This repository has been archived by the owner on Oct 14, 2024. It is now read-only.
chore(deps): update docker.io/aquasec/trivy docker tag to v0.49.1 #1215
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
added
dependencies
chrisgacsal
previously approved these changes
Feb 8, 2024
renovate
bot
force-pushed
the
renovate/docker.io-aquasec-trivy-0.x
branch
from
551a767 to
d4f24d0
Compare
This comment has been minimized.
This comment has been minimized.
renovate
bot
force-pushed
the
renovate/docker.io-aquasec-trivy-0.x
branch
from
d4f24d0 to
9964d1a
Compare
This comment has been minimized.
This comment has been minimized.
renovate
bot
force-pushed
the
renovate/docker.io-aquasec-trivy-0.x
branch
from
9964d1a to
8bd2da2
Compare
This comment has been minimized.
This comment has been minimized.
renovate
bot
force-pushed
the
renovate/docker.io-aquasec-trivy-0.x
branch
2 times, most recently
from
c96cfd8 to
0d68c06
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
This comment has been minimized.
This comment has been minimized.
chrisgacsal
force-pushed
the
renovate/docker.io-aquasec-trivy-0.x
branch
from
25a468e to
092216a
Compare
chrisgacsal
approved these changes
Feb 9, 2024
|
Hey! Your images are ready:
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.41.0->0.49.1Release Notes
aquasecurity/trivy (docker.io/aquasec/trivy)
v0.49.1Compare Source
Changelog
6ccc0a5fix: check unescapedBomRefwhen matchingPkgIdentifier(#6025)458c5d9docs: Fix broken link to "pronunciation" (#6057)5c0ff6dchore(deps): bump actions/upload-artifact from 3 to 4 (#6047)e2bd7f7chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#6042)f95fbcbchore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#6043)7651bf5ci: reduceroot-reserve-mbsize formaximize-build-space(#6064)fc20dfdchore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#6041)3bd80e7chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#6039)2900a21fix: fix cursor usage in Redis Clear function (#6056)85cb9a7chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#6037)4e962c0fix(nodejs): add local packages support forpnpm-lock.yamlfiles (#6034)aa48a7bchore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#6046)8aabbeachore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#6044)ec02a65chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#6048)27d35batest: fix flakyTestDockerEngine(#6054)c3a66dachore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#6040)2000fe2chore(deps): bump easimon/maximize-build-space from 9 to 10 (#6049)2be6421chore(deps): bump alpine from 3.19.0 to 3.19.1 (#6051)41c0ef6chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#6028)v0.49.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6033
Changelog
729a051fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)884745bchore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#6029)59e5433fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)5924c02feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)4df9363docs: add note about Bun (#6001)70dd572fix(report): useAWS_REGIONenv for secrets inasfftemplate (#6011)13f797ffix: check returned error before deferring f.Close() (#6007)adfde63feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)e2eb70efeat(vuln): enable--vexfor all targets (#5992)f9da021docs: update link to data sources (#6000)b4b90cffeat(java): add support for line numbers for pom.xml files (#5991)fb36c4erefactor(sbom): use newmetadata.toolsstruct for CycloneDX (#5981)f6be42bdocs: Update troubleshooting guide with image not found error (#5983)bb6caeastyle: update band logos (#5968)189a46achore(deps): Update misconfig deps (#5956)91a2547docs: update cosign tutorial and commands, update kyverno policy (#5929)a96f66fdocs: update command to scan go binary (#5969)2212d14fix: handle non-parsable images names (#5965)7cad04bchore(deps): bump aquaproj/aqua-installer from 2.1.2 to 2.2.0 (#5693)fbc1a83fix(amazon): save system files for pkgs containingamznin src (#5951)260aa28fix(alpine): Add EOL support for alpine 3.19. (#5938)2c9d7c6feat: allow end-users to adjust K8S client QPS and burst (#5910)ffe2ca7chore(deps): bump go-ebs-file (#5934)f90d4eefix(nodejs): find licenses for packages with slash (#5836)c75143ffix(sbom): usegroupfield for pom.xml and nodejs files for CycloneDX reports (#5922)a3fac90fix: ignore no init containers (#5939)b1b4734docs: Fix documentation of ecosystem (#5940)a2b6549docs(misconf): multiple ignores in comment (#5926)ae134a9fix(secret): find aws secrets ending with a comma or dot (#5921)c8c55fechore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.90 to 1.15.11 (#5885)4d2e785docs: ✨ Updated ecosystem docs with reference to new community app (#5918)7895657fix(java): don't remove excluded deps from upper pom's (#5838)37e7e3efix(java): check if a version exists when determining GAV by file name forjarfiles (#5630)d0c81e2feat(vex): add PURL matching for CSAF VEX (#5890)958e1f1fix(secret):AWS Secret Access Keymust include only secrets withawstext. (#5901)56c4e24revert(report): don't escape new line characters for sarif format (#5897)92d9b3ddocs: improve filter by rego (#5402)a626cdfchore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)47b6c28docs: add_scan2html_to_trivy_ecosystem (#5875)0ebb6c4fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)c47ed0dfeat(vex): Add support for CSAF format (#5535)2cdd65dchore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.26.2 to 1.26.7 (#5880)cba67d1chore(deps): bump actions/setup-go from 4 to 5 (#5845)d990e70chore(deps): bump actions/stale from 8 to 9 (#5846)c72dfbfchore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 (#5853)1218984chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#5847)682210achore(deps): bump modernc.org/sqlite from 1.23.1 to 1.28.0 (#5854)e1a60ccchore(deps): bump alpine from 3.18.5 to 3.19.0 (#5849)b508414chore(deps): bump actions/setup-python from 4 to 5 (#5848)df3e90afeat(python): parse licenses from dist-info folder (#4724)fa2e883chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0 (#5852)30eff9cfeat(nodejs): add yarn alias support (#5818)013df4cchore(deps): bump github.com/samber/lo from 1.38.1 to 1.39.0 (#5850)b1489f3chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#5856)7f2e422chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)da597c4refactor: propagate time through context values (#5858)1607eeerefactor: move PkgRef under PkgIdentifier (#5831)b3d516efix(cyclonedx): fix unmarshal for licenses (#5828)c17b660chore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)1f0d629feat(vuln): include pkg identifier on detected vulnerabilities (#5439)v0.48.3Compare Source
Changelog
eac7513chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892)d866b71chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#5855)34ba96echore(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#5830)v0.48.2Compare Source
Changelog
4cdff0echore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from v1.116.0 to v1.134.0 (#5822)be969d4chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 (#5809)81748f5chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 (#5805)v0.48.1Compare Source
Changelog
ba825b2chore(deps): bump trivy-iac to v0.7.1 (#5797)abf227efix(bitnami): use a different comparer for detecting vulnerabilities (#5633)df49ea4refactor(sbom): disable html escaping for CycloneDX (#5764)f25e2dfrefactor(purl): usepubfrompackage-url(#5784)b5e3b77docs(python): add note to usingpip freezeforcompatible releases(#5760)6cc00c2fix(report): use OS information for OS packages purl ingithubtemplate (#5783)c317fe8fix(report): fix error if miconfigs are empty (#5782)9b4bcedrefactor(vuln): don't remove VendorSeverity in JSON report (#5761)be5a550fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767)01edbdadocs(k8s): replace --scanners config with --scanners misconfig in docs (#5746)eb97419fix(report): update Gitlab template (#5721)be1c554feat(secret): add support of GitHub fine-grained tokens (#5740)a5342dafix(misconf): add an image misconf to result (#5731)108a5b0feat(secret): added support of Docker registry credentials (#5720)6080e24chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.25.11 (#5717)e27ec32chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.21.0 to 1.24.1 (#5701)v0.48.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5724
Changelog
f2aa9bfchore(deps): bump sigstore/cosign-installer from4a86152to1fc5bd3(#5696)6d7e2f8chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 (#5694)0ff5f96feat: filter k8s core components vuln results (#5713)a54d1e9feat(vuln): remove duplicates in Fixed Version (#5596)99c04c4feat(report): output plugin (#4863)70078b9chore(deps): bump alpine from 3.18.4 to 3.18.5 (#5700)49e83a6chore(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#5704)af32cb3chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.10.1 (#5699)1766271chore(deps): bump actions/github-script from 6 to 7 (#5697)7ee8547chore(deps): bump easimon/maximize-build-space from 8 to 9 (#5695)654147fdocs: typo in modules.md (#5712)2569575feat: Add flag to configure node-collector image ref (#5710)c061009chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.1 to 1.9.0 (#5702)aedbd85chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.4 to 2.31.0 (#5698)e018b9cchore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 (#5706)b5874e3feat(misconf): Add--misconfig-scannersoption (#5670)075d8f6chore: bump Go to 1.21 (#5662)16b757dfeat: Packagesprops support (#5605)372efc9chore(deps): Bump up trivy misconf deps (#5656)edad5f6docs: update adopters discussion template (#5632)ed9d340docs: terraform tutorial links updated to point to correct loc (#5661)8ff574efix(secret): addsecand space to secret prefix foraws-secret-access-key(#5647)ad977a4fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)b1dc60bfix(secret): exclude upper case before secret foralibaba-access-key-id(#5618)65351d4docs: Update Arch Linux package URL in installation.md (#5619)c866f1cchore: add prefix to image errors (#5601)ed0022bdocs(vuln): fix link anchor (#5606)3c81727docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)2145464fix: k8s friendly error messages kbom non cluster scans (#5594)44d0b28feat: set InstalledFiles for DEB and RPM packages (#5488)ae4bcf6fix(report): use time.Time for CreatedAt (#5598)b6fafa0test: retry containerd initialization (#5597)1336223feat(misconf): Expose misconf engine debug logs with--debugoption (#5550)7105186test: mock VM walker (#5589)d9d7f3fchore: bump node-collector v0.0.9 (#5591)e3c28f8feat(misconf): Add support for--cf-paramsfor CFT (#5507)ac0e327feat(flag): replace '--slow' with '--parallel' (#5572)5372067fix(report): add escaping for Sarif format (#5568)a389529chore: show a deprecation notice for--scanners config(#5587)f4dd062feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)d005f5atest: mock RPM DB (#5567)a96ec35feat: add aliases to '--scanners' (#5558)950e431refactor: reintroduce output writer (#5564)2310f0dchore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#5543)04b93e9chore: not load plugins for auto-generating docs (#5569)cccaa15chore: sort supported AWS services (#5570)3891e3dfix: no schedule toleration (#5562)138feb0fix(cli): set correctscannersfork8starget (#5561)cb241a8fix(sbom): addFilesAnalyzedandPackageVerificationCodefields for SPDX (#5533)e7f6a5crefactor(misconf): Update refactored dependencies (#5245)2f5afa5feat(secret): add built-in rule for JWT tokens (#5480)91fc8dafix: trivy k8s parse ecr image with arn (#5537)05df244fix: fail k8s resource scanning (#5529)a1b4744refactor(misconf): don't remove Highlighted in json format (#5531)7712f8fdocs(k8s): fix link in kubernetes.md (#5524)043fbfcdocs(k8s): fix whitespace in list syntax (#5525)v0.47.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5520
Changelog
d6df5fbdocs: add info that license scanning supports file-patterns flag (#5484)156d4ccdocs: add Zora integration into Ecosystem session (#5490)772d1d0fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)df47073ci: use maximize build space for K8s tests (#5387)fed4710fix: correct error mismatch causing race in fast walks (#5516)46f1b9edocs: k8s vulnerability scanning (#5515)fdb3a15chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#5506)d0d956fchore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#5493)68b0797docs: remove glad for java datasources (#5508)474167cchore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#5475)7299867chore: remove unused logger attribute in amazon detector (#5476)8656bd9fix: correct error mismatch causing race in fast walks (#5482)2e10cd2chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5502)13df746chore(deps): bump docker/build-push-action from 4 to 5 (#5500)b0141cfchore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#5491)520830bfix(server): add licenses toBlobInfomessage (#5382)9a6e125chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#5501)6e59272chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#5497)f3de7bcfeat: scan vulns on k8s core component apps (#5418)e2fb3ddfix(java): fix infinite loop whenrelativePathfield points topom.xmlbeing scanned (#5470)3e833bechore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#5472)ca50b77fix(sbom): save digests for package/application when scanning SBOM files (#5432)048150ddocs: fix the broken link (#5454)013d901docs: fix error when installingPyYAMLfor gh pages (#5462)26b4959fix(java): download java-db once (#5442)57fa701chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)53c9a7ddocs(misconf): Update--tf-exclude-downloaded-modulesdescription (#5419)01c98d1feat(misconf): Support--ignore-policyin config scans (#5359)05b3c86docs(misconf): fix broken table forUse container imagesection (#5425)1a15a3afeat(dart): add graph support (#5374)f2a12f5refactor: define a new struct for scan targets (#5397)6040d9ffix(sbom): add missedprimaryURLandsource severityfor CycloneDX (#5399)e5317c7fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)9fba79fchore(deps): move to aws-sdk-go-v2 (#5381)00f2059docs: remove --scanners none (#5384)57a1022docs: Update container_image.md #5182 (#5193)5b2b4eafeat(report): AddInstalledFilesfield to Package (#4706)v0.46.1Compare Source
Changelog
27a3e55fix(java): download java-db once (#5442)d223732chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#5447)v0.46.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5377
Changelog
cbbd1cefeat(k8s): add support for vulnerability detection (#5268)24a0d92fix(python): override BOM inrequirements.txtfiles (#5375)0c3e2f0docs: add kbom documentation (#5363)6c12f04test: use maximize build space for VM tests (#5362)c413422chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#5365)20ab703fix(report): add escaping quotes in misconfig Title for asff template (#5351)91841f5ci: add workflow to check Go versions of dependencies (#5340)57ba05cchore(deps): Upgrade defsec to v0.93.1 (#5348)fef3ed4chore(deps): bump alpine from 3.18.3 to 3.18.4 (#5300)ced54acfix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)2798df9fix: add config files to FS for post-analyzers (#5333)af485b3fix: fix MIME warnings after updating to Go 1.20 (#5336)008babfbuild: fix a compile error with Go 1.21 (#5339)00d9c46feat: addedMetadatainto the k8s resource's scan report (#5322)03b6787ci: check only PR's inactions/stale(#5337)e6d5889chore: update adopters template (#5330)74dbd8aci: do not trigger tests on the push event (#5313)393bfdcfix(sbom): use PURL or Group and Name in case of Java (#5154)76eb8a5docs: add buildkite repository to ecosystem page (#5316)6c74ee1chore(deps): bump docker/setup-qemu-action from 2 to 3 (#5290)6119878chore(deps): bump docker/setup-buildx-action from 2 to 3 (#5292)a346587chore(deps): bump actions/cache from 3.3.1 to 3.3.2 (#5293)7e613ccchore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#5286)f05bc4bchore(deps): bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.2 (#5289)3be5e6bchore: enable go-critic (#5302)f6cd21cchore(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#5288)f7b9751chore(deps): bump github.com/aws/aws-sdk-go from 1.45.3 to 1.45.19 (#5287)18d1687close java-db client (#5273)eb60e9fchore(deps): bump docker/login-action from 2 to 3 (#5291)5a92055chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#5294)46afe65chore(deps): bump github.com/sigstore/rekor from 1.2.1 to 1.3.0 (#5304)0bf2a11chore(deps): bump github.com/opencontainers/image-spec (#5295)23b5fecfix(report): removes git::http from uri in sarif (#5244)4f1d576Improve the meaning of sentence (#5301)6ab2bdfchore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.0 to 2.2.2 (#5297)4217cffchore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#5296)1840584add app nil check (#5274)c5ae9f2typo: in secret.md (#5281)562723fdocs: add info aboutgithubformat (#5265)3dd5b1efeat(dotnet): add license support for NuGet (#5217)5c18475docs: correctly export variables (#5260)0c08ddechore: Add line numbers for lint output (#5247)0ccbb4fchore(cli): disable java-db flags in server mode (#5263)908a491feat(db): allow passing registry options (#5226)5b4652dchore(deps): Bump up defsec to v0.93.0 (#5253)faf8d49refactor(purl): use TypeApk from purl (#5232)559c0f3chore: enable more linters (#5228)2baad46ci: bump GoReleaser from 1.16.2 to 1.20.0 (#5236)df2bff9Fix typo on ide.md (#5239)44656f2refactor: use defined types (#5225)37af529fix(purl): skip local Go packages (#5190)eea3320docs: update info about license scanning in Yarn projects (#5207)2e66620ci: auto apply labels (#5200)49680dcfix link (#5203)v0.45.1Compare Source
Changelog
daae882fix(purl): handle rust types (#5186)81240cfchore: auto-close issues (#5177)bd0accdchore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#5093)ecee794fix(k8s): kbom support addons labels (#5178)9ebc25dtest: validate SPDX with the JSON schema (#5124)9a49a37chore: bump trivy-kubernetes-latest (#5161)ad1dc63docs: add 'Signature Verification' guide (#4731)7c68d4adocs: add image-scanner-with-trivy for ecosystem (#5159)ed49609fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)1953972chore(deps): bump github.com/CycloneDX/cyclonedx-go (#5102)c751601Update filtering.md (#5131)ccc6d7cchore(deps): bump sigstore/cosign-installer (#5104)48cbf45chore(deps): bump github.com/cyphar/filepath-securejoin (#5143)a9c2c74chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#5103)120ac68chore(deps): bump easimon/maximize-build-space from 7 to 8 (#5105)41eaa78chore(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.45.3 (#5126)932f927chaging adopters discussion tempalte (#5091)db31333chore(deps): bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.4 (#5092)8c0b7d6chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.6 (#5094)c61c664chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5095)a99944cchore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.5 (#5097)9fc844echore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#5098)c504f8bchore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#5106)v0.45.0Compare Source
⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/5082
Changelog
cdab67edocs: add Bitnami (#5078)7acc5e8feat(docker): add support for scanning Bitnami components (#5062)9628b1cfeat: add support for .trivyignore.yaml (#5070)4547e27fix(terraform): improve detection of terraform files (#4984)0c8919efeat: filter artifacts on --exclude-owned flag (#5059)c04f234fix(sbom): cyclonedx advisory should omitnullvalue (#5041)f811ed2build: maximize build space for build tests (#5072)69ea5bffeat: improve kbom component name (#5058)3715dcbfix(pom): add licenses for pom artifacts (#5071)07f7e98](https://togithub.cConfiguration
📅 Schedule: Branch creation - "after 6am every weekday,before 12pm every weekday" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.