chore(deps): update dependency aquasecurity/trivy to v0.72.0#1119
Merged
Conversation
Contributor
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Contributor
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.71.2→v0.72.0Release Notes
aquasecurity/trivy (aquasecurity/trivy)
v0.72.0Compare Source
Changelog
8a32853release: v0.72.0 [main] (#10782)4295ac0test: close plugin manager in tests cleanup (#10904)d4213d7Merge commit from fork246ee3cfeat(bottlerocket): add vulnerability matching for Bottlerocket OS (#10893)abb5174fix(misconf): support github_repository_vulnerability_alerts resource (#10680)b8a1ccdfeat(java): detect JAR licenses from packaged LICENSE files (#10856)a10291bfix(nodejs): parse project dependencies from multi-document pnpm-lock.yaml (#10861)a2777aefix(server): propagate package repository class in client/server mode (#10874)6e37acfchore(deps): bump github.com/containerd/containerd/v2 from 2.3.1 to 2.3.2 (#10888)dfd53cffix(vuln): fall back to UNKNOWN severity when vulnerability details are missing (#10795)0a166c3feat(java): detect JAR licenses from the embedded pom.xml (#10851)7a69b8fchore(deps): Upgrade github.com/cenkalti/backoff to v6 (#10863)1df6ca3ci(helm): bump Trivy version to 0.71.2 for Trivy Helm Chart 0.23.2 (#10873)49299dfchore(deps): bump alpine to 3.24.1 (#10868)13de603docs: fix article typo in plugin developer guide (#10860)a848925feat(misconf): Adds CloudFront standard logging v2 support to AVD-AWS-0010 (#10848)c1ad0e0docs: fix typos (#10857)0aff3fdfix(terraform): avoid data race on global getter.Getters in remote module resolver (#10843)e68f3d2feat(secret): support new stateless format for GitHub App installation tokens (#10826)859a933fix: correct format verbs in diagnostic messages (#10805)47b7ba4ci(helm): bump Trivy version to 0.71.1 for Trivy Helm Chart 0.23.1 (#10845)3960facrefactor: use ParseErrorsAllowlist instead of ParseErrorsWhitelist (#10830)469d4fbdocs: fix repository scan heading typo (#10828)39e0b13Merge commit from fork28d44d3fix: forward ospkg detector options through ospkg.NewScanner (#10811)5619ae1chore(deps): bump github.com/bufbuild/buf to v1.70.0 (#10801)1f56a34fix(vex): load VEX documents from within the repository directory (#10820)848d135ci!: migrate docker config to dockers_v2 (#10783)bd78842feat(dotnet): detect bundled runtime in self-contained deployments (#10786)65e5128feat(secret): add OpenAI secret detection rules (#10798)c613b5dci: expect GitHub App bot as backport PR author (#10813)3054b3bfix: surface the original analysis error instead of context cancellation (#10793)15bdd2cchore(deps): bump the github-actions group across 1 directory with 11 updates (#10803)576b093chore(deps): bump the common group with 4 updates (#10797)92b4a05chore(deps): bump the aws group with 4 updates (#10796)c8d1d0dfix: use random suffix for process temp directory instead of PID (#10431)3851371docs: update signature verification for deb and rpm packages (#10784)dccb128fix(image): lookup origin layer for custom resources in merged layers (#10788)9032dcbtest: fix flaky containerd integration test (#10760)f00ee41ci: bump GoReleaser to v2.16.0 (#10774)48af854docs: fix broken nixpkgs reference link in installation guide (#10776)b3d7be5test(java): force offline-scan for client/server integration tests (#10721)888911bfix(image): deterministic OS package deduplication for images with embedded SBOMs (#10777)c0654e1fix(spdx): guard against nil root component in SPDX marshaler (#10771)7ca5a6bci(helm): bump Trivy version to 0.71.0 for Trivy Helm Chart 0.23.0 (#10768)Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.