Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump github.com/aquasecurity/trivy from 0.35.0 to 0.46.1 #1779

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump github.com/aquasecurity/trivy from 0.35.0 to 0.46.1 #1779

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 30, 2023
edited
Loading

Bumps github.com/aquasecurity/trivy from 0.35.0 to 0.46.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.46.1

Changelog

  • 27a3e55e8 fix(java): download java-db once (#5442)
  • d22373265 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)

v0.46.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#5377

Changelog

  • cbbd1ce1f feat(k8s): add support for vulnerability detection (#5268)
  • 24a0d9214 fix(python): override BOM in requirements.txt files (#5375)
  • 0c3e2f08b docs: add kbom documentation (#5363)
  • 6c12f0428 test: use maximize build space for VM tests (#5362)
  • c4134224a chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
  • 20ab7033b fix(report): add escaping quotes in misconfig Title for asff template (#5351)
  • 91841f59b ci: add workflow to check Go versions of dependencies (#5340)
  • 57ba05c76 chore(deps): Upgrade defsec to v0.93.1 (#5348)
  • fef3ed435 chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)
  • ced54aced fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
  • 2798df916 fix: add config files to FS for post-analyzers (#5333)
  • af485b33f fix: fix MIME warnings after updating to Go 1.20 (#5336)
  • 008babfb8 build: fix a compile error with Go 1.21 (#5339)
  • 00d9c4666 feat: added Metadata into the k8s resource's scan report (#5322)
  • 03b6787c4 ci: check only PR's in actions/stale (#5337)
  • e6d5889ed chore: update adopters template (#5330)
  • 74dbd8a1f ci: do not trigger tests on the push event (#5313)
  • 393bfdc1a fix(sbom): use PURL or Group and Name in case of Java (#5154)
  • 76eb8a57b docs: add buildkite repository to ecosystem page (#5316)
  • 6c74ee11f chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)
  • 6119878de chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)
  • a346587b8 chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)
  • 7e613cc5f chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)
  • f05bc4be4 chore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)
  • 3be5e6b24 chore: enable go-critic (#5302)
  • f6cd21c87 chore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)
  • f7b975187 chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)
  • 18d168769 close java-db client (#5273)
  • eb60e9f3c chore(deps): bump docker/login-action from 2 to 3 (#5291)
  • 5a92055e1 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)
  • 46afe65ee chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)
  • 0bf2a11a2 chore(deps): bump github.com/opencontainers/image-spec (#5295)
  • 23b5fece0 fix(report): removes git::http from uri in sarif (#5244)
  • 4f1d576e5 Improve the meaning of sentence (#5301)
  • 6ab2bdfa7 chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)
  • 4217cffb5 chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)
  • 184058470 add app nil check (#5274)
  • c5ae9f265 typo: in secret.md (#5281)
  • 562723f0a docs: add info about github format (#5265)

... (truncated)

Commits
  • 27a3e55 fix(java): download java-db once (#5442)
  • d223732 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)
  • cbbd1ce feat(k8s): add support for vulnerability detection (#5268)
  • 24a0d92 fix(python): override BOM in requirements.txt files (#5375)
  • 0c3e2f0 docs: add kbom documentation (#5363)
  • 6c12f04 test: use maximize build space for VM tests (#5362)
  • c413422 chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)
  • 20ab703 fix(report): add escaping quotes in misconfig Title for asff template (#5351)
  • 91841f5 ci: add workflow to check Go versions of dependencies (#5340)
  • 57ba05c chore(deps): Upgrade defsec to v0.93.1 (#5348)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 30, 2023
@dependabot dependabot bot mentioned this pull request Oct 30, 2023
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/master/github.com/aquasecurity/trivy-0.46.1 branch from e469624 to 9083963 Compare October 31, 2023 05:32
@dependabot
chore(deps): bump github.com/aquasecurity/trivy from 0.35.0 to 0.46.1
05322d0 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.35.0 to 0.46.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.35.0...v0.46.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/master/github.com/aquasecurity/trivy-0.46.1 branch from 9083963 to 05322d0 Compare October 31, 2023 05:33
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 6, 2023

Superseded by #1783.

@dependabot dependabot bot closed this Nov 6, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/master/github.com/aquasecurity/trivy-0.46.1 branch November 6, 2023 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants