From 0fe2951c533c77bfb0ad645c0a66cb9a8db6ee3b5fef54710fd6657d3db27be5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dirk=20M=C3=BCller?= <dirk@dmllr.de>
Date: Fri, 14 Mar 2025 10:43:17 +0100
Subject: [PATCH] Update to 0.60.0

---
 _service             |  2 +-
 _servicedata         |  2 +-
 trivy-0.59.1.tar.zst |  3 ---
 trivy-0.60.0.tar.zst |  3 +++
 trivy.changes        | 64 +++++++++++++++++++++++++++++++++++++++++++-
 trivy.spec           |  4 +--
 vendor.tar.zst       |  4 +--
 7 files changed, 72 insertions(+), 10 deletions(-)
 delete mode 100644 trivy-0.59.1.tar.zst
 create mode 100644 trivy-0.60.0.tar.zst

diff --git a/_service b/_service
index 6782962..daaf1f1 100644
--- a/_service
+++ b/_service
@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/aquasecurity/trivy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.59.1</param>
+    <param name="revision">v0.60.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
diff --git a/_servicedata b/_servicedata
index 98ba0e6..a113a63 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">9aabfd2a91e7278384bce7ccc6841a1d2851feb0</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">a4009f62fdcc4ce0170feaea7ffc58a92d4a87cb</param></service></servicedata>
\ No newline at end of file
diff --git a/trivy-0.59.1.tar.zst b/trivy-0.59.1.tar.zst
deleted file mode 100644
index ce49fb5..0000000
--- a/trivy-0.59.1.tar.zst
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7119a6bac83e6b1703cff2977db5e33e34328952bba5eff53ec574b12f0350d9
-size 52270719
diff --git a/trivy-0.60.0.tar.zst b/trivy-0.60.0.tar.zst
new file mode 100644
index 0000000..351816e
--- /dev/null
+++ b/trivy-0.60.0.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1035ce9269f261ca72207b2f5421d8240f6d9ca79ec26f71faf5bc432441f147
+size 52297136
diff --git a/trivy.changes b/trivy.changes
index 2809708..e5c8e36 100644
--- a/trivy.changes
+++ b/trivy.changes
@@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Fri Mar 14 09:39:09 UTC 2025 - dmueller@suse.com
+
+- Update to version 0.60.0:
+  * release: v0.60.0 [main] (#8327)
+  * fix(sbom): improve logic for binding direct dependency to parent component (#8489)
+  * chore(deps): remove missed replace of `trivy-db` (#8492)
+  * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490)
+  * chore(deps): update Go to 1.24 and switch to go-version-file (#8388)
+  * docs: add abbreviation list (#8453)
+  * chore(terraform): assign *terraform.Module 'parent' field (#8444)
+  * feat: add report summary table (#8177)
+  * chore(deps): bump the github-actions group with 3 updates (#8473)
+  * refactor(vex): improve SBOM reference handling with project standards (#8457)
+  * ci: update GitHub Actions cache to v4 (#8475)
+  * feat: add `--vuln-severity-source` flag (#8269)
+  * fix(os): add mapping OS aliases (#8466)
+  * chore(deps): bump the aws group across 1 directory with 7 updates (#8468)
+  * chore(deps): Bump trivy-checks to v1.7.1 (#8467)
+  * refactor(report): write tables after rendering all results (#8357)
+  * docs: update VEX documentation index page (#8458)
+  * fix(db): fix case when 2 trivy-db were copied at the same time (#8452)
+  * feat(misconf): render causes for Terraform (#8360)
+  * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073)
+  * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254)
+  * chore(deps): update go-rustaudit location (#8450)
+  * fix: update all documentation links (#8045)
+  * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443)
+  * chore(deps): bump the common group with 6 updates (#8411)
+  * fix(k8s): add missed option `PkgRelationships` (#8442)
+  * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346)
+  * feat(go): fix parsing main module version for go >= 1.24 (#8433)
+  * refactor(misconf): make Rego scanner independent of config type (#7517)
+  * fix(image): disable AVD-DS-0007 for history scanning (#8366)
+  * fix(server): secrets inspectation for the config analyzer in client server mode (#8418)
+  * chore: remove mockery (#8417)
+  * test(server): replace mock driver with memory cache in server tests (#8416)
+  * test: replace mock with memory cache and fix non-deterministic tests (#8410)
+  * test: replace mock with memory cache in scanner tests (#8413)
+  * test: use memory cache (#8403)
+  * fix(spdx): init `pkgFilePaths` map for all formats (#8380)
+  * chore(deps): bump the common group across 1 directory with 11 updates (#8381)
+  * docs: correct Ruby documentation (#8402)
+  * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390)
+  * fix: don't use `scope` for `trivy registry login` command (#8393)
+  * fix(go): merge nested flags into string for ldflags for Go binaries (#8368)
+  * chore(terraform): export module path on terraform modules (#8374)
+  * fix(terraform): apply parser options to submodule parsing (#8377)
+  * docs: Fix typos in documentation (#8361)
+  * docs: fix navigate links (#8336)
+  * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354)
+  * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353)
+  * chore: remove debug prints (#8347)
+  * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345)
+  * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344)
+  * chore(deps): bump Go to `v1.23.5` (#8341)
+  * fix(python): add `poetry` v2 support (#8323)
+  * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331)
+  * fix(misconf): ecs include enhanced for container insights (#8326)
+  * fix(sbom): preserve OS packages from multiple SBOMs (#8325)
+  * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311)
+
 -------------------------------------------------------------------
 Wed Feb 26 09:01:28 UTC 2025 - Dirk Müller <dmueller@suse.com>
 
@@ -22,7 +84,7 @@ Fri Feb  7 11:33:46 UTC 2025 - Dirk Müller <dmueller@suse.com>
 -------------------------------------------------------------------
 Wed Feb 05 16:28:33 UTC 2025 - cwh@suse.com
 
-- Update to version 0.59.0:
+- Update to version 0.59.0 (bsc#1234512, CVE-2024-45337):
   * release: v0.59.0 [main] (#8041)
   * feat(image): return error early if total size of layers exceeds limit (#8294)
   * chore(deps): Bump trivy-checks (#8310)
diff --git a/trivy.spec b/trivy.spec
index 6984ce8..af1f0e0 100644
--- a/trivy.spec
+++ b/trivy.spec
@@ -17,7 +17,7 @@
 
 
 Name:           trivy
-Version:        0.59.1
+Version:        0.60.0
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
@@ -28,7 +28,7 @@ Source1:        vendor.tar.zst
 Patch1:         jwe-avoid-unbounded-splits.patch
 BuildRequires:  golang-packaging
 BuildRequires:  zstd
-BuildRequires:  golang(API) = 1.23
+BuildRequires:  golang(API) = 1.24
 Requires:       ca-certificates
 Requires:       git-core
 Requires:       rpm
diff --git a/vendor.tar.zst b/vendor.tar.zst
index 54fab6d..5c7aea2 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2e838c120d1a583cc2b4267507f0c1824c09154d3bd50371e90a29b828fc470b
-size 38404606
+oid sha256:5b765efe24aa5efb955e9c2b38e0978e4f8f8e69eab017e2ce799aeb6c7e67c8
+size 39219662