Skip to content

chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.65.0 #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.65.0 #169

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 4, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps github.com/aquasecurity/trivy from 0.59.1 to 0.65.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.65.0

👉 Trivy v.65.0 release notes (click here)

⬇️ Download Trivy

Full changelog

v0.64.1

Changelog

  • 86ee3c1176d4707536914dfa65ac8eca452e14cd release: v0.64.1 [release/v0.64] (#9122)
  • 4e1272283a643bfca2d7231d286006219715fada fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)
  • 9a7d38432cf00f00970259e5ac3edd060e00ccff fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)
  • 53adfba3c25664b01e3a36fdec334b39b53c07f1 fix(rootio): check full version to detect root.io packages [backport: release/v0.64] (#9120)
  • 8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)

v0.64.0

👉 Trivy v.64.0 release notes (click here)

⬇️ Download Trivy

Full changelog

v0.63.0

👉 Trivy v.63.0 release notes (click here)

⬇️ Download Trivy

Full changelog

v0.62.1

Changelog

  • c75ed2156c8fa801d6998016f46f6b953e8a9556 release: v0.62.1 [release/v0.62] (#8825)

... (truncated)

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.65.0 (2025-07-30)

Features

  • add graceful shutdown with signal handling (#9242) (2c05882)
  • add HTTP request/response tracing support (#9125) (aa5b32a)
  • alma: add AlmaLinux 10 support (#9207) (861d51e)
  • flag: add schema validation for --server flag (#9270) (ed4640e)
  • image: add Docker context resolution (#9166) (99cd4e7)
  • license: observe pkg types option in license scanner (#9091) (d44af8c)
  • misconf: add private ip google access attribute to subnetwork (#9199) (263845c)
  • misconf: added logging and versioning to the gcp storage bucket (#9226) (110f80e)
  • repo: add git repository metadata to reports (#9252) (f4b2cf1)
  • report: add CVSS vectors in sarif report (#9157) (60723e6)
  • sbom: add SHA-512 hash support for CycloneDX SBOM (#9126) (12d6706)

Bug Fixes

  • alma: parse epochs from rpmqa file (#9101) (82db2fc)
  • also check filepath when removing duplicate packages (#9142) (4d10a81)
  • aws: update amazon linux 2 EOL date (#9176) (0ecfed6)
  • cli: Add more non-sensitive flags to telemetry (#9110) (7041a39)
  • cli: ensure correct command is picked by telemetry (#9260) (b4ad00f)
  • cli: panic: attempt to get os.Args[1] when len(os.Args) < 2 (#9206) (adfa879)
  • license: add missed GFDL-NIV-1.1 and GFDL-NIV-1.2 into Trivy mapping (#9116) (a692f29)
  • license: handle WITH operator for LaxSplitLicenses (#9232) (b4193d0)
  • migrate from *.list to *.md5sums files for dpkg (#9131) (f224de3)
  • misconf: correctly adapt azure storage account (#9138) (51aa022)
  • misconf: correctly parse empty port ranges in google_compute_firewall (#9237) (77bab7b)
  • misconf: fix log bucket in schema (#9235) (7ebc129)
  • misconf: skip rewriting expr if attr is nil (#9113) (42ccd3d)
  • nodejs: don't use prerelease logic for compare npm constraints (#9208) (fe96436)
  • prevent graceful shutdown message on normal exit (#9244) (6095984)
  • rootio: check full version to detect root.io packages (#9117) (c2ddd44)
  • rootio: fix severity selection (#9181) (6fafbeb)
  • sbom: merge in-graph and out-of-graph OS packages in scan results (#9194) (aa944cc)
  • sbom: use correct field for licenses in CycloneDX reports (#9057) (143da88)
  • secret: add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253) (54832a7)
  • secret: fix line numbers for multiple-line secrets (#9104) (e579746)
  • server: add HTTP transport setup to server mode (#9217) (1163b04)
  • supporting .egg-info/METADATA in python.Packaging analyzer (#9151) (e306e2d)
  • terraform: for_each on a map returns a resource for every key (#9156) (153318f)

0.64.0 (2025-06-30)

Features

... (truncated)

Commits
  • b2b1545 release: v0.65.0 [main] (#9108)
  • b4ad00f fix(cli): ensure correct command is picked by telemetry (#9260)
  • ed4640e feat(flag): add schema validation for --server flag (#9270)
  • 1a0c038 chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3...
  • 011cefc ci: skip undefined labels in discussion triage action (#9175)
  • f4b2cf1 feat(repo): add git repository metadata to reports (#9252)
  • b4193d0 fix(license): handle WITH operator for LaxSplitLicenses (#9232)
  • d2d0ec2 chore: add modernize tool integration for code modernization (#9251)
  • 54832a7 fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marsh...
  • 8f5b560 chore: implement process-safe temp file cleanup (#9241)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/aquasecurity/trivy from 0.59.1 to 0.65.0
52d63b5 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.59.1 to 0.65.0.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.59.1...v0.65.0)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 4, 2025
@dependabot dependabot bot requested a review from a team as a code owner August 4, 2025 12:37
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 4, 2025
@dependabot dependabot bot mentioned this pull request Aug 4, 2025
Closed
@github-actions github-actions bot enabled auto-merge (squash) August 4, 2025 12:37
@afsmeira
Copy link
Contributor

afsmeira commented Aug 4, 2025

Superseded by #168 .

@afsmeira afsmeira closed this Aug 4, 2025
auto-merge was automatically disabled August 4, 2025 13:30

Pull request was closed

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 4, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@afsmeira afsmeira deleted the dependabot/go_modules/github.com/aquasecurity/trivy-0.65.0 branch August 4, 2025 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@afsmeira