Skip to content

chore(deps): bump the trivy group across 1 directory with 2 updates#2597

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/master/trivy-e037e23d33
Open

chore(deps): bump the trivy group across 1 directory with 2 updates#2597
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/master/trivy-e037e23d33

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the trivy group with 1 update in the / directory: github.com/aquasecurity/trivy.

Updates github.com/aquasecurity/trivy from 0.71.2 to 0.72.0

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.72.0

⚡ Highlights ⚡

👉 aquasecurity/trivy#10907

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0720-2026-06-30

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.72.0 (2026-06-30)

⚠ BREAKING CHANGES

  • migrate docker config to dockers_v2 (#10783)

Features

  • bottlerocket: add vulnerability matching for Bottlerocket OS (#10893) (246ee3c)
  • dotnet: detect bundled runtime in self-contained deployments (#10786) (bd78842)
  • java: detect JAR licenses from packaged LICENSE files (#10856) (b8a1ccd)
  • java: detect JAR licenses from the embedded pom.xml (#10851) (0a166c3)
  • misconf: Adds CloudFront standard logging v2 support to AVD-AWS-0010 (#10848) (a848925)
  • secret: add OpenAI secret detection rules (#10798) (65e5128)
  • secret: support new stateless format for GitHub App installation tokens (#10826) (e68f3d2)

Bug Fixes

  • correct format verbs in diagnostic messages (#10805) (859a933)
  • forward ospkg detector options through ospkg.NewScanner (#10811) (28d44d3)
  • image: deterministic OS package deduplication for images with embedded SBOMs (#10777) (888911b)
  • image: lookup origin layer for custom resources in merged layers (#10788) (dccb128)
  • misconf: support github_repository_vulnerability_alerts resource (#10680) (abb5174)
  • nodejs: parse project dependencies from multi-document pnpm-lock.yaml (#10861) (a10291b)
  • server: propagate package repository class in client/server mode (#10874) (a2777ae)
  • spdx: guard against nil root component in SPDX marshaler (#10771) (c0654e1)
  • surface the original analysis error instead of context cancellation (#10793) (3054b3b)
  • terraform: avoid data race on global getter.Getters in remote module resolver (#10843) (0aff3fd)
  • use random suffix for process temp directory instead of PID (#10431) (c8d1d0d)
  • vex: load VEX documents from within the repository directory (#10820) (1f56a34)
  • vuln: fall back to UNKNOWN severity when vulnerability details are missing (#10795) (dfd53cf)

Continuous Integration

0.71.0 (2026-06-01)

Features

  • add WithDriver and WithProvider options to ospkg detector (#10740) (f8a6ddb)
  • java: support <mirrors> from settings.xml (#10692) (c080ce3)
  • sbom: support for CycloneDX 1.7 (#10715) (04f739e)
  • seal: add vendor support for language file detection. (#10297) (b08bf6a)
  • secret: add a way to customize skipped folders, files and exts (#10550) (e4325b1)
  • secret: add Azure secret detection rules (#10562) (69dcd18)

... (truncated)

Commits
  • 8a32853 release: v0.72.0 [main] (#10782)
  • 4295ac0 test: close plugin manager in tests cleanup (#10904)
  • d4213d7 Merge commit from fork
  • 246ee3c feat(bottlerocket): add vulnerability matching for Bottlerocket OS (#10893)
  • abb5174 fix(misconf): support github_repository_vulnerability_alerts resource (#10680)
  • b8a1ccd feat(java): detect JAR licenses from packaged LICENSE files (#10856)
  • a10291b fix(nodejs): parse project dependencies from multi-document pnpm-lock.yaml (#...
  • a2777ae fix(server): propagate package repository class in client/server mode (#10874)
  • 6e37acf chore(deps): bump github.com/containerd/containerd/v2 from 2.3.1 to 2.3.2 (#1...
  • dfd53cf fix(vuln): fall back to UNKNOWN severity when vulnerability details are missi...
  • Additional commits viewable in compare view

Updates github.com/aquasecurity/trivy-db from 0.0.0-20251222105351-a833f47f8f0d to 0.0.0-20260629102122-a0049d7ad12f

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/aquasecurity/trivy [>= 0.50.2.a, < 0.50.3]
github.com/aquasecurity/trivy [< 0.51, > 0.50.1]

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 4, 2026
@dependabot dependabot Bot changed the title chore(deps): bump the trivy group with 2 updates chore(deps): bump the trivy group across 1 directory with 2 updates Jul 6, 2026
@dependabot
dependabot Bot force-pushed the dependabot/go_modules/master/trivy-e037e23d33 branch 3 times, most recently from 52362c2 to 73698a8 Compare July 13, 2026 00:03
Bumps the trivy group with 1 update in the / directory: [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy).


Updates `github.com/aquasecurity/trivy` from 0.71.2 to 0.72.0
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.71.2...v0.72.0)

Updates `github.com/aquasecurity/trivy-db` from 0.0.0-20251222105351-a833f47f8f0d to 0.0.0-20260629102122-a0049d7ad12f
- [Release notes](https://github.com/aquasecurity/trivy-db/releases)
- [Commits](https://github.com/aquasecurity/trivy-db/commits)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-version: 0.72.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: trivy
- dependency-name: github.com/aquasecurity/trivy-db
  dependency-version: 0.0.0-20260629102122-a0049d7ad12f
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: trivy
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/go_modules/master/trivy-e037e23d33 branch from 73698a8 to ffb065b Compare July 16, 2026 00:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants