From 872c379ffc2e58c4f85158d8814791c91e53c305 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 19:41:52 +0200
Subject: [PATCH] Bump aquasecurity/trivy-action from 0.19.0 to 0.24.0 (#173)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action)
from 0.19.0 to 0.24.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.24.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade trivy to v0.53.0 by <a
href="https://github.com/Dr-DevOps"><code>@​Dr-DevOps</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/369">aquasecurity/trivy-action#369</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.23.0...0.24.0">https://github.com/aquasecurity/trivy-action/compare/0.23.0...0.24.0</a></p>
<h2>v0.23.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade trivy to v0.52.2 by <a
href="https://github.com/Dr-DevOps"><code>@​Dr-DevOps</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/367">aquasecurity/trivy-action#367</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.22.0...0.23.0">https://github.com/aquasecurity/trivy-action/compare/0.22.0...0.23.0</a></p>
<h2>v0.22.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(docs): Reference the use of a pinned version by <a
href="https://github.com/simar7"><code>@​simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/356">aquasecurity/trivy-action#356</a></li>
<li>Upgrade trivy to v0.52.0 by <a
href="https://github.com/Keralin"><code>@​Keralin</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/364">aquasecurity/trivy-action#364</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Keralin"><code>@​Keralin</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/364">aquasecurity/trivy-action#364</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.21.0...0.22.0">https://github.com/aquasecurity/trivy-action/compare/0.21.0...0.22.0</a></p>
<h2>v0.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump trivy version to v0.51.2 by <a
href="https://github.com/Dr-DevOps"><code>@​Dr-DevOps</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/360">aquasecurity/trivy-action#360</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Dr-DevOps"><code>@​Dr-DevOps</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/360">aquasecurity/trivy-action#360</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.20.0...0.21.0">https://github.com/aquasecurity/trivy-action/compare/0.20.0...0.21.0</a></p>
<h2>v0.20.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Make 'hide-progress' input working again by <a
href="https://github.com/uridium"><code>@​uridium</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/323">aquasecurity/trivy-action#323</a></li>
<li>feat(image): add <code>--docker-host</code> option for GH Action
users by <a
href="https://github.com/calinmarina"><code>@​calinmarina</code></a> in
<a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/267">aquasecurity/trivy-action#267</a></li>
<li>Browse Trivy reports without GitHub Advanced Security license by <a
href="https://github.com/uridium"><code>@​uridium</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/328">aquasecurity/trivy-action#328</a></li>
<li>Fix docker host bug by <a
href="https://github.com/admiralAwkbar"><code>@​admiralAwkbar</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/329">aquasecurity/trivy-action#329</a></li>
<li>Bump trivy version to v0.50.2 by <a
href="https://github.com/pdefreitas"><code>@​pdefreitas</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/341">aquasecurity/trivy-action#341</a></li>
<li>update tests by <a
href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/334">aquasecurity/trivy-action#334</a></li>
<li>bump trivy version to v0.51.1 by <a
href="https://github.com/simar7"><code>@​simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/353">aquasecurity/trivy-action#353</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/uridium"><code>@​uridium</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/323">aquasecurity/trivy-action#323</a></li>
<li><a
href="https://github.com/calinmarina"><code>@​calinmarina</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/267">aquasecurity/trivy-action#267</a></li>
<li><a
href="https://github.com/admiralAwkbar"><code>@​admiralAwkbar</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/329">aquasecurity/trivy-action#329</a></li>
<li><a
href="https://github.com/pdefreitas"><code>@​pdefreitas</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/341">aquasecurity/trivy-action#341</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.19.0...0.20.0">https://github.com/aquasecurity/trivy-action/compare/0.19.0...0.20.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8"><code>6e7b7d1</code></a>
Upgrade trivy to v0.53.0 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/369">#369</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/7c2007bcb556501da015201bcba5aa14069b74e2"><code>7c2007b</code></a>
Upgrade trivy to v0.52.2 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/367">#367</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/595be6a0f6560a0a8fc419ddf630567fc623531d"><code>595be6a</code></a>
Upgrade trivy to v0.52.0 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/364">#364</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/841fb371db7b5cd339e5b2d55c92f5dbd730ac9f"><code>841fb37</code></a>
chore(docs): Reference the use of a pinned version (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/356">#356</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/fd25fed6972e341ff0007ddb61f77e88103953c2"><code>fd25fed</code></a>
bump trivy version to v0.51.2 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/360">#360</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/b2933f565dbc598b29947660e66259e3c7bc8561"><code>b2933f5</code></a>
bump trivy version to v0.51.1 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/353">#353</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/b2cd5ff52c525099076ae4f4178bc8e9b4da89ec"><code>b2cd5ff</code></a>
Update bump-trivy.yaml</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/6f8c23760b7baab9da654a77606e367803441f93"><code>6f8c237</code></a>
update tests (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/334">#334</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/7088d18dcb87884bc7b5a4000d5517d758e9aa13"><code>7088d18</code></a>
Revert &quot;fix: 🐛 allow trivy-config and other options to be used
together (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/338">#338</a>)&quot;</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/ee6a4f5af1dbe22ccc11905a61abd2db301d532c"><code>ee6a4f5</code></a>
fix: 🐛 allow trivy-config and other options to be used together (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/338">#338</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aquasecurity/trivy-action/compare/0.19.0...0.24.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy-action&package-manager=github_actions&previous-version=0.19.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-dev.yaml  | 2 +-
 .github/workflows/trivy-scan.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-dev.yaml b/.github/workflows/build-dev.yaml
index 93fcc8e80..74cb28c0a 100644
--- a/.github/workflows/build-dev.yaml
+++ b/.github/workflows/build-dev.yaml
@@ -54,7 +54,7 @@ jobs:
           fail_ci_if_error: true
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.19.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           scan-type: "fs"
           ignore-unfixed: true
diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml
index 3e966d0cb..50e914514 100644
--- a/.github/workflows/trivy-scan.yaml
+++ b/.github/workflows/trivy-scan.yaml
@@ -39,7 +39,7 @@ jobs:
           devbox run -- ko build -B -t ${{ github.sha }} --platform=$PLATFORMS .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.19.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: "ko.local/${{ env.REPOSITORY_NAME }}:${{ github.sha }}"
           format: "sarif"