Skip to content

Commit 5059121

Browse files
dependabot[bot]dependabot[bot]
authored
chore(deps): bump github.com/aquasecurity/trivy from 0.65.0 to 0.66.0 (#186)
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.65.0 to 0.66.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md) - [Commits](aquasecurity/trivy@v0.65.0...v0.66.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-version: 0.66.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 243f9fa commit 5059121

File tree

4 files changed

+256
-277
lines changed

4 files changed

+256
-277
lines changed

.circleci/config.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,14 @@ references:
99
persist_to_workspace: true
1010
# https://aquasecurity.github.io/trivy/v0.65/getting-started/installation/#install-script
1111
cmd: |
12-
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.65.0
12+
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.66.0
1313
mkdir cache
1414
./trivy --cache-dir ./cache image --download-db-only
1515
1616
build_and_publish_docker: &build_and_publish_docker
1717
persist_to_workspace: true
1818
cmd: |
19-
docker build --no-cache -t $CIRCLE_PROJECT_REPONAME:latest --build-arg TRIVY_VERSION=0.65.0 .
19+
docker build --no-cache -t $CIRCLE_PROJECT_REPONAME:latest --build-arg TRIVY_VERSION=0.66.0 .
2020
docker save --output docker-image.tar $CIRCLE_PROJECT_REPONAME:latest
2121
2222
workflows:

go.mod

Lines changed: 68 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ go 1.24.5
44

55
require (
66
github.com/CycloneDX/cyclonedx-go v0.9.2
7-
github.com/aquasecurity/trivy v0.65.0 // Also update .config.yml
8-
github.com/aquasecurity/trivy-db v0.0.0-20250723062229-56ec1e482238
7+
github.com/aquasecurity/trivy v0.66.0 // Also update .config.yml
8+
github.com/aquasecurity/trivy-db v0.0.0-20250731052236-c7c831e2254d
99
github.com/codacy/codacy-engine-golang-seed/v6 v6.4.0
1010
github.com/google/go-cmp v0.7.0
1111
github.com/package-url/packageurl-go v0.1.3
@@ -17,32 +17,26 @@ require (
1717

1818
require (
1919
cel.dev/expr v0.24.0 // indirect
20-
cloud.google.com/go v0.118.3 // indirect
21-
cloud.google.com/go/auth v0.15.0 // indirect
20+
cloud.google.com/go v0.121.2 // indirect
21+
cloud.google.com/go/auth v0.16.2 // indirect
2222
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
2323
cloud.google.com/go/compute/metadata v0.7.0 // indirect
24-
cloud.google.com/go/iam v1.4.1 // indirect
25-
cloud.google.com/go/monitoring v1.24.0 // indirect
26-
cloud.google.com/go/storage v1.50.0 // indirect
24+
cloud.google.com/go/iam v1.5.2 // indirect
25+
cloud.google.com/go/monitoring v1.24.2 // indirect
26+
cloud.google.com/go/storage v1.55.0 // indirect
2727
dario.cat/mergo v1.0.1 // indirect
28-
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
29-
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 // indirect
30-
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 // indirect
31-
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
28+
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0 // indirect
29+
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 // indirect
30+
github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry v0.2.3 // indirect
31+
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
3232
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
33-
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
34-
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
35-
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
36-
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
37-
github.com/Azure/go-autorest/logger v0.2.1 // indirect
38-
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
3933
github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
4034
github.com/BurntSushi/toml v1.5.0 // indirect
4135
github.com/DataDog/zstd v1.5.5 // indirect
4236
github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible // indirect
43-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 // indirect
44-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
45-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
37+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
38+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
39+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
4640
github.com/Intevation/gval v1.3.0 // indirect
4741
github.com/Intevation/jsonpath v0.2.1 // indirect
4842
github.com/MakeNowJust/heredoc v1.0.0 // indirect
@@ -72,41 +66,41 @@ require (
7266
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 // indirect
7367
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
7468
github.com/aws/aws-sdk-go v1.55.7 // indirect
75-
github.com/aws/aws-sdk-go-v2 v1.36.6 // indirect
76-
github.com/aws/aws-sdk-go-v2/config v1.29.18 // indirect
77-
github.com/aws/aws-sdk-go-v2/credentials v1.17.71 // indirect
78-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33 // indirect
79-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37 // indirect
80-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37 // indirect
69+
github.com/aws/aws-sdk-go-v2 v1.38.3 // indirect
70+
github.com/aws/aws-sdk-go-v2/config v1.31.6 // indirect
71+
github.com/aws/aws-sdk-go-v2/credentials v1.18.10 // indirect
72+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.6 // indirect
73+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.6 // indirect
74+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.6 // indirect
8175
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
8276
github.com/aws/aws-sdk-go-v2/service/ebs v1.22.1 // indirect
83-
github.com/aws/aws-sdk-go-v2/service/ec2 v1.234.0 // indirect
84-
github.com/aws/aws-sdk-go-v2/service/ecr v1.45.2 // indirect
85-
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect
86-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18 // indirect
87-
github.com/aws/aws-sdk-go-v2/service/s3 v1.84.1 // indirect
88-
github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 // indirect
89-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 // indirect
90-
github.com/aws/aws-sdk-go-v2/service/sts v1.34.1 // indirect
91-
github.com/aws/smithy-go v1.22.4 // indirect
77+
github.com/aws/aws-sdk-go-v2/service/ec2 v1.249.0 // indirect
78+
github.com/aws/aws-sdk-go-v2/service/ecr v1.50.1 // indirect
79+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect
80+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.6 // indirect
81+
github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3 // indirect
82+
github.com/aws/aws-sdk-go-v2/service/sso v1.29.1 // indirect
83+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.2 // indirect
84+
github.com/aws/aws-sdk-go-v2/service/sts v1.38.2 // indirect
85+
github.com/aws/smithy-go v1.23.0 // indirect
9286
github.com/beorn7/perks v1.0.1 // indirect
9387
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
9488
github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c // indirect
9589
github.com/blang/semver v3.5.1+incompatible // indirect
9690
github.com/blang/semver/v4 v4.0.0 // indirect
97-
github.com/bmatcuk/doublestar/v4 v4.9.0 // indirect
91+
github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect
9892
github.com/briandowns/spinner v1.23.0 // indirect
9993
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
10094
github.com/cenkalti/backoff/v5 v5.0.2 // indirect
10195
github.com/cespare/xxhash/v2 v2.3.0 // indirect
10296
github.com/chai2010/gettext-go v1.0.2 // indirect
10397
github.com/cheggaaa/pb/v3 v3.1.7 // indirect
10498
github.com/cloudflare/circl v1.6.1 // indirect
105-
github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
99+
github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
106100
github.com/containerd/cgroups/v3 v3.0.5 // indirect
107101
github.com/containerd/containerd v1.7.27 // indirect
108102
github.com/containerd/containerd/api v1.9.0 // indirect
109-
github.com/containerd/containerd/v2 v2.1.3 // indirect
103+
github.com/containerd/containerd/v2 v2.1.4 // indirect
110104
github.com/containerd/continuity v0.4.5 // indirect
111105
github.com/containerd/errdefs v1.0.0 // indirect
112106
github.com/containerd/errdefs/pkg v0.3.0 // indirect
@@ -125,12 +119,12 @@ require (
125119
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
126120
github.com/distribution/reference v0.6.0 // indirect
127121
github.com/dlclark/regexp2 v1.11.0 // indirect
128-
github.com/docker/cli v28.3.2+incompatible // indirect
122+
github.com/docker/cli v28.3.3+incompatible // indirect
129123
github.com/docker/distribution v2.8.3+incompatible // indirect
130124
github.com/docker/docker v28.3.3+incompatible // indirect
131125
github.com/docker/docker-credential-helpers v0.9.3 // indirect
132126
github.com/docker/go v1.5.1-1 // indirect
133-
github.com/docker/go-connections v0.5.0 // indirect
127+
github.com/docker/go-connections v0.6.0 // indirect
134128
github.com/docker/go-units v0.5.0 // indirect
135129
github.com/dustin/go-humanize v1.0.1 // indirect
136130
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
@@ -170,8 +164,7 @@ require (
170164
github.com/gobwas/glob v0.2.3 // indirect
171165
github.com/gocsaf/csaf/v3 v3.3.0 // indirect
172166
github.com/gogo/protobuf v1.3.2 // indirect
173-
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
174-
github.com/golang-jwt/jwt/v5 v5.2.3 // indirect
167+
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
175168
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
176169
github.com/golang/snappy v0.0.4 // indirect
177170
github.com/google/btree v1.1.3 // indirect
@@ -184,13 +177,13 @@ require (
184177
github.com/google/s2a-go v0.1.9 // indirect
185178
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
186179
github.com/google/uuid v1.6.0 // indirect
187-
github.com/google/wire v0.6.0 // indirect
180+
github.com/google/wire v0.7.0 // indirect
188181
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
189-
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
182+
github.com/googleapis/gax-go/v2 v2.14.2 // indirect
190183
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
191184
github.com/gosuri/uitable v0.0.4 // indirect
192185
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
193-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
186+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect
194187
github.com/hashicorp/errwrap v1.1.0 // indirect
195188
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
196189
github.com/hashicorp/go-getter v1.7.9 // indirect
@@ -262,7 +255,7 @@ require (
262255
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
263256
github.com/oklog/ulid v1.3.1 // indirect
264257
github.com/oklog/ulid/v2 v2.1.1 // indirect
265-
github.com/open-policy-agent/opa v1.6.0 // indirect
258+
github.com/open-policy-agent/opa v1.7.1 // indirect
266259
github.com/opencontainers/go-digest v1.0.0 // indirect
267260
github.com/opencontainers/image-spec v1.1.1 // indirect
268261
github.com/opencontainers/runtime-spec v1.2.1 // indirect
@@ -293,14 +286,14 @@ require (
293286
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
294287
github.com/sassoftware/go-rpmutils v0.4.0 // indirect
295288
github.com/sassoftware/relic v7.2.1+incompatible // indirect
296-
github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect
297-
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
289+
github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect
290+
github.com/sergi/go-diff v1.4.0 // indirect
298291
github.com/shibumi/go-pathspec v1.3.0 // indirect
299292
github.com/shopspring/decimal v1.4.0 // indirect
300293
github.com/sigstore/cosign/v2 v2.2.4 // indirect
301-
github.com/sigstore/protobuf-specs v0.4.1 // indirect
302-
github.com/sigstore/rekor v1.3.10 // indirect
303-
github.com/sigstore/sigstore v1.9.1 // indirect
294+
github.com/sigstore/protobuf-specs v0.5.0 // indirect
295+
github.com/sigstore/rekor v1.4.0 // indirect
296+
github.com/sigstore/sigstore v1.9.5 // indirect
304297
github.com/sigstore/timestamp-authority v1.2.2 // indirect
305298
github.com/sirupsen/logrus v1.9.3 // indirect
306299
github.com/skeema/knownhosts v1.3.1 // indirect
@@ -315,16 +308,16 @@ require (
315308
github.com/stretchr/objx v0.5.2 // indirect
316309
github.com/subosito/gotenv v1.6.0 // indirect
317310
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
318-
github.com/tchap/go-patricia/v2 v2.3.2 // indirect
