Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: bump github.com/aquasecurity/trivy from 0.43.1 to 0.44.0 #231

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 1, 2023

Bumps github.com/aquasecurity/trivy from 0.43.1 to 0.44.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.44.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#4903

Changelog

  • d19c7d9f2 feat(repo): support local repositories (#4890)
  • 3c1976187 bump go-dep-parser (#4893)
  • e1c2a8c80 fix(misconf): add missing fields to proto (#4861)
  • 8b8e0e83d fix: remove trivy-db package replacement (#4877)
  • f9efe44fd chore(test): bump the integration test timeout to 15m (#4880)
  • 7271d682f chore(deps): Update defsec to v0.91.0 (#4886)
  • c3bc67c89 chore: update CODEOWNERS (#4871)
  • 232ba823e feat(vuln): support vulnerability status (#4867)
  • 11618c940 feat(misconf): Support custom URLs for policy bundle (#4834)
  • 07075696d refactor: replace with sortable packages (#4858)
  • fbe1c9eb1 docs: correct license scanning sample command (#4855)
  • 20c2246a6 fix(report): close the file (#4842)
  • 24a3e547d feat(nodejs): add support for include-dev-deps flag for yarn (#4812)
  • a7bd7bb65 feat(misconf): Add support for independently enabling libraries (#4070)
  • 4aa9ea096 feat(secret): add secret config file for cache calculation (#4837)
  • 5d349d814 Fix a link in gitlab-ci.md (#4850)
  • a61531c1f fix(flag): use globalstar to skip directories (#4854)
  • 78cc20937 chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)
  • 93996041b fix(license): using common way for splitting licenses (#4434)
  • 3e2416d77 fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
  • ce77bb46c remove govulndb (#4783)
  • c05caae43 fix(java): inherit licenses from parents (#4817)
  • aca11b95d refactor: add allowed values for CLI flags (#4800)
  • 4cecd17ea add example regex to allow rules (#4827)
  • 4bc8d29c1 feat(misconf): Support custom data for rego policies for cloud (#4745)
  • 88243a0ad docs: correcting the trivy k8s tutorial (#4815)
  • 3c7d988d7 feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
  • fd0fd104f fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
  • d0d543b88 feat(misconf): enable --policy flag to accept directory and files both (#4777)
  • b43a3e623 feat(python): add license fields (#4722)
  • aef7b148a fix: support trivy k8s-version on k8s sub-command (#4786)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.43.1 to 0.44.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.43.1...v0.44.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go labels Aug 1, 2023
@codecov
Copy link

codecov bot commented Aug 1, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (5659b81) 34.72% compared to head (46deccf) 34.72%.

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #231   +/-   ##
=======================================
  Coverage   34.72%   34.72%           
=======================================
  Files          12       12           
  Lines        1146     1146           
=======================================
  Hits          398      398           
  Misses        727      727           
  Partials       21       21           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sozercan sozercan merged commit 499a752 into main Aug 1, 2023
21 checks passed
@sozercan sozercan deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.44.0 branch August 1, 2023 15:52
ashnamehrotra pushed a commit to ashnamehrotra/copacetic that referenced this pull request Aug 25, 2023
…ect-copacetic#231)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant