-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump the common group across 1 directory with 20 updates #7604
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the common group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.9.0` | `0.9.1` | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.30.5` | `1.31.0` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.33` | `1.27.38` | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.177.2` | `1.179.1` | | [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.32.4` | `1.35.2` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.61.2` | `1.63.2` | | [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.21` | `1.7.22` | | [github.com/docker/docker](https://github.com/docker/docker) | `27.2.0+incompatible` | `27.3.1+incompatible` | | [github.com/hashicorp/hc-install](https://github.com/hashicorp/hc-install) | `0.8.0` | `0.9.0` | | [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.15.2` | `0.16.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.26.0` | `0.27.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.28.0` | `0.29.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.15.4` | `3.16.1` | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.32.0` | `1.33.1` | Updates `github.com/CycloneDX/cyclonedx-go` from 0.9.0 to 0.9.1 - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml) - [Commits](CycloneDX/cyclonedx-go@v0.9.0...v0.9.1) Updates `github.com/aws/aws-sdk-go-v2` from 1.30.5 to 1.31.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.30.5...v1.31.0) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.33 to 1.27.38 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.27.33...config/v1.27.38) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.32 to 1.17.36 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.17.32...credentials/v1.17.36) Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.177.2 to 1.179.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ec2/v1.177.2...service/ec2/v1.179.1) Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.32.4 to 1.35.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/sqs/v1.32.4...service/iot/v1.35.2) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.61.2 to 1.63.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.61.2...service/s3/v1.63.2) Updates `github.com/aws/smithy-go` from 1.20.4 to 1.21.0 - [Release notes](https://github.com/aws/smithy-go/releases) - [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md) - [Commits](aws/smithy-go@v1.20.4...v1.21.0) Updates `github.com/containerd/containerd` from 1.7.21 to 1.7.22 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.21...v1.7.22) Updates `github.com/docker/docker` from 27.2.0+incompatible to 27.3.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v27.2.0...v27.3.1) Updates `github.com/hashicorp/hc-install` from 0.8.0 to 0.9.0 - [Release notes](https://github.com/hashicorp/hc-install/releases) - [Commits](hashicorp/hc-install@v0.8.0...v0.9.0) Updates `github.com/moby/buildkit` from 0.15.2 to 0.16.0 - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.15.2...v0.16.0) Updates `golang.org/x/crypto` from 0.26.0 to 0.27.0 - [Commits](golang/crypto@v0.26.0...v0.27.0) Updates `golang.org/x/mod` from 0.20.0 to 0.21.0 - [Commits](golang/mod@v0.20.0...v0.21.0) Updates `golang.org/x/net` from 0.28.0 to 0.29.0 - [Commits](golang/net@v0.28.0...v0.29.0) Updates `golang.org/x/term` from 0.23.0 to 0.24.0 - [Commits](golang/term@v0.23.0...v0.24.0) Updates `golang.org/x/text` from 0.17.0 to 0.18.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.17.0...v0.18.0) Updates `helm.sh/helm/v3` from 3.15.4 to 3.16.1 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.15.4...v3.16.1) Updates `k8s.io/api` from 0.30.3 to 0.31.0 - [Commits](kubernetes/api@v0.30.3...v0.31.0) Updates `modernc.org/sqlite` from 1.32.0 to 1.33.1 - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.1) --- updated-dependencies: - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/aws/smithy-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/hashicorp/hc-install dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
labels
Sep 26, 2024
knqyf263
approved these changes
Sep 26, 2024
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Sep 26, 2024
fhielpos
added a commit
to giantswarm/trivy-upstream
that referenced
this pull request
Dec 20, 2024
