Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.54.1
->0.56.2
3.20.2
->3.20.3
825f815
->3bc1984
v1.59.1
->v1.61.0
Release Notes
aquasecurity/trivy (docker.io/aquasec/trivy)
v0.56.2
Compare Source
Changelog
f2252c8
release: v0.56.2 [release/v0.56] (#7694)f6700ec
fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)25d2540
fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)v0.56.1
Compare Source
Changelog
95dbf11
release: v0.56.1 [release/v0.56] (#7648)5dbdadf
fix(db): fix javadb downloading error handling [backport: release/v0.56] (#7646)v0.56.0
Compare Source
Features
pom.xml
dependency versions can't be detected (#7520) (b836232)--skip-*
for all included modules (#7579) (c0e8da3)Bug Fixes
DownloadedAt
fortrivy-java-db
(#7592) (13ef3e7)dependencyManagement
from root/child pom's for dependencies from parents (#7497) (5442949)ExperimentalModifiedFindings
(#7463) (7ff9aff)framework
aslibrary
when unmarshallingCycloneDX
files (#7527) (aeb7039)Performance Improvements
Reverts
test
scope forpom.xml
files (#7488) (b0222fe)v0.55.2
Compare Source
Changelog
928c7c0
release: v0.55.2 [release/v0.55] (#7523)14a058f
fix(java): usedependencyManagement
from root/child pom's for dependencies from parents [backport: release/v0.55] (#7521)990bc4e
chore(deps): bump alpine from 3.20.0 to 3.20.3 [backport: release/v0.55] (#7516)v0.55.1
Compare Source
⚡Release highlights and summary⚡
👉https://github.com/aquasecurity/trivy/discussions/7494
Changelog
https://github.com/aquasecurity/trivy/blob/release/v0.55/CHANGELOG.md#0551-2024-09-12
v0.55.0
Compare Source
⚠ BREAKING CHANGES
Features
toolchain
asstdlib
version forgo.mod
files (#7163) (2d80769)test
scope support forpom.xml
files (#7414) (2d97700)--path-prefix
flag for client/server mode (#7321) (24a4563)--detection-priority
flag for accuracy tuning (#7288) (fd8348d)Bug Fixes
--clear-cache
(#7281) (2a0e529)kind
andapiVersion
ofvolumeClaimTemplate
element (#7362) (da4ebfa)importers
to detect dev deps from pnpm-lock.yaml file (#7387) (fd9ed3a)Message
field inasff.tpl
template (#7401) (dd9733e)NOASSERTION
for licenses fields in SPDX formats (#7403) (c96dcdd).eyJ
keyword for JWT secret (#7410) (bf64003)Performance Improvements
golangci/golangci-lint (golangci/golangci-lint)
v1.61.0
Compare Source
junit-xml-extended
formatdupword
: from 0.0.14 to 0.1.1fatcontext
: from 0.4.0 to 0.5.2gci
: from 0.13.4 to 0.13.5 (new optionno-lex-order
)go-ruleguard
: from 0.4.2 to0fe6f58
(fix panic with custom linters)godot
: from 1.4.16 to 1.4.17gomodguard
: from 1.3.3 to 1.3.5gosec
: disable temporarilyG407
gosec
: fromab3f6c1
to 2.21.2 (partially fixG115
)intrange
: from 0.1.2 to 0.2.0nolintlint
: remove the empty line in the directive replacementtypecheck
v1.60.3
Compare Source
gosec
: from81cda2f
toab3f6c1
(fixG115
false positives)v1.60.2
Compare Source
gofmt
: update to HEAD (go1.22)gofumpt
: from 0.6.0 to 0.7.0gosec
: fix G602 analyzergosec
: from5f0084e
to81cda2f
(addsG115
,G405
,G406
,G506
,G507
)staticcheck
: from 0.5.0 to 0.5.1staticcheck
: propagate Go versionwrapcheck
: from 2.8.3 to 2.9.0exportloopref
: deprecationv1.60.1
Compare Source
errorlint
: from 1.5.2 to 1.6.0exhaustruct
: from 3.2.0 to 3.3.0 (recognize custom error values in return)fatcontext
: from 0.2.2 to 0.4.0 (fix false positives for context stored in structs)gocognit
: from 1.1.2 to 1.1.3gomodguard
: from 1.3.2 to 1.3.3govet
(printf
): report non-constant format, no argslll
: advertise max line length instead of just reporting failurerevive
: from 1.3.7 to 1.3.9 (new rule:comments-density
)sloglint
: from 0.7.1 to 0.7.2spancheck
: from 0.6.1 to 0.6.2staticcheck
: from 0.4.7 to 0.5.0tenv
: from 1.7.1 to 1.10.0 (remove reports on fuzzing)testifylint
: from 1.3.1 to 1.4.3 (new options:formatter
,suite-broken-parallel
,suite-subtest-run
)tparallel
: from 0.3.1 to 0.3.2usestdlibvars
: from 1.26.0 to 1.27.0 (fix false-positive with number used inside a mathematical operations)wsl
: from 4.2.1 to 4.4.1unused
: removeexported-is-used
optiontypecheck
issues should never be ignoredwsl
update documentation of the configurationv1.60.0
Compare Source
Cancelled due to a CI problem.
Configuration
📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.