chore(deps): update dependency trivy to v0.71.2#340
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/trivy-0.x
branch
from
c2db6fd to
e4d99e7
Compare
renovate
Bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
Test plan: CI should pass with updated dependencies. No review required: this is an automated dependency update PR.
Release Notes
aquasecurity/trivy (trivy)
v0.71.2Compare Source
Changelog
055a5c8release: v0.71.2 [release/v0.71] (#10871)875328afix(deps): bump alpine to 3.24.1 [backport: release/v0.71] (#10870)998f7b3chore(deps): bump the common group with 4 updates [backport: release/v0.71] (#10867)v0.71.1Compare Source
Changelog
164b383release: v0.71.1 [release/v0.71] (#10818)a72d9a4fix(oci): validate artifact filename3dd9847fix: forward ospkg detector options through ospkg.NewScanner [backport: release/v0.71] (#10825)a62cbe4fix(vex): load VEX documents from within the repository directory [backport: release/v0.71] (#10821)43d1d26fix: surface the original analysis error instead of context cancellation [backport: release/v0.71] (#10812)ac7696cci: expect GitHub App bot as backport PR author [backport: release/v0.71] (#10815)v0.71.0Compare Source
⚡ Highlights ⚡
👉 https://redirect.github.com/aquasecurity/trivy/discussions/10767
Changelog
https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0710-2026-06-01
v0.70.0Compare Source
⚡ Highlights ⚡
👉 https://redirect.github.com/aquasecurity/trivy/discussions/10546
Changelog
https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16
v0.69.3Compare Source
Changelog
6fb20c8release: v0.69.3 [release/v0.69] (#10293)dabefecfix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#10291)v0.69.2Compare Source
Changelog
cfa322erelease: v0.69.2 [release/v0.69] (#10266)86debcefix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#10267)cf3d4cdfix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#10264)6dfd3b0ci: remove apidiff workflowv0.26.0Compare Source
Changelog
a0047a7feat(alpine): warn mixing versions (#2000)d786655Update ASFF template (#1914)a02cf65chore(deps): replacecontainerd/containerdversion to fix CVE-2022-23648 (#1994)613e38cchore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)3b6d65btest(go): add integration tests for gomod (#1989)22f5b93fix(python): fixed panic when scan .egg archive (#1992)485637cfix(go): set correct go modules type (#1990)6fdb554feat(alpine): support apk repositories (#1987)d9bddb9docs: add CBL-Mariner (#1982)1cf1873docs(go): fix version (#1986)d77dbe8feat(go): support go.mod in Go 1.17+ (#1985)32bd1e4ci: fix URLs in the PR template (#1972)94a5a18ci: add semantic pull requests check (#1968)72d94b2docs(issue): added docs for wrong detection issues (#1961)v0.25.4Compare Source
Changelog
b4a7d6adocs: move CONTRIBUTING.md to docs (#1971)0127c1drefactor(table): use file name instead package path (#1966)a92da72fix(sbom): add --db-repository (#1964)b0f3864feat(table): add PkgPath in table result (#1960)0b1d32cfix(pom): merge multiple pom imports in a good manner (#1959)v0.25.3Compare Source
Changelog
d4e3df8fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)7e48cc1fix(misconf): update BurntSushi/toml for fix runtime error (#1948)c9efa8cfix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)52b7154feat(jar): allow setting Maven Central URL using environment variable (#1939)21f7a41chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)ff2b3d1chore(chart): remove version comments (#1933)v0.25.2Compare Source
Changelog
9c19298fix(downloadDB): add flag to server command (#1942)v0.25.1Compare Source
Changelog
aa3d696fix(misconf): update defsec to resolve panics (#1935)31e7669chore(deps): bump github.com/docker/docker (#1924)4ca35b2docs: restructure the documentation (#1887)8da4548chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)76e9d7echore(deps): bump actions/cache from 2 to 3.0.1 (#1920)2b217a3chore(deps): bump actions/checkout from 2 to 3 (#1916)902aa8cchore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)60b19e5chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)58aab67chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)209b9ccchore(deps): bump golang from 1.17 to 1.18.0 (#1915)bfb931dAdd trivy horizontal logo (#1932)ae86a5bchore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)1a23039chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)56498cachore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)0210567feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)v0.25.0Compare Source
Changelog
4470a18docs(filter vulnerabilities): fix link (#1880)cb171eafeat(template) Add misconfigurations to gitlab codequality report (#1756)36e24b1fix(rpc): add PkgPath field to client / server mode (#1643)8831174fix(vulnerabilities): fixed trivy-db vulns (#1883)9154b81feat(cache): remove temporary cache after filesystem scanning (#1868)f36d9b6feat(sbom): add a dedicated sbom command (#1799)7a14808feat(cyclonedx): add vulnerabilities (#1832)df80fd3fix(option): hide false warning about remote options (#1865)88ebc07chore: bump up Go to 1.18 (#1862)d6418cffeat(filesystem): scan in client/server mode (#1829)12d0317refactor(template): remove unused test (#1861)c3aca15fix(cli): json format for trivy version (#1854)b2b6895docs: change URL for tfsec-checks (#1857)v0.24.4Compare Source
Changelog
06659f1fix(docker): Getting images without a tag (#1852)a91cc50docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and TRIVY_NO_PROGRESS (#1801)v0.24.3Compare Source
Changelog
4b8bf87chore(issue labels): added new labels (#1839)5040caerefactor: clarify db update warning messages (#1808)28cd5a5chore(ci): change trivy vulnerability scan for every day (#1838)b2f554efeat(helm): make Trivy service name configurable (#1825)7a44a7achore(deps): updated sprig to version v3.2.2. (#1814)18842fbchore(deps): updated testcontainers-go to version v0.12.0 (#1822)12ca3cadocs: add packages.config for .NET (#1823)728a3dbbuild: sign container image (#1668)4e7b5cachore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0 (#1778)0fca2cddocs: fix Installation documentation (#1804)e50839bfix(report): ensure json report got a final new line (#1797)f95a0f0fix(terraform): resolve panics in defsec (#1811)e5bf3d1feat(docker): Label images based on OCI image spec (#1793)2193fb3fix(helm): indentation for ServiceAccount annotations (#1795)bbccb5afix(hcl): fix panic in hcl2json (#1791)a625455chore(helm): remove psp from helm manifest (#1315)7e69f48build: Replacemake protocwithfor loopto return an error (#1655)f6c986bfix: ASFF template to match ASFF schema (#1685)aab6f0bfeat(helm): Add support for server token (#1734)v0.24.2Compare Source
Changelog
eebf9c8fix(pom): keep an order of dependencies (#1784)971092bchore: bump up Go to 1.17 (#1781)2f2d822chore(deps): bump actions/setup-python from 2 to 3 (#1776)a2afd6echore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#1777)Docker images
docker pull aquasec/trivy:0.24.2docker pull ghcr.io/aquasecurity/trivy:0.24.2docker pull public.ecr.aws/aquasecurity/trivy:0.24.2v0.24.1Compare Source
Changelog
a423b99fix(python): correct handling pip package names with a hyphen (#1771)a069ad7doc(docker): fix command to run trivy with docker on linux (#1761)015055efeat(helm): Add support for custom labels (#1767)cbaa363chore(helm): bump chart to trivy 0.24.0 (#1762)bec02f0docs: remove erroneous command (#1763)Docker images
docker pull aquasec/trivy:0.24.1docker pull ghcr.io/aquasecurity/trivy:0.24.1docker pull public.ecr.aws/aquasecurity/trivy:0.24.1v0.24.0Compare Source
Changelog
d7f8b92chore(deps): bump github.com/spf13/afero from 1.6.0 to 1.8.1 (#1708)59ea0d5fix(option): warn list-all-pkgs only with the table format (#1755)c788676feat(option): warn "--list-all-pkgs" with "--format table" (#1632)58ade46feat(report): add support for CycloneDX (#1081)77cab6echore(deps): update the defsec and tfsec versions (#1747)2ede15dfix(scanner): fix skip of language-specific files when scanning rootf… (#1751)d266c74chore(deps): bump github.com/google/wire from 0.4.0 to 0.5.0 (#1712)4423396feat(report): considering App.Writer when printing results (#1722)356ae30chore(deps): replacesatoriversion and skipping examples folder (#1745)477dc7dbuild: add s390x container images (#1726)89b8d7ffeat(template) Add misconfigurations to junit report (#1724)219b71bchore(deps): bump github.com/twitchtv/twirp (#1709)aa6e1ebfeat(client): configure TLS InsecureSkipVerify for server connection (#1287)de6c3cbfix(rpc): Supports RPC calls for new identifier CustomResource (#1605)b7d4d1echore(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 (#1705)e6c029dchore(deps): bump github.com/caarlos0/env/v6 from 6.0.0 to 6.9.1 (#1707)ec6cb1afeat(helm): Parameterise ServiceAccount annotations (#1677)7dfc16cchore(deps): bump github.com/hashicorp/go-getter from 1.5.2 to 1.5.11 (#1710)42d8fd6chore(deps): bump github.com/cheggaaa/pb/v3 from 3.0.3 to 3.0.8 (#1704)c3ef203chore(deps): bump github.com/open-policy-agent/opa from 0.36.1 to 0.37.2 (#1711)274103echore(dependabot): enable gomod monthly (#1699)e618d83fix(gitlab tpl): escape double quote (#1635)3b0b2edbuild: Makemake protocbe consistent (#1682)5c8d098feat(purl): add generate purl package utilities (#1574)11f4f81refactor: move result structs under types (#1696)6db2092feat(mariner): add support for CBL-Mariner 2.0 (#1694)8898bb0docs(gitlab-ci): fix Script in GitLab CI Example #168833d0833chore: Upgrade helm chart version (#1683)13874d8chore(mod): update Go dependencies (#1681)f26a06bdocs: fix typos in markdown docs (#1674)e2821a4docs: update documentation for image scanning of tar files to use a tag present on Docker Hub (#1671)ef8a1affix(repo): --no-progress suppresses git output (#1669)Docker images
docker pull aquasec/trivy:0.24.0docker pull ghcr.io/aquasecurity/trivy:0.24.0docker pull public.ecr.aws/aquasecurity/trivy:0.24.0v0.23.0Compare Source
Changelog
449add2docs: add ACR navigator (#1651)cb9afc8fix: update example Rego files and docs (#1628)78b2b89feat(option): show a link to GitHub Discussions for --light deprecation (#1650)52fd3c2fix(sarif): fix the warning message (#1647)8d5882brefactor: migrate to prefixed buckets (#1644)84dd33ffeat(mariner): add support for CBL-Mariner (#1640)9e903a1docs: commercial use available (#1641)f4c746afeat: support azure acr (#1611)420f8abfeat(os-pkg): add data sources (#1636)d2827cbfeat(redhat): support build info in RHEL (#807)ce703cefix: change links in pull_request_template to static URLs (#1634)50bb938feat(lang-pkg): add data sources (#1625)a31ddbefeat(detector): support custom detector (#1615)3a4e18adocs(contribution): change role who should resolve comments (#1618)8ba6836docs: add PR template (#1602)f5c5573feat(rocky): support Rocky Linux (#1570)eab2b42Add the ability to set dockerhub credentials in the helm chart (#1569)cabd18dfeat(cache): redis TLS support (#1297)02c3c36feat(java): add support for PAR files (#1599)4f7b768refactor(rust): move rust-advisory-db to OSV (#1591)d754cb8feat: log ignored vulnerabilities on debug (#1378)a936e67chore(mod): hcl2json deps update (#1585)af116d3fix(rpm): do not ignore installed files via third-party rpm (#1594)b507360feat(fs): allow scanning a single file (#1578)7fcbf44refactor(python): drop Safety DB (#1580)478d279feat: added insecure tls skip to scan git repo (#1528)33bd41bSupress git clone output (#1590)39a1008fix(alma): skip modular package because MODULARITYLABEL is not set (#1588)37abd61feat(photon os): added EOL dates check (#1587)78de33edocs: update supported os (#1586)2205462BREAKING: remove root command (#1579)28ddcf1docs: add Rust to Language-specific Packages Table (#1577)df134c7docs: update int doc for gitlab ci (#1575)8da20c8BREAKING: migrate the sarif template to Go code (#1437)714b5carefactor: remove unused field (#1567)51e152bchore(deps): bump helm/chart-testing-action from 2.1.0 to 2.2.0 (#1554)884daffdocs: gitlab integration (#1381)2a8336bfeat(alma): support AlmaLinux (#1238)1e171afdocs: added note about default template path when Trivy installed using rpm (#1551)e65274eBREAKING: Trivy DB from GHCR (#1539)db35450feat(cli): Do not set default commands when a plugin is being run (#1549)24254d1fix: add fingerprint field to codequality template (#1541)2ee0745fix(image): correct handling of uncompressed layers (#1544)0aef82cchore: helm chart app version 0.22.0 (#1535)8b2a799test(integration): use fixtures (#1532)Docker images
docker pull aquasec/trivy:0.23.0docker pull ghcr.io/aquasecurity/trivy:0.23.0docker pull public.ecr.aws/aquasecurity/trivy:0.23.0v0.22.0Compare Source
Changelog
42f795ffix(java/pom): ignore unsupported requirements (#1514)8f737ccfeat(cli): warning for root command (#1516)76249bdBREAKING: disable JAR detection in fs/repo scanning (#1512)59957d4feat(scan): support --offline-scan option (#1511)da8b72dfix: improve memory usage (#1509)b713ad0feat(java): support pom.xml (#1501)56115e9docs: fixing rust link to security advisory (#1504)7f859afAdd missing IacMetdata (#1505)628a796feat(jar): add file path (#1498)82fba77feat(rpm): support NDB (#1497)d5269dafeat: added misconfiguration field for html.tpl (#1444)Docker images
docker pull aquasec/trivy:0.22.0docker pull ghcr.io/aquasecurity/trivy:0.22.0docker pull public.ecr.aws/aquasecurity/trivy:0.22.0v0.21.3Compare Source
Changelog
8e57deefix(docs): typo (#1488)8bfbc84feat(plugin): Add option to update plugin (#1462)1e811defix: fixed skipFiles/skipDirs flags for relative path (#1482)8b5796ffeat (plugin): add list and info command for plugin (#1452)a2199bbfix: set up a vulnerability severity (#1458)279e76fchore: add arm64 deb package (#1480)5262590Link to trivy tutorial on Semaphore (#1449)c275a84refactor(helm): externalize env vars to configMap (#1345)Docker images
docker pull aquasec/trivy:0.21.3docker pull ghcr.io/aquasecurity/trivy:0.21.3docker pull public.ecr.aws/aquasecurity/trivy:0.21.3v0.21.2Compare Source
Changelog
7beed30docs: provide more information on scanning Google's GCR (#1426)f50e1f4docs(misconfiguration): added instruction for misconfiguration detection (#1428)3ae4de5Update git-repository.md (#1430)6e35b8ffix(hooks): exclude unrelated lib types from system files filtering (#1431)beb60b0chore: rungo fmt(#1429)582e7fdfix(sarif): changehelpfield in the sarif template. (#1423)11bc290Update fanal with cfsec version update (#1425)392f689Replace deprecated option in goreleaser (#1406)101d576feat(alpine): support 3.15 (#1422)bd3ba68chore: test the helm chart in the PR and used the commit hash (#1414)3860d6echore(deps): bump alpine from 3.14 to 3.15.0 (#1417)4f82673chore(release): add ubuntu older versions to deploy script (#1416)Docker images
docker pull aquasec/trivy:0.21.2docker pull ghcr.io/aquasecurity/trivy:0.21.2docker pull public.ecr.aws/aquasecurity/trivy:0.21.2v0.21.1Compare Source
Changelog
b9a51dechore(mod): tidy (#1415)7f24834fix(rpc): fix nil layer transmit (#1410)af3eaefLang advisory order (#1409)07c9200chore: add support for s390x arch (#1304)8bc8a4afix(chart): ingress helm manifest-update trivy image (#1323)9076a49docs: Add comparison for cfsec (#1388)bb316d9remove: delete unused functions in utils package (#1379)Docker images
docker pull aquasec/trivy:0.21.1docker pull ghcr.io/aquasecurity/trivy:0.21.1docker pull public.ecr.aws/aquasecurity/trivy:0.21.1v0.21.0Compare Source
Changelog
efdb29dfix(sarif): fix validation errors (#1376)9bcf9e7docs: add Bitbucket Pipelines (#1374)3147097docs: add community integrations (#1361)33f74b3Use a stable SARIF identifier (#1230)5915ffbfix(python): fix parsing of requirements.txt with hash checking mode available in pip since version 8.0ae4c42bfeat(iac): Add line information (#1366)19747d0feat(cloudformation): Adding support for cfsec IaC scanning (#1360)da45061chore: send debug and info logs to stdout in install.sh, not stderr. (#1264)cb1a4edUpdate containerd to v1.5.7 and docker-cli to v20.10.9 (#1356)69dae54chore: update SBOM generation (#1349)Docker images
docker pull aquasec/trivy:0.21.0docker pull ghcr.io/aquasecurity/trivy:0.21.0docker pull public.ecr.aws/aquasecurity/trivy:0.21.0v0.20.2Compare Source
Changelog
5dc8cfedocs: update builtin.md (#1335)798b564chore: fix issues with Homebrew formula (#1329)21bf5e5chore: bump GoReleaser to v0.183.0 (#1328)e0f4ebddocs: update iac.md for a typo (#1326)23a9a5edocs: typo fix (#1308)1f5d17fAdd new networking API features to Ingress (#1262)Docker images
docker pull aquasec/trivy:0.20.2docker pull ghcr.io/aquasecurity/trivy:0.20.2docker pull public.ecr.aws/aquasecurity/trivy:0.20.2v0.20.1Compare Source
Changelog
bcfa028chore(release): bump up GoReleaser to v0.182.1 (#1299)681ab1bfix(yarn): support quoted version (#1298)46051d5feat(custom-forward): Forward the extended advisory data (#1247)d8d692bfeat(javascript) : Initialize npm driver for javascript packages (#1289)cc344dffix(cli): fix incorrect comparision of DB metadata type. (#1286)0dec17fdocs: add footer to readme (#1281)Docker images
docker pull aquasec/trivy:0.20.1docker pull ghcr.io/aquasecurity/trivy:0.20.1docker pull public.ecr.aws/aquasecurity/trivy:0.20.1Configuration
📅 Schedule: (in timezone America/Los_Angeles)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.