chore(deps): bump github.com/aquasecurity/trivy from 0.57.1 to 0.58.1

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.57.1 to 0.58.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.58.1

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#8171

Changelog

https://github.com/aquasecurity/trivy/blob/release/v0.58/CHANGELOG.md#0581-2024-12-24

v0.58.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#8039

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0580-2024-12-02

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.58.1 (2024-12-24)

Bug Fixes

• handle BLOW_UNKNOWN error to download DBs [backport: release/v0.58] (#8121) (9a56e7c)
• java: correctly overwrite version from depManagement if dependency uses project.* props [backport: release/v0.58] (#8119) (4278a09)
• oracle: add architectures support for advisories [backport: release/v0.58] (#8125) (89b341f)
• python: skip dev group's deps for poetry [backport: release/v0.58] (#8158) (8b93081)
• redhat: correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) (33818e1)
• sbom: attach nested packages to Application [backport: release/v0.58] (#8168) (03160e4)
• sbom: fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) (f842fe1)
• sbom: use root package for unknown dependencies (if exists) [backport: release/v0.58] (#8156) (18cd1a5)

0.58.0 (2024-12-02)

Features

• add workspaceRelationship (#7889) (d622ca2)
• add cvss v4 score and vector in scan response (#7968) (e0f2054)
• go: construct dependencies in the parser (#7973) (bcdc0bb)
• go: construct dependencies of go.mod main module in the parser (#7977) (5448ba2)
• k8s: add default commands for unknown platform (#7863) (b1c7f55)
• misconf: log causes of HCL file parsing errors (#7634) (e9a899a)
• oracle: add flavors support (#7858) (b9b383e)
• secret: Add built-in secrets rules for Private Packagist (#7826) (132d9df)
• suse: Align SUSE/OpenSUSE OS Identifiers (#7965) (45d3b40)
• Update registry fallbacks (#7679) (5ba9a83)

Bug Fixes

• alpine: add UID for removed packages (#7887) (07915da)
• aws: change CPU and Memory type of ContainerDefinition to a string (#7995) (aeeba70)
• cli: Handle empty ignore files more gracefully (#7962) (4cfb2a9)
• debian: infinite loop (#7928) (d982e6a)
• fs: add missing defered Cleanup() call to post analyzer fs (#7882) (ab32297)
• Improve version comparisons when build identifiers are present (#7873) (eda4d76)
• k8s: check all results for vulnerabilities (#7946) (797b36f)
• misconf: do not erase variable type for child modules (#7941) (de3b7ea)
• misconf: handle null properties in CloudFormation templates (#7813) (99b2db3)
• misconf: load full Terraform module (#7925) (fbc42a0)
• misconf: properly resolve local Terraform cache (#7983) (fe3a897)
• misconf: Update trivy-checks default repo to mirror.gcr.io (#7953) (9988147)
• misconf: wrap AWS EnvVar to iac types (#7407) (54130dc)
• redhat: don't return error if root/buildinfo/content_manifests/ contains files that are not contentSets files (#7912) (38775a5)
• report: handle [email protected] schema for misconfigs in sarif report (#7898) (19aea4b)
• sbom: Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871) (461a68a)
• terraform: set null value as fallback for missing variables (#7669) (611558e)

... (truncated)

Commits

• 7326db1 release: v0.58.1 [release/v0.58] (#8120)
• 03160e4 fix(sbom): attach nested packages to Application [backport: release/v0.58] (#...
• 8b93081 fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)
• 18cd1a5 fix(sbom): use root package for unknown dependencies (if exists) [backport:...
• 1bde3df chore(deps): bump golang.org/x/net from v0.32.0 to v0.33.0 [backport: r...
• 90f9e88 chore(deps): bump github.com/CycloneDX/cyclonedx-go from v0.9.1 to `v0.9....
• 33818e1 fix(redhat): correct rewriting of recommendations for the same vulnerability ...
• 89b341f fix(oracle): add architectures support for advisories [backport: release/v0.5...
• f842fe1 fix(sbom): fix wrong overwriting of applications obtained from different sbom...
• d52542f chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: releas...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)