chore(deps): update stable

[renovate]

This PR contains the following updates:

Package	Update	Change
anchore/grype	patch	0.79.1 -> 0.79.2
awscli	patch	2.17.3 -> 2.17.9
checkov	patch	3.2.148 -> 3.2.177
defenseunicorns/uds-cli	minor	0.11.2 -> 0.12.0
golang	patch	1.22.4 -> 1.22.5
https://github.com/bridgecrewio/checkov.git	patch	3.2.148 -> 3.2.177
k3d-io/k3d	minor	5.6.3 -> 5.7.1
sops	minor	3.8.1 -> 3.9.0
tflint	minor	0.51.1 -> 0.52.0
tfsec	patch	1.28.6 -> 1.28.10

---

Release Notes

anchore/grype (anchore/grype)

v0.79.2

Compare Source

Bug Fixes

• use location RealPath not String() for match sorting [#​1950 @​luhring]

(Full Changelog)

aws/aws-cli (awscli)

v2.17.9

Compare Source

v2.17.8

Compare Source

v2.17.7

Compare Source

v2.17.6

Compare Source

v2.17.5

Compare Source

v2.17.4

Compare Source

bridgecrewio/checkov (checkov)

v3.2.177

Compare Source

v3.2.176

Compare Source

v3.2.175

Compare Source

v3.2.174

Compare Source

Feature

• arm: add CKV_AZURE_172 to ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters - #​6533
• arm: add CKV_AZURE_173 to ensure that API management uses at least TLS 1.2 - #​6478
• arm: AppServicePlanZoneRedundant - #​6472
• arm: AzureSearchSLAIndex - #​6530
• arm: SQLDatabaseZoneRedundant - #​6515
• azure: add new policies for Azure Synapse - #​6520
• general: update detect secrets package - #​6535

v3.2.173

Compare Source

v3.2.172

Compare Source

v3.2.171

Compare Source

Feature

• arm: add CKV_AZURE_171 to ensure that AKS cluster upgrade channel is chosen - #​6532
• arm: add CKV_AZURE_175 to ensure that Web PubSub uses a SKU with an SLA - #​6523
• arm: add CKV_AZURE_178 to ensure that linux VM enables SSH with keys for secure communication - #​6486
• arm: add CKV_AZURE_85 to ensure that Azure Defender is set to On for Kubernetes - #​6279
• arm: CKV_AZURE_99 to Ensure Cosmos DB accounts have restricted access - #​6498
• arm: DataFactoryNoPublicNetworkAccess - #​6479
• arm: DataLakeStoreEncryption - #​6516
• arm: EventHubNamespaceMinTLS12 - #​6485

Bug Fix

• openapi: [CKV_OPENAPI_3] Prevent false-positive when checking for http+!basic - #​6406
• terraform_json: support locals block in CDKTF output - #​6452
• terraform: Deprecate CKV2_AWS_67 - #​6529

v3.2.170

Compare Source

v3.2.169

Compare Source

v3.2.168

Compare Source

v3.2.167

Compare Source

v3.2.166

Compare Source

v3.2.165

Compare Source

v3.2.164

Compare Source

Documentation

• general: Add Python note - #​6521

v3.2.163

Compare Source

Feature

• arm: add CKV_AZURE_174 to ensure that API management public access is disabled - #​6480
• arm: AppServicePHPVersion - #​6436
• arm: AppServicePublicAccessDisabled - #​6467
• arm: KeyVaultEnablesPurgeProtection - #​6465
• arm: PubsubSpecifyIdentity - #​6483

v3.2.162

Compare Source

v3.2.161

Compare Source

v3.2.160

Compare Source

v3.2.159

Compare Source

Bug Fix

• arm: fix CKV_AZURE_78: siteConfig object should be under properties - #​6477
• general: Mypy issues - #​6510
• terraform: ignore comment out modules - #​6507

v3.2.158

Compare Source

v3.2.157

Compare Source

v3.2.156

Compare Source

Feature

• arm: add CKV_AZURE_129 Ensure that MariaDB server enables geo-redundant backups - #​6427
• arm: add CKV_AZURE_137 Ensure ACR admin account is disabled - #​6430
• arm: add CKV_AZURE_139 Ensure ACR set to disable public networking - #​6428
• arm: add CKV_AZURE_166 Ensure container image quarantine, scan, and mark images verified - #​6431
• arm: add CKV_AZURE_168 to ensure that Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods - #​6385
• arm: add CKV_AZURE_45 to ensure that no sensitive credentials are exposed in VM custom_data - #​6422
• arm: add CKV_AZURE_70 to ensure that Function apps is only accessible over HTTPS - #​6457
• arm: ARM AppServiceSlotDebugDisabled - CKV_AZURE_155 - #​6453
• arm: ARM AppServiceSlotHTTPSOnly - #​6454
• arm: ARM VnetLocalDNS - #​6424
• arm: PostgressSQLGeoBackupEnabled - #​6456
• arm: StorageAccountName - #​6426
• secrets: dont filter secrets - #​6508

Bug Fix

• azure: fix description of CKV_AZURE_236 - #​6503
• kubernetes: Fix CKV_K8S_31 for CronJobs - #​6506
• sca: fix parsing json with comments - #​6509
• terraform: CKV_AWS_339 add Kubernetes 1.30 to AWS EKS version checks - #​6353
• terraform: remove print from CKV_AWS_364 - #​6504

v3.2.155

Compare Source

v3.2.154

Compare Source

v3.2.153

Compare Source

v3.2.152

Compare Source

v3.2.151

Compare Source

v3.2.150

Compare Source

v3.2.149

Compare Source

defenseunicorns/uds-cli (defenseunicorns/uds-cli)

v0.12.0

Compare Source

What's Changed

• feat: uds monitor pepr by @​jeff-mccoy in https://github.com/defenseunicorns/uds-cli/pull/696
• docs: remove out of place quotation by @​zachariahmiller in https://github.com/defenseunicorns/uds-cli/pull/706
• chore: ensure nginx shorthand in dev tests by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/700
• chore(deps): update actions/checkout action to v4.1.7 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/697
• chore(deps): update homebrew/actions digest to 1be15ef by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/683
• fix(deps): update module github.com/fatih/color to v1.17.0 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/678
• fix(deps): update golang.org/x/exp digest to 7f521ea by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/642
• chore(deps): update github/codeql-action action to v3.25.10 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/649
• fix(deps): update module helm.sh/helm/v3 to v3.15.2 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/690
• chore: adr for caching implementation by @​decleaver in https://github.com/defenseunicorns/uds-cli/pull/707
• chore: add monitor docs and tests by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/715
• chore(deps): update zarf to v0.35.0 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/711
• fix(engine): use k8s timestamps instead of pepr timestamps by @​jeff-mccoy in https://github.com/defenseunicorns/uds-cli/pull/717
• chore(deps): update homebrew/actions digest to 68fa6ae by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/713
• fix(deps): update module github.com/spf13/cobra to v1.8.1 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/710
• chore: uds engine install adr by @​decleaver in https://github.com/defenseunicorns/uds-cli/pull/699
• fix: update bundle-anatomy.md by @​Madeline-UX in https://github.com/defenseunicorns/uds-cli/pull/720
• chore: various doc linting fixes by @​UnicornChance in https://github.com/defenseunicorns/uds-cli/pull/724
• feat: fall back to non-strict unmarshalling by @​decleaver in https://github.com/defenseunicorns/uds-cli/pull/721
• chore(deps): update podinfo to v6.7.0 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/723
• feat: distinguish between stdout and stderr output by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/730
• fix(deps): update kubernetes packages to v0.30.2 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/702
• chore(deps): update actions/create-github-app-token action to v1.10.2 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/727
• feat(ci): included dependency review action by @​naveensrinivasan in https://github.com/defenseunicorns/uds-cli/pull/479
• chore(deps): update actions/dependency-review-action action to v4.3.3 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/732
• chore(deps): update actions/checkout action to v4.1.7 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/731
• fix: ensure inspected image list is machine readable by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/734
• fix: release pipeline by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/739
• fix: release pipeline again by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/740

New Contributors

• @​Madeline-UX made their first contribution in https://github.com/defenseunicorns/uds-cli/pull/720

Full Changelog: defenseunicorns/uds-cli@v0.11.2...v0.12.0

golang/go (golang)

v1.22.5

Compare Source

k3d-io/k3d (k3d-io/k3d)

v5.7.1

Compare Source

Fixed

• Revert #​1453 to fix broken DNS resolution #​1462

Full Changelog: k3d-io/k3d@v5.7.0...v5.7.1

v5.7.0

Compare Source

Added

• feat: support config embedded and external files (#​1417)
• docs: add examples for config embedded and external files (#​1432)
• feat: compatibility with docker userns-remap (#​1442)
• docs: mention ipam when creating multiserver cluster (#​1451)

Changed

• docs: Update CUDA docs to use k3s suggested method (#​1430)
• chore: upgrade go + dependencies + address all golangci-lint issues + fix deprecations (#​1459)
• chore: upgrade docker dependency and adjust for deprecations (#​1460)

Fixed

• fix: close output file (#​1436)
• fix: Script exits fatally when resolv.conf is missing Docker nameserver (#​1441)
• test: fix translate.go test following userns merge (#​1444)
• fix: respect ~/.kube/config as a symlink (#​1455)
• fix: preserve coredns config during cluster restart (#​1453)
  • IMPORTANT This makes use of the coredns-custom configmap, so please consider this in case you're using this configmap yourself!
• fix: make drain ignore DaemonSets & bypass PodDisruptionBudgets (#​1414)

mozilla/sops (sops)

v3.9.0

Compare Source

Features:

• Add --mac-only-encrypted to compute MAC only over values which end up encrypted (#​973)
• Allow configuration of indentation for YAML and JSON stores (#​1273, #​1372)
• Introduce a --pristine flag to sops exec-env (#​912)
• Allow to pass multiple paths to sops updatekeys (#​1274)
• Allow to override fileName with different value (#​1332)
• Sort masterkeys according to --decryption-order (#​1345)
• Add separate subcommands for encryption, decryption, rotating, editing, and setting values (#​1391)
• Add filestatus command (#​545)
• Add command unset (#​1475)
• Merge key for key groups and make keys unique (#​1493)
• Support using comments to select parts to encrypt (#​974, #​1392)

Deprecations:

• Deprecate the --background option to exec-env and exec-file (#​1379)

Improvements:

• Warn/fail if the wrong number of arguments is provided (#​1342)
• Warn if more than one command is used (#​1388)
• Dependency updates (#​1327, #​1328, #​1330, #​1336, #​1334, #​1344, #​1348, #​1354, #​1357, #​1360, #​1373, #​1381, #​1383, #​1385, #​1408, #​1428, #​1429, #​1427, #​1439, #​1454, #​1460, #​1466, #​1489, #​1519, #​1525, #​1528, #​1540, #​1543, #​1545)
• Build with Go 1.21 (#​1427)
• Improve README.rst (#​1339, #​1399, #​1350)
• Fix typos (#​1337, #​1477, #​1484)
• Polish the sops help output a bit (#​1341, #​1544)
• Improve and fix tests (#​1346, #​1349, #​1370, #​1390, #​1396, #​1492)
• Create a constant for the sops metadata key (#​1398)
• Refactoring: move extraction of encryption and rotation options to separate functions (#​1389)

Bug fixes:

• Respect aws_profile from keygroup config (#​1049)
• Fix a bug where not having a config results in a panic (#​1371)
• Consolidate Flatten/Unflatten pre/post processing (#​1356)
• INI and DotEnv stores: shamir_threshold is an integer (#​1394)
• Make check whether file contains invalid keys for encryption dependent on output store (#​1393)
• Do not panic if updatekeys is used with a config that has no creation rules defined (#​1506)
• exec-file: if --filename is used, use the provided filename without random suffix (#​1474)
• Do not use DotEnv store for exec-env, but specialized environment serializing code (#​1436)
• Decryption: do not fail if no matching creation_rule is present in config file (#​1434)

Project changes:

• CI dependency updates (#​1347, #​1359, #​1376, #​1382, #​1386, #​1425, #​1432, #​1498, #​1503, #​1508, #​1510, #​1516, #​1521, #​1492, #​1534)
• Adjust Makefile to new goreleaser 6.0.0 release (#​1526)

terraform-linters/tflint (tflint)

v0.52.0

Compare Source

v0.51.2

Compare Source

What's Changed

• build(deps): Bump github.com/hashicorp/go-plugin from 1.6.0 to 1.6.1 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2047
• build(deps): Bump github.com/fatih/color from 1.16.0 to 1.17.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2048
• build(deps): Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2049
• build(deps): Bump google.golang.org/grpc from 1.63.2 to 1.64.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2053
• build(deps): Bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2054
• build(deps): Bump alpine from 3.19 to 3.20 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2055
• build(deps): Bump goreleaser/goreleaser-action from 5 to 6 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2061
• build(deps): Bump golang.org/x/crypto from 0.23.0 to 0.24.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2062
• build(deps): Bump golang.org/x/text from 0.15.0 to 0.16.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2064
• build(deps): Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2063
• build(deps): Bump golang.org/x/net from 0.25.0 to 0.26.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2065
• build(deps): Bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2066
• build(deps): Bump docker/build-push-action from 5 to 6 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2067
• build(deps): Bump github.com/hashicorp/hcl/v2 from 2.20.1 to 2.21.0 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2068
• build(deps): Bump github.com/go-test/deep from 1.1.0 to 1.1.1 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2069
• build(deps): Bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 by @​dependabot in https://github.com/terraform-linters/tflint/pull/2070
• deps: Go 1.22.4 by @​wata727 in https://github.com/terraform-linters/tflint/pull/2073
• docs: Recommend verification with GitHub CLI by @​wata727 in https://github.com/terraform-linters/tflint/pull/2074

Full Changelog: terraform-linters/tflint@v0.51.1...v0.51.2

aquasecurity/tfsec (tfsec)

v1.28.10

Compare Source

What's Changed

• Goreleaser update by @​simar7 in https://github.com/aquasecurity/tfsec/pull/2149

Full Changelog: aquasecurity/tfsec@v1.28.8...v1.28.10

v1.28.9

Compare Source

What's Changed

• Goreleaser update by @​simar7 in https://github.com/aquasecurity/tfsec/pull/2149

Full Changelog: aquasecurity/tfsec@v1.28.8...v1.28.9

v1.28.8

Compare Source

What's Changed

• chore(deps): Fix goreleaser to use pinned version by @​simar7 in https://github.com/aquasecurity/tfsec/pull/2148

Full Changelog: aquasecurity/tfsec@v1.28.7...v1.28.8

v1.28.7

Compare Source

What's Changed

• fix: typo by @​testwill in https://github.com/aquasecurity/tfsec/pull/2110
• Bumped Go-Getter due High Vulnerability CVE-2024-6257 by @​jdesouza in https://github.com/aquasecurity/tfsec/pull/2145
• chore(deps): bump golang.org/x/net from 0.19.0 to 0.23.0 by @​dependabot in https://github.com/aquasecurity/tfsec/pull/2146
• chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.33.0 by @​dependabot in https://github.com/aquasecurity/tfsec/pull/2147

New Contributors

• @​testwill made their first contribution in https://github.com/aquasecurity/tfsec/pull/2110

Full Changelog: aquasecurity/tfsec@v1.28.6...v1.28.7

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.