chore(deps): update dependency aquasecurity/trivy to v0.71.0 (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aquasecurity/trivy	uses-with	minor	v0.70.0 → v0.71.0

---

Release Notes

aquasecurity/trivy (aquasecurity/trivy)

v0.71.0

Compare Source

Changelog

• 9b49920 release: v0.71.0 [main] (#​10638)
• 35cefae ci: use only the first line of commit message in release-please workflow (#​10766)
• f8a6ddb feat: add WithDriver and WithProvider options to ospkg detector (#​10740)
• 3ea80c0 chore(deps): bump github.com/google/go-containerregistry to v0.21.6 (#​10741)
• 203dd94 refactor(secret): normalize configPath once in Init (#​10702)
• 9ad901d feat(secret): add Maven rules to detect passwords and passphrases in settings.xml and settings-security.xml files (#​10704)
• 8f049df chore(deps): bump the common group across 1 directory with 25 updates (#​10758)
• 900ffcb chore: migrate from gomodguard to gomodguard_v2 (#​10739)
• 3d5bc38 chore(deps): bump the docker group across 1 directory with 2 updates (#​10709)
• 1c515db chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.302.0 to 1.303.0 in the aws group (#​10752)
• 984581f ci: scope GitHub App tokens to minimum required permissions (#​10755)
• b1626a3 chore(deps): upgrade go-redis from v8 to v9 (#​10736)
• 9c1cf65 fix(misconf): fix rendering of nested values in terraform plan lists (#​10746)
• f099dc4 fix(misconf): skip resources with no after changes (#​10352)
• 0bc5c6d fix(misconf): reject nil plays during playbook parsing (#​10273)
• 0e4dc66 fix(nodejs): silently skip subdirectory package.json files with invalid names (#​10609)
• f080e1e fix(misconf): skip null cty values in AsMapValue to prevent panic (#​10723)
• 441251e refactor(misconf): replace custom Helm archive parsing with Helm SDK loaders (#​10718)
• 7d9d519 chore(deps): bump github.com/containerd/containerd/v2 to v2.3.1 (#​10738)
• cdfaf0b chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (#​10686)
• 69e78e2 fix(report): don't produce trailing comma in gitlab.tpl links array (#​10728)
• ac2f3d7 fix(cloudformation): propagate AWS::EC2::Instance MetadataOptions (#​10731)
• ac79fb9 chore(deps): upgrade github.com/cenkalti/backoff dependency to v5 (#​10705)
• 8047ef3 chore: bump golangci-lint to v2.12 (#​10726)
• f2a1237 feat(spdx): add SHA-512 hash algorithm support to SPDX serializer (#​10719)
• 04f739e feat(sbom): support for CycloneDX 1.7 (#​10715)
• f9ed425 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.300.0 to 1.302.0 in the aws group (#​10708)
• e169597 chore: migrate from helm.sh/helm/v3 to helm.sh/helm/v4 (#​10678)
• 519eac9 fix(image): correctly reconstruct RUN instructions built without BuildKit (#​10714)
• c080ce3 feat(java): support from settings.xml (#​10692)
• f8fdb93 fix(java): surface 429 from a remote Maven repository as a fatal error when scanning pom.xml files (#​10693)
• f10fad5 chore: bump go to 1.26.3 (#​10683)
• 451fd99 fix(nodejs): handle legacy license formats in npm lockfile parser (#​10684)
• fc1e46f fix(secret): correctly skip secret-scanner config file from scanning (#​10666)
• a61feac feat(ubuntu): detect Ubuntu 26.04 LTS (#​10592)
• 2f940f0 refactor(nodejs): deduplicate license traversal across package managers (#​10681)
• 39a28ed fix: overwrite OS packages PURLs after overwrite OS (#​10298)
• 69dcd18 feat(secret): add Azure secret detection rules (#​10562)
• 9d91b88 fix(misconf): prevent path traversal in Terraform filesystem functions (#​10664)
• e4325b1 feat(secret): add a way to customize skipped folders, files and exts (#​10550)
• ea7e9ad ci: migrate PAT tokens to GitHub App (#​10628)
• cb229e9 chore(deps): bump the aws group across 1 directory with 6 updates (#​10598)
• 00cebeb chore(deps): bump the docker group across 1 directory with 3 updates (#​10596)
• 8dff4b7 chore(deps): bump the github-actions group across 2 directories with 9 updates (#​10608)
• 56b5471 chore(deps): bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 (#​10641)
• 10d64d2 chore(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 (#​10648)
• 99c0659 ci: migrate PAT tokens to GITHUB_TOKEN for reusable-release workflow (#​10655)
• b08bf6a feat(seal): add vendor support for language file detection. (#​10297)
• a75a468 fix(misconf): make identifiers in ignore rules case-insensitive (#​10375)
• 3a2f7fb fix: pull instead of clone when test repo already exists (#​10636)
• 920fad2 docs: document how to disable check.trivy.dev connections (#​10623)
• d4ac98a docs(misconf): fix typo in misconfiguration config (#​10619)
• 85aa9b7 ci: remove secrets from run block (#​10590)
• 72c2a23 docs: fix typos (#​10605)
• 99eabdf refactor(deps): replace archived go-homedir with os.UserHomeDir (#​10484)
• 28ed214 chore(deps): Bump go-ini and fix the import path. (#​10489)
• bb5a8cf chore(deps): bump the github-actions group across 2 directories with 9 updates (#​10495)
• a0f71c8 chore(deps): bump github.com/aquasecurity/testdocker (#​10543)
• 2095d49 docs: convert README demonstration videos to mp4 (#​10419)
• 4aa938d chore(deps): upgrade vm scan dependency for bug fix (#​10575)
• c72b416 docs(nodejs): clarify package.json behavior in image scanning (#​10572)
• 8e23717 chore(deps): replace xeipuuv/gojsonschema and invopop/jsonschema with google/jsonschema-go (#​10528)
• cb4aa9c chore(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 (#​10554)
• 73809db chore(deps): bump alpine to 3.23.4 (#​10552)
• 2459b1d ci(helm): bump Trivy version to 0.70.0 for Trivy Helm Chart 0.22.0 (#​10547)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.