Merge pull request 'Update to 0.59.0' (#12) from cwh/trivy:factory into factory

2025-02-18 15:25:59 +01:00 · 2025-02-18 15:25:59 +01:00 · 613bf3e03c
commit 613bf3e03c
parent 296e8bd503 d519931762
7 changed files with 103 additions and 9 deletions
--- a/2
+++ b/2
@ -2,7 +2,7 @@
  <service name="tar_scm" mode="manual">
    <param name="url">https://github.com/aquasecurity/trivy</param>
    <param name="scm">git</param>
-    <param name="revision">v0.58.2</param>
+    <param name="revision">v0.59.0</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="changesgenerate">enable</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/aquasecurity/trivy</param>
-              <param name="changesrevision">936f06a57864d073aa77b38f77fe76c4fcb1f7c1</param></service></servicedata>
+              <param name="changesrevision">a58d6854dcfec0349daef27e180f2bdb5b380315</param></service></servicedata>
--- a/trivy-0.58.2.tar.zst
+++ b/trivy-0.58.2.tar.zst
--- a/trivy-0.59.0.tar.zst
+++ b/trivy-0.59.0.tar.zst
--- a/trivy.changes
+++ b/trivy.changes
@ -1,3 +1,97 @@
 -------------------------------------------------------------------
 Fri Feb  7 11:33:46 UTC 2025 - Dirk Müller <dmueller@suse.com>
 - bump go version
 -------------------------------------------------------------------
 Wed Feb 05 16:28:33 UTC 2025 - cwh@suse.com
 - Update to version 0.59.0:
  * release: v0.59.0 [main] (#8041)
  * feat(image): return error early if total size of layers exceeds limit (#8294)
  * chore(deps): Bump trivy-checks (#8310)
  * chore(terraform): add accessors to underlying raw hcl values (#8306)
  * fix: improve conversion of image config to Dockerfile (#8308)
  * docs: replace short codes with Unicode emojis (#8296)
  * feat(k8s): improve artifact selections for specific namespaces (#8248)
  * chore: update code owners (#8303)
  * fix(misconf): handle heredocs in dockerfile instructions (#8284)
  * fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298)
  * chore(deps): bump the aws group with 7 updates (#8299)
  * chore(deps): bump the common group with 12 updates (#8301)
  * chore: enable int-conversion from perfsprint (#8194)
  * feat(fs): use git commit hash as cache key for clean repositories (#8278)
  * fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077)
  * chore: use require.ErrorContains when possible (#8291)
  * feat(image): prevent scanning oversized container images (#8178)
  * chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289)
  * fix(fs): fix cache key generation to use UUID (#8275)
  * fix(misconf): correctly handle all YAML tags in K8S templates (#8259)
  * feat: add support for registry mirrors (#8244)
  * chore(deps): bump the common group across 1 directory with 29 updates (#8261)
  * refactor(license): improve license expression normalization (#8257)
  * feat(misconf): support for ignoring by inline comments for Dockerfile (#8115)
  * feat: add a examples field to check metadata (#8068)
  * chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196)
  * ci: add workflow to restrict direct PRs to release branches (#8240)
  * fix(suse): SUSE - update OSType constants and references for compatility (#8236)
  * ci: fix path to main dir for canary builds (#8231)
  * chore(secret): add reported issues related to secrets in junit template (#8193)
  * refactor: use trivy-checks/pkg/specs package (#8226)
  * ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170)
  * fix(misconf): allow null values only for tf variables (#8112)
  * feat(misconf): support for ignoring by inline comments for Helm (#8138)
  * fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222)
  * chore(alpine): add EOL date for Alpine 3.21 (#8221)
  * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)
  * fix(misconf): disable git terminal prompt on tf module load (#8026)
  * chore: remove aws iam related scripts (#8179)
  * docs: Updated JSON schema version 2 in the trivy documentation (#8188)
  * refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175)
  * refactor: use slices package instead of custom function (#8172)
  * chore(deps): bump the common group with 6 updates (#8162)
  * feat(python): add support for uv dev and optional dependencies (#8134)
  * feat(python): add support for poetry dev dependencies (#8152)
  * fix(sbom): attach nested packages to Application (#8144)
  * docs(vex): use debian minor version in examples (#8166)
  * refactor: add generic Set implementation (#8149)
  * chore(deps): bump the aws group across 1 directory with 6 updates (#8163)
  * fix(python): skip dev group's deps for poetry (#8106)
  * fix(sbom): use root package for `unknown` dependencies (if exists) (#8104)
  * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140)
  * chore(vex): suppress CVE-2024-45338 (#8137)
  * feat(python): add support for uv (#8080)
  * chore(deps): bump the docker group across 1 directory with 3 updates (#8127)
  * chore(deps): bump the common group across 1 directory with 14 updates (#8126)
  * chore: bump go to 1.23.4 (#8123)
  * test: set dummy value for NUGET_PACKAGES (#8107)
  * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105)
  * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103)
  * fix: wasm module test (#8099)
  * fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088)
  * chore(vex): suppress CVE-2024-45337 (#8101)
  * fix(license): always trim leading and trailing spaces for licenses (#8095)
  * fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635)
  * fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063)
  * fix: enable err-error and errorf rules from perfsprint linter (#7859)
  * chore(deps): bump the aws group across 1 directory with 6 updates (#8074)
  * perf: avoid heap allocation in applier findPackage (#7883)
  * fix: Updated twitter icon (#7772)
  * docs(k8s): add a note about multi-container pods (#7815)
  * feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070)
  * fix(oracle): add architectures support for advisories (#4809)
  * fix: handle `BLOW_UNKNOWN` error to download DBs (#8060)
  * feat(misconf): generate placeholders for random provider resources (#8051)
  * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052)
  * fix(flag): skip hidden flags for `--generate-default-config` command (#8046)
  * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050)
  * feat(nodejs): respect peer dependencies for dependency tree (#7989)
  * ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)
  * fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)
  * chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)
  * fix(misconf): use log instead of fmt for logging (#8033)
  * docs: add commercial content (#8030)
 -------------------------------------------------------------------
 Wed Jan 29 11:56:12 UTC 2025 - dmueller@suse.com
--- a/trivy.spec
+++ b/trivy.spec
@ -17,7 +17,7 @@
 Name:           trivy
-Version:        0.58.2
+Version:        0.59.0
 Release:        0
 Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
 License:        Apache-2.0
@ -27,7 +27,7 @@ Source:         %{name}-%{version}.tar.zst
 Source1:        vendor.tar.zst
 BuildRequires:  golang-packaging
 BuildRequires:  zstd
-BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang(API) = 1.23
 Requires:       ca-certificates
 Requires:       git-core
 Requires:       rpm
--- a/vendor.tar.zst
+++ b/vendor.tar.zst