Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.4 #51

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.4 #51

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 28, 2024

Bumps github.com/aquasecurity/trivy from 0.49.1 to 0.50.4.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.50.4

Note

v0.50.3 hads a critical problem, and we deleted it and released v0.50.4.

Changelog

  • e47fd487c fix(sbom): change error to warning for multiple OSes (#6541)

v0.50.2

Changelog

  • 9aa9e173b ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
  • 058f4839d chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
  • 9e3d2c5f9 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
  • 2ad8e332e fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#6412)

v0.50.1

Changelog

  • 5f69937cc fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
  • 258d15346 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#6356)
  • ade033a83 docs: add info about support for package license detection in fs/repo modes (#6381)
  • f85c9fac6 fix(nodejs): add support for parsing workspaces from package.json as an object (#6231)
  • 9d7f5c948 fix: use 0600 perms for tmp files for post analyzers (#6386)
  • f148eb10f fix(helm): scan the subcharts once (#6382)
  • 97f95c4dd docs(terraform): add file patterns for Terraform Plan (#6393)
  • abd62ae74 fix(terraform): сhecking SSE encryption algorithm validity (#6341)
  • 7c409fd27 fix(java): parse modules from pom.xml files once (#6312)
  • 1b68327b6 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#6364)
  • a2482c14e fix(server): add Locations for Packages in client/server mode (#6366)
  • e866bd5b5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#6346)
  • 1870f2846 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#6348)
  • 6c81e5505 chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371)

v0.50.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#6340

Changelog

  • 8ec3938e0 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
  • f6c5d5800 feat(java): add support licenses and graph for gradle lock files (#6140)
  • c4022d61b feat(vex): consider root component for relationships (#6313)
  • 317792433 fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
  • dd9620ef3 chore: updates wazero to v1.7.0 (#6301)
  • eb3ceb323 feat(sbom): Support license detection for SBOM scan (#6072)
  • ab74caa87 refactor(sbom): use intermediate representation for SPDX (#6310)
  • 71da44f7e docs(terraform): improve documentation for filtering by inline comments (#6284)
  • 102b6df73 fix(terraform): fix policy document retrieval (#6276)
  • aa19aaf4e refactor(terraform): remove unused custom error (#6303)
  • 8fcef352b refactor(sbom): add intermediate representation for BOM (#6240)
  • fb8c516de fix(amazon): check only major version of AL to find advisories (#6295)

... (truncated)

Commits
  • e47fd48 fix(sbom): change error to warning for multiple OSes (#6541)
  • 9aa9e17 ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
  • 058f483 chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
  • 9e3d2c5 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
  • 2ad8e33 fix(java): update logic to detect pom.xml file snapshot artifacts from remo...
  • 5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
  • 258d153 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same de...
  • ade033a docs: add info about support for package license detection in fs/repo mod...
  • f85c9fa fix(nodejs): add support for parsing workspaces from package.json as an o...
  • 9d7f5c9 fix: use 0600 perms for tmp files for post analyzers (#6386)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.4
ff169ab 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.49.1 to 0.50.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.49.1...v0.50.4)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 28, 2024
@dependabot dependabot bot mentioned this pull request Apr 28, 2024
Closed
@github-actions github-actions bot enabled auto-merge (squash) April 28, 2024 05:34
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github May 6, 2024

Superseded by #52.

@dependabot dependabot bot closed this May 6, 2024
auto-merge was automatically disabled May 6, 2024 11:04

Pull request was closed

@dependabot dependabot bot deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.50.4 branch May 6, 2024 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants