Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the common group with 9 updates #7333

Merged
merged 1 commit into from
Aug 15, 2024
Merged

chore(deps): bump the common group with 9 updates #7333

merged 1 commit into from
Aug 15, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 12, 2024

Bumps the common group with 9 updates:

Package From To
github.com/Azure/azure-sdk-for-go/sdk/azcore 1.13.0 1.14.0
github.com/google/go-containerregistry 0.20.1 0.20.2
github.com/open-policy-agent/opa 0.67.0 0.67.1
github.com/spf13/cast 1.6.0 1.7.0
golang.org/x/crypto 0.25.0 0.26.0
golang.org/x/net 0.27.0 0.28.0
golang.org/x/term 0.22.0 0.23.0
golang.org/x/text 0.16.0 0.17.0
modernc.org/sqlite 1.31.1 1.32.0

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.13.0 to 1.14.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.14.0

1.14.0 (2024-08-07)

Features Added

  • Added field Attributes to runtime.StartSpanOptions to simplify creating spans with attributes.

Other Changes

  • Include the HTTP verb and URL in log.EventRetryPolicy log entries so it's clear which operation is being retried.
Commits

Updates github.com/google/go-containerregistry from 0.20.1 to 0.20.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.2

What's Changed

Full Changelog: google/go-containerregistry@v0.20.1...v0.20.2

Commits

Updates github.com/open-policy-agent/opa from 0.67.0 to 0.67.1

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.67.1

This is a bug fix release addressing the following issue:

  • util+server: Fix bug around chunked request handling (#6906) authored by @​philipaconrad, reported by @​David-Wobrock. A request handling bug was introduced in (#6868), which caused OPA to treat all incoming chunked requests as if they had zero-length request bodies.
Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.67.1

This is a bug fix release addressing the following issue:

  • util+server: Fix bug around chunked request handling (#6906) authored by @​philipaconrad, reported by @​David-Wobrock. A request handling bug was introduced in (#6868), which caused OPA to treat all incoming chunked requests as if they had zero-length request bodies.
Commits

Updates github.com/spf13/cast from 1.6.0 to 1.7.0

Release notes

Sourced from github.com/spf13/cast's releases.

v1.7.0

What's Changed

Full Changelog: spf13/cast@v1.6.0...v1.7.0

Commits

Updates golang.org/x/crypto from 0.25.0 to 0.26.0

Commits
  • 5bcd010 go.mod: update golang.org/x dependencies
  • 3375612 ssh: add support for unpadded RSA signatures
  • bb80217 ssh: don't use dsa keys in integration tests
  • 6879722 ssh: remove go 1.21+ dependency on slices
  • e983fa2 sha3: Avo port of keccakf_amd64.s
  • 80fd972 LICENSE: update per Google Legal
  • f2bc3a6 x509roots/fallback/internal/goissue52287: delete
  • d66d9c3 x509roots/fallback: update bundle
  • See full diff in compare view

Updates golang.org/x/net from 0.27.0 to 0.28.0

Commits
  • 4542a42 go.mod: update golang.org/x dependencies
  • 765c7e8 xsrftoken: create no padding base64 string by RawURLEncoding
  • 032e4e4 LICENSE: update per Google Legal
  • See full diff in compare view

Updates golang.org/x/term from 0.22.0 to 0.23.0

Commits

Updates golang.org/x/text from 0.16.0 to 0.17.0

Commits

Updates modernc.org/sqlite from 1.31.1 to 1.32.0

Commits
  • 32d5dd2 Merge branch 'feature/fcntl-persist-wal' into 'master'
  • 61f61b2 Add support for setting SQLITE_FCNTL_PERSIST_WAL
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the common group with 9 updates
4880737 
Bumps the common group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.13.0` | `1.14.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.1` | `0.20.2` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.67.0` | `0.67.1` |
| [github.com/spf13/cast](https://github.com/spf13/cast) | `1.6.0` | `1.7.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.25.0` | `0.26.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.27.0` | `0.28.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.22.0` | `0.23.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.16.0` | `0.17.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.31.1` | `1.32.0` |


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.13.0 to 1.14.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.13.0...sdk/azcore/v1.14.0)

Updates `github.com/google/go-containerregistry` from 0.20.1 to 0.20.2
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.1...v0.20.2)

Updates `github.com/open-policy-agent/opa` from 0.67.0 to 0.67.1
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v0.67.0...v0.67.1)

Updates `github.com/spf13/cast` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/spf13/cast/releases)
- [Commits](spf13/cast@v1.6.0...v1.7.0)

Updates `golang.org/x/crypto` from 0.25.0 to 0.26.0
- [Commits](golang/crypto@v0.25.0...v0.26.0)

Updates `golang.org/x/net` from 0.27.0 to 0.28.0
- [Commits](golang/net@v0.27.0...v0.28.0)

Updates `golang.org/x/term` from 0.22.0 to 0.23.0
- [Commits](golang/term@v0.22.0...v0.23.0)

Updates `golang.org/x/text` from 0.16.0 to 0.17.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.16.0...v0.17.0)

Updates `modernc.org/sqlite` from 1.31.1 to 1.32.0
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.31.1...v1.32.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/spf13/cast
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from knqyf263 as a code owner August 12, 2024 14:29
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 12, 2024
@knqyf263 knqyf263 added this pull request to the merge queue Aug 15, 2024
Merged via the queue into main with commit 0047dbf Aug 15, 2024
12 checks passed
@knqyf263 knqyf263 deleted the dependabot/go_modules/common-e3eee6ca1b branch August 15, 2024 09:16
fhielpos added a commit to giantswarm/trivy-upstream that referenced this pull request Dec 20, 2024
@fhielpos @yusuke-koyoshi
@knqyf263 @coheigea @DmitriyLewen @afdesk @nikpivkin @albertodonato @simar7 @dependabot @itaysk @aasish-r @orizerah @knrc @bobcallaway @LucasVanHaaren @psibre @aqua-bot @s-reddy1498 @Squiddim @pbaumard @kaplanlior @bloomadcariad @lebauce @msmeissn @sgaist
Update Trivy to version 0.56.2 (#4)
f235523 
* feat(vm): Support direct filesystem (aquasecurity#7058)

Signed-off-by: yusuke.koyoshi <yusuke.koyoshi@bizreach.co.jp>

* feat(cli)!: delete deprecated SBOM flags (aquasecurity#7266)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat(vm): support the Ext2/Ext3 filesystems (aquasecurity#6983)

* fix(plugin): do not call GitHub content API for releases and tags (aquasecurity#7274)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix(java): Return error when trying to find a remote pom to avoid segfault (aquasecurity#7275)

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

* fix(flag): incorrect behavior for deprected flag `--clear-cache` (aquasecurity#7281)

* refactor(misconf): remove file filtering from parsers (aquasecurity#7289)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(vuln): Add `--detection-priority` flag for accuracy tuning (aquasecurity#7288)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: add auto-generated config (aquasecurity#7261)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* fix(terraform): add aws_region name to presets (aquasecurity#7184)

* perf(misconf): do not convert contents of a YAML file to string (aquasecurity#7292)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* refactor(misconf): remove unused universal scanner (aquasecurity#7293)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* perf(misconf): use json.Valid to check validity of JSON (aquasecurity#7308)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): load only submodule if it is specified in source (aquasecurity#7112)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): support for policy and bucket grants (aquasecurity#7284)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): do not set default value for default_cache_behavior (aquasecurity#7234)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): iterator argument support for dynamic blocks (aquasecurity#7236)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>

* chore(deps): bump the common group across 1 directory with 7 updates (aquasecurity#7305)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* docs: update client/server docs for misconf and license scanning (aquasecurity#7277)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* docs: update links to packaging.python.org (aquasecurity#7318)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* perf(misconf): optimize work with context (aquasecurity#6968)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* refactor: replace ftypes.Gradle with packageurl.TypeGradle (aquasecurity#7323)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* docs: update air-gapped docs (aquasecurity#7160)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* docs(misconf): Update callsites to use correct naming (aquasecurity#7335)

* chore(deps): bump the common group with 9 updates (aquasecurity#7333)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(misconf): change default TLS values for the Azure storage account (aquasecurity#7345)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* refactor(misconf): highlight only affected rows (aquasecurity#7310)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): wrap Azure PortRange in iac types (aquasecurity#7357)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): scanning support for YAML and JSON (aquasecurity#7311)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): variable support for Terraform Plan (aquasecurity#7228)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix: safely check if the directory exists (aquasecurity#7353)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* chore(deps): bump the aws group across 1 directory with 7 updates (aquasecurity#7358)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat(server): add internal `--path-prefix` flag for client/server mode (aquasecurity#7321)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore(deps): bump trivy-checks (aquasecurity#7350)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* refactor(misconf): use slog (aquasecurity#7295)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): ignore duplicate checks (aquasecurity#7317)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): init frameworks before updating them (aquasecurity#7376)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): support deprecating for Go checks (aquasecurity#7377)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(python): use minimum version for pip packages (aquasecurity#7348)

* docs: add pkg flags to config file page (aquasecurity#7370)

* feat(misconf): Add support for using spec from on-disk bundle (aquasecurity#7179)

* fix(report): escape `Message` field in `asff.tpl` template (aquasecurity#7401)

* fix(misconf): use module to log when metadata retrieval fails (aquasecurity#7405)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): support for ignore by nested attributes (aquasecurity#7205)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): do not filter Terraform plan JSON by name (aquasecurity#7406)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): port and protocol support for EC2 networks (aquasecurity#7146)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* chore: fix allow rule of ignoring test files to make it case insensitive (aquasecurity#7415)

* fix(secret): use only line with secret for long secret lines (aquasecurity#7412)

* chore: update CODEOWNERS (aquasecurity#7398)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat(server): Make Trivy Server Multiplexer Exported (aquasecurity#7389)

* feat(report): export modified findings in JSON (aquasecurity#7383)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (aquasecurity#7403)

* fix(misconf): do not register Rego libs in checks registry (aquasecurity#7420)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* chore(deps): Bump trivy-checks (aquasecurity#7417)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): do not recreate filesystem map (aquasecurity#7416)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(secret): use `.eyJ` keyword for JWT secret (aquasecurity#7410)

* fix(misconf): fix infer type for null value (aquasecurity#7424)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(aws): handle ECR repositories in different regions (aquasecurity#6217)

Signed-off-by: Kevin Conner <kev.conner@getupcloud.com>

* fix: logger initialization before flags parsing (aquasecurity#7372)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file (aquasecurity#7387)

* test: add integration plugin tests (aquasecurity#7299)

* feat(sbom): set User-Agent header on requests to Rekor (aquasecurity#7396)

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element (aquasecurity#7362)

* chore(deps): Bump trivy-checks and pin OPA (aquasecurity#7427)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(java): add `test` scope support for `pom.xml` files (aquasecurity#7414)

* fix(license): add license handling to JUnit template (aquasecurity#7409)

* feat(go): use `toolchain` as `stdlib` version for `go.mod` files (aquasecurity#7163)

* release: v0.55.0 [main] (aquasecurity#7271)

* fix(license): stop spliting a long license text (aquasecurity#7336)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (aquasecurity#7451)

* chore(helm): bump up Trivy Helm chart (aquasecurity#7441)

* chore(deps): bump the common group across 1 directory with 19 updates (aquasecurity#7436)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* chore(deps): bump the aws group with 6 updates (aquasecurity#7468)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(oracle): Update EOL date for Oracle 7 (aquasecurity#7480)

* fix(report): change a receiver of MarshalJSON (aquasecurity#7483)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix(report): fix error with unmarshal of `ExperimentalModifiedFindings` (aquasecurity#7463)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (aquasecurity#7449)

* feat(license): improve license normalization (aquasecurity#7131)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* docs(db): add a manifest example (aquasecurity#7485)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* revert(java): stop supporting of `test` scope for `pom.xml` files (aquasecurity#7488)

* docs: refine go docs (aquasecurity#7442)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* chore(vex): suppress openssl vulnerabilities (aquasecurity#7500)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore(deps): bump alpine from 3.20.0 to 3.20.3 (aquasecurity#7508)

* chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-34158` in `trivy.openvex.json` (aquasecurity#7510)

* fix(java): use `dependencyManagement` from root/child pom's for dependencies from parents (aquasecurity#7497)

* refactor: split `.egg` and `packaging` analyzers (aquasecurity#7514)

* feat(misconf): Register checks only when needed (aquasecurity#7435)

* fix(misconf): Fix logging typo (aquasecurity#7473)

* chore(deps): bump go-ebs-file (aquasecurity#7513)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (aquasecurity#7527)

* refactor(misconf): pass options to Rego scanner as is (aquasecurity#7529)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(sbom): export bom-ref when converting a package to a component (aquasecurity#7340)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: amf <amf@macbook.local>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* perf(misconf): use port ranges instead of enumeration (aquasecurity#7549)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* fix(misconf): Fixed scope for China Cloud (aquasecurity#7560)

* docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (aquasecurity#7458)

* chore(deps): remove broken replaces for opa and discovery (aquasecurity#7600)

* ci: cache test images for `integration`, `VM` and `module` tests (aquasecurity#7599)

* ci: add `workflow_dispatch` trigger for test workflow. (aquasecurity#7606)

* chore(deps): bump the common group across 1 directory with 20 updates (aquasecurity#7604)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* fix(db): check `DownloadedAt` for `trivy-java-db` (aquasecurity#7592)

* fix: allow access to '..' in mapfs (aquasecurity#7575)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* test: use a local registry for remote scanning (aquasecurity#7607)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix(misconf): escape all special sequences (aquasecurity#7558)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): add ability to disable checks by ID (aquasecurity#7536)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: Simar <simar@linux.com>

* feat(suse): added SUSE Linux Enterprise Micro support (aquasecurity#7294)

Signed-off-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* fix(misconf): disable DS016 check for image history analyzer (aquasecurity#7540)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* ci: split `save` and `restore` cache actions (aquasecurity#7614)

* refactor: fix auth error handling (aquasecurity#7615)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat(secret): enhance secret scanning for python binary files (aquasecurity#7223)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

* feat(java): add empty versions if `pom.xml` dependency versions can't be detected (aquasecurity#7520)

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>

* test: use loaded image names (aquasecurity#7617)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* ci: don't use cache for `setup-go` (aquasecurity#7622)

* feat: support multiple DB repositories for vulnerability and Java DB (aquasecurity#7605)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* feat(misconf): Support `--skip-*` for all included modules  (aquasecurity#7579)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>

* chore: add prefixes to log messages (aquasecurity#7625)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>

* fix(misconf): Disable deprecated checks by default (aquasecurity#7632)

* chore(deps): Bump trivy-checks to v1.1.0 (aquasecurity#7631)

* fix(secret): change grafana token regex to find them without unquoted (aquasecurity#7627)

* feat: support RPM archives (aquasecurity#7628)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix(misconf): not to warn about missing selectors of libraries (aquasecurity#7638)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

* release: v0.56.0 [main] (aquasecurity#7447)

* fix(db): fix javadb downloading error handling [backport: release/v0.56] (aquasecurity#7646)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* release: v0.56.1 [release/v0.56] (aquasecurity#7648)

* fix(sbom): add options for DBs in private registries [backport: release/v0.56] (aquasecurity#7691)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>

* fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (aquasecurity#7702)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>

* release: v0.56.2 [release/v0.56] (aquasecurity#7694)

* Make liveness probe configurable (#3)

---------

Signed-off-by: yusuke.koyoshi <yusuke.koyoshi@bizreach.co.jp>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Kevin Conner <kev.conner@getupcloud.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: Marcus Meissner <meissner@suse.de>
Co-authored-by: yusuke-koyoshi <92022336+yusuke-koyoshi@users.noreply.github.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
Co-authored-by: Aruneko <yuki.fujita@bizreach.co.jp>
Co-authored-by: Colm O hEigeartaigh <coheigea@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: afdesk <work@afdesk.com>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: Alberto Donato <albertodonato@users.noreply.github.com>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Itay Shakury <itay@itaysk.com>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: aasish-r <aasishrampalli1997@gmail.com>
Co-authored-by: Ori <59772293+orizerah@users.noreply.github.com>
Co-authored-by: Kevin Conner <kev.conner@gmail.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Co-authored-by: vhash <29121316+LucasVanHaaren@users.noreply.github.com>
Co-authored-by: psibre <psibre@users.noreply.github.com>
Co-authored-by: Aqua Security automated builds <54269356+aqua-bot@users.noreply.github.com>
Co-authored-by: s-reddy1498 <41355782+s-reddy1498@users.noreply.github.com>
Co-authored-by: Squiddim <82903357+Squiddim@users.noreply.github.com>
Co-authored-by: Pierre Baumard <pierre.baumard@cnav.fr>
Co-authored-by: Lior Kaplan <lior@kaplanopensource.co.il>
Co-authored-by: amf <amf@macbook.local>
Co-authored-by: bloomadcariad <adam.bloom@cariad.us>
Co-authored-by: Sylvain Baubeau <lebauce@gmail.com>
Co-authored-by: Simar <simar@linux.com>
Co-authored-by: Marcus Meissner <meissner@suse.de>
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
fhielpos pushed a commit to giantswarm/trivy-upstream that referenced this pull request Dec 20, 2024
@dependabot @fhielpos
chore(deps): bump the common group with 9 updates (aquasecurity#7333)
abf6c6f 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@knqyf263