Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): Bump github.com/aquasecurity/trivy from 0.58.0 to 0.58.2 #84

Closed
wants to merge 1 commit into from
Closed

build(deps): Bump github.com/aquasecurity/trivy from 0.58.0 to 0.58.2 #84

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 14, 2025
edited
Loading

Bumps github.com/aquasecurity/trivy from 0.58.0 to 0.58.2.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.58.2

Changelog

  • 936f06a57864d073aa77b38f77fe76c4fcb1f7c1 release: v0.58.2 [release/v0.58] (#8216)
  • f72d2bce8d3418dbcb670434bc15bb857b421f98 fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)
  • 289636758eccf990f36ea2be34f6db2c02cfab6b fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)
  • b733ecc7bc752d61837d08f2650bd480b645bb1d fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)

v0.58.1

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#8171

Changelog

https://github.com/aquasecurity/trivy/blob/release/v0.58/CHANGELOG.md#0581-2024-12-24

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.58.2 (2025-01-13)

Bug Fixes

  • CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) (b733ecc)
  • misconf: allow null values only for tf variables [backport: release/v0.58] (#8238) (f72d2bc)
  • suse: SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) (2896367)

0.58.1 (2024-12-24)

Bug Fixes

  • handle BLOW_UNKNOWN error to download DBs [backport: release/v0.58] (#8121) (9a56e7c)
  • java: correctly overwrite version from depManagement if dependency uses project.* props [backport: release/v0.58] (#8119) (4278a09)
  • oracle: add architectures support for advisories [backport: release/v0.58] (#8125) (89b341f)
  • python: skip dev group's deps for poetry [backport: release/v0.58] (#8158) (8b93081)
  • redhat: correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) (33818e1)
  • sbom: attach nested packages to Application [backport: release/v0.58] (#8168) (03160e4)
  • sbom: fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) (f842fe1)
  • sbom: use root package for unknown dependencies (if exists) [backport: release/v0.58] (#8156) (18cd1a5)
Commits
  • 936f06a release: v0.58.2 [release/v0.58] (#8216)
  • f72d2bc fix(misconf): allow null values only for tf variables [backport: release/v0.5...
  • 2896367 fix(suse): SUSE - update OSType constants and references for compatility [bac...
  • b733ecc fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the U...
  • 7326db1 release: v0.58.1 [release/v0.58] (#8120)
  • 03160e4 fix(sbom): attach nested packages to Application [backport: release/v0.58] (#...
  • 8b93081 fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)
  • 18cd1a5 fix(sbom): use root package for unknown dependencies (if exists) [backport:...
  • 1bde3df chore(deps): bump golang.org/x/net from v0.32.0 to v0.33.0 [backport: r...
  • 90f9e88 chore(deps): bump github.com/CycloneDX/cyclonedx-go from v0.9.1 to `v0.9....
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 14, 2025
@dependabot dependabot bot mentioned this pull request Jan 14, 2025
Closed
@dependabot
build(deps): Bump github.com/aquasecurity/trivy from 0.58.0 to 0.58.2
a7369ae 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.58.0 to 0.58.2.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/v0.58.2/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.58.0...v0.58.2)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/aquasecurity/trivy-0.58.2 branch from ef394ba to a7369ae Compare January 20, 2025 16:54
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 30, 2025

Superseded by #94.

@dependabot dependabot bot closed this Jan 30, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.58.2 branch January 30, 2025 11:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants