Skip to content

chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.64.1 #162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.64.1 #162

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 7, 2025
edited
Loading

Bumps github.com/aquasecurity/trivy from 0.59.1 to 0.64.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.64.1

Changelog

  • 86ee3c1176d4707536914dfa65ac8eca452e14cd release: v0.64.1 [release/v0.64] (#9122)
  • 4e1272283a643bfca2d7231d286006219715fada fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)
  • 9a7d38432cf00f00970259e5ac3edd060e00ccff fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)
  • 53adfba3c25664b01e3a36fdec334b39b53c07f1 fix(rootio): check full version to detect root.io packages [backport: release/v0.64] (#9120)
  • 8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)

v0.64.0

👉 Trivy v.64.0 release notes (click here)

⬇️ Download Trivy

Full changelog

v0.63.0

👉 Trivy v.63.0 release notes (click here)

⬇️ Download Trivy

Full changelog

v0.62.1

Changelog

  • c75ed2156c8fa801d6998016f46f6b953e8a9556 release: v0.62.1 [release/v0.62] (#8825)
  • aafebeb53aecbc9ed1ea44f8601183b4c25c49e3 chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831)
  • 99485cfea2de53570342901eac860afdaacce86f fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826)
  • b4fc9e8ca1ff77a2795ffa47d0fc53cecd0e1bbd fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824)

v0.62.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#8801

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0620-2025-04-30

... (truncated)

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.64.1 (2025-07-03)

Bug Fixes

  • alma: parse epochs from rpmqa file [backport: release/v0.64] (#9119) (8cf1bf9)
  • cli: Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) (9a7d384)
  • misconf: skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) (4e12722)
  • rootio: check full version to detect root.io packages [backport: release/v0.64] (#9120) (53adfba)

0.64.0 (2025-06-30)

Features

  • cli: add version constraints to annoucements (#9023) (19efa9f)
  • java: dereference all maven settings.xml env placeholders (#9024) (5aade69)
  • misconf: add OpenTofu file extension support (#8747) (57801d0)
  • misconf: normalize CreatedBy for buildah and legacy docker builder (#8953) (65e155f)
  • redhat: Add EOL date for RHEL 10. (#8910) (48258a7)
  • reject unsupported artifact types in remote image retrieval (#9052) (1e1e1b5)
  • sbom: add manufacturer field to CycloneDX tools metadata (#9019) (41d0f94)
  • terraform: add partial evaluation for policy templates (#8967) (a9f7dcd)
  • ubuntu: add end of life date for Ubuntu 25.04 (#9077) (367564a)
  • ubuntu: add eol date for 20.04-ESM (#8981) (87118a0)
  • vuln: add Root.io support for container image scanning (#9073) (3a0ec0f)

Bug Fixes

  • Add missing version check flags (#8951) (ef5f8de)
  • cli: add some values to the telemetry call (#9056) (fd2bc91)
  • Correctly check for semver versions for trivy version check (#8948) (b813527)
  • don't show corrupted trivy-db warning for first run (#8991) (4ed78e3)
  • misconf: .Config.User always takes precedence over USER in .History (#9050) (371b8cc)
  • misconf: correct Azure value-to-time conversion in AsTimeValue (#9015) (40d017b)
  • misconf: move disabled checks filtering after analyzer scan (#9002) (a58c36d)
  • misconf: reduce log noise on incompatible check (#9029) (99c5151)
  • nodejs: correctly parse packages array of bun.lock file (#8998) (875ec3a)
  • report: don't panic when report contains vulns, but doesn't contain packages for table format (#8549) (87fda76)
  • sbom: remove unnecessary OS detection check in SBOM decoding (#9034) (198789a)

0.63.0 (2025-05-29)

Features

  • add Bottlerocket OS package analyzer (#8653) (07ef63b)
  • add JSONC support for comments and trailing commas (#8862) (0b0e406)
  • alpine: add maintainer field extraction for APK packages (#8930) (104bbc1)

... (truncated)

Commits
  • 86ee3c1 release: v0.64.1 [release/v0.64] (#9122)
  • 4e12722 fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#...
  • 9a7d384 fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64]...
  • 53adfba fix(rootio): check full version to detect root.io packages [backport: relea...
  • 8cf1bf9 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)
  • 280491b release: v0.64.0 [main] (#8955)
  • a6e9807 docs(python): fix type with METADATA file name (#9090)
  • 1e1e1b5 feat: reject unsupported artifact types in remote image retrieval (#9052)
  • 7333c46 chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9...
  • bac6f7b refactor(misconf): rewrite Rego module filtering using functional filters (#9...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 7, 2025
@dependabot dependabot bot requested a review from a team as a code owner July 7, 2025 12:44
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 7, 2025
@dependabot dependabot bot mentioned this pull request Jul 7, 2025
Closed
github-actions[bot]
github-actions bot previously approved these changes Jul 7, 2025
View reviewed changes
@github-actions github-actions bot enabled auto-merge (squash) July 7, 2025 12:44
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/aquasecurity/trivy-0.64.1 branch from 0b963e9 to 75b5efa Compare July 14, 2025 13:25
github-actions[bot]
github-actions bot previously approved these changes Jul 14, 2025
View reviewed changes
@dependabot
chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.64.1
339f82f 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.59.1 to 0.64.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/v0.64.1/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.59.1...v0.64.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-version: 0.64.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/aquasecurity/trivy-0.64.1 branch from 75b5efa to 339f82f Compare July 29, 2025 13:15
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 4, 2025

Superseded by #169.

@dependabot dependabot bot closed this Aug 4, 2025
auto-merge was automatically disabled August 4, 2025 12:37

Pull request was closed

@dependabot dependabot bot deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.64.1 branch August 4, 2025 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant