chore(deps): update module github.com/aquasecurity/trivy to v0.54.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/aquasecurity/trivy	v0.51.4 -> v0.54.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

aquasecurity/trivy (github.com/aquasecurity/trivy)

v0.54.1

Compare Source

Changelog

• 854c61d release: v0.54.1 [release/v0.54] (#​7282)
• 334a1c2 fix(flag): incorrect behavior for deprected flag --clear-cache [backport: release/v0.54] (#​7285)
• f61725c fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#​7283)
• a7b7117 fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#​7279)

v0.54.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/7268

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0540-2024-07-30

v0.53.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/7061

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0530-2024-07-01

v0.52.2

Compare Source

Changelog

• 8709d4f release: v0.52.2 [release/v0.52] (#​6896)
• a4b8ad7 ci: use ubuntu-latest-m runner [backport: release/v0.52] (#​6933)
• 2b711bc chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#​6919)
• 191d31e test: bump docker API to 1.45 [backport: release/v0.52] (#​6922)
• 3f5874c ci: bump github.com/goreleaser/goreleaser to v2.0.0 [backport: release/v0.52] (#​6893)
• 8f8c76a fix(debian): take installed files from the origin layer [backport: release/v0.52] (#​6892)

v0.52.1

Compare Source

Changelog

• a3caf06 release: v0.52.1 [release/v0.52] (#​6877)
• 01dbb42 fix(nodejs): fix infinite loop when package link from package-lock.json file is broken [backport: release/v0.52] (#​6888)
• f186d22 fix(sbom): don't overwrite srcEpoch when decoding SBOM files [backport: release/v0.52] (#​6881)
• 093c0ae fix(python): compare pkg names from poetry.lock and pyproject.toml in lowercase [backport: release/v0.52] (#​6878)
• 6bfda76 Merge pull request #​6879 from aquasecurity/backport-pr-6864-to-release/v0.52
• 53850c8 docs: explain how VEX is applied (#​6864)
• 2211962 Merge pull request #​6875 from aquasecurity/backport-pr-6857-to-release/v0.52
• a614b69 fix(nodejs): fix infinity loops for pnpm with cyclic imports (#​6857)

v0.52.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6838

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0520-2024-06-03

---

Configuration

📅 Schedule: Branch creation - "after 8am on Monday" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: scanner/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 62 additional dependencies were updated

Details:

Package	Change
github.com/CycloneDX/cyclonedx-go	v0.8.0 -> v0.9.0
github.com/aquasecurity/trivy-db	v0.0.0-20240602051612-79d0fbd1e246 -> v0.0.0-20240718084044-d23a6ca8ba04
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.11.1 -> v1.13.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity	v1.6.0 -> v1.7.0
github.com/Azure/azure-sdk-for-go/sdk/internal	v1.8.0 -> v1.10.0
github.com/BurntSushi/toml	v1.3.2 -> v1.4.0
github.com/aquasecurity/go-version	v0.0.0-20210121072130-637058cfe492 -> v0.0.0-20240603093900-cf8a8d29271d
github.com/aquasecurity/trivy-checks	v0.10.5-0.20240430045208-6cc735de6b9e -> v0.13.0
github.com/aws/aws-sdk-go	v1.53.0 -> v1.54.6
github.com/aws/aws-sdk-go-v2	v1.27.0 -> v1.30.3
github.com/aws/aws-sdk-go-v2/config	v1.27.15 -> v1.27.27
github.com/aws/aws-sdk-go-v2/credentials	v1.17.15 -> v1.17.27
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.3 -> v1.16.11
github.com/aws/aws-sdk-go-v2/service/ec2	v1.161.3 -> v1.172.0
github.com/aws/aws-sdk-go-v2/service/ecr	v1.28.2 -> v1.30.3
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.11.2 -> v1.11.3
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.11.9 -> v1.11.17
github.com/aws/aws-sdk-go-v2/service/s3	v1.54.2 -> v1.58.2
github.com/aws/aws-sdk-go-v2/service/sso	v1.20.8 -> v1.22.4
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.24.2 -> v1.26.4
github.com/containerd/containerd	v1.7.17 -> v1.7.20
github.com/containerd/ttrpc	v1.2.4 -> v1.2.5
github.com/docker/cli	v26.1.4+incompatible -> v27.0.3+incompatible
github.com/docker/docker	v26.1.5+incompatible -> v27.1.1+incompatible
github.com/docker/docker-credential-helpers	v0.8.1 -> v0.8.2
github.com/go-logr/logr	v1.4.1 -> v1.4.2
github.com/google/gnostic-models	v0.6.8 -> v0.6.9-0.20230804172637-c7be7c783f49
github.com/hashicorp/hcl	v1.0.0 -> v1.0.1-vault-5
github.com/hashicorp/hcl/v2	v2.20.1 -> v2.21.0
github.com/klauspost/compress	v1.17.8 -> v1.17.9
github.com/moby/buildkit	v0.13.2 -> v0.15.1
github.com/open-policy-agent/opa	v0.64.1 -> v0.66.0
github.com/owenrumney/go-sarif/v2	v2.3.1 -> v2.3.3
github.com/owenrumney/squealer	v1.2.2 -> v1.2.3
github.com/pelletier/go-toml/v2	v2.1.1 -> v2.2.2
github.com/prometheus/client_golang	v1.19.0 -> v1.19.1
github.com/prometheus/procfs	v0.12.0 -> v0.15.1
github.com/samber/lo	v1.44.0 -> v1.46.0
github.com/spdx/tools-golang	v0.5.4 -> v0.5.5
github.com/spf13/viper	v1.18.2 -> v1.19.0
github.com/tetratelabs/wazero	v1.7.2 -> v1.7.3
github.com/zclconf/go-cty	v1.14.4 -> v1.15.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.49.0 -> v0.52.0
go.opentelemetry.io/otel	v1.24.0 -> v1.27.0
go.opentelemetry.io/otel/metric	v1.24.0 -> v1.27.0
go.opentelemetry.io/otel/sdk	v1.24.0 -> v1.27.0
go.opentelemetry.io/otel/trace	v1.24.0 -> v1.27.0
golang.org/x/mod	v0.17.0 -> v0.19.0
golang.org/x/net	v0.26.0 -> v0.27.0
golang.org/x/tools	v0.21.1-0.20240508182429-e35e4ccd0d2d -> v0.23.0
google.golang.org/genproto/googleapis/api	v0.0.0-20240311173647-c811ad7063a7 -> v0.0.0-20240520151616-dc85e6b867a5
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240318140521-94a12d6c2237 -> v0.0.0-20240515191416-fc5f0ca64291
google.golang.org/grpc	v1.63.2 -> v1.64.1
google.golang.org/protobuf	v1.34.1 -> v1.34.2
helm.sh/helm/v3	v3.15.0 -> v3.15.3
k8s.io/api	v0.30.2 -> v0.30.3
k8s.io/apimachinery	v0.30.2 -> v0.30.3
k8s.io/cli-runtime	v0.30.0 -> v0.30.2
k8s.io/component-base	v0.30.0 -> v0.30.1
k8s.io/kubectl	v0.30.0 -> v0.30.1
modernc.org/libc	v1.49.3 -> v1.55.3
modernc.org/sqlite	v1.29.10 -> v1.31.1

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v0.54.1). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

[paralta]

needs #1951