Accepting request 1092482 from Virtualization:containers

- Update to version 0.42.1:
  * ci: remove 32bit packages (#4585)
  * fix(misconf): deduplicate misconf results (#4588)
  * fix(vm): support sector size of 4096 (#4564)
  * fix(misconf): terraform relative paths (#4571)
  * fix(purl): skip unsupported library type (#4577)
  * fix(terraform): recursively detect all Root Modules (#4457)
  * fix(vm): support post analyzer for vm command (#4544)
  * fix(nodejs): change the type of the devDependencies field (#4560)
  * fix(sbom): export empty dependencies in CycloneDX (#4568)
  * refactor: add composite fs for post-analyzers (#4556)
  * chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554)
  * chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526)
  * chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528)
  * chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529)
  * chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536)
  * chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549)
  * chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532)
  * chore(deps): bump github.com/testcontainers/testcontainers-go (#4537)
  * chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530)
  * chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534)
  * chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
  * chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
  * feat: add SBOM analyzer (#4210)
  * fix(sbom): update logic for work with files in spdx format (#4513)
  * feat: azure workload identity support (#4489)
  * feat(ubuntu): add eol date for 18.04 ESM (#4524)
  * fix(misconf): Update required extensions for terraformplan (#4523)
  * refactor(cyclonedx): add intermediate representation (#4490)
  * fix(misconf): Remove debug print while scanning (#4521)

OBS-URL: https://build.opensuse.org/request/show/1092482
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trivy?expand=0&rev=53
This commit is contained in:
Dominique Leuenberger 2023-06-12 13:27:28 +00:00 committed by Git OBS Bridge
commit 5388dde51a
7 changed files with 118 additions and 8 deletions

View File

@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
<param name="url">https://github.com/aquasecurity/trivy</param> <param name="url">https://github.com/aquasecurity/trivy</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="revision">v0.41.0</param> <param name="revision">v0.42.1</param>
<param name="versionformat">@PARENT_TAG@</param> <param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param> <param name="changesgenerate">enable</param>

View File

@ -1,4 +1,4 @@
<servicedata> <servicedata>
<service name="tar_scm"> <service name="tar_scm">
<param name="url">https://github.com/aquasecurity/trivy</param> <param name="url">https://github.com/aquasecurity/trivy</param>
<param name="changesrevision">1be1e2e6380efd9b63913721db1b9d61e3800126</param></service></servicedata> <param name="changesrevision">9a279fa7bb5ccdcda642f99ac2dfd80551082ee2</param></service></servicedata>

BIN
trivy-0.41.0.tar.zst (Stored with Git LFS)

Binary file not shown.

BIN
trivy-0.42.1.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,113 @@
-------------------------------------------------------------------
Mon Jun 12 07:56:25 UTC 2023 - dmueller@suse.com
- Update to version 0.42.1:
* ci: remove 32bit packages (#4585)
* fix(misconf): deduplicate misconf results (#4588)
* fix(vm): support sector size of 4096 (#4564)
* fix(misconf): terraform relative paths (#4571)
* fix(purl): skip unsupported library type (#4577)
* fix(terraform): recursively detect all Root Modules (#4457)
* fix(vm): support post analyzer for vm command (#4544)
* fix(nodejs): change the type of the devDependencies field (#4560)
* fix(sbom): export empty dependencies in CycloneDX (#4568)
* refactor: add composite fs for post-analyzers (#4556)
* chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554)
* chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526)
* chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536)
* chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549)
* chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532)
* chore(deps): bump github.com/testcontainers/testcontainers-go (#4537)
* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534)
* chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
* chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
* feat: add SBOM analyzer (#4210)
* fix(sbom): update logic for work with files in spdx format (#4513)
* feat: azure workload identity support (#4489)
* feat(ubuntu): add eol date for 18.04 ESM (#4524)
* fix(misconf): Update required extensions for terraformplan (#4523)
* refactor(cyclonedx): add intermediate representation (#4490)
* fix(misconf): Remove debug print while scanning (#4521)
* fix(java): remove duplicates of jar libs (#4515)
* fix(java): fix overwriting project props in pom.xml (#4498)
* docs: Update compilation instructions (#4512)
* fix(nodejs): update logic for parsing pnpm lock files (#4502)
* fix(secret): remove aws-account-id rule (#4494)
* feat(oci): add support for referencing an input image by digest (#4470)
* chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#4338)
* docs: fixed the format (#4503)
* fix(java): add support of * for exclusions for pom.xml files (#4501)
* feat: adding issue template for documentation (#4453)
* docs: switch glad to ghsa for Go (#4493)
* chore(deps): Update defsec to v0.89.0 (#4474)
* feat(misconf): Add terraformplan support (#4342)
* feat(debian): add digests for dpkg (#4445)
* chore(deps): bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#4478)
* feat(k8s): exclude node scanning by node labels (#4459)
* docs: add info about multi-line mode for regexp from custom secret rules (#4159)
* feat(cli): convert JSON reports into a different format (#4452)
* feat(image): add logic to guess base layer for docker-cis scan (#4344)
* fix(cyclonedx): set original names for packages (#4306)
* feat: group subcommands (#4449)
* feat(cli): add retry to cache operations (#4189)
* fix(vuln): report architecture for `apk` packages (#4247)
* refactor: enable cases where return values are not needed in pipeline (#4443)
* fix(image): resolve scan deadlock when error occurs in slow mode (#4336)
* docs(misconf): Update docs for kubernetes file patterns (#4435)
* test: k8s integration tests (#4423)
* feat(redhat): add package digest for rpm (#4410)
* feat(misconf): Add `--reset-policy-bundle` for policy bundle (#4167)
* fix: typo (#4431)
* add user instruction to imgconf (#4429)
* fix(k8s): add image sources (#4411)
* docs(scanning): Add versioning banner (#4415)
* feat(cli): add mage command to update golden integration test files (#4380)
* feat: node-collector custom namespace support (#4407)
* chore(deps): bump owenrumney/go-sarif from v2.1.3 to v2.2.0 (#4378)
* refactor(sbom): use multiline json for spdx-json format (#4404)
* fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347)
* refactor: code-optimization (#4214)
* feat(image): Add image-src flag to specify which runtime(s) to use (#4047)
* test: skip wrong update of test golden files (#4379)
* refactor: don't return error for package.json without version/name (#4377)
* docs: cmd error (#4376)
* test(cli): add test for config file and env combination (#2666)
* fix(report): set a correct file location for license scan output (#4326)
* ci: rpm repository for all versions and aarch64 (#4077)
* chore(alpine): Update Alpine to 3.18 (#4351)
* fix(alpine): add EOL date for Alpine 3.18 (#4308)
* chore(deps): bump github.com/docker/distribution (#4337)
* feat: allow root break for mapfs (#4094)
* docs(misconf): Remove examples.md (#4256)
* fix(ubuntu): update eol dates for Ubuntu (#4258)
* feat(alpine): add digests for apk packages (#4168)
* chore: add discussion templates (#4190)
* fix(terraform): Support tfvars (#4123)
* chore: separate docs:generate (#4242)
* chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4246)
* refactor: define vulnerability scanner interfaces (#4117)
* feat: unified k8s scan resources (#4188)
* chore(deps): Update defsec to v0.88.1 (#4178)
* chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 (#4141)
* chore: trivy bin ignore (#4212)
* feat(image): enforce image platform (#4083)
* chore(deps): bump github.com/owenrumney/go-sarif/v2 from 2.1.2 to 2.1.3 (#4143)
* chore(deps): bump github.com/docker/docker (#4144)
* chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 (#4146)
* chore(deps): bump aquaproj/aqua-installer from 2.0.2 to 2.1.1 (#4140)
* fix(ubuntu): fix version selection logic for ubuntu esm (#4171)
* chore(deps): bump github.com/samber/lo from 1.37.0 to 1.38.1 (#4147)
* chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 (#4145)
* chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.3 (#4138)
* chore(deps): bump github.com/testcontainers/testcontainers-go (#4150)
* chore: install.sh support for windows (#4155)
* chore(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 (#4166)
* chore(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#4149)
* docs: moving skipping files out of others (#4154)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 11 17:05:04 UTC 2023 - Dirk Müller <dmueller@suse.com> Thu May 11 17:05:04 UTC 2023 - Dirk Müller <dmueller@suse.com>

View File

@ -17,7 +17,7 @@
Name: trivy Name: trivy
Version: 0.41.0 Version: 0.42.1
Release: 0 Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0 License: Apache-2.0

BIN
vendor.tar.zst (Stored with Git LFS)

Binary file not shown.