chore: bump github.com/aquasecurity/trivy from 0.69.3 to 0.70.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.69.3 to 0.70.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.70.0

⚡ Highlights ⚡

👉 aquasecurity/trivy#10546

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.70.0 (2026-04-16)

Features

• go: detect version from ELF symbol table for binaries built with -trimpath (#10197) (7acb5f6)
• java: add support for proxy configuration from Maven settings.xml (#10187) (350fe33)
• misconf: adapt ARM k8s clusters (#9696) (#10125) (66bdec4)
• misconf: resolve Azure resources via resource_id (#10173) (823f363)
• misconf: support for azurerm_network_interface_security_group_association (#10215) (da94d5f)
• python: add pylock.toml (PEP 751) parser (#9632) (1a72b32)
• python: add pylock.toml support (#10137) (d0a3f63)
• server: include server version info in JSON output for client/server mode (#10075) (4c46d41)
• ubuntu: add eol data for 25.10 (#10181) (2c1f65b)
• vuln: skip third-party packages in common Detect function (#10129) (d6e6331)

Bug Fixes

• cyclonedx: include CVSS v4 vulnerability ratings (#10313) (2a4dfbf)
• detected vulnerability fields in azure and mariner detector (#10275) (77f5cb5)
• flag: validate template file extension (#10296) (20458b8)
• handle Go 1.26 GOEXPERIMENT version format change (#10351) (f207ec6)
• java: Disable overwriting exclusions (#10088) (9a3e0a8)
• misconf: apply check aliases when filtering results via .trivyignore (#10112) (b775a1b)
• misconf: initialize custom annotation field if empty (#10123) (0f0d6db)
• python: handle multiple version specifiers in requirements.txt (#10361) (4cf4498)
• python: nil pointer dereference with optional poetry groups without dependencies (#10359) (12ab3ce)
• remove os.Stdout from wazero module config (#10403) (bda9710)
• report: set correct sarif ROOTPATH uri when scanning a git repository (#10366) (e5da6de)
• sbom: add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (#10368) (33b9d8e)
• sbom: preserve Red Hat BuildInfo when scanning SBOMs without layer info (#10378) (e9e9e8c)
• server: exclude JavaDB and CheckBundle from /version endpoint (#10100) (b9a8d2d)
• update PhotonOS feed URL (#10122) (fa195b4)
• use Development category for GoReleaser discussions (#10530) (7ee3e1e)

Performance Improvements

• plugin: optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (#10325) (d7fb355)

0.69.0 (2026-01-30)

⚠ BREAKING CHANGES

• misconf: use ID instead of AVDID for providers mapping (#9752)

Features

... (truncated)

Commits

• 8a3177a release: v0.70.0 [main] (#10105)
• 974de49 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#10496)
• 2175597 chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2....
• 50c7a1e chore(deps): bump the common group across 1 directory with 8 updates (#10540)
• 885fbce chore(deps): bump the docker group across 1 directory with 2 updates (#10538)
• 7ee3e1e fix: use Development category for GoReleaser discussions (#10530)
• 6dbe369 chore(deps): bump testcontainers-go to v0.42.0 (#10531)
• 21e6888 chore: update CODEOWNERS (#10529)
• 35d28e8 chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (#10511)
• 6d40a98 chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (#10510)
• Additional commits viewable in compare view

[Copilot]

Pull request overview

This PR updates Copacetic’s Go module dependencies, primarily bumping Trivy to v0.70.0, and includes related dependency and integration-test adjustments needed to keep the build/tests aligned with the updated dependency graph.

Changes:

• Bump github.com/aquasecurity/trivy from v0.69.3 to v0.70.0 (plus related direct/indirect dependency updates from go mod tidy/resolver).
• Update the bulk single-arch integration test to use Moby network/container types for registry port bindings.
• Refresh go.sum to match the new resolved module set.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File	Description
integration/bulk/singlearch_patch_test.go	Switch port-binding types/imports to Moby (network.PortMap, netip.Addr) consistent with updated dependencies.
go.mod	Bump Trivy and multiple other direct/indirect module versions.
go.sum	Update module checksums for the new dependency set.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 41.16%. Comparing base (ae878ee) to head (83f8d13).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1569   +/-   ##
=======================================
  Coverage   41.16%   41.16%           
=======================================
  Files          58       58           
  Lines       10112    10112           
=======================================
  Hits         4163     4163           
  Misses       5653     5653           
  Partials      296      296           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.