Update aquasec/trivy Docker tag to v0.53.0 #2612
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.51.4
->0.53.0
Release Notes
aquasecurity/trivy (aquasec/trivy)
v0.53.0
Compare Source
⚠ BREAKING CHANGES
Features
environment.yml
files (#6953) (654217a)maven-metadata.xml
files for remote snapshot repositories. (#6950) (1f8fca1)CycloneDX v1.6
(#6903) (09e50ce)Bug Fixes
file-patterns
and scan.conan2
cache dir (#6949) (38b35dd)advisory.url
(#6952) (417212e)image.inspect.Created
field only for non-empty values (#6948) (0af5730),
,or
, etc. (#6916) (52f7aa5)package-lock.json
file is broken (#6858) (cf5aa33)pnpm
with cyclic imports (#6857) (7d083bc)--insecure
(#7022) (3d02a31)poetry.lock
andpyproject.toml
in lowercase (#6852) (faa9d92)srcEpoch
when decoding SBOM files (#6866) (04af59c)purl
for maven pkgs (#7008) (a76e328)purl
forbitnami
pkg names (#6982) (7eabb92)Asymmetric Private Key
shouldn't start with space (#6867) (bb26445)v0.52.2
Compare Source
Changelog
8709d4f
release: v0.52.2 [release/v0.52] (#6896)a4b8ad7
ci: useubuntu-latest-m
runner [backport: release/v0.52] (#6933)2b711bc
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919)191d31e
test: bump docker API to 1.45 [backport: release/v0.52] (#6922)3f5874c
ci: bumpgithub.aaakk.us.kg/goreleaser/goreleaser
tov2.0.0
[backport: release/v0.52] (#6893)8f8c76a
fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)v0.52.1
Compare Source
Changelog
a3caf06
release: v0.52.1 [release/v0.52] (#6877)01dbb42
fix(nodejs): fix infinite loop when package link frompackage-lock.json
file is broken [backport: release/v0.52] (#6888)f186d22
fix(sbom): don't overwritesrcEpoch
when decoding SBOM files [backport: release/v0.52] (#6881)093c0ae
fix(python): compare pkg names frompoetry.lock
andpyproject.toml
in lowercase [backport: release/v0.52] (#6878)6bfda76
Merge pull request #6879 from aquasecurity/backport-pr-6864-to-release/v0.5253850c8
docs: explain how VEX is applied (#6864)2211962
Merge pull request #6875 from aquasecurity/backport-pr-6857-to-release/v0.52a614b69
fix(nodejs): fix infinity loops forpnpm
with cyclic imports (#6857)v0.52.0
Compare Source
Features
requirement.txt
files (#6782) (29615be)requirement.txt
files (#6729) (2bc54ad)Bug Fixes
pip
deps forenvironment.yml
files (#6675) (150a773)gobinaries
(#6710) (c96f2a5).version
|.ver
(no prefixes) ldflags forgobinaries
(#6705) (afb4f9d)requirements.txt
files. (#6804) (ea3a124)convert
mode when scanning json file derived from sbom file (#6808) (f92ea09)Performance Improvements
Configuration
📅 Schedule: Branch creation - "after 11pm every weekday,before 7am every weekday,every weekend" in timezone Europe/Brussels, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.