Skip to content

Commit 8f67d5f

Browse files
EmyrkEmyrk
authored
chore: update trivy dependency (#182)
Updated to coder/trivy#19 Solve an issue when a module is located in a subdirectory of a `git` source. This PR: aquasecurity/trivy#9294
1 parent e221dcd commit 8f67d5f

File tree

2 files changed

+128
-109
lines changed

2 files changed

+128
-109
lines changed

go.mod

Lines changed: 39 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,12 @@
11
module github.com/coder/preview
22

3-
go 1.24.2
3+
go 1.24.4
4+
5+
toolchain go1.24.6
46

57
require (
68
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6
7-
github.com/aquasecurity/trivy v0.58.2
9+
github.com/aquasecurity/trivy v0.61.1-0.20250407075540-f1329c7ea1aa
810
github.com/coder/serpent v0.10.0
911
github.com/coder/terraform-provider-coder/v2 v2.8.0
1012
github.com/coder/websocket v1.8.13
@@ -24,26 +26,30 @@ require (
2426
)
2527

2628
require (
27-
cel.dev/expr v0.20.0 // indirect
29+
cel.dev/expr v0.24.0 // indirect
2830
cloud.google.com/go v0.118.3 // indirect
2931
cloud.google.com/go/auth v0.15.0 // indirect
3032
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
31-
cloud.google.com/go/compute/metadata v0.6.0 // indirect
33+
cloud.google.com/go/compute/metadata v0.7.0 // indirect
3234
cloud.google.com/go/iam v1.4.1 // indirect
3335
cloud.google.com/go/monitoring v1.24.0 // indirect
3436
cloud.google.com/go/storage v1.50.0 // indirect
3537
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 // indirect
3638
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
3739
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
38-
github.com/ProtonMail/go-crypto v1.1.6 // indirect
40+
github.com/ProtonMail/go-crypto v1.3.0 // indirect
3941
github.com/agext/levenshtein v1.2.3 // indirect
42+
github.com/alecthomas/chroma v0.10.0 // indirect
4043
github.com/apparentlymart/go-cidr v1.1.0 // indirect
4144
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
4245
github.com/aquasecurity/go-version v0.0.1 // indirect
46+
github.com/aquasecurity/iamgo v0.0.10 // indirect
47+
github.com/aquasecurity/jfather v0.0.8 // indirect
48+
github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169 // indirect
4349
github.com/aws/aws-sdk-go v1.55.7 // indirect
4450
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
4551
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
46-
github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
52+
github.com/bmatcuk/doublestar/v4 v4.9.0 // indirect
4753
github.com/cespare/xxhash/v2 v2.3.0 // indirect
4854
github.com/charmbracelet/lipgloss v0.8.0 // indirect
4955
github.com/cloudflare/circl v1.6.1 // indirect
@@ -56,10 +62,11 @@ require (
5662
github.com/fatih/color v1.18.0 // indirect
5763
github.com/felixge/httpsnoop v1.0.4 // indirect
5864
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
59-
github.com/go-logr/logr v1.4.2 // indirect
65+
github.com/go-logr/logr v1.4.3 // indirect
6066
github.com/go-logr/stdr v1.2.2 // indirect
6167
github.com/golang/protobuf v1.5.4 // indirect
6268
github.com/google/go-cmp v0.7.0 // indirect
69+
github.com/google/go-containerregistry v0.20.6 // indirect
6370
github.com/google/s2a-go v0.1.9 // indirect
6471
github.com/google/uuid v1.6.0 // indirect
6572
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
@@ -69,7 +76,7 @@ require (
6976
github.com/hashicorp/go-getter v1.7.8 // indirect
7077
github.com/hashicorp/go-hclog v1.6.3 // indirect
7178
github.com/hashicorp/go-multierror v1.1.1 // indirect
72-
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
79+
github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
7380
github.com/hashicorp/go-safetemp v1.0.0 // indirect
7481
github.com/hashicorp/go-uuid v1.0.3 // indirect
7582
github.com/hashicorp/logutils v1.0.0 // indirect
@@ -89,14 +96,15 @@ require (
8996
github.com/mitchellh/reflectwalk v1.0.2 // indirect
9097
github.com/muesli/reflow v0.3.0 // indirect
9198
github.com/muesli/termenv v0.15.2 // indirect
99+
github.com/package-url/packageurl-go v0.1.3 // indirect
92100
github.com/pion/transport/v2 v2.0.0 // indirect
93101
github.com/pion/udp v0.1.4 // indirect
94102
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
95103
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
96104
github.com/rivo/uniseg v0.4.7 // indirect
97105
github.com/robfig/cron/v3 v3.0.1 // indirect
98-
github.com/samber/lo v1.50.0 // indirect
99-
github.com/spf13/pflag v1.0.6 // indirect
106+
github.com/samber/lo v1.51.0 // indirect
107+
github.com/spf13/pflag v1.0.7 // indirect
100108
github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
101109
github.com/ulikunitz/xz v0.5.12 // indirect
102110
github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
@@ -107,34 +115,34 @@ require (
107115
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
108116
go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
109117
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
110-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
111-
go.opentelemetry.io/otel v1.35.0 // indirect
112-
go.opentelemetry.io/otel/metric v1.35.0 // indirect
113-
go.opentelemetry.io/otel/sdk v1.35.0 // indirect
114-
go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
115-
go.opentelemetry.io/otel/trace v1.35.0 // indirect
116-
golang.org/x/crypto v0.38.0 // indirect
117-
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
118-
golang.org/x/mod v0.24.0 // indirect
119-
golang.org/x/net v0.40.0 // indirect
120-
golang.org/x/oauth2 v0.28.0 // indirect
121-
golang.org/x/sync v0.14.0 // indirect
122-
golang.org/x/sys v0.33.0 // indirect
123-
golang.org/x/term v0.32.0 // indirect
124-
golang.org/x/text v0.25.0 // indirect
125-
golang.org/x/time v0.11.0 // indirect
126-
golang.org/x/tools v0.33.0 // indirect
118+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
119+
go.opentelemetry.io/otel v1.36.0 // indirect
120+
go.opentelemetry.io/otel/metric v1.36.0 // indirect
121+
go.opentelemetry.io/otel/sdk v1.36.0 // indirect
122+
go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
123+
go.opentelemetry.io/otel/trace v1.36.0 // indirect
124+
golang.org/x/crypto v0.40.0 // indirect
125+
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 // indirect
126+
golang.org/x/mod v0.26.0 // indirect
127+
golang.org/x/net v0.42.0 // indirect
128+
golang.org/x/oauth2 v0.30.0 // indirect
129+
golang.org/x/sync v0.16.0 // indirect
130+
golang.org/x/sys v0.34.0 // indirect
131+
golang.org/x/term v0.33.0 // indirect
132+
golang.org/x/text v0.27.0 // indirect
133+
golang.org/x/time v0.12.0 // indirect
134+
golang.org/x/tools v0.34.1-0.20250610205101-c26dd3ba555e // indirect
127135
google.golang.org/api v0.228.0 // indirect
128136
google.golang.org/appengine v1.6.8 // indirect
129137
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
130-
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
131-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
132-
google.golang.org/grpc v1.72.1 // indirect
138+
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect
139+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect
140+
google.golang.org/grpc v1.72.2 // indirect
133141
google.golang.org/protobuf v1.36.6 // indirect
134142
gopkg.in/yaml.v3 v3.0.1 // indirect
135143
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
136144
)
137145

138146
// Trivy has some issues that we're floating patches for, and will hopefully
139147
// be upstreamed eventually.
140-
replace github.com/aquasecurity/trivy => github.com/coder/trivy v0.0.0-20250527170238-9416a59d7019
148+
replace github.com/aquasecurity/trivy => github.com/coder/trivy v0.0.0-20250807211036-0bb0acd620a8

0 commit comments

Comments
 (0)