lycheeverse/lychee		minor	v0.13.0 -> v0.14.3

---

Release Notes

adrienverge/yamllint (adrienverge/yamllint)

v1.35.1

Compare Source

v1.35.0

Compare Source

v1.34.0

Compare Source

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.49.1

Compare Source

Changelog

• 6ccc0a5 fix: check unescaped BomRef when matching PkgIdentifier (#​6025)
• 458c5d9 docs: Fix broken link to "pronunciation" (#​6057)
• 5c0ff6d chore(deps): bump actions/upload-artifact from 3 to 4 (#​6047)
• e2bd7f7 chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#​6042)
• f95fbcb chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#​6043)
• 7651bf5 ci: reduce root-reserve-mb size for maximize-build-space (#​6064)
• fc20dfd chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#​6041)
• 3bd80e7 chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#​6039)
• 2900a21 fix: fix cursor usage in Redis Clear function (#​6056)
• 85cb9a7 chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#​6037)
• 4e962c0 fix(nodejs): add local packages support for pnpm-lock.yaml files (#​6034)
• aa48a7b chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#​6046)
• 8aabbea chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#​6044)
• ec02a65 chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#​6048)
• 27d35ba test: fix flaky TestDockerEngine (#​6054)
• c3a66da chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#​6040)
• 2000fe2 chore(deps): bump easimon/maximize-build-space from 9 to 10 (#​6049)
• 2be6421 chore(deps): bump alpine from 3.19.0 to 3.19.1 (#​6051)
• 41c0ef6 chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#​6028)

v0.49.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6033

Changelog

• 729a051 fix(java): recursive check all nested depManagements with import scope for pom.xml files (#​5982)
• 884745b chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#​6029)
• 59e5433 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#​5843)
• 5924c02 feat(rust): Support workspace.members parsing for Cargo.toml analysis (#​5285)
• 4df9363 docs: add note about Bun (#​6001)
• 70dd572 fix(report): use AWS_REGION env for secrets in asff template (#​6011)
• 13f797f fix: check returned error before deferring f.Close() (#​6007)
• adfde63 feat(misconf): add support of buildkit instructions when building dockerfile from image config (#​5990)
• e2eb70e feat(vuln): enable --vex for all targets (#​5992)
• f9da021 docs: update link to data sources (#​6000)
• b4b90cf feat(java): add support for line numbers for pom.xml files (#​5991)
• fb36c4e refactor(sbom): use new metadata.tools struct for CycloneDX (#​5981)
• f6be42b docs: Update troubleshooting guide with image not found error (#​5983)
• bb6caea style: update band logos (#​5968)
• 189a46a chore(deps): Update misconfig deps (#​5956)
• 91a2547 docs: update cosign tutorial and commands, update kyverno policy (#​5929)
• a96f66f docs: update command to scan go binary (#​5969)
• 2212d14 fix: handle non-parsable images names (#​5965)
• 7cad04b chore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#​5693)
• fbc1a83 fix(amazon): save system files for pkgs containing amzn in src (#​5951)
• 260aa28 fix(alpine): Add EOL support for alpine 3.19. (#​5938)
• 2c9d7c6 feat: allow end-users to adjust K8S client QPS and burst (#​5910)
• ffe2ca7 chore(deps): bump go-ebs-file (#​5934)
• f90d4ee fix(nodejs): find licenses for packages with slash (#​5836)
• c75143f fix(sbom): use group field for pom.xml and nodejs files for CycloneDX reports (#​5922)
• a3fac90 fix: ignore no init containers (#​5939)
• b1b4734 docs: Fix documentation of ecosystem (#​5940)
• a2b6549 docs(misconf): multiple ignores in comment (#​5926)
• ae134a9 fix(secret): find aws secrets ending with a comma or dot (#​5921)
• c8c55fe chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#​5885)
• 4d2e785 docs: ✨ Updated ecosystem docs with reference to new community app (#​5918)
• 7895657 fix(java): don't remove excluded deps from upper pom's (#​5838)
• 37e7e3e fix(java): check if a version exists when determining GAV by file name for jar files (#​5630)
• d0c81e2 feat(vex): add PURL matching for CSAF VEX (#​5890)
• 958e1f1 fix(secret): AWS Secret Access Key must include only secrets with aws text. (#​5901)
• 56c4e24 revert(report): don't escape new line characters for sarif format (#​5897)
• 92d9b3d docs: improve filter by rego (#​5402)
• a626cdf chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#​5892)
• 47b6c28 docs: add_scan2html_to_trivy_ecosystem (#​5875)
• 0ebb6c4 fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#​5888)
• c47ed0d feat(vex): Add support for CSAF format (#​5535)
• 2cdd65d chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#​5880)
• cba67d1 chore(deps): bump actions/setup-go from 4 to 5 (#​5845)
• d990e70 chore(deps): bump actions/stale from 8 to 9 (#​5846)
• c72dfbf chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#​5853)
• 1218984 chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#​5847)
• 682210a chore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#​5854)
• e1a60cc chore(deps): bump alpine from 3.18.5 to 3.19.0 (#​5849)
• b508414 chore(deps): bump actions/setup-python from 4 to 5 (#​5848)
• df3e90a feat(python): parse licenses from dist-info folder (#​4724)
• fa2e883 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#​5852)
• 30eff9c feat(nodejs): add yarn alias support (#​5818)
• 013df4c chore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#​5850)
• b1489f3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#​5856)
• 7f2e422 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#​5855)
• da597c4 refactor: propagate time through context values (#​5858)
• 1607eee refactor: move PkgRef under PkgIdentifier (#​5831)
• b3d516e fix(cyclonedx): fix unmarshal for licenses (#​5828)
• c17b660 chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#​5830)
• 1f0d629 feat(vuln): include pkg identifier on detected vulnerabilities (#​5439)

v0.48.3

Compare Source

Changelog

• eac7513 chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#​5892)
• d866b71 chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#​5855)
• 34ba96e chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#​5830)

v0.48.2

Compare Source

Changelog

• 4cdff0e chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 (#​5822)
• be969d4 chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 (#​5809)
• 81748f5 chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 (#​5805)

v0.48.1

Compare Source

Changelog

• ba825b2 chore(deps): bump trivy-iac to v0.7.1 (#​5797)
• abf227e fix(bitnami): use a different comparer for detecting vulnerabilities (#​5633)
• df49ea4 refactor(sbom): disable html escaping for CycloneDX (#​5764)
• f25e2df refactor(purl): use pub from package-url (#​5784)
• b5e3b77 docs(python): add note to using pip freeze for compatible releases (#​5760)
• 6cc00c2 fix(report): use OS information for OS packages purl in github template (#​5783)
• c317fe8 fix(report): fix error if miconfigs are empty (#​5782)
• 9b4bced refactor(vuln): don't remove VendorSeverity in JSON report (#​5761)
• be5a550 fix(report): don't mark misconfig passed tests as failed in junit.tpl (#​5767)
• 01edbda docs(k8s): replace --scanners config with --scanners misconfig in docs (#​5746)
• eb97419 fix(report): update Gitlab template (#​5721)
• be1c554 feat(secret): add support of GitHub fine-grained tokens (#​5740)
• a5342da fix(misconf): add an image misconf to result (#​5731)
• 108a5b0 feat(secret): added support of Docker registry credentials (#​5720)
• 6080e24 chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#​5717)
• e27ec32 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#​5701)

golangci/golangci-lint (golangci/golangci-lint)

v1.56.2

Compare Source

1. updated linters
   • go-critic: from 0.11.0 to 0.11.1
   • gosec: from 2.18.2 to 2.19.0
   • testifylint: from 1.1.1 to 1.1.2
   • usestdlibvars: from 1.24.0 to 1.25.0
   • wsl: from 4.2.0 to 4.2.1
2. misc.
   • Fix missing version in Docker image
3. Documentation
   • Explain the limitation of new-from-rev and new-from-patch

v1.56.1

Compare Source

1. updated linters
   • errcheck: from 1.6.3 to 1.7.0
   • govet: disable loopclosure with go1.22
   • revive: from 1.3.6 to 1.3.7
   • testifylint: from 1.1.0 to 1.1.1

v1.56.0

Compare Source

1. new linters
   • feat: add spancheck linter https://github.com/jjti/go-spancheck
2. updated linters
   • depguard: from 2.1.0 to 2.2.0
   • exhaustive: from 0.11.0 to 0.12.0
   • exhaustruct: from 3.1.0 to 3.2.0
   • gci: from 0.11.2 to 0.12.1
   • ginkgolinter: from 0.14.1 to 0.15.2
   • go-check-sumtype: from 0.1.3 to 0.1.4
   • go-critic: from 0.9.0 to 0.11.0
   • go-errorlint: from 1.4.5 to 1.4.8
   • go-spancheck: from 0.4.2 to 0.5.2
   • goconst: from 1.6.0 to 1.7.0
   • godot: from 1.4.15 to 1.4.16
   • gofumpt: from 0.5.0 to 0.6.0
   • inamedparam: from 0.1.2 to 0.1.3
   • ineffassign: from 0.0.0-20230610083614-0e73809eb601 to 0.1.0
   • ireturn: from 0.2.2 to 0.3.0
   • misspell: add mode option
   • musttag: from v0.7.2 to v0.8.0
   • paralleltest: from 1.0.8 to 1.0.9
   • perfsprint: from 0.2.0 to 0.6.0
   • protogetter: from 0.2.3 to 0.3.4
   • revive: from 1.3.4 to 1.3.6
   • sloglint: add static-msg option
   • sloglint: from 0.1.2 to 0.4.0
   • testifylint: from 0.2.3 to 1.1.0
   • unparam: from 2022122-7455f1af531d to 2024010-c549a3470d14
   • whitespace: update after moving to the analysis package
   • wsl: from 3.4.0 to 4.2.0
   • zerologlint: from 0.1.3 to 0.1.5
3. misc.
   • 🎉 go1.22 support
   • Implement stats per linter with a flag
   • fix: make versioning inside Docker image consistent with binaries
   • fix: parse Go RC version
4. Documentation
   • Add missing fields to .golangci.reference.yml
   • Fix noctx description
   • Improve .golangci.reference.yml defaults
   • Improve typecheck FAQ
   • Note that exhaustruct struct regular expressions are expected to match the entire package/name/structname
   • Adjust wrapcheck ignoreSigs to new defaults

Important

testifylint has breaking changes about enabling/disabling checks:

• If you were using the option enable with a filtered list of checks, you should either add disable-all: true (1) or use disable field (2).

Example (1)

  testifylint:
    disable-all: true
    enable:
      - bool-compare
      - compares
      - empty
      - error-is-as
      - error-nil
      - expected-actual
      - go-require
      - float-compare
      - len
      - nil-compare
      - require-error

- suite-dont-use-pkg

      - suite-extra-assert-call
      - suite-thelper
```

```yml

Example (2)

  testifylint:
    disable:
      - suite-dont-use-pkg
```

lycheeverse/lychee (lycheeverse/lychee)

v0.14.3: Version 0.14.3

Compare Source

What's Changed

Miscellaneous and Others 🔔

• fix(tests): update the expected output in cli tests by @​orhun in https://github.com/lycheeverse/lychee/pull/1362
• status.rs: Make json output more verbose by @​Asiderr in https://github.com/lycheeverse/lychee/pull/1367
• Set URI to HTTPS for ErrorKind::InsecureURL by @​Elkiwa in https://github.com/lycheeverse/lychee/pull/1369
• Fixed fragment generation for headings with inline code by @​HU90m in https://github.com/lycheeverse/lychee/pull/1370
• Move to workspace versioning by @​mre in https://github.com/lycheeverse/lychee/pull/1372

New Contributors

• @​Asiderr made their first contribution in https://github.com/lycheeverse/lychee/pull/1367
• @​Elkiwa made their first contribution in https://github.com/lycheeverse/lychee/pull/1369

Full Changelog: lycheeverse/lychee@v0.14.2...v0.14.3

v0.14.2: Version 0.14.2

Compare Source

Overview

Minor bug fixes and improvements.

What's Changed

Miscellaneous and Others 🔔

• chore: Move back to creates.io version of criterion by @​starfy84 in https://github.com/lycheeverse/lychee/pull/1348
• Work on CI build times by @​mre in https://github.com/lycheeverse/lychee/pull/1350
• Always output valid JSON with --format=json by @​mre in https://github.com/lycheeverse/lychee/pull/1356
• Merge missing include_mail flag into config by @​mre in https://github.com/lycheeverse/lychee/pull/1357

New Contributors

• @​starfy84 made their first contribution in https://github.com/lycheeverse/lychee/pull/1348

Full Changelog: lycheeverse/lychee@v0.14.1...v0.14.2

v0.14.1: Version 0.14.1

Compare Source

Overview

This is a quick patch release with an important fix for the accept setting in the configuration, which
allows overwriting the accepted HTTP status codes.

We re-enabled support for integers:

accept = [200, 203, 429]

You can also mix and match strings (e.g. for ranges) and integers now:

accept = [200, "203", "301..=304", 429]

Ranges behave just like other ranges in Rust. See Range expression docs.

Special thanks to @​Techassi for the quick turnaround on this one. 👍

What's Changed

Miscellaneous and Others 🔔

• Exclude example TLDs from RFC 2606 by @​mre in https://github.com/lycheeverse/lychee/pull/1335
• chore: run cargo update by @​kxxt in https://github.com/lycheeverse/lychee/pull/1337 (awesome PR number)
• fix(test_cookie_jar): use google.com/ncr by @​kxxt in https://github.com/lycheeverse/lychee/pull/1336
• fix: Add accept option to merged config by @​Techassi in https://github.com/lycheeverse/lychee/pull/1344
• feat: Expand serde deserialize impl by @​Techassi in https://github.com/lycheeverse/lychee/pull/1345

Full Changelog: lycheeverse/lychee@v0.14.0...v0.14.1

v0.14.0: Version 0.14.0

Compare Source

What's Changed

Breaking Changes and Bugs 🚨

• Remove inaccurate details in compact view by @​mre in https://github.com/lycheeverse/lychee/pull/1088
• Don't cache unknown status codes by @​mre in https://github.com/lycheeverse/lychee/pull/1090
• Avoid false positives when checking email addresses in HTML input by @​mre in https://github.com/lycheeverse/lychee/pull/1123
• fix exclude pattern in example by @​woolfg in https://github.com/lycheeverse/lychee/pull/1154
• Make checking email addresses optional by @​mre in https://github.com/lycheeverse/lychee/pull/1171
• Fix rustls-tls feature by @​stefankreutz in https://github.com/lycheeverse/lychee/pull/1194
• fix nightly release bash script by @​kemingy in https://github.com/lycheeverse/lychee/pull/1224
• ignore the error when deleting nightly tags by @​kemingy in https://github.com/lycheeverse/lychee/pull/1228

Enhancements and Performance Improvements 🚀

• Prettier colors and progress bar by @​mre in https://github.com/lycheeverse/lychee/pull/1069
• alpine for docker image by @​DariuszPorowski in https://github.com/lycheeverse/lychee/pull/1074
• test(client): make exponential_backoff better by @​kxxt in https://github.com/lycheeverse/lychee/pull/1079
• Add optional Rustls support by @​stefankreutz in https://github.com/lycheeverse/lychee/pull/1099
• Log redirects in verbose mode (-vv) by @​mre in https://github.com/lycheeverse/lychee/pull/1117
• feat: add support for basic auth per URI by @​Techassi in https://github.com/lycheeverse/lychee/pull/1110
• Extend remap feature by @​mre in https://github.com/lycheeverse/lychee/pull/1133
• Don't check Twitter URLs by @​mre in https://github.com/lycheeverse/lychee/pull/1147
• Cookie Support by @​mre in https://github.com/lycheeverse/lychee/pull/1146
• feat: Add support for --dump-inputs by @​Techassi in https://github.com/lycheeverse/lychee/pull/1159
• bump html5gum to 0.5.5 by @​untitaker in https://github.com/lycheeverse/lychee/pull/1181
• bump html5gum to 0.5.7 by @​untitaker in https://github.com/lycheeverse/lychee/pull/1182
• Improve srcset parsing by @​mre in https://github.com/lycheeverse/lychee/pull/1160
• Introduce fragment checking for links to markdown files. by @​HU90m in https://github.com/lycheeverse/lychee/pull/1126
• Improve 'cargo tree' check by @​stefankreutz in https://github.com/lycheeverse/lychee/pull/1200
• Add nightly release by @​kemingy in https://github.com/lycheeverse/lychee/pull/1212
• Add sensible excluded URL-s to lychee.example.toml by @​szepeviktor in https://github.com/lycheeverse/lychee/pull/1234
• Check fragments in HTML files by @​HU90m in https://github.com/lycheeverse/lychee/pull/1198
• Create release.yml by @​szepeviktor in https://github.com/lycheeverse/lychee/pull/1243

Documentation and Maintenance 📚🔧

• Add metadata for cargo-binstall by @​orhun in https://github.com/lycheeverse/lychee/pull/1073
• Update false-positive patterns by @​mre in https://github.com/lycheeverse/lychee/pull/1120
• Cleanup Cargo.toml files by @​mre in https://github.com/lycheeverse/lychee/pull/1121
• "Added Back to Top Button in the Readme file" by @​manish0kuniyal in https://github.com/lycheeverse/lychee/pull/1142
• Added TOC-generator by @​manish0kuniyal in https://github.com/lycheeverse/lychee/pull/1151
• Update dependencies; fix flaky tests by @​mre in https://github.com/lycheeverse/lychee/pull/1219
• Make suggestion test more robust by @​mre in https://github.com/lycheeverse/lychee/pull/1229
• Fix typos by @​szepeviktor in https://github.com/lycheeverse/lychee/pull/1231

Miscellaneous and Others 🔔

• Fix SPDX expression in Cargo.toml by @​Colerar in https://github.com/lycheeverse/lychee/pull/1251
• Mention supported schemes by @​mre in https://github.com/lycheeverse/lychee/pull/1255
• feat: Add support for ranges in the --accept option / config field by @​Techassi in https://github.com/lycheeverse/lychee/pull/1167
• Exclude URLs ending with xmlrpc.php by @​aj-stein-nist in https://github.com/lycheeverse/lychee/pull/1262
• Update README.md with exit code 3 by @​thomas-zahner in https://github.com/lycheeverse/lychee/pull/1281
• Address warnings of the new clippy lints by @​thomas-zahner in https://github.com/lycheeverse/lychee/pull/1310
• Add Bencher to Lychee users list by @​epompeii in https://github.com/lycheeverse/lychee/pull/1315
• Fix false-positive example domains by @​mre in https://github.com/lycheeverse/lychee/pull/1316
• Better TOML parsing error message by @​mre in https://github.com/lycheeverse/lychee/pull/1332
• ci: fix missing permissions for uploading release assets by @​askalski85 in https://github.com/lycheeverse/lychee/pull/1330
• Decode percent escapes in fragments by @​HU90m in https://github.com/lycheeverse/lychee/pull/1275

New Contributors

• @​orhun made their first contribution in https://github.com/lycheeverse/lychee/pull/1073
• @​DariuszPorowski made their first contribution in https://github.com/lycheeverse/lychee/pull/1074
• @​stefankreutz made their first contribution in https://github.com/lycheeverse/lychee/pull/1099
• @​Techassi made their first contribution in https://github.com/lycheeverse/lychee/pull/1110
• @​manish0kuniyal made their first contribution in https://github.com/lycheeverse/lychee/pull/1142
• @​woolfg made their first contribution in https://github.com/lycheeverse/lychee/pull/1154
• @​HU90m made their first contribution in https://github.com/lycheeverse/lychee/pull/1126
• @​kemingy made their first contribution in https://github.com/lycheeverse/lychee/pull/1212
• @​szepeviktor made their first contribution in https://github.com/lycheeverse/lychee/pull/1231
• @​Colerar made their first contribution in https://github.com/lycheeverse/lychee/pull/1251
• @​aj-stein-nist made their first contribution in https://github.com/lycheeverse/lychee/pull/1262
• @​epompeii made their first contribution in https://github.com/lycheeverse/lychee/pull/1315
• @​askalski85 made their first contribution in https://github.com/lycheeverse/lychee/pull/1330

Full Changelog: lycheeverse/lychee@v0.13.0...v0.14.0

---

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box