Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

chore(deps): bump the trivy group with 2 updates #2334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into master
base: master
Choose a base branch
Loading
from dependabot/go_modules/master/trivy-7ce3bd4ca6

Conversation

Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 4, 2025
edited
Loading

Bumps the trivy group with 2 updates: github.com/aquasecurity/trivy and github.com/aquasecurity/trivy-db.

Updates github.com/aquasecurity/trivy from 0.66.0 to 0.67.0

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.67.0

👉 Trivy v0.67.0 release notes (click here)

⬇️ Download Trivy

🐳 New Docker Install option

  • docker pull get.trivy.dev/image/trivy:0.67.0

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0670-2025年09月30日

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.67.0 (2025年09月30日)

Features

  • add documentation URL for database lock errors (#9531) (eba48af)
  • cli: change --list-all-pkgs default to true (#9510) (7b663d8)
  • cloudformation: support default values and list results in Fn::FindInMap (#9515) (42b3bf3)
  • cyclonedx: preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439) (aff03eb)
  • redhat: add os-release detection for RHEL-based images (#9458) (cb25a07)
  • sbom: added support for CoreOS (#9448) (6d562a3)
  • seal: add seal support (#9370) (e4af279)

Bug Fixes

  • aws: use BuildableClient insead of xhttp.Client (#9436) (fa6f1bf)
  • close file descriptors and pipes on error paths (#9536) (a4cbd6a)
  • db: Dowload database when missing but metadata still exists (#9393) (92ebc7e)
  • k8s: disable parallel traversal with fs cache for k8s images (#9534) (c0c7a6b)
  • misconf: handle tofu files in module detection (#9486) (bfd2f6b)
  • misconf: strip build metadata suffixes from image history (#9498) (c938806)
  • misconf: unmark cty values before access (#9495) (8e40d27)
  • misconf: wrap legacy ENV values in quotes to preserve spaces (#9497) (267a970)
  • nodejs: parse workspaces as objects for package-lock.json files (#9518) (404abb3)
  • nodejs: use snapshot string as Package.ID for pnpm packages (#9330) (4517e8c)
  • vex: don't suppress vulns for packages with infinity loop (#9465) (78f0d4a)
  • vuln: compare nuget package names in lower case (#9456) (1ff9ac7)
Commits
  • adeb362 release: v0.67.0 [main] (#9432)
  • 78f0d4a fix(vex): don't suppress vulns for packages with infinity loop (#9465)
  • fa6f1bf fix(aws): use BuildableClient insead of xhttp.Client (#9436)
  • e7c16a7 refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and ...
  • c446a5c docs: clarify inline ignore limitations for resource-less checks (#9537)
  • c0c7a6b fix(k8s): disable parallel traversal with fs cache for k8s images (#9534)
  • bfd2f6b fix(misconf): handle tofu files in module detection (#9486)
  • e4af279 feat(seal): add seal support (#9370)
  • e149094 docs: fix modules path and update code example (#9539)
  • a4cbd6a fix: close file descriptors and pipes on error paths (#9536)
  • Additional commits viewable in compare view

Updates github.com/aquasecurity/trivy-db from 0.0.0-20250731052236-c7c831e2254d to 0.0.0-20250929072116-eba1ced2340a

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/aquasecurity/trivy [>= 0.50.2.a, < 0.50.3]
github.com/aquasecurity/trivy [< 0.51, > 0.50.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 4, 2025
@shino shino self-requested a review October 6, 2025 04:13 
Bumps the trivy group with 2 updates: [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) and [github.com/aquasecurity/trivy-db](https://github.com/aquasecurity/trivy-db).
Updates `github.com/aquasecurity/trivy` from 0.66.0 to 0.67.0
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.66.0...v0.67.0)
Updates `github.com/aquasecurity/trivy-db` from 0.0.0-20250731052236-c7c831e2254d to 0.0.0-20250929072116-eba1ced2340a
- [Release notes](https://github.com/aquasecurity/trivy-db/releases)
- [Commits](https://github.com/aquasecurity/trivy-db/commits)
---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
 dependency-version: 0.67.0
 dependency-type: direct:production
 update-type: version-update:semver-minor
 dependency-group: trivy
- dependency-name: github.com/aquasecurity/trivy-db
 dependency-version: 0.0.0-20250929072116-eba1ced2340a
 dependency-type: direct:production
 update-type: version-update:semver-patch
 dependency-group: trivy
...
Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/master/trivy-7ce3bd4ca6 branch from bcb4521 to a5fc8bc Compare October 13, 2025 00:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shino shino Awaiting requested review from shino

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

AltStyle によって変換されたページ (->オリジナル) /