Skip to content

chore(deps): update ghcr.io/aquasecurity/trivy docker tag to v0.47.0

Tortoise caretaker requested to merge renovate/ghcr.io-aquasecurity-trivy-0.x into main

This MR contains the following updates:

Package Type Update Change
ghcr.io/aquasecurity/trivy image-name minor 0.46.1 -> 0.47.0

Release Notes

aquasecurity/trivy (ghcr.io/aquasecurity/trivy)

v0.47.0

Compare Source

Release highlights and summary

👉 https://github.com/aquasecurity/trivy/discussions/5520

Changelog
  • d6df5fb docs: add info that license scanning supports file-patterns flag (#​5484)
  • 156d4cc docs: add Zora integration into Ecosystem session (#​5490)
  • 772d1d0 fix(sbom): Use UUID as BomRef for packages with empty purl (#​5448)
  • df47073 ci: use maximize build space for K8s tests (#​5387)
  • fed4710 fix: correct error mismatch causing race in fast walks (#​5516)
  • 46f1b9e docs: k8s vulnerability scanning (#​5515)
  • fdb3a15 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.23.2 to 1.25.0 (#​5506)
  • d0d956f chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.2.2 to 2.3.0 (#​5493)
  • 68b0797 docs: remove glad for java datasources (#​5508)
  • 474167c chore(deps): bump github.com/testcontainers/testcontainers-go/modules/localstack from 0.21.0 to 0.26.0 (#​5475)
  • 7299867 chore: remove unused logger attribute in amazon detector (#​5476)
  • 8656bd9 fix: correct error mismatch causing race in fast walks (#​5482)
  • 2e10cd2 chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#​5502)
  • 13df746 chore(deps): bump docker/build-push-action from 4 to 5 (#​5500)
  • b0141cf chore(deps): bump github.com/package-url/packageurl-go from 0.1.2-0.20230812223828-f8bb31c1f10b to 0.1.2 (#​5491)
  • 520830b fix(server): add licenses to BlobInfo message (#​5382)
  • 9a6e125 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#​5501)
  • 6e59272 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.17.18 to 1.21.0 (#​5497)
  • f3de7bc feat: scan vulns on k8s core component apps (#​5418)
  • e2fb3dd fix(java): fix infinite loop when relativePath field points to pom.xml being scanned (#​5470)
  • 3e833be chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#​5472)
  • ca50b77 fix(sbom): save digests for package/application when scanning SBOM files (#​5432)
  • 048150d docs: fix the broken link (#​5454)
  • 013d901 docs: fix error when installing PyYAML for gh pages (#​5462)
  • 26b4959 fix(java): download java-db once (#​5442)
  • 57fa701 chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.57.1 (#​5447)
  • 53c9a7d docs(misconf): Update --tf-exclude-downloaded-modules description (#​5419)
  • 01c98d1 feat(misconf): Support --ignore-policy in config scans (#​5359)
  • 05b3c86 docs(misconf): fix broken table for Use container image section (#​5425)
  • 1a15a3a feat(dart): add graph support (#​5374)
  • f2a12f5 refactor: define a new struct for scan targets (#​5397)
  • 6040d9f fix(sbom): add missed primaryURL and source severity for CycloneDX (#​5399)
  • e5317c7 fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#​5393)
  • 9fba79f chore(deps): move to aws-sdk-go-v2 (#​5381)
  • 00f2059 docs: remove --scanners none (#​5384)
  • 57a1022 docs: Update container_image.md #​5182 (#​5193)
  • 5b2b4ea feat(report): Add InstalledFiles field to Package (#​4706)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot. The local configuration can be found in the local Renovate Bot repository.

Merge request reports

Loading