311+
github.com/tchap/go-patricia/v2 v2.3.3 // indirect
319312
github.com/tetratelabs/wazero v1.9.0 // indirect
320313
github.com/theupdateframework/go-tuf v0.7.0 // indirect
321314
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
322315
github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0 // indirect
323316
github.com/transparency-dev/merkle v0.0.2 // indirect
324317
github.com/twitchtv/twirp v8.1.3+incompatible // indirect
325-
github.com/ulikunitz/xz v0.5.14 // indirect
318+
github.com/ulikunitz/xz v0.5.15 // indirect
326319
github.com/vbatts/tar-split v0.12.1 // indirect
327-
github.com/vektah/gqlparser/v2 v2.5.28 // indirect
320+
github.com/vektah/gqlparser/v2 v2.5.30 // indirect
328321
github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
329322
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
330323
github.com/x448/float16 v0.8.4 // indirect
@@ -335,31 +328,31 @@ require (
335328
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
336329
github.com/xlab/treeprint v1.2.0 // indirect
337330
github.com/yashtewari/glob-intersection v0.2.0 // indirect
338-
github.com/zclconf/go-cty v1.16.3 // indirect
331+
github.com/zclconf/go-cty v1.16.4 // indirect
339332
github.com/zclconf/go-cty-yaml v1.1.0 // indirect
340333
github.com/zeebo/errs v1.4.0 // indirect
341-
go.etcd.io/bbolt v1.4.2 // indirect
334+
go.etcd.io/bbolt v1.4.3 // indirect
342335
go.mongodb.org/mongo-driver v1.14.0 // indirect
343336
go.opencensus.io v0.24.0 // indirect
344337
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
345-
go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
346-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
347-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
348-
go.opentelemetry.io/otel v1.36.0 // indirect
338+
go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect
339+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
340+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
341+
go.opentelemetry.io/otel v1.37.0 // indirect
349342
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 // indirect
350-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect
351-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 // indirect
352-
go.opentelemetry.io/otel/metric v1.36.0 // indirect
353-
go.opentelemetry.io/otel/sdk v1.36.0 // indirect
354-
go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
355-
go.opentelemetry.io/otel/trace v1.36.0 // indirect
343+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect
344+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 // indirect
345+
go.opentelemetry.io/otel/metric v1.37.0 // indirect
346+
go.opentelemetry.io/otel/sdk v1.37.0 // indirect
347+
go.opentelemetry.io/otel/sdk/metric v1.37.0 // indirect
348+
go.opentelemetry.io/otel/trace v1.37.0 // indirect
356349
go.opentelemetry.io/proto/otlp v1.7.0 // indirect
357350
go.uber.org/multierr v1.11.0 // indirect
358351
go.uber.org/zap v1.27.0 // indirect
359352
go.yaml.in/yaml/v2 v2.4.2 // indirect
360353
go.yaml.in/yaml/v3 v3.0.3 // indirect
361354
golang.org/x/crypto v0.41.0 // indirect
362-
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 // indirect
355+
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
363356
golang.org/x/net v0.43.0 // indirect
364357
golang.org/x/oauth2 v0.30.0 // indirect
365358
golang.org/x/sync v0.16.0 // indirect
@@ -369,22 +362,22 @@ require (
369362
golang.org/x/time v0.12.0 // indirect
370363
golang.org/x/tools v0.36.0 // indirect
371364
golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
372-
google.golang.org/api v0.228.0 // indirect
373-
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
365+
google.golang.org/api v0.242.0 // indirect
366+
google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 // indirect
374367
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect
375368
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect
376-
google.golang.org/grpc v1.72.2 // indirect
377-
google.golang.org/protobuf v1.36.6 // indirect
369+
google.golang.org/grpc v1.74.2 // indirect
370+
google.golang.org/protobuf v1.36.8 // indirect
378371
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
379372
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
380373
gopkg.in/inf.v0 v0.9.1 // indirect
381374
gopkg.in/warnings.v0 v0.1.2 // indirect
382375
gopkg.in/yaml.v3 v3.0.1 // indirect
383376
gotest.tools/v3 v3.5.0 // indirect
384-
helm.sh/helm/v3 v3.18.5 // indirect
385-
k8s.io/api v0.33.3 // indirect
377+
helm.sh/helm/v3 v3.18.6 // indirect
378+
k8s.io/api v0.33.4 // indirect
386379
k8s.io/apiextensions-apiserver v0.33.3 // indirect
387-
k8s.io/apimachinery v0.33.3 // indirect
380+
k8s.io/apimachinery v0.33.4 // indirect
388381
k8s.io/apiserver v0.33.3 // indirect
389382
k8s.io/cli-runtime v0.33.3 // indirect
390383
k8s.io/client-go v0.33.3 // indirect
@@ -400,5 +393,5 @@ require (
400393
sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
401394
sigs.k8s.io/randfill v1.0.0 // indirect
402395
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
403-
sigs.k8s.io/yaml v1.5.0 // indirect
396+
sigs.k8s.io/yaml v1.6.0 // indirect
404397
)

0 commit comments

Comments
 (0)