chore(deps): bump github.com/aquasecurity/trivy from 0.52.1-0.20240619054236-36b3b772df21 to 0.53.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.52.1-0.20240619054236-36b3b772df21 to 0.53.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.53.0

Changelog

• c55b0e6ca release: v0.53.0 [main] (#6855)
• 654217a65 feat(conda): add licenses support for environment.yml files (#6953)
• 3d4ae8b5b fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
• 55ccd06df feat: add memory cache backend (#7048)
• 14d71ba63 fix(sbom): use package UIDs for uniqueness (#7042)
• edc556b85 feat(php): add installed.json file support (#4865)
• 4f8b3996e docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
• 137c91642 fix: use embedded when command path not found (#7037)
• 9e4927ee1 chore(deps): bump trivy-kubernetes version (#7012)
• 4be02bab8 refactor: use google/wire for cache (#7024)
• e9fc3e339 fix(cli): show info message only when --scanners is available (#7032)
• 0ccdbfbb6 chore: enable float-compare rule from testifylint (#6967)
• 9045f2445 docs: Add sudo on commands, chmod before mv on install docs (#7009)
• 3d02a31b4 fix(plugin): respect --insecure (#7022)
• 8d618e48a feat(k8s)!: node-collector dynamic commands support (#6861)
• a76e3286c fix(sbom): take pkg name from purl for maven pkgs (#7008)
• eb636c1b3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#7018)
• 8d0ae1f5d feat!: add clean subcommand (#6993)
• de201dc77 chore: use ! for breaking changes (#6994)
• 979e118a9 feat(aws)!: Remove aws subcommand (#6995)
• 648ead955 refactor: replace global cache directory with parameter passing (#6986)
• 7eabb92ec fix(sbom): use purl for bitnami pkg names (#6982)
• 333087c9e chore: bump Go toolchain version (#6984)
• 6dff4223e refactor: unify cache implementations (#6977)
• 9dc8a2ba6 docs: non-packaged and sbom clarifications (#6975)
• b58d42dc9 BREAKING(aws): Deprecate trivy aws as subcmd in favour of a plugin (#6819)
• 6469d37cc docs: delete unknown URL (#6972)
• 30bcb9535 refactor: use version-specific URLs for documentation references (#6966)
• e493fc931 refactor: delete db mock (#6940)
• 983ac15f2 ci: add depguard (#6963)
• dfe757e37 refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726)
• f144e912d feat: Add local ImageID to SARIF metadata (#6522)
• 5ee4e9d30 fix(suse): Add SLES 15.6 and Leap 15.6 (#6964)
• f18d035ae feat(java): add support for sbt projects using sbt-dependency-lock (#6882)
• 1f8fca1fc feat(java): add support for maven-metadata.xml files for remote snapshot repositories. (#6950)
• 2d85a003b fix(purl): add missed os types (#6955)
• 417212e09 fix(cyclonedx): trim non-URL info for advisory.url (#6952)
• 38b35dd3c fix(c): don't skip conan files from file-patterns and scan .conan2 cache dir (#6949)
• eb6d0d977 ci: correctly handle categories (#6943)
• 0af5730cb fix(image): parse image.inspect.Created field only for non-empty values (#6948)
• c3192f061 fix(misconf): handle source prefix to ignore (#6945)
• ec68c9ab4 fix(misconf): fix parsing of engine links and frameworks (#6937)
• bc3741ae2 feat(misconf): support of selectors for all providers for Rego (#6905)
• 735aadf2d ci: don't run tests for release-please PRs (#6936)
• 52f7aa54b fix(license): return license separation using separators ,, or, etc. (#6916)
• d77d9ce38 ci: use ubuntu-latest-m runner (#6918)
• 55fa6109c feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755)
• cd360dde2 BREAKING(misconf): flatten recursive types (#6862)

... (truncated)

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.53.0 (2024-07-01)

⚠ BREAKING CHANGES

• k8s: node-collector dynamic commands support (#6861)
• add clean subcommand (#6993)
• aws: Remove aws subcommand (#6995)

Features

• add clean subcommand (#6993) (8d0ae1f)
• Add local ImageID to SARIF metadata (#6522) (f144e91)
• add memory cache backend (#7048) (55ccd06)
• aws: Remove aws subcommand (#6995) (979e118)
• conda: add licenses support for environment.yml files (#6953) (654217a)
• dart: use first version of constraint for dependencies using SDK version (#6239) (042d6b0)
• image: Set User-Agent header for Trivy container registry requests (#6868) (9b31697)
• java: add support for maven-metadata.xml files for remote snapshot repositories. (#6950) (1f8fca1)
• java: add support for sbt projects using sbt-dependency-lock (#6882) (f18d035)
• k8s: node-collector dynamic commands support (#6861) (8d618e4)
• misconf: add metadata to Cloud schema (#6831) (02d5404)
• misconf: add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) (55fa610)
• misconf: API Gateway V1 support for CloudFormation (#6874) (8491469)
• misconf: support of selectors for all providers for Rego (#6905) (bc3741a)
• php: add installed.json file support (#4865) (edc556b)
• plugin: add support for nested archives (#6845) (622c67b)
• sbom: migrate to CycloneDX v1.6 (#6903) (09e50ce)

Bug Fixes

• c: don't skip conan files from file-patterns and scan .conan2 cache dir (#6949) (38b35dd)
• cli: show info message only when --scanners is available (#7032) (e9fc3e3)
• cyclonedx: trim non-URL info for advisory.url (#6952) (417212e)
• debian: take installed files from the origin layer (#6849) (089b953)
• image: parse image.inspect.Created field only for non-empty values (#6948) (0af5730)
• license: return license separation using separators ,, or, etc. (#6916) (52f7aa5)
• misconf: fix caching of modules in subdirectories (#6814) (0bcfedb)
• misconf: fix parsing of engine links and frameworks (#6937) (ec68c9a)
• misconf: handle source prefix to ignore (#6945) (c3192f0)
• misconf: parsing numbers without fraction as int (#6834) (8141a13)
• nodejs: fix infinite loop when package link from package-lock.json file is broken (#6858) (cf5aa33)
• nodejs: fix infinity loops for pnpm with cyclic imports (#6857) (7d083bc)
• plugin: respect --insecure (#7022) (3d02a31)
• purl: add missed os types (#6955) (2d85a00)
• python: compare pkg names from poetry.lock and pyproject.toml in lowercase (#6852) (faa9d92)
• sbom: don't overwrite srcEpoch when decoding SBOM files (#6866) (04af59c)
• sbom: fix panic when scanning SBOM file without root component into SBOM format (#7051) (3d4ae8b)
• sbom: take pkg name from purl for maven pkgs (#7008) (a76e328)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)