Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump github.com/aquasecurity/trivy from 0.30.4 to 0.31.3 #1526

Merged
merged 1 commit into from
Sep 7, 2022
Merged

chore(deps): bump github.com/aquasecurity/trivy from 0.30.4 to 0.31.3 #1526

merged 1 commit into from
Sep 7, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 29, 2022

Bumps github.com/aquasecurity/trivy from 0.30.4 to 0.31.3.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.31.3

Changelog

  • db67f16a fix: handle empty OS family (#2768)
  • 77616beb fix: fix k8s summary report (#2777)
  • fcccfced fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767)
  • 8bc215cc chore: bump trivy-kubernetes (#2770)
  • d8d8e627 fix(secret): Consider secrets in rpc calls (#2753)
  • b0e89d4c fix(java): check depManagement from upper pom's (#2747)
  • da6f1b6f fix(php): skip composer.lock inside vendor folder (#2718)
  • 2f2952c6 fix: fix k8s rbac filter (#2765)
  • 8bc56bf2 feat(misconf): skipping misconfigurations by AVD ID (#2743)
  • 9c1ce5af chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)
  • 3cd10b23 docs: add MacPorts install instructions (#2727)
  • f369bd3e docs: typo (#2730)

v0.31.2

Changelog

  • fefe7c4a fix: Correctly handle recoverable AWS scanning errors (#2726)
  • 9c92e3d1 docs: Remove reference to SecurityAudit policy for AWS scanning (#2721)

v0.31.1

Changelog

  • d343d13a fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)

v0.31.0

Changelog

  • 917f3888 fix(flag): add error when there are no supported security checks (#2713)
  • aef02aa1 fix(vuln): continue scanning when no vuln found in the first application (#2712)
  • ed1fa891 revert: add new classes for vulnerabilities (#2701)
  • a5d4f7fb feat(secret): detect secrets removed or overwritten in upper layer (#2611)
  • ddffb1b4 fix(cli): secret scanning perf link fix (#2607)
  • bc85441f chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)
  • b259b25c feat: Add AWS Cloud scanning (#2493)
  • f8edda84 docs: specify the type when verifying an attestation (#2697)
  • 68794139 docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690)
  • babfb174 fix(rpc): scanResponse rpc conversion for custom resources (#2692)
  • 517d2e01 feat(rust): Add support for cargo-auditable (#2675)
  • 01123854 feat: Support passing value overrides for configuration checks (#2679)
  • 317a0266 feat(sbom): add support for scanning a sbom attestation (#2652)
  • 390c256c chore(image): skip symlinks and hardlinks from tar scan (#2634)
  • 63c33bfa fix(report): Update junit.tpl (#2677)
  • de365c8e fix(cyclonedx): add nil check to metadata.component (#2673)
  • 50db7da9 docs(secret): fix missing and broken links (#2674)
  • e848e6d0 refactor(cyclonedx): implement json.Unmarshaler (#2662)
  • df0b5e40 chore(deps): bump github.com/aquasecurity/table from 1.6.0 to 1.7.2 (#2643)
  • 006b8a5c chore(deps): bump github.com/Azure/go-autorest/autorest (#2642)
  • 8d10de8b feat(kubernetes): add option to specify kubeconfig file path (#2576)
  • 169c55c6 docs: follow Debian's "instructions to connect to a third-party repository" (#2511)
  • 9b218314 chore(deps): bump github.com/google/licenseclassifier/v2 (#2644)
  • 94db37e5 chore(deps): bump github.com/samber/lo from 1.24.0 to 1.27.0 (#2645)

... (truncated)

Commits
  • db67f16 fix: handle empty OS family (#2768)
  • 77616be fix: fix k8s summary report (#2777)
  • fcccfce fix: don't skip packages that don't contain vulns, when using --list-all-pkgs...
  • 8bc215c chore: bump trivy-kubernetes (#2770)
  • d8d8e62 fix(secret): Consider secrets in rpc calls (#2753)
  • b0e89d4 fix(java): check depManagement from upper pom's (#2747)
  • da6f1b6 fix(php): skip composer.lock inside vendor folder (#2718)
  • 2f2952c fix: fix k8s rbac filter (#2765)
  • 8bc56bf feat(misconf): skipping misconfigurations by AVD ID (#2743)
  • 9c1ce5a chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/aquasecurity/trivy from 0.30.4 to 0.31.3
c853088 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.30.4 to 0.31.3.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](aquasecurity/trivy@v0.30.4...v0.31.3)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 29, 2022
@dependabot dependabot bot mentioned this pull request Aug 29, 2022
Closed
@MaineK00n MaineK00n self-assigned this Aug 30, 2022
@MaineK00n
Copy link
Collaborator

  • test.patch
:100644 100644 1e6f94b 0000000 M	GNUmakefile

diff --git a/GNUmakefile b/GNUmakefile
index 1e6f94b..b5059b7 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -88,7 +88,7 @@ NOW=$(shell date --iso-8601=seconds)
 NOW_JSON_DIR := '${BASE_DIR}/$(NOW)'
 ONE_SEC_AFTER=$(shell date -d '+1 second' --iso-8601=seconds)
 ONE_SEC_AFTER_JSON_DIR := '${BASE_DIR}/$(ONE_SEC_AFTER)'
-LIBS := 'bundler' 'pip' 'pipenv' 'poetry' 'composer' 'npm' 'yarn' 'pnpm' 'cargo' 'gomod' 'gosum' 'gobinary' 'jar' 'pom' 'nuget-lock' 'nuget-config' 'dotnet-deps' 'nvd_exact' 'nvd_rough' 'nvd_vendor_product' 'nvd_match_no_jvn' 'jvn_vendor_product' 'jvn_vendor_product_nover'
+LIBS := 'bundler' 'pip' 'pipenv' 'poetry' 'composer' 'npm' 'yarn' 'pnpm' 'cargo' 'gomod' 'gosum' 'gobinary' 'jar' 'pom' 'nuget-lock' 'nuget-config' 'dotnet-deps'
 
 diff:
 	# git clone git@github.com:vulsio/vulsctl.git
@@ -107,14 +107,14 @@ endif
 	sleep 1
 	./vuls.old scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
 	cp ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
-	- cp integration/data/results/*.json ${NOW_JSON_DIR}
+	# - cp integration/data/results/*.json ${NOW_JSON_DIR}
 	./vuls.old report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${NOW}
 
 	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
 	sleep 1
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
 	cp ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
-	- cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	# - cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${ONE_SEC_AFTER}
 
 	$(call sed-d)

$ patch -p1 < test.patch
$ make diff
...
echo "old: ''/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results'/2022-09-07T11:55:54+09:00' , new: ''/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results'/2022-09-07T11:55:55+09:00'"
old: ''/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results'/2022-09-07T11:55:54+09:00' , new: ''/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results'/2022-09-07T11:55:55+09:00'
for jsonfile in ''/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results'/2022-09-07T11:55:54+09:00'/*.json ;  do echo $jsonfile; cat $jsonfile | jq ".scannedCves | length" ; done
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/bundler.json
73
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/cargo.json
20
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/composer.json
18
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/dotnet-deps.json
1
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/gobinary.json
3
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/gomod.json
13
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/gosum.json
65
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/jar.json
4
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/npm.json
35
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/nuget-config.json
7
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/nuget-lock.json
7
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/pip.json
2
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/pipenv.json
14
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/pnpm.json
1
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/poetry.json
7
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/pom.json
4
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:54+09:00/yarn.json
62
for jsonfile in ''/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results'/2022-09-07T11:55:55+09:00'/*.json ;  do echo $jsonfile; cat $jsonfile | jq ".scannedCves | length" ; done
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/bundler.json
73
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/cargo.json
20
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/composer.json
18
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/dotnet-deps.json
1
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/gobinary.json
3
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/gomod.json
13
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/gosum.json
65
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/jar.json
4
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/npm.json
35
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/nuget-config.json
7
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/nuget-lock.json
7
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/pip.json
2
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/pipenv.json
14
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/pnpm.json
1
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/poetry.json
7
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/pom.json
4
/home/mainek00n/github/github.com/MaineK00n/vuls/integration/results/2022-09-07T11:55:55+09:00/yarn.json
62

MaineK00n
MaineK00n approved these changes Sep 7, 2022
View reviewed changes
Copy link
Collaborator

@MaineK00n MaineK00n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MaineK00n MaineK00n merged commit d055c48 into master Sep 7, 2022
@MaineK00n MaineK00n deleted the dependabot/go_modules/master/github.com/aquasecurity/trivy-0.31.3 branch September 7, 2022 03:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaineK00n MaineK00n MaineK00n approved these changes

Assignees

@MaineK00n MaineK00n

Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MaineK00n