* feat(vm): Support direct filesystem (aquasecurity#7058) Signed-off-by: yusuke.koyoshi <yusuke.koyoshi@bizreach.co.jp> * feat(cli)!: delete deprecated SBOM flags (aquasecurity#7266) Signed-off-by: knqyf263 <knqyf263@gmail.com> * feat(vm): support the Ext2/Ext3 filesystems (aquasecurity#6983) * fix(plugin): do not call GitHub content API for releases and tags (aquasecurity#7274) Signed-off-by: knqyf263 <knqyf263@gmail.com> * fix(java): Return error when trying to find a remote pom to avoid segfault (aquasecurity#7275) Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> * fix(flag): incorrect behavior for deprected flag `--clear-cache` (aquasecurity#7281) * refactor(misconf): remove file filtering from parsers (aquasecurity#7289) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(vuln): Add `--detection-priority` flag for accuracy tuning (aquasecurity#7288) Signed-off-by: knqyf263 <knqyf263@gmail.com> * docs: add auto-generated config (aquasecurity#7261) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * fix(terraform): add aws_region name to presets (aquasecurity#7184) * perf(misconf): do not convert contents of a YAML file to string (aquasecurity#7292) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * refactor(misconf): remove unused universal scanner (aquasecurity#7293) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * perf(misconf): use json.Valid to check validity of JSON (aquasecurity#7308) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): load only submodule if it is specified in source (aquasecurity#7112) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): support for policy and bucket grants (aquasecurity#7284) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): do not set default value for default_cache_behavior (aquasecurity#7234) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): iterator argument support for dynamic blocks (aquasecurity#7236) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com> * chore(deps): bump the common group across 1 directory with 7 updates (aquasecurity#7305) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: update client/server docs for misconf and license scanning (aquasecurity#7277) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * docs: update links to packaging.python.org (aquasecurity#7318) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * perf(misconf): optimize work with context (aquasecurity#6968) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * refactor: replace ftypes.Gradle with packageurl.TypeGradle (aquasecurity#7323) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * docs: update air-gapped docs (aquasecurity#7160) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * docs(misconf): Update callsites to use correct naming (aquasecurity#7335) * chore(deps): bump the common group with 9 updates (aquasecurity#7333) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(misconf): change default TLS values for the Azure storage account (aquasecurity#7345) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * refactor(misconf): highlight only affected rows (aquasecurity#7310) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): wrap Azure PortRange in iac types (aquasecurity#7357) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): scanning support for YAML and JSON (aquasecurity#7311) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): variable support for Terraform Plan (aquasecurity#7228) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix: safely check if the directory exists (aquasecurity#7353) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * chore(deps): bump the aws group across 1 directory with 7 updates (aquasecurity#7358) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(server): add internal `--path-prefix` flag for client/server mode (aquasecurity#7321) Signed-off-by: knqyf263 <knqyf263@gmail.com> * chore(deps): bump trivy-checks (aquasecurity#7350) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * refactor(misconf): use slog (aquasecurity#7295) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): ignore duplicate checks (aquasecurity#7317) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): init frameworks before updating them (aquasecurity#7376) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): support deprecating for Go checks (aquasecurity#7377) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(python): use minimum version for pip packages (aquasecurity#7348) * docs: add pkg flags to config file page (aquasecurity#7370) * feat(misconf): Add support for using spec from on-disk bundle (aquasecurity#7179) * fix(report): escape `Message` field in `asff.tpl` template (aquasecurity#7401) * fix(misconf): use module to log when metadata retrieval fails (aquasecurity#7405) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): support for ignore by nested attributes (aquasecurity#7205) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): do not filter Terraform plan JSON by name (aquasecurity#7406) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): port and protocol support for EC2 networks (aquasecurity#7146) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * chore: fix allow rule of ignoring test files to make it case insensitive (aquasecurity#7415) * fix(secret): use only line with secret for long secret lines (aquasecurity#7412) * chore: update CODEOWNERS (aquasecurity#7398) Signed-off-by: knqyf263 <knqyf263@gmail.com> * feat(server): Make Trivy Server Multiplexer Exported (aquasecurity#7389) * feat(report): export modified findings in JSON (aquasecurity#7383) Signed-off-by: knqyf263 <knqyf263@gmail.com> * fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (aquasecurity#7403) * fix(misconf): do not register Rego libs in checks registry (aquasecurity#7420) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * chore(deps): Bump trivy-checks (aquasecurity#7417) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): do not recreate filesystem map (aquasecurity#7416) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(secret): use `.eyJ` keyword for JWT secret (aquasecurity#7410) * fix(misconf): fix infer type for null value (aquasecurity#7424) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(aws): handle ECR repositories in different regions (aquasecurity#6217) Signed-off-by: Kevin Conner <kev.conner@getupcloud.com> * fix: logger initialization before flags parsing (aquasecurity#7372) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file (aquasecurity#7387) * test: add integration plugin tests (aquasecurity#7299) * feat(sbom): set User-Agent header on requests to Rekor (aquasecurity#7396) Signed-off-by: Bob Callaway <bcallaway@google.com> * fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element (aquasecurity#7362) * chore(deps): Bump trivy-checks and pin OPA (aquasecurity#7427) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(java): add `test` scope support for `pom.xml` files (aquasecurity#7414) * fix(license): add license handling to JUnit template (aquasecurity#7409) * feat(go): use `toolchain` as `stdlib` version for `go.mod` files (aquasecurity#7163) * release: v0.55.0 [main] (aquasecurity#7271) * fix(license): stop spliting a long license text (aquasecurity#7336) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (aquasecurity#7451) * chore(helm): bump up Trivy Helm chart (aquasecurity#7441) * chore(deps): bump the common group across 1 directory with 19 updates (aquasecurity#7436) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * chore(deps): bump the aws group with 6 updates (aquasecurity#7468) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(oracle): Update EOL date for Oracle 7 (aquasecurity#7480) * fix(report): change a receiver of MarshalJSON (aquasecurity#7483) Signed-off-by: knqyf263 <knqyf263@gmail.com> * fix(report): fix error with unmarshal of `ExperimentalModifiedFindings` (aquasecurity#7463) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (aquasecurity#7449) * feat(license): improve license normalization (aquasecurity#7131) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: knqyf263 <knqyf263@gmail.com> * docs(db): add a manifest example (aquasecurity#7485) Signed-off-by: knqyf263 <knqyf263@gmail.com> * revert(java): stop supporting of `test` scope for `pom.xml` files (aquasecurity#7488) * docs: refine go docs (aquasecurity#7442) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * chore(vex): suppress openssl vulnerabilities (aquasecurity#7500) Signed-off-by: knqyf263 <knqyf263@gmail.com> * chore(deps): bump alpine from 3.20.0 to 3.20.3 (aquasecurity#7508) * chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-34158` in `trivy.openvex.json` (aquasecurity#7510) * fix(java): use `dependencyManagement` from root/child pom's for dependencies from parents (aquasecurity#7497) * refactor: split `.egg` and `packaging` analyzers (aquasecurity#7514) * feat(misconf): Register checks only when needed (aquasecurity#7435) * fix(misconf): Fix logging typo (aquasecurity#7473) * chore(deps): bump go-ebs-file (aquasecurity#7513) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (aquasecurity#7527) * refactor(misconf): pass options to Rego scanner as is (aquasecurity#7529) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(sbom): export bom-ref when converting a package to a component (aquasecurity#7340) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: amf <amf@macbook.local> Co-authored-by: knqyf263 <knqyf263@gmail.com> * perf(misconf): use port ranges instead of enumeration (aquasecurity#7549) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * fix(misconf): Fixed scope for China Cloud (aquasecurity#7560) * docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (aquasecurity#7458) * chore(deps): remove broken replaces for opa and discovery (aquasecurity#7600) * ci: cache test images for `integration`, `VM` and `module` tests (aquasecurity#7599) * ci: add `workflow_dispatch` trigger for test workflow. (aquasecurity#7606) * chore(deps): bump the common group across 1 directory with 20 updates (aquasecurity#7604) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * fix(db): check `DownloadedAt` for `trivy-java-db` (aquasecurity#7592) * fix: allow access to '..' in mapfs (aquasecurity#7575) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * test: use a local registry for remote scanning (aquasecurity#7607) Signed-off-by: knqyf263 <knqyf263@gmail.com> * fix(misconf): escape all special sequences (aquasecurity#7558) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): add ability to disable checks by ID (aquasecurity#7536) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: Simar <simar@linux.com> * feat(suse): added SUSE Linux Enterprise Micro support (aquasecurity#7294) Signed-off-by: Marcus Meissner <meissner@suse.de> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * fix(misconf): disable DS016 check for image history analyzer (aquasecurity#7540) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * ci: split `save` and `restore` cache actions (aquasecurity#7614) * refactor: fix auth error handling (aquasecurity#7615) Signed-off-by: knqyf263 <knqyf263@gmail.com> * feat(secret): enhance secret scanning for python binary files (aquasecurity#7223) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com> * feat(java): add empty versions if `pom.xml` dependency versions can't be detected (aquasecurity#7520) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> * test: use loaded image names (aquasecurity#7617) Signed-off-by: knqyf263 <knqyf263@gmail.com> * ci: don't use cache for `setup-go` (aquasecurity#7622) * feat: support multiple DB repositories for vulnerability and Java DB (aquasecurity#7605) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * feat(misconf): Support `--skip-*` for all included modules (aquasecurity#7579) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io> * chore: add prefixes to log messages (aquasecurity#7625) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com> * fix(misconf): Disable deprecated checks by default (aquasecurity#7632) * chore(deps): Bump trivy-checks to v1.1.0 (aquasecurity#7631) * fix(secret): change grafana token regex to find them without unquoted (aquasecurity#7627) * feat: support RPM archives (aquasecurity#7628) Signed-off-by: knqyf263 <knqyf263@gmail.com> * fix(misconf): not to warn about missing selectors of libraries (aquasecurity#7638) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> * release: v0.56.0 [main] (aquasecurity#7447) * fix(db): fix javadb downloading error handling [backport: release/v0.56] (aquasecurity#7646) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io> * release: v0.56.1 [release/v0.56] (aquasecurity#7648) * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (aquasecurity#7691) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (aquasecurity#7702) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> * release: v0.56.2 [release/v0.56] (aquasecurity#7694) * Make liveness probe configurable (#3) --------- Signed-off-by: yusuke.koyoshi <yusuke.koyoshi@bizreach.co.jp> Signed-off-by: knqyf263 <knqyf263@gmail.com> Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Kevin Conner <kev.conner@getupcloud.com> Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Marcus Meissner <meissner@suse.de> Co-authored-by: yusuke-koyoshi <92022336+yusuke-koyoshi@users.noreply.github.com> Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> Co-authored-by: Aruneko <yuki.fujita@bizreach.co.jp> Co-authored-by: Colm O hEigeartaigh <coheigea@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: afdesk <work@afdesk.com> Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io> Co-authored-by: Alberto Donato <albertodonato@users.noreply.github.com> Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Itay Shakury <itay@itaysk.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: aasish-r <aasishrampalli1997@gmail.com> Co-authored-by: Ori <59772293+orizerah@users.noreply.github.com> Co-authored-by: Kevin Conner <kev.conner@gmail.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com> Co-authored-by: vhash <29121316+LucasVanHaaren@users.noreply.github.com> Co-authored-by: psibre <psibre@users.noreply.github.com> Co-authored-by: Aqua Security automated builds <54269356+aqua-bot@users.noreply.github.com> Co-authored-by: s-reddy1498 <41355782+s-reddy1498@users.noreply.github.com> Co-authored-by: Squiddim <82903357+Squiddim@users.noreply.github.com> Co-authored-by: Pierre Baumard <pierre.baumard@cnav.fr> Co-authored-by: Lior Kaplan <lior@kaplanopensource.co.il> Co-authored-by: amf <amf@macbook.local> Co-authored-by: bloomadcariad <adam.bloom@cariad.us> Co-authored-by: Sylvain Baubeau <lebauce@gmail.com> Co-authored-by: Simar <simar@linux.com> Co-authored-by: Marcus Meissner <meissner@suse.de> Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
fhielpos
pushed a commit
to giantswarm/trivy-upstream
that referenced
this pull request
Dec 20, 2024
…aquasecurity#7604) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the common group with 14 updates in the / directory:
0.9.0
0.9.1
1.30.5
1.31.0
1.27.33
1.27.38
1.177.2
1.179.1
1.32.4
1.35.2
1.61.2
1.63.2
1.7.21
1.7.22
27.2.0+incompatible
27.3.1+incompatible
0.8.0
0.9.0
0.15.2
0.16.0
0.26.0
0.27.0
0.28.0
0.29.0
3.15.4
3.16.1
1.32.0
1.33.1
Updates
github.com/CycloneDX/cyclonedx-go
from 0.9.0 to 0.9.1Release notes
Sourced from github.com/CycloneDX/cyclonedx-go's releases.
Commits
02759af
Merge pull request #195 from CycloneDX/nscuro-patch-15d799e6
fix: remove deprecated goreleaser flag39328d3
Merge pull request #194 from CycloneDX/fix-nil-pointer-derefce43b6f
fix: make linter happy6f0e0cf
fix:nil
pointer dereference during evidence conversion6f53207
Merge pull request #185 from CycloneDX/dependabot/github_actions/goreleaser/g...eef8882
Merge pull request #188 from CycloneDX/dependabot/github_actions/actions/setu...094b2b6
Merge pull request #191 from CycloneDX/dependabot/github_actions/golangci/gol...17e9df7
Merge pull request #193 from CycloneDX/dependabot/docker/gitpod/workspace-go-...71cff22
build(deps): bump gitpod/workspace-go from8d15123
to2a9e01c
Updates
github.com/aws/aws-sdk-go-v2
from 1.30.5 to 1.31.0Commits
2f44586
Release 2024-09-2022d0876
Regenerated Clients5454ab9
Update API model06150d9
add tracing and metrics support (#2798)18f7b40
Release 2024-09-19e91c9c4
Regenerated Clients6df0a09
Update API model98ae688
Release 2024-09-18222928c
Regenerated Clients887c4de
Update API modelUpdates
github.com/aws/aws-sdk-go-v2/config
from 1.27.33 to 1.27.38Commits
d0a2d1a
Release 2024-09-2585c956c
Regenerated Clientsc0e4d46
Update endpoints model3e3cdfa
Update API modele211ac0
Release 2024-09-24c00259a
Regenerated Clientsa6f2ceb
Update endpoints model9437d07
Update API model3f09c24
Release 2024-09-2363b1e7d
Regenerated ClientsUpdates
github.com/aws/aws-sdk-go-v2/credentials
from 1.17.32 to 1.17.36Commits
d0a2d1a
Release 2024-09-2585c956c
Regenerated Clientsc0e4d46
Update endpoints model3e3cdfa
Update API modele211ac0
Release 2024-09-24c00259a
Regenerated Clientsa6f2ceb
Update endpoints model9437d07
Update API model3f09c24
Release 2024-09-2363b1e7d
Regenerated ClientsUpdates
github.com/aws/aws-sdk-go-v2/service/ec2
from 1.177.2 to 1.179.1Commits
d0a2d1a
Release 2024-09-2585c956c
Regenerated Clientsc0e4d46
Update endpoints model3e3cdfa
Update API modele211ac0
Release 2024-09-24c00259a
Regenerated Clientsa6f2ceb
Update endpoints model9437d07
Update API model3f09c24
Release 2024-09-2363b1e7d
Regenerated ClientsUpdates
github.com/aws/aws-sdk-go-v2/service/ecr
from 1.32.4 to 1.35.2Commits
390cf19
Release 2023-03-21c37c72a
Regenerated Clientsd1e5193
Update endpoints model2506101
Update API modelc93b5cc
Merge pull request #2051 from aws/add100ContinueCustomizationc01aac6
Keep one changelog for PR3780faa
Keep one changelog for PRb94b5b7
Merge remote-tracking branch 'origin/add100ContinueCustomization' into add100...6174ff2
Change some variable name and use operation shape id to represent operation s...83491fc
add changelog to last commitUpdates
github.com/aws/aws-sdk-go-v2/service/s3
from 1.61.2 to 1.63.2Commits
d0a2d1a
Release 2024-09-2585c956c
Regenerated Clientsc0e4d46
Update endpoints model3e3cdfa
Update API modele211ac0
Release 2024-09-24c00259a
Regenerated Clientsa6f2ceb
Update endpoints model9437d07
Update API model3f09c24
Release 2024-09-2363b1e7d
Regenerated ClientsUpdates
github.com/aws/smithy-go
from 1.20.4 to 1.21.0Changelog
Sourced from github.com/aws/smithy-go's changelog.
... (truncated)
Commits
85dcb19
Release 2024-09-19d2ad136
add tracing and metrics support to generated clients (#538)Updates
github.com/containerd/containerd
from 1.7.21 to 1.7.22Release notes
Sourced from github.com/containerd/containerd's releases.
... (truncated)
Commits
7f7fdf5
Merge pull request #10684 from samuelkarp/release-1.7.2243174ee
Prepare release notes for v1.7.22c10e4a6
Merge pull request #10682 from samuelkarp/shim-exec-fp-test-1.70c4ba21
integration: regression test for issue 105891cc2cfa
fifosync: cross-process synchronizationb19be30
Merge pull request #10675 from laurazard/1.7-backport-shim-dropped-init-exitsc62aa06
Merge pull request #10679 from thaJeztah/1.7_update_go1.22.719d678f
update to go1.22.7, go1.23.1f338717
runc-shim: handle pending execs as running686c694
runc-shim: refuse to start execs after init exitsUpdates
github.com/docker/docker
from 27.2.0+incompatible to 27.3.1+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Commits
41ca978
Merge pull request #48525 from thaJeztah/27.x_backport_govulncheck_permissionsa6b772b
gha: govulncheck: make sure read permissions are set856359c
Merge pull request #48514 from robmry/backport-27.x/wsl2_mirrored_loopback0_w...cd21af7
Do not DNAT packets from WSL2's loopback08516f3b
Merge pull request #48510 from thaJeztah/27.x_backport_bump_buildx_compose3a7779a
Merge pull request #48511 from robmry/backport-27.x/48375_bridge_netfiltering5c499fc
Only enable bridge netfiltering when needed98f24aa
Merge pull request #48506 from thaJeztah/27.x_backport_man_dockerd_logformat8adc8e4
Dockerfile: update compose to v2.29.4576fc88
Dockerfile: update buildx to v0.17.1Updates
github.com/hashicorp/hc-install
from 0.8.0 to 0.9.0Release notes
Sourced from github.com/hashicorp/hc-install's releases.
Commits
157a802
Merge pull request #250 from hashicorp/release-0.9.04c734fc
Prepare for v0.9.0 released78b328
Merge pull request #249 from hashicorp/d-contributing-md-update34f38b0
docs: Update release instructions6a5aa83
build(deps): bump golang.org/x/mod from 0.20.0 to 0.21.0 (#242)1784fcc
Merge pull request #248 from hashicorp/revert-version-contentsea2c69b
Finish Release of 0.8.1 by updating VERSION4f3e00e
Releasing 0.8.1c6d1ced
Merge pull request #246 from hashicorp/update-contributingeea12f1
Update CONTRIBUTING.md to add clean up stepUpdates
github.com/moby/buildkit
from 0.15.2 to 0.16.0Release notes
Sourced from github.com/moby/buildkit's releases.
... (truncated)
Commits
0865fcc
Merge pull request #5320 from crazy-max/v0.16.0-picks274116a2
fix windows area label when modifications are under the vendor folder5c5dc59
vendor: github.com/docker/docker v27.2.1c9d08dd
Merge pull request #5315 from jsternberg/trace-id-in-logb2b8b1c
Merge pull request #5313 from tonistiigi/grpc-v1.62366c355
bklog: always enable trace id if it existse89d391
vendor: update grpc to v1.62.0a1993e8
Merge pull request #5306 from tonistiigi/cache-mount-mode-prune85668ff
Merge pull request #5307 from thompson-shaun/update-labeler436609d
Merge pull request #5302 from crazy-max/dockerfile-rootless-cacheUpdates
golang.org/x/crypto
from 0.26.0 to 0.27.0Commits
c9da6b9
all: fix printf(var) mistakes detected by latest printf checkerb35ab4f
go.mod: update golang.org/x dependenciesbcb0f91
internal/poly1305: Port sum_amd64.s to Avo7eace71
chacha20poly1305: Avo port of chacha20poly1305_amd64.s620dfbc
salsa20/salsa: Port salsa20_amd64.s to Avo82942cf
blake2b: port blake2b_amd64.s to Avo0484c26
blake2b: port blake2bAVX2_amd64.s to Avo38ed1bc
blake2s: port blake2s_amd64.s to Avo38a0b5d
argon2: Avo port of blamka_amd64.sbf5f14f
x509roots/fallback: update bundleUpdates
golang.org/x/mod
from 0.20.0 to 0.21.0Commits
46a3137
zip: set GIT_DIR in test when using bare repositories3afcd4e
go.mod: set go version to 1.22.0b1d336c
go.mod: update required go version to go1.22Updates
golang.org/x/net
from 0.28.0 to 0.29.0Commits
35b4aba
go.mod: update golang.org/x dependencies9bf379f
websocket: fix printf(var) mistake detected by latest printf checkerUpdates
golang.org/x/term
from 0.23.0 to 0.24.0Commits
2f7b0dd
go.mod: update golang.org/x dependenciesf867b76
x/term: set missing VIRTUAL_TERMINAL_INPUT flag on WindowsUpdates
golang.org/x/text
from 0.17.0 to 0.18.0Commits
1e3e9fd
all: rename Example test functions to prevent vet errorsUpdates
helm.sh/helm/v3
from 3.15.4 to 3.16.1Release notes
Sourced from helm.sh/helm/v3's releases.
... (truncated)
Commits
5a5449d
bumping version to 1.22.72cbf7fc
Merge pull request #13327 from mattfarina/revert-117260d439e1
bump version to v3.16.01ac6fce
Merge pull request #13290 from helm/dependabot/go_modules/github.com/rubenv/s...a585fdb
Merge pull request #13291 from helm/dependabot/go_modules/github.com/cyphar/f...0d12150
Bump github.com/cyphar/filepath-securejoin from 0.2.5 to 0.3.1b1f9f0c
Bump github.com/rubenv/sql-migrate from 1.6.1 to 1.7.0d66d435
Merge pull request #13276 from helm/dependabot/go_modules/github.com/evanphx/...c1ed2e2
Merge pull request #13286 from mattfarina/bump-sprig2dc73d8
Merge pull request #13281 from giuliocalzolari/timestampUpdates
k8s.io/api
from 0.30.3 to 0.31.0Commits
2df39ff
Update dependencies to v0.31.0 tag382a091
update codegen and openapi1073c1e
regen clients6f8e3bd
Review feedback437d97a
Coordinated Leader Election Alpha API63e21d3
Merge pull request #126243 from SergeyKanzhelev/devicePluginFailuresca07d5a
generated files7192863
add AllocatedResourcesStatus field to ContainerStatusa789efa
Merge pull request #126281 from saschagrunert/oci-volume-docsf04ea0b
Merge pull request #126145 from carlory/kep-3751-apiUpdates
modernc.org/sqlite
from 1.32.0 to 1.33.1Commits
ad49d64
retract v1.33.0cc08747
use internal/libc, updates #1778794efa
use internal/libc, updates #177b550c20
replace modernc.org/libc => ./internal/libc, updates #177Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions