{"id":12734,"name":"aquasecurity/trivy","ecosystem":"docker","repository_url":null,"issues_count":9,"created_at":"2025-06-06T23:19:33.935Z","updated_at":"2025-06-06T23:19:33.935Z","purl":"pkg:docker/aquasecurity/trivy","unique_repositories_count":4,"unique_repositories_count_past_30_days":2,"recent_issues":[{"uuid":"4302944640","node_id":"PR_kwDODOjFv87UULU_","number":7765,"state":"open","title":"deps(docker): bump the docker group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T13:34:34.000Z","updated_at":"2026-04-21T13:49:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":3,"packages":[{"name":"terraform-linters/tflint","old_version":"v0.61.0","new_version":"v0.62.0","repository_url":"https://github.com/terraform-linters/tflint"},{"name":"hashicorp/terraform","old_version":"1.14.8","new_version":"1.14.9"},{"name":"aquasecurity/trivy","old_version":"0.69.3","new_version":"0.70.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 3 updates in the / directory: [terraform-linters/tflint](https://github.com/terraform-linters/tflint), hashicorp/terraform and [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `terraform-linters/tflint` from v0.61.0 to v0.62.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/terraform-linters/tflint/releases\"\u003eterraform-linters/tflint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.62.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Add signature mode to control plugin verifications by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2483\"\u003eterraform-linters/tflint#2483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Ignore forbidden attestation fetch errors by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2481\"\u003eterraform-linters/tflint#2481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2461\"\u003eterraform-linters/tflint#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.18.0 to 6.19.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2463\"\u003eterraform-linters/tflint#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2464\"\u003eterraform-linters/tflint#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2467\"\u003eterraform-linters/tflint#2467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2469\"\u003eterraform-linters/tflint#2469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2470\"\u003eterraform-linters/tflint#2470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/net from 0.50.0 to 0.51.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2472\"\u003eterraform-linters/tflint#2472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/zclconf/go-cty from 1.17.0 to 1.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2473\"\u003eterraform-linters/tflint#2473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2471\"\u003eterraform-linters/tflint#2471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/metadata-action from 5.10.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2474\"\u003eterraform-linters/tflint#2474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2476\"\u003eterraform-linters/tflint#2476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2479\"\u003eterraform-linters/tflint#2479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.1 to 1.79.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2480\"\u003eterraform-linters/tflint#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2475\"\u003eterraform-linters/tflint#2475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.19.2 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2477\"\u003eterraform-linters/tflint#2477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 3.7.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2478\"\u003eterraform-linters/tflint#2478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: Bump Go version to 1.26 by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2482\"\u003eterraform-linters/tflint#2482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2484\"\u003eterraform-linters/tflint#2484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2489\"\u003eterraform-linters/tflint#2489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump mislav/bump-homebrew-formula-action from 3.6 to 4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2490\"\u003eterraform-linters/tflint#2490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/terraform-linters/tflint-plugin-sdk from 0.23.1 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2491\"\u003eterraform-linters/tflint#2491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/fatih/color from 1.18.0 to 1.19.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2492\"\u003eterraform-linters/tflint#2492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edependabot: Set cooldown period by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2493\"\u003eterraform-linters/tflint#2493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2495\"\u003eterraform-linters/tflint#2495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2496\"\u003eterraform-linters/tflint#2496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2498\"\u003eterraform-linters/tflint#2498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.4 to 1.7.8 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2499\"\u003eterraform-linters/tflint#2499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.95.0 to 1.97.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2500\"\u003eterraform-linters/tflint#2500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2501\"\u003eterraform-linters/tflint#2501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2502\"\u003eterraform-linters/tflint#2502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2506\"\u003eterraform-linters/tflint#2506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2503\"\u003eterraform-linters/tflint#2503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2497\"\u003eterraform-linters/tflint#2497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2504\"\u003eterraform-linters/tflint#2504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2507\"\u003eterraform-linters/tflint#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: Migrate attest-build-provenance to attest by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2508\"\u003eterraform-linters/tflint#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ehttps://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/2376055e05a48529705050c30e9c994b702e48ec\"\u003e\u003ccode\u003e2376055\u003c/code\u003e\u003c/a\u003e Bump up version to v0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/641dbb62a66d9325f99d37e085f08fae39b2cbda\"\u003e\u003ccode\u003e641dbb6\u003c/code\u003e\u003c/a\u003e Bump Go version to 1.26.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/94f1eb872fd905c454585ab911cab74bf5345e05\"\u003e\u003ccode\u003e94f1eb8\u003c/code\u003e\u003c/a\u003e release: Migrate attest-build-provenance to attest (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/7d900633823c4be574b1837f088bac1623adcc46\"\u003e\u003ccode\u003e7d90063\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/62b61c5f5b27d41cb2efb6dcfab26640df74ee97\"\u003e\u003ccode\u003e62b61c5\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/login-action from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2504\"\u003e#2504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/540c3e0142f049bc54b460ad92f5e7e8e15ad1b2\"\u003e\u003ccode\u003e540c3e0\u003c/code\u003e\u003c/a\u003e build(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2497\"\u003e#2497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/3405bffb2be971699c18f8da383c70328e065210\"\u003e\u003ccode\u003e3405bff\u003c/code\u003e\u003c/a\u003e build(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2503\"\u003e#2503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/ab01b38d2b54fe6ef4ec0d237b80d354bf16ff55\"\u003e\u003ccode\u003eab01b38\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/sigstore/timestamp-authority/v2 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2506\"\u003e#2506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/e9091c75562fee7ea66ff31e1b845eb50df73011\"\u003e\u003ccode\u003ee9091c7\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2502\"\u003e#2502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/999b9d65784a3468af97adbe8c68d16287b0dcbc\"\u003e\u003ccode\u003e999b9d6\u003c/code\u003e\u003c/a\u003e build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2501\"\u003e#2501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hashicorp/terraform` from 1.14.8 to 1.14.9\n\nUpdates `aquasecurity/trivy` from 0.69.3 to 0.70.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.70.0\u003c/h2\u003e\n\u003ch2\u003e⚡ Highlights ⚡\u003c/h2\u003e\n\u003cp\u003e👉 \u003ca href=\"https://github.com/aquasecurity/trivy/discussions/10546\"\u003ehttps://github.com/aquasecurity/trivy/discussions/10546\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\"\u003ehttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.0...v0.70.0\"\u003e0.70.0\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ego:\u003c/strong\u003e detect version from ELF symbol table for binaries built with -trimpath (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10197\"\u003e#10197\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7acb5f6f095a11cb9911af5a0bc03aecc7c88f8f\"\u003e7acb5f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e add support for proxy configuration from Maven settings.xml (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10187\"\u003e#10187\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/350fe3345129f0f341ab80438f66f951b602364a\"\u003e350fe33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e adapt ARM k8s clusters (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9696\"\u003e#9696\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10125\"\u003e#10125\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/66bdec4f6af6100b6ab991ca417b0c801cb5cd80\"\u003e66bdec4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e resolve Azure resources via resource_id (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10173\"\u003e#10173\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/823f3634ae8f41a17be8695ceabcb8ca52f82a63\"\u003e823f363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e support for azurerm_network_interface_security_group_association  (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10215\"\u003e#10215\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/da94d5f38676885264787fe22f3ed8ab42511b2a\"\u003eda94d5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml (PEP 751) parser (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9632\"\u003e#9632\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1a72b326bba9e0959d5f3b63367bb311f064d795\"\u003e1a72b32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10137\"\u003e#10137\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d0a3f63b84e6a8cd9067e85344097f9179c14b0d\"\u003ed0a3f63\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e include server version info in JSON output for client/server mode (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10075\"\u003e#10075\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4c46d418c58c9a070a87b9d3c88966d40e435329\"\u003e4c46d41\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add eol data for 25.10 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10181\"\u003e#10181\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2c1f65bdeec62baef45e93f58cc8e5eca7d84d26\"\u003e2c1f65b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e skip third-party packages in common Detect function (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10129\"\u003e#10129\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d6e6331abba28fe22f6d8d3bc36f7821601ff8ad\"\u003ed6e6331\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e include CVSS v4 vulnerability ratings (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10313\"\u003e#10313\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2a4dfbf18a71a17de2c22c02afc5742466f6d799\"\u003e2a4dfbf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetected vulnerability fields in azure and mariner detector (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10275\"\u003e#10275\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/77f5cb5abda49844b936322e85829b256cb4599c\"\u003e77f5cb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eflag:\u003c/strong\u003e validate template file extension (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10296\"\u003e#10296\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/20458b836b71b2bed72d31ebba1ba9572333dcfd\"\u003e20458b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehandle Go 1.26 GOEXPERIMENT version format change (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10351\"\u003e#10351\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/f207ec693b23b6d5114dbf3b309903689b93073d\"\u003ef207ec6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e Disable overwriting exclusions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10088\"\u003e#10088\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a3e0a845db68a79f4fd0e71f5cb7d8ca3976bbe\"\u003e9a3e0a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e apply check aliases when filtering results via .trivyignore (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10112\"\u003e#10112\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b775a1b63cd7afeda8dec2c1c8b8b6d422418bc6\"\u003eb775a1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e initialize custom annotation field if empty (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10123\"\u003e#10123\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0f0d6dbff4825f7b0ea7744b2229e0157af52972\"\u003e0f0d6db\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e handle multiple version specifiers in requirements.txt (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10361\"\u003e#10361\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4cf44985c58575850138c9cc3780b201dfad7c09\"\u003e4cf4498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e nil pointer dereference with optional poetry groups without dependencies (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10359\"\u003e#10359\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/12ab3cee257f89b3b180c38bc2d765dc4c7918a1\"\u003e12ab3ce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove os.Stdout from wazero module config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10403\"\u003e#10403\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bda9710eb0c4c7d5ba1bc60bbaa06d43dc3c523a\"\u003ebda9710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereport:\u003c/strong\u003e set correct sarif ROOTPATH uri when scanning a git repository (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10366\"\u003e#10366\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e5da6deee9904d00cb4fd5ea1f67e8a1711ec8dd\"\u003ee5da6de\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10368\"\u003e#10368\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/33b9d8ec318bb1f4081371a0a5fd46071080aef1\"\u003e33b9d8e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e preserve Red Hat BuildInfo when scanning SBOMs without layer info (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10378\"\u003e#10378\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e9e9e8c6bd914b4d4802107bbf8d0c40bad1dd57\"\u003ee9e9e8c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e exclude JavaDB and CheckBundle from /version endpoint (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10100\"\u003e#10100\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b9a8d2d80adc47bf9f48e13c2738b099c907518b\"\u003eb9a8d2d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate PhotonOS feed URL (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10122\"\u003e#10122\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa195b4d11d946b0212900b2a153a1abf381e8a2\"\u003efa195b4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e7ee3e1e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin:\u003c/strong\u003e optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10325\"\u003e#10325\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d7fb3558db610dc08ef1c3e22dd37082180368b2\"\u003ed7fb355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.69.0\"\u003e0.69.0\u003c/a\u003e (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use ID instead of AVDID for providers mapping (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9752\"\u003e#9752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8a3177aedf7ee0864920eb1852eef031cd3742b8\"\u003e\u003ccode\u003e8a3177a\u003c/code\u003e\u003c/a\u003e release: v0.70.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10105\"\u003e#10105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/974de495449f2bef46fdc0654f57d61da1452d8a\"\u003e\u003ccode\u003e974de49\u003c/code\u003e\u003c/a\u003e chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10496\"\u003e#10496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21755974af6155e55652e2088be8f5c03beceb25\"\u003e\u003ccode\u003e2175597\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/50c7a1ecb0b279b4980fa2631a2c596c77e426d4\"\u003e\u003ccode\u003e50c7a1e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the common group across 1 directory with 8 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10540\"\u003e#10540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/885fbcedaf6057b5ac526efa9991c624272153cd\"\u003e\u003ccode\u003e885fbce\u003c/code\u003e\u003c/a\u003e chore(deps): bump the docker group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10538\"\u003e#10538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e\u003ccode\u003e7ee3e1e\u003c/code\u003e\u003c/a\u003e fix: use Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6dbe3691f5158594c52783b95895a835981f8836\"\u003e\u003ccode\u003e6dbe369\u003c/code\u003e\u003c/a\u003e chore(deps): bump testcontainers-go to v0.42.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10531\"\u003e#10531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21e6888c7be3ef017516daa644716f110cb8d901\"\u003e\u003ccode\u003e21e6888\u003c/code\u003e\u003c/a\u003e chore: update CODEOWNERS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10529\"\u003e#10529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/35d28e81e9226d42de9c20e21fd954eb9061cfd3\"\u003e\u003ccode\u003e35d28e8\u003c/code\u003e\u003c/a\u003e chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10511\"\u003e#10511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6d40a9826c0ec7f4a183962c23c142c7f7e8d6df\"\u003e\u003ccode\u003e6d40a98\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10510\"\u003e#10510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.3...v0.70.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7765","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7765","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7765/packages"},{"uuid":"4292290842","node_id":"PR_kwDOSGxogc7Txx6a","number":3,"state":"closed","title":"deps(docker): bump the docker group with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-04-19T23:17:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-19T23:17:15.000Z","updated_at":"2026-04-20T00:32:46.000Z","time_to_close":14,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":2,"packages":[{"name":"terraform-linters/tflint","old_version":"v0.61.0","new_version":"v0.62.0","repository_url":"https://github.com/terraform-linters/tflint"},{"name":"aquasecurity/trivy","old_version":"0.69.3","new_version":"0.70.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 2 updates: [terraform-linters/tflint](https://github.com/terraform-linters/tflint) and [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `terraform-linters/tflint` from v0.61.0 to v0.62.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/terraform-linters/tflint/releases\"\u003eterraform-linters/tflint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.62.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Add signature mode to control plugin verifications by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2483\"\u003eterraform-linters/tflint#2483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Ignore forbidden attestation fetch errors by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2481\"\u003eterraform-linters/tflint#2481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2461\"\u003eterraform-linters/tflint#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.18.0 to 6.19.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2463\"\u003eterraform-linters/tflint#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2464\"\u003eterraform-linters/tflint#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2467\"\u003eterraform-linters/tflint#2467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2469\"\u003eterraform-linters/tflint#2469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2470\"\u003eterraform-linters/tflint#2470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/net from 0.50.0 to 0.51.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2472\"\u003eterraform-linters/tflint#2472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/zclconf/go-cty from 1.17.0 to 1.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2473\"\u003eterraform-linters/tflint#2473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2471\"\u003eterraform-linters/tflint#2471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/metadata-action from 5.10.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2474\"\u003eterraform-linters/tflint#2474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2476\"\u003eterraform-linters/tflint#2476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2479\"\u003eterraform-linters/tflint#2479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.1 to 1.79.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2480\"\u003eterraform-linters/tflint#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2475\"\u003eterraform-linters/tflint#2475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.19.2 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2477\"\u003eterraform-linters/tflint#2477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 3.7.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2478\"\u003eterraform-linters/tflint#2478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: Bump Go version to 1.26 by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2482\"\u003eterraform-linters/tflint#2482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2484\"\u003eterraform-linters/tflint#2484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2489\"\u003eterraform-linters/tflint#2489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump mislav/bump-homebrew-formula-action from 3.6 to 4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2490\"\u003eterraform-linters/tflint#2490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/terraform-linters/tflint-plugin-sdk from 0.23.1 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2491\"\u003eterraform-linters/tflint#2491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/fatih/color from 1.18.0 to 1.19.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2492\"\u003eterraform-linters/tflint#2492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edependabot: Set cooldown period by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2493\"\u003eterraform-linters/tflint#2493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2495\"\u003eterraform-linters/tflint#2495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2496\"\u003eterraform-linters/tflint#2496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2498\"\u003eterraform-linters/tflint#2498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.4 to 1.7.8 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2499\"\u003eterraform-linters/tflint#2499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.95.0 to 1.97.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2500\"\u003eterraform-linters/tflint#2500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2501\"\u003eterraform-linters/tflint#2501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2502\"\u003eterraform-linters/tflint#2502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2506\"\u003eterraform-linters/tflint#2506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2503\"\u003eterraform-linters/tflint#2503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2497\"\u003eterraform-linters/tflint#2497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2504\"\u003eterraform-linters/tflint#2504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2507\"\u003eterraform-linters/tflint#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: Migrate attest-build-provenance to attest by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2508\"\u003eterraform-linters/tflint#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ehttps://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/2376055e05a48529705050c30e9c994b702e48ec\"\u003e\u003ccode\u003e2376055\u003c/code\u003e\u003c/a\u003e Bump up version to v0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/641dbb62a66d9325f99d37e085f08fae39b2cbda\"\u003e\u003ccode\u003e641dbb6\u003c/code\u003e\u003c/a\u003e Bump Go version to 1.26.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/94f1eb872fd905c454585ab911cab74bf5345e05\"\u003e\u003ccode\u003e94f1eb8\u003c/code\u003e\u003c/a\u003e release: Migrate attest-build-provenance to attest (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/7d900633823c4be574b1837f088bac1623adcc46\"\u003e\u003ccode\u003e7d90063\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/62b61c5f5b27d41cb2efb6dcfab26640df74ee97\"\u003e\u003ccode\u003e62b61c5\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/login-action from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2504\"\u003e#2504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/540c3e0142f049bc54b460ad92f5e7e8e15ad1b2\"\u003e\u003ccode\u003e540c3e0\u003c/code\u003e\u003c/a\u003e build(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2497\"\u003e#2497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/3405bffb2be971699c18f8da383c70328e065210\"\u003e\u003ccode\u003e3405bff\u003c/code\u003e\u003c/a\u003e build(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2503\"\u003e#2503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/ab01b38d2b54fe6ef4ec0d237b80d354bf16ff55\"\u003e\u003ccode\u003eab01b38\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/sigstore/timestamp-authority/v2 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2506\"\u003e#2506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/e9091c75562fee7ea66ff31e1b845eb50df73011\"\u003e\u003ccode\u003ee9091c7\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2502\"\u003e#2502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/999b9d65784a3468af97adbe8c68d16287b0dcbc\"\u003e\u003ccode\u003e999b9d6\u003c/code\u003e\u003c/a\u003e build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2501\"\u003e#2501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aquasecurity/trivy` from 0.69.3 to 0.70.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.70.0\u003c/h2\u003e\n\u003ch2\u003e📣Announcements 📣\u003c/h2\u003e\n\u003cp\u003e⚡ v0.70.0 - \u003ca href=\"https://github.com/aquasecurity/trivy/discussions/10546\"\u003ehttps://github.com/aquasecurity/trivy/discussions/10546\u003c/a\u003e\n⚡ GPG key for deb/rpm repos has been updated - \u003ca href=\"https://github.com/aquasecurity/trivy/discussions/10549\"\u003ehttps://github.com/aquasecurity/trivy/discussions/10549\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\"\u003ehttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.0...v0.70.0\"\u003e0.70.0\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ego:\u003c/strong\u003e detect version from ELF symbol table for binaries built with -trimpath (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10197\"\u003e#10197\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7acb5f6f095a11cb9911af5a0bc03aecc7c88f8f\"\u003e7acb5f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e add support for proxy configuration from Maven settings.xml (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10187\"\u003e#10187\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/350fe3345129f0f341ab80438f66f951b602364a\"\u003e350fe33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e adapt ARM k8s clusters (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9696\"\u003e#9696\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10125\"\u003e#10125\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/66bdec4f6af6100b6ab991ca417b0c801cb5cd80\"\u003e66bdec4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e resolve Azure resources via resource_id (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10173\"\u003e#10173\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/823f3634ae8f41a17be8695ceabcb8ca52f82a63\"\u003e823f363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e support for azurerm_network_interface_security_group_association  (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10215\"\u003e#10215\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/da94d5f38676885264787fe22f3ed8ab42511b2a\"\u003eda94d5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml (PEP 751) parser (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9632\"\u003e#9632\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1a72b326bba9e0959d5f3b63367bb311f064d795\"\u003e1a72b32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10137\"\u003e#10137\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d0a3f63b84e6a8cd9067e85344097f9179c14b0d\"\u003ed0a3f63\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e include server version info in JSON output for client/server mode (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10075\"\u003e#10075\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4c46d418c58c9a070a87b9d3c88966d40e435329\"\u003e4c46d41\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add eol data for 25.10 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10181\"\u003e#10181\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2c1f65bdeec62baef45e93f58cc8e5eca7d84d26\"\u003e2c1f65b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e skip third-party packages in common Detect function (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10129\"\u003e#10129\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d6e6331abba28fe22f6d8d3bc36f7821601ff8ad\"\u003ed6e6331\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e include CVSS v4 vulnerability ratings (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10313\"\u003e#10313\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2a4dfbf18a71a17de2c22c02afc5742466f6d799\"\u003e2a4dfbf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetected vulnerability fields in azure and mariner detector (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10275\"\u003e#10275\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/77f5cb5abda49844b936322e85829b256cb4599c\"\u003e77f5cb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eflag:\u003c/strong\u003e validate template file extension (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10296\"\u003e#10296\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/20458b836b71b2bed72d31ebba1ba9572333dcfd\"\u003e20458b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehandle Go 1.26 GOEXPERIMENT version format change (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10351\"\u003e#10351\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/f207ec693b23b6d5114dbf3b309903689b93073d\"\u003ef207ec6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e Disable overwriting exclusions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10088\"\u003e#10088\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a3e0a845db68a79f4fd0e71f5cb7d8ca3976bbe\"\u003e9a3e0a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e apply check aliases when filtering results via .trivyignore (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10112\"\u003e#10112\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b775a1b63cd7afeda8dec2c1c8b8b6d422418bc6\"\u003eb775a1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e initialize custom annotation field if empty (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10123\"\u003e#10123\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0f0d6dbff4825f7b0ea7744b2229e0157af52972\"\u003e0f0d6db\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e handle multiple version specifiers in requirements.txt (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10361\"\u003e#10361\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4cf44985c58575850138c9cc3780b201dfad7c09\"\u003e4cf4498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e nil pointer dereference with optional poetry groups without dependencies (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10359\"\u003e#10359\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/12ab3cee257f89b3b180c38bc2d765dc4c7918a1\"\u003e12ab3ce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove os.Stdout from wazero module config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10403\"\u003e#10403\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bda9710eb0c4c7d5ba1bc60bbaa06d43dc3c523a\"\u003ebda9710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereport:\u003c/strong\u003e set correct sarif ROOTPATH uri when scanning a git repository (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10366\"\u003e#10366\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e5da6deee9904d00cb4fd5ea1f67e8a1711ec8dd\"\u003ee5da6de\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10368\"\u003e#10368\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/33b9d8ec318bb1f4081371a0a5fd46071080aef1\"\u003e33b9d8e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e preserve Red Hat BuildInfo when scanning SBOMs without layer info (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10378\"\u003e#10378\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e9e9e8c6bd914b4d4802107bbf8d0c40bad1dd57\"\u003ee9e9e8c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e exclude JavaDB and CheckBundle from /version endpoint (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10100\"\u003e#10100\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b9a8d2d80adc47bf9f48e13c2738b099c907518b\"\u003eb9a8d2d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate PhotonOS feed URL (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10122\"\u003e#10122\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa195b4d11d946b0212900b2a153a1abf381e8a2\"\u003efa195b4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e7ee3e1e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin:\u003c/strong\u003e optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10325\"\u003e#10325\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d7fb3558db610dc08ef1c3e22dd37082180368b2\"\u003ed7fb355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.69.0\"\u003e0.69.0\u003c/a\u003e (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use ID instead of AVDID for providers mapping (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9752\"\u003e#9752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8a3177aedf7ee0864920eb1852eef031cd3742b8\"\u003e\u003ccode\u003e8a3177a\u003c/code\u003e\u003c/a\u003e release: v0.70.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10105\"\u003e#10105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/974de495449f2bef46fdc0654f57d61da1452d8a\"\u003e\u003ccode\u003e974de49\u003c/code\u003e\u003c/a\u003e chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10496\"\u003e#10496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21755974af6155e55652e2088be8f5c03beceb25\"\u003e\u003ccode\u003e2175597\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/50c7a1ecb0b279b4980fa2631a2c596c77e426d4\"\u003e\u003ccode\u003e50c7a1e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the common group across 1 directory with 8 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10540\"\u003e#10540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/885fbcedaf6057b5ac526efa9991c624272153cd\"\u003e\u003ccode\u003e885fbce\u003c/code\u003e\u003c/a\u003e chore(deps): bump the docker group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10538\"\u003e#10538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e\u003ccode\u003e7ee3e1e\u003c/code\u003e\u003c/a\u003e fix: use Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6dbe3691f5158594c52783b95895a835981f8836\"\u003e\u003ccode\u003e6dbe369\u003c/code\u003e\u003c/a\u003e chore(deps): bump testcontainers-go to v0.42.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10531\"\u003e#10531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21e6888c7be3ef017516daa644716f110cb8d901\"\u003e\u003ccode\u003e21e6888\u003c/code\u003e\u003c/a\u003e chore: update CODEOWNERS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10529\"\u003e#10529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/35d28e81e9226d42de9c20e21fd954eb9061cfd3\"\u003e\u003ccode\u003e35d28e8\u003c/code\u003e\u003c/a\u003e chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10511\"\u003e#10511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6d40a9826c0ec7f4a183962c23c142c7f7e8d6df\"\u003e\u003ccode\u003e6d40a98\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10510\"\u003e#10510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.3...v0.70.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/TechForce-Lyron0785/super-linter/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechForce-Lyron0785%2Fsuper-linter/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"3757500742","node_id":"PR_kwDOJbs5-s66Vg3s","number":168,"state":"closed","title":"deps(docker): bump the docker group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-23T16:58:43.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-23T14:07:39.000Z","updated_at":"2025-12-23T16:58:45.000Z","time_to_close":10264,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":5,"packages":[{"name":"alpine/helm","old_version":"4.0.0","new_version":"4.0.4"},{"name":"hashicorp/terraform","old_version":"1.14.2","new_version":"1.14.3"},{"name":"clj-kondo/clj-kondo","old_version":"2025.10.23-alpine","new_version":"2025.12.23-alpine","repository_url":"https://github.com/clj-kondo/clj-kondo"},{"name":"dart","old_version":"3.10.4-sdk","new_version":"3.10.6-sdk"},{"name":"aquasecurity/trivy","old_version":"0.68.1","new_version":"0.68.2","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| alpine/helm | `4.0.0` | `4.0.4` |\n| hashicorp/terraform | `1.14.2` | `1.14.3` |\n| [clj-kondo/clj-kondo](https://github.com/clj-kondo/clj-kondo) | `2025.10.23-alpine` | `2025.12.23-alpine` |\n| dart | `3.10.4-sdk` | `3.10.6-sdk` |\n| [aquasecurity/trivy](https://github.com/aquasecurity/trivy) | `0.68.1` | `0.68.2` |\n\n\nUpdates `alpine/helm` from 4.0.0 to 4.0.4\n\nUpdates `hashicorp/terraform` from 1.14.2 to 1.14.3\n\nUpdates `clj-kondo/clj-kondo` from 2025.10.23-alpine to 2025.12.23-alpine\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/clj-kondo/clj-kondo/releases\"\u003eclj-kondo/clj-kondo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2025.12.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2651\"\u003e#2651\u003c/a\u003e: resume linting after paren mismatches by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2652\"\u003eclj-kondo/clj-kondo#2652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate key args for associative fns by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2650\"\u003eclj-kondo/clj-kondo#2650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inner class normalization by \u003ca href=\"https://github.com/ericdallo\"\u003e\u003ccode\u003e@​ericdallo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2657\"\u003eclj-kondo/clj-kondo#2657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude inner classes by \u003ca href=\"https://github.com/ericdallo\"\u003e\u003ccode\u003e@​ericdallo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2658\"\u003eclj-kondo/clj-kondo#2658\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade fs by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2659\"\u003eclj-kondo/clj-kondo#2659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCircle config by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2662\"\u003eclj-kondo/clj-kondo#2662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2532\"\u003e#2532\u003c/a\u003e: ignore duplicate require icm :reload/:reload-all by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2663\"\u003eclj-kondo/clj-kondo#2663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2432\"\u003e#2432\u003c/a\u003e: don't warn for redundant-fn-wrapper in case of inlined fun… by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2664\"\u003eclj-kondo/clj-kondo#2664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd redundant-let-binding linter by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2655\"\u003eclj-kondo/clj-kondo#2655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2599\"\u003e#2599\u003c/a\u003e: Detect wrong no. of arguments passed to coll by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2665\"\u003eclj-kondo/clj-kondo#2665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix linter.md entry for redundant-let-binding by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2667\"\u003eclj-kondo/clj-kondo#2667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: redundant-call's level check didn't work by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2670\"\u003eclj-kondo/clj-kondo#2670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2661\"\u003e#2661\u003c/a\u003e: recur in tail position in core.match by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2672\"\u003eclj-kondo/clj-kondo#2672\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2617\"\u003e#2617\u003c/a\u003e - Add types for \u003ccode\u003erepeatedly\u003c/code\u003e function by \u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2674\"\u003eclj-kondo/clj-kondo#2674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2653\"\u003e#2653\u003c/a\u003e: detect unquote that isn't syntax-quoted by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2681\"\u003eclj-kondo/clj-kondo#2681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint trailing varargs syntax errs, lint varargs errs in let bindings by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2669\"\u003eclj-kondo/clj-kondo#2669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake all :keys bindings symbols, not keywords by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2682\"\u003eclj-kondo/clj-kondo#2682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2683\"\u003e#2683\u003c/a\u003e: ex-info data may be nil by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2685\"\u003eclj-kondo/clj-kondo#2685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2676\"\u003e#2676\u003c/a\u003e: Add handling for unresolved namespaces in maps by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2686\"\u003eclj-kondo/clj-kondo#2686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd ratio type support for numerator and denominator by \u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2684\"\u003eclj-kondo/clj-kondo#2684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2613\"\u003e#2613\u003c/a\u003e - Add linter for non-existing vars in refer-clojure by \u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2675\"\u003eclj-kondo/clj-kondo#2675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump clojurescript by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2688\"\u003eclj-kondo/clj-kondo#2688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: :refer-global and :require-global by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2689\"\u003eclj-kondo/clj-kondo#2689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2544\u003c/a\u003e: support inline configs in .cljc files by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2690\"\u003eclj-kondo/clj-kondo#2690\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2674\"\u003eclj-kondo/clj-kondo#2674\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/clj-kondo/clj-kondo/compare/v2025.10.23...v2025.12.23\"\u003ehttps://github.com/clj-kondo/clj-kondo/compare/v2025.10.23...v2025.12.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/clj-kondo/clj-kondo/blob/master/CHANGELOG.md\"\u003eclj-kondo/clj-kondo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eFor a list of breaking changes, check \u003ca href=\"https://github.com/clj-kondo/clj-kondo/blob/master/#breaking-changes\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo\"\u003eClj-kondo\u003c/a\u003e: static analyzer and linter for Clojure code that sparks joy ✨\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e2025.12.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2654\"\u003e#2654\u003c/a\u003e: NEW linter: \u003ccode\u003eredundant-let-binding\u003c/code\u003e, defaults to \u003ccode\u003e:off\u003c/code\u003e (\u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2653\"\u003e#2653\u003c/a\u003e: NEW linter: \u003ccode\u003e:unquote-not-syntax-quoted\u003c/code\u003e to warn on \u003ccode\u003e~\u003c/code\u003e and \u003ccode\u003e~@\u003c/code\u003e usage outside syntax-quote (\u003ccode\u003e`\u003c/code\u003e) (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2613\"\u003e#2613\u003c/a\u003e: NEW linter: \u003ccode\u003e:refer-clojure-exclude-unresolved-var\u003c/code\u003e to warn on non-existing vars in \u003ccode\u003e:refer-clojure :exclude\u003c/code\u003e (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2668\"\u003e#2668\u003c/a\u003e: Lint \u003ccode\u003e\u0026amp;\u003c/code\u003e syntax errors in let bindings and lint for trailing \u003ccode\u003e\u0026amp;\u003c/code\u003e (\u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2590\"\u003e#2590\u003c/a\u003e: \u003ccode\u003eduplicate-key-in-assoc\u003c/code\u003e changed to \u003ccode\u003eduplicate-key-args\u003c/code\u003e, and now lints \u003ccode\u003edissoc\u003c/code\u003e, \u003ccode\u003eassoc!\u003c/code\u003e and \u003ccode\u003edissoc!\u003c/code\u003e too (\u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2651\"\u003e#2651\u003c/a\u003e: resume linting after paren mismatches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clojure-lsp/clojure-lsp/issues/2157\"\u003eclojure-lsp#2651\u003c/a\u003e: Fix inner class name for java-class-definitions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clojure-lsp/clojure-lsp/issues/2157\"\u003eclojure-lsp#2651\u003c/a\u003e: Include inner class java-class-definition analysis.\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003ebabashka/fs\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2532\"\u003e#2532\u003c/a\u003e: Disable \u003ccode\u003e:duplicate-require\u003c/code\u003e in \u003ccode\u003erequire\u003c/code\u003e + \u003ccode\u003e:reload\u003c/code\u003e / \u003ccode\u003e:reload-all\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2432\"\u003e#2432\u003c/a\u003e: Don't warn for \u003ccode\u003e:redundant-fn-wrapper\u003c/code\u003e in case of inlined function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2599\"\u003e#2599\u003c/a\u003e: detect invalid arity for invoking collection as higher order function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2661\"\u003e#2661\u003c/a\u003e: Fix false positive \u003ccode\u003e:unexpected-recur\u003c/code\u003e when \u003ccode\u003erecur\u003c/code\u003e is used inside \u003ccode\u003eclojure.core.match/match\u003c/code\u003e (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2617\"\u003e#2617\u003c/a\u003e: Add types for \u003ccode\u003erepeatedly\u003c/code\u003e (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e:ratio\u003c/code\u003e type support for \u003ccode\u003enumerator\u003c/code\u003e and \u003ccode\u003edenominator\u003c/code\u003e functions (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2676\"\u003e#2676\u003c/a\u003e: Report unresolved namespace for namespaced maps with unknown aliases (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2683\"\u003e#2683\u003c/a\u003e: data argument of \u003ccode\u003eex-info\u003c/code\u003e may be nil since clojure 1.12\u003c/li\u003e\n\u003cli\u003eBump built-in ClojureScript analysis info\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: support new \u003ccode\u003e:refer-global\u003c/code\u003e and \u003ccode\u003e:require-global\u003c/code\u003e ns options in CLJS\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2554\u003c/a\u003e: support inline configs in \u003ccode\u003e.cljc\u003c/code\u003e files\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2025.10.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2590\"\u003e#2590\u003c/a\u003e: NEW linter: \u003ccode\u003eduplicate-key-in-assoc\u003c/code\u003e, defaults to \u003ccode\u003e:warning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2639\"\u003e#2639\u003c/a\u003e: NEW \u003ccode\u003e:equals-nil\u003c/code\u003e linter to detect \u003ccode\u003e(= nil x)\u003c/code\u003e or \u003ccode\u003e(= x nil)\u003c/code\u003e patterns and suggest \u003ccode\u003e(nil? x)\u003c/code\u003e instead (\u003ca href=\"https://github.com/conao3\"\u003e\u003ccode\u003e@​conao3\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2633\"\u003e#2633\u003c/a\u003e: support new \u003ccode\u003edefparkingop\u003c/code\u003e macro in core.async alpha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2635\"\u003e#2635\u003c/a\u003e: Add \u003ccode\u003e:interface\u003c/code\u003e flag to \u003ccode\u003e:flags\u003c/code\u003e set in \u003ccode\u003e:java-class-definitions\u003c/code\u003e analysis output to distinguish Java interfaces from classes (\u003ca href=\"https://github.com/hugoduncan\"\u003e\u003ccode\u003e@​hugoduncan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2636\"\u003e#2636\u003c/a\u003e: set global SCI context so hooks can use \u003ccode\u003erequiring-resolve\u003c/code\u003e etc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2641\"\u003e#2641\u003c/a\u003e: fix linting of \u003ccode\u003edef\u003c/code\u003e body, no results due to laziness bug\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/ca54a322fc860b85cc17f029910a4ec8ad3a8060\"\u003e\u003ccode\u003eca54a32\u003c/code\u003e\u003c/a\u003e v2025.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/e18de6534a65a078c43cc87e4e4ad4f66b06f3e0\"\u003e\u003ccode\u003ee18de65\u003c/code\u003e\u003c/a\u003e Minor tweak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/1c599194c7a5995b369d312e0d5f5f538fef70d0\"\u003e\u003ccode\u003e1c59919\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2554\"\u003e#2554\u003c/a\u003e: wrong issue number mentioned in previous commit, \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/8d9d24f1043eab2878770c271e36d22d3f7e3e94\"\u003e\u003ccode\u003e8d9d24f\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2544\u003c/a\u003e: support inline configs in .cljc files (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2690\"\u003e#2690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/d002f6af84fccd427786568d4821b4225013ff16\"\u003e\u003ccode\u003ed002f6a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: addendum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/f73abcaeed22288c8103ac5074646558b2dd9075\"\u003e\u003ccode\u003ef73abca\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: :refer-global and :require-global (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2689\"\u003e#2689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/c802e14ec8c5a1bebb3929068f4ada61f7b1b484\"\u003e\u003ccode\u003ec802e14\u003c/code\u003e\u003c/a\u003e Bump clojurescript (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2688\"\u003e#2688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/53cba064390edc1e8e3910ec8cce13bf003ba61f\"\u003e\u003ccode\u003e53cba06\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2613\"\u003e#2613\u003c/a\u003e - Add linter for non-existing vars in refer-clojure (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2675\"\u003e#2675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/29709fd0cb2b7d29055aff55ea9782decb58c153\"\u003e\u003ccode\u003e29709fd\u003c/code\u003e\u003c/a\u003e Add ratio type support for numerator and denominator (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2684\"\u003e#2684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/ac3d2121dfc774289b6385be78e86cb31ec32172\"\u003e\u003ccode\u003eac3d212\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2676\"\u003e#2676\u003c/a\u003e: Add handling for unresolved namespaces in maps (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2686\"\u003e#2686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/clj-kondo/clj-kondo/compare/v2025.10.23...v2025.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dart` from 3.10.4-sdk to 3.10.6-sdk\n\nUpdates `aquasecurity/trivy` from 0.68.1 to 0.68.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.68.2\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0c40a8d4b9b943f1b679a20f8ba3cb61c94831de release: v0.68.2 [release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9950\"\u003e#9950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edb2894561daa20301eb144cad467d75d8a3d2647 fix(deps): bump alpine from \u003ccode\u003e3.22.1\u003c/code\u003e to \u003ccode\u003e3.23.0\u003c/code\u003e [backport: release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9949\"\u003e#9949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/v0.68.2/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.68.2\"\u003e0.68.2\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump alpine from \u003ccode\u003e3.22.1\u003c/code\u003e to \u003ccode\u003e3.23.0\u003c/code\u003e [backport: release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9949\"\u003e#9949\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/db2894561daa20301eb144cad467d75d8a3d2647\"\u003edb28945\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0c40a8d4b9b943f1b679a20f8ba3cb61c94831de\"\u003e\u003ccode\u003e0c40a8d\u003c/code\u003e\u003c/a\u003e release: v0.68.2 [release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9950\"\u003e#9950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/db2894561daa20301eb144cad467d75d8a3d2647\"\u003e\u003ccode\u003edb28945\u003c/code\u003e\u003c/a\u003e fix(deps): bump alpine from \u003ccode\u003e3.22.1\u003c/code\u003e to \u003ccode\u003e3.23.0\u003c/code\u003e [backport: release/v0.68] (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/dc28f242809c076e63527866f44ad3d6b5229e80\"\u003e\u003ccode\u003edc28f24\u003c/code\u003e\u003c/a\u003e ci: enable \u003ccode\u003echeck-latest\u003c/code\u003e for \u003ccode\u003esetup-go\u003c/code\u003e [backport: release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9946\"\u003e#9946\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.68.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/super-linter_super-linter/pull/168","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fsuper-linter_super-linter/issues/168","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/168/packages"},{"uuid":"2873851994","node_id":"PR_kwDODOjFv86rS4Ba","number":7080,"state":"open","title":"deps(docker): bump aquasecurity/trivy from 0.66.0 to 0.67.0 in the docker group","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-30T10:13:26.000Z","updated_at":"2025-09-30T17:48:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker)","packages":[{"name":"aquasecurity/trivy","old_version":"0.66.0","new_version":"0.67.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":"the docker group","ecosystem":"docker"},"body":"Bumps the docker group with 1 update: [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `aquasecurity/trivy` from 0.66.0 to 0.67.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.67.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/9550\"\u003e👉 Trivy v0.67.0 release notes (click here)\u003c/a\u003e\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0670-2025-09-30\"\u003ehttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0670-2025-09-30\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.66.0...v0.67.0\"\u003e0.67.0\u003c/a\u003e (2025-09-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd documentation URL for database lock errors (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9531\"\u003e#9531\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/eba48afd583391cef346e45a176aa5a6d77b704f\"\u003eeba48af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e change --list-all-pkgs default to true (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9510\"\u003e#9510\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7b663d86ca65ee3eb332c857b77bfa18e6da56c4\"\u003e7b663d8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecloudformation:\u003c/strong\u003e support default values and list results in Fn::FindInMap (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9515\"\u003e#9515\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/42b3bf37bb7d39139911843297c8b8ab3551c31a\"\u003e42b3bf3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e preserve SBOM structure when scanning SBOM files with vulnerability updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9439\"\u003e#9439\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aff03ebab2e7874dd997e20b4ec9962a41eae7bb\"\u003eaff03eb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e add os-release detection for RHEL-based images (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9458\"\u003e#9458\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/cb25a074501c5cf48050fdf6a0ae7c85c4f385ea\"\u003ecb25a07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e added support for CoreOS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9448\"\u003e#9448\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6d562a3b48926b6efd508e067e1059564173b270\"\u003e6d562a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eseal:\u003c/strong\u003e add seal support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9370\"\u003e#9370\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e4af279b29ed5b77ed1d62e31b232b1f9b92ef4f\"\u003ee4af279\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaws:\u003c/strong\u003e use \u003ccode\u003eBuildableClient\u003c/code\u003e insead of \u003ccode\u003exhttp.Client\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9436\"\u003e#9436\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa6f1bfecfb68c29ad4684a6fb5d86948c7d6887\"\u003efa6f1bf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclose file descriptors and pipes on error paths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9536\"\u003e#9536\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a4cbd6a1380b7b4dc650a312ec4e5bc47501f674\"\u003ea4cbd6a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edb:\u003c/strong\u003e Dowload database when missing but metadata still exists (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9393\"\u003e#9393\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/92ebc7e4d72424c17d93c54e5f24891710c85a60\"\u003e92ebc7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ek8s:\u003c/strong\u003e disable parallel traversal with fs cache for k8s images (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9534\"\u003e#9534\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c0c7a6bf1b92c868ed44172b3cd15c51667b8a6e\"\u003ec0c7a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e handle tofu files in module detection (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9486\"\u003e#9486\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bfd2f6ba697c223d60a7378283293d8e1fc8a8fe\"\u003ebfd2f6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e strip build metadata suffixes from image history (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9498\"\u003e#9498\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c9388069a4325a9f8bc53bc8a82ff46d84d06847\"\u003ec938806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e unmark cty values before access (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9495\"\u003e#9495\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8e40d27a43ecb96795a8a7d4a2444241fc7fce9a\"\u003e8e40d27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e wrap legacy ENV values in quotes to preserve spaces (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9497\"\u003e#9497\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/267a9700fa233abe1a04eada8f3ea513f3ebacb3\"\u003e267a970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e parse workspaces as objects for package-lock.json files (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9518\"\u003e#9518\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/404abb3d91cb3b1c1ee027169de5a40e32ba8b8a\"\u003e404abb3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e use snapshot string as \u003ccode\u003ePackage.ID\u003c/code\u003e for pnpm packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9330\"\u003e#9330\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4517e8c0ef5e942b8e2e498729257374634ffbf8\"\u003e4517e8c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evex:\u003c/strong\u003e don't  suppress vulns for packages with infinity loop (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9465\"\u003e#9465\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/78f0d4ae0378f81940a5faa6497e6905cb5d034a\"\u003e78f0d4a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e compare \u003ccode\u003enuget\u003c/code\u003e package names in lower case (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9456\"\u003e#9456\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1ff9ac79488e0d4deab4226f1a969676a9851cdb\"\u003e1ff9ac7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/adeb362424506fbd6b9a6213297c1a211f94755e\"\u003e\u003ccode\u003eadeb362\u003c/code\u003e\u003c/a\u003e release: v0.67.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9432\"\u003e#9432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/78f0d4ae0378f81940a5faa6497e6905cb5d034a\"\u003e\u003ccode\u003e78f0d4a\u003c/code\u003e\u003c/a\u003e fix(vex): don't  suppress vulns for packages with infinity loop (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9465\"\u003e#9465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa6f1bfecfb68c29ad4684a6fb5d86948c7d6887\"\u003e\u003ccode\u003efa6f1bf\u003c/code\u003e\u003c/a\u003e fix(aws): use \u003ccode\u003eBuildableClient\u003c/code\u003e insead of \u003ccode\u003exhttp.Client\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9436\"\u003e#9436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e7c16a756c5f60aa17bd3f09aaae0d8171c803de\"\u003e\u003ccode\u003ee7c16a7\u003c/code\u003e\u003c/a\u003e refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c446a5c1c7ae7ac7dbdcf3d75c4a2775fbec75cd\"\u003e\u003ccode\u003ec446a5c\u003c/code\u003e\u003c/a\u003e docs: clarify inline ignore limitations for resource-less checks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9537\"\u003e#9537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c0c7a6bf1b92c868ed44172b3cd15c51667b8a6e\"\u003e\u003ccode\u003ec0c7a6b\u003c/code\u003e\u003c/a\u003e fix(k8s): disable parallel traversal with fs cache for k8s images (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9534\"\u003e#9534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bfd2f6ba697c223d60a7378283293d8e1fc8a8fe\"\u003e\u003ccode\u003ebfd2f6b\u003c/code\u003e\u003c/a\u003e fix(misconf): handle tofu files in module detection (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9486\"\u003e#9486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e4af279b29ed5b77ed1d62e31b232b1f9b92ef4f\"\u003e\u003ccode\u003ee4af279\u003c/code\u003e\u003c/a\u003e feat(seal): add seal support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9370\"\u003e#9370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e149094f9b39e7c95b31783a09a16aa3b549813e\"\u003e\u003ccode\u003ee149094\u003c/code\u003e\u003c/a\u003e docs: fix modules path and update code example (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9539\"\u003e#9539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a4cbd6a1380b7b4dc650a312ec4e5bc47501f674\"\u003e\u003ccode\u003ea4cbd6a\u003c/code\u003e\u003c/a\u003e fix: close file descriptors and pipes on error paths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9536\"\u003e#9536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.66.0...v0.67.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.66.0\u0026new-version=0.67.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7080","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7080","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7080/packages"},{"uuid":"2799709440","node_id":"PR_kwDODOjFv86m4C0A","number":7000,"state":"open","title":"deps(docker): bump the docker group with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-04T14:31:16.000Z","updated_at":"2025-09-05T07:30:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":3,"packages":[{"name":"goreleaser/goreleaser","old_version":"v2.11.2","new_version":"v2.12.0"},{"name":"hadolint/hadolint","old_version":"v2.12.0-alpine","new_version":"v2.13.1-alpine"},{"name":"aquasecurity/trivy","old_version":"0.65.0","new_version":"0.66.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 3 updates: goreleaser/goreleaser, hadolint/hadolint and [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `goreleaser/goreleaser` from v2.11.2 to v2.12.0\n\nUpdates `hadolint/hadolint` from v2.12.0-alpine to v2.13.1-alpine\n\nUpdates `aquasecurity/trivy` from 0.65.0 to 0.66.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.66.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/9424\"\u003e👉 Trivy v.66.0 release notes (click here)\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e⬇️ Download Trivy\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=macos\u0026amp;arch=arm64\"\u003eMacOS Apple Silicon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=macos\u0026amp;arch=amd64\"\u003eMacOS Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=linux\u0026amp;arch=amd64\"\u003eLinux Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=linux\u0026amp;arch=arm64\"\u003eLinux ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=zip\u0026amp;version=0.66.0\u0026amp;os=windows\u0026amp;arch=amd64\"\u003eWindows Intel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0660-2025-09-02\"\u003eFull changelog\u003c/a\u003e\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.65.0...v0.66.0\"\u003e0.66.0\u003c/a\u003e (2025-09-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd timeout handling for cache database operations (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9307\"\u003e#9307\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/235c24e71a546b6196f7264fced2d02d836e3f85\"\u003e235c24e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e added audit config attribute (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9249\"\u003e#9249\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4d4a2444b692512aca137dcbd367ff224fe25597\"\u003e4d4a244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esecret:\u003c/strong\u003e implement streaming secret scanner with byte offset tracking (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9264\"\u003e#9264\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5a5e0972c72e629ddf2915ef066d632d58b8d3b0\"\u003e5a5e097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eterraform:\u003c/strong\u003e use .terraform cache for remote modules in plan scanning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9277\"\u003e#9277\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/298a9941f098d2701b9524a703b9f9b1b9451785\"\u003e298a994\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econda:\u003c/strong\u003e memory leak by adding closure method for \u003ccode\u003epackage.json\u003c/code\u003e file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9349\"\u003e#9349\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/03d039f17d94cf668152e83d0cf9dabf3b27d3dd\"\u003e03d039f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecreate temp file under composite fs dir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9387\"\u003e#9387\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ce22f54a39a1abac08fa3ad540697c668792bf50\"\u003ece22f54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e handle multiple license types (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9378\"\u003e#9378\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/46ab76a5af828c98cf93fc988ed6a405b7b07392\"\u003e46ab76a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003efs:\u003c/strong\u003e avoid shadowing errors in file.glob (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9286\"\u003e#9286\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b51c789330141d634a9b14bd10994c997862940f\"\u003eb51c789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eimage:\u003c/strong\u003e use standardized HTTP client for ECR authentication (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9322\"\u003e#9322\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/84fbf8674dfc0f91d8795a50bafa6041cce83ba2\"\u003e84fbf86\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e ensure ignore rules respect subdirectory chart paths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9324\"\u003e#9324\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d3cd101266eb7bf9b8ffe5899765efa7bd1abe30\"\u003ed3cd101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e ensure module source is known (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9404\"\u003e#9404\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/81d94253c8bc816ad932f7e0c0b8907e1cd759bb\"\u003e81d9425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e preserve original paths of remote submodules from .terraform (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9294\"\u003e#9294\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1319d8dc7f4796177876af18f0e13ba1f7086348\"\u003e1319d8d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use correct field log_bucket instead of target_bucket in gcp bucket (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9296\"\u003e#9296\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/04ad0c4fc2926a92e9e9ec11bb8eae826ed95827\"\u003e04ad0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epersistent flag option typo (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9374\"\u003e#9374\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6e99dd304c7fad8213489039e7ca42909383b5ff\"\u003e6e99dd3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eplugin:\u003c/strong\u003e don't remove plugins when updating index.yaml file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9358\"\u003e#9358\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5f067ac15e5c609283bef26a211746a279b6b5d0\"\u003e5f067ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e impove package name normalization  (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9290\"\u003e#9290\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1473e88b74ca269691de7827e045703612b90050\"\u003e1473e88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erepo:\u003c/strong\u003e preserve RepoMetadata on FS cache hit (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9389\"\u003e#9389\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4f2a44ea45bed1e842bb2072077da67ec7e744ac\"\u003e4f2a44e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erepo:\u003c/strong\u003e sanitize git repo URL before inserting into report metadata (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9391\"\u003e#9391\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1ac9b1f07cea429cc122bf9721e8909c649549cf\"\u003e1ac9b1f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add support for \u003ccode\u003efile\u003c/code\u003e component type of \u003ccode\u003eCycloneDX\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9372\"\u003e#9372\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aa7cf4387c5e82c1f629ac14cd6a35b48fc95983\"\u003eaa7cf43\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esuppress debug log for context cancellation errors (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9298\"\u003e#9298\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2458d5e28a54da9adec0b36f6b1e6bd4f15a72ce\"\u003e2458d5e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7bcb181268893fdd69ef4582588c040bb1036c33\"\u003e\u003ccode\u003e7bcb181\u003c/code\u003e\u003c/a\u003e release: v0.66.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9289\"\u003e#9289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21258954d2733285d97ba03b08570488b278cbf6\"\u003e\u003ccode\u003e2125895\u003c/code\u003e\u003c/a\u003e chore(deps): bump the aws group with 7 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9419\"\u003e#9419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/29e9ff7e144f5697a6afcc2d38f87e2be0284f4a\"\u003e\u003ccode\u003e29e9ff7\u003c/code\u003e\u003c/a\u003e refactor(secret): clarify secret scanner messages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9409\"\u003e#9409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/46ab76a5af828c98cf93fc988ed6a405b7b07392\"\u003e\u003ccode\u003e46ab76a\u003c/code\u003e\u003c/a\u003e fix(cyclonedx): handle multiple license types (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9378\"\u003e#9378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1ac9b1f07cea429cc122bf9721e8909c649549cf\"\u003e\u003ccode\u003e1ac9b1f\u003c/code\u003e\u003c/a\u003e fix(repo): sanitize git repo URL before inserting into report metadata (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9391\"\u003e#9391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6fa3849c10dc4e0942ebd6b6629c49671bf0e008\"\u003e\u003ccode\u003e6fa3849\u003c/code\u003e\u003c/a\u003e test: add HTTP basic authentication to git test server (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9407\"\u003e#9407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aa7cf4387c5e82c1f629ac14cd6a35b48fc95983\"\u003e\u003ccode\u003eaa7cf43\u003c/code\u003e\u003c/a\u003e fix(sbom): add support for \u003ccode\u003efile\u003c/code\u003e component type of \u003ccode\u003eCycloneDX\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9372\"\u003e#9372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/81d94253c8bc816ad932f7e0c0b8907e1cd759bb\"\u003e\u003ccode\u003e81d9425\u003c/code\u003e\u003c/a\u003e fix(misconf): ensure module source is known (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9404\"\u003e#9404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1d646d62312021ccec3d5ae12b0c8a8252b950bc\"\u003e\u003ccode\u003e1d646d6\u003c/code\u003e\u003c/a\u003e ci: migrate GitHub Actions from version tags to SHA pinning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9405\"\u003e#9405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ce22f54a39a1abac08fa3ad540697c668792bf50\"\u003e\u003ccode\u003ece22f54\u003c/code\u003e\u003c/a\u003e fix: create temp file under composite fs dir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9387\"\u003e#9387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.65.0...v0.66.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7000","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7000","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7000/packages"},{"uuid":"3208266103","node_id":"PR_kwDONj2Hx86duG15","number":367,"state":"open","title":"Bump aquasecurity/trivy from 0.63.0 to 0.64.1","user":"dependabot[bot]","labels":["dependencies","size/XS","docker"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-07T09:40:48.000Z","updated_at":"2025-07-12T06:38:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"aquasecurity/trivy","old_version":"0.63.0","new_version":"0.64.1","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.63.0 to 0.64.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.64.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e86ee3c1176d4707536914dfa65ac8eca452e14cd release: v0.64.1 [release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4e1272283a643bfca2d7231d286006219715fada fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e9a7d38432cf00f00970259e5ac3edd060e00ccff fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9124\"\u003e#9124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e53adfba3c25664b01e3a36fdec334b39b53c07f1 fix(rootio): check full version to detect \u003ccode\u003eroot.io\u003c/code\u003e packages [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9120\"\u003e#9120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9119\"\u003e#9119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.64.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/9105\"\u003e👉 Trivy v.64.0 release notes (click here)\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e⬇️ Download Trivy\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=macos\u0026amp;arch=arm64\"\u003eMacOS Apple Silicon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=macos\u0026amp;arch=amd64\"\u003eMacOS Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=linux\u0026amp;arch=amd64\"\u003eLinux Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=linux\u0026amp;arch=arm64\"\u003eLinux ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=zip\u0026amp;version=0.64.0\u0026amp;os=windows\u0026amp;arch=amd64\"\u003eWindows Intel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0640-2025-06-30\"\u003eFull changelog\u003c/a\u003e\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/v0.64.1/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.64.0...v0.64.1\"\u003e0.64.1\u003c/a\u003e (2025-07-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ealma:\u003c/strong\u003e parse epochs from rpmqa file [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9119\"\u003e#9119\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6\"\u003e8cf1bf9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Add more non-sensitive flags to telemetry [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9124\"\u003e#9124\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a7d38432cf00f00970259e5ac3edd060e00ccff\"\u003e9a7d384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e skip rewriting expr if attr is nil [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9127\"\u003e#9127\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4e1272283a643bfca2d7231d286006219715fada\"\u003e4e12722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erootio:\u003c/strong\u003e check full version to detect \u003ccode\u003eroot.io\u003c/code\u003e packages [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9120\"\u003e#9120\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/53adfba3c25664b01e3a36fdec334b39b53c07f1\"\u003e53adfba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.0\"\u003e0.64.0\u003c/a\u003e (2025-06-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add version constraints to annoucements (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9023\"\u003e#9023\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/19efa9fd372242d2ec582a248e9e6573d2caef00\"\u003e19efa9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e dereference all maven settings.xml env placeholders (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9024\"\u003e#9024\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5aade698c71450badf8db028be61e12ec85c6248\"\u003e5aade69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e add OpenTofu file extension support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8747\"\u003e#8747\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/57801d0324384d990889ba39d856c881e5b8b070\"\u003e57801d0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e normalize CreatedBy for buildah and legacy docker builder (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8953\"\u003e#8953\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/65e155fdaf0ad02ec82f00a004427f126faf65ed\"\u003e65e155f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e Add EOL date for RHEL 10. (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8910\"\u003e#8910\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/48258a701a7adb210c433310de52f48568ccee19\"\u003e48258a7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereject unsupported artifact types in remote image retrieval (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9052\"\u003e#9052\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1e1e1b5fa6a884da978fe1ed4c222d613d6eafbd\"\u003e1e1e1b5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add manufacturer field to CycloneDX tools metadata (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9019\"\u003e#9019\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/41d0f949c874609641c08fa2620fa10bf4ceef78\"\u003e41d0f94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eterraform:\u003c/strong\u003e add partial evaluation for policy templates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8967\"\u003e#8967\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a9f7dcdb9c5973746c3737f2bbc3306a74be5408\"\u003ea9f7dcd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add end of life date for Ubuntu 25.04 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9077\"\u003e#9077\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/367564a3bec0c202566c59598dcff087bf50a23d\"\u003e367564a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add eol date for 20.04-ESM (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8981\"\u003e#8981\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/87118a0ec4a6ae492523b7bac9834c2b93a14557\"\u003e87118a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e add Root.io support for container image scanning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9073\"\u003e#9073\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/3a0ec0f2acff6a13ed6ab348b6b220d49e14a298\"\u003e3a0ec0f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing version check flags (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8951\"\u003e#8951\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ef5f8de8dadf5534a2c965aecca01c7067e5baca\"\u003eef5f8de\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add some values to the telemetry call (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9056\"\u003e#9056\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fd2bc91e133f846bc9f0910c19ac3be3fbfe4009\"\u003efd2bc91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly check for semver versions for trivy version check (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8948\"\u003e#8948\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b813527449c4604f5afad71ae82b13399bb48680\"\u003eb813527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edon't show corrupted trivy-db warning for first run (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8991\"\u003e#8991\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4ed78e39afe57e81c12482fef9102dc3f85d1493\"\u003e4ed78e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e .Config.User always takes precedence over USER in .History (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9050\"\u003e#9050\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/371b8cc02f2ffa3f42534a437ce8727519e7b9b9\"\u003e371b8cc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e correct Azure value-to-time conversion in AsTimeValue (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9015\"\u003e#9015\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/40d017b67da38131734eab90c42ad945ac3b5013\"\u003e40d017b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e move disabled checks filtering after analyzer scan (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9002\"\u003e#9002\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a58c36de124cba7250e1a5ae0cc32d83018391fe\"\u003ea58c36d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e reduce log noise on incompatible check (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9029\"\u003e#9029\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/99c5151d6ea1dabe85cce75ff9bb91166532b11f\"\u003e99c5151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e correctly parse \u003ccode\u003epackages\u003c/code\u003e array of \u003ccode\u003ebun.lock\u003c/code\u003e file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8998\"\u003e#8998\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/875ec3a9d2568e15a6824c8f84ad6a59f03eb212\"\u003e875ec3a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereport:\u003c/strong\u003e don't panic when report contains vulns, but doesn't contain packages for \u003ccode\u003etable\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8549\"\u003e#8549\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/87fda76f38a3a6939a87828c3df0c5ac2cf7fce3\"\u003e87fda76\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e remove unnecessary OS detection check in SBOM decoding (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9034\"\u003e#9034\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/198789a07b857b053c73f8fcd1f508902fac344d\"\u003e198789a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/86ee3c1176d4707536914dfa65ac8eca452e14cd\"\u003e\u003ccode\u003e86ee3c1\u003c/code\u003e\u003c/a\u003e release: v0.64.1 [release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4e1272283a643bfca2d7231d286006219715fada\"\u003e\u003ccode\u003e4e12722\u003c/code\u003e\u003c/a\u003e fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a7d38432cf00f00970259e5ac3edd060e00ccff\"\u003e\u003ccode\u003e9a7d384\u003c/code\u003e\u003c/a\u003e fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64]...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/53adfba3c25664b01e3a36fdec334b39b53c07f1\"\u003e\u003ccode\u003e53adfba\u003c/code\u003e\u003c/a\u003e fix(rootio): check full version to detect \u003ccode\u003eroot.io\u003c/code\u003e packages [backport: relea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6\"\u003e\u003ccode\u003e8cf1bf9\u003c/code\u003e\u003c/a\u003e fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9119\"\u003e#9119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/280491bb5100ec2c16ee6467cd5c6760a4d14ef7\"\u003e\u003ccode\u003e280491b\u003c/code\u003e\u003c/a\u003e release: v0.64.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8955\"\u003e#8955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a6e9807c09f637f1d39389c6c24d76dd9fcd0540\"\u003e\u003ccode\u003ea6e9807\u003c/code\u003e\u003c/a\u003e docs(python): fix type with METADATA file name (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9090\"\u003e#9090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1e1e1b5fa6a884da978fe1ed4c222d613d6eafbd\"\u003e\u003ccode\u003e1e1e1b5\u003c/code\u003e\u003c/a\u003e feat: reject unsupported artifact types in remote image retrieval (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9052\"\u003e#9052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7333c469f42bf9b16c4b1f79d85633cf55ef1a50\"\u003e\u003ccode\u003e7333c46\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9\"\u003e#9\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bac6f7b3daba7fc0e46cbf1bfa930cee285ca3ab\"\u003e\u003ccode\u003ebac6f7b\u003c/code\u003e\u003c/a\u003e refactor(misconf): rewrite Rego module filtering using functional filters (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9\"\u003e#9\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.63.0\u0026new-version=0.64.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mattdowdell/sandbox/pull/367","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdowdell%2Fsandbox/issues/367","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/367/packages"},{"uuid":"2559681377","node_id":"PR_kwDONj2Hx86YkaNh","number":306,"state":"open","title":"Bump aquasecurity/trivy from 0.62.1 to 0.63.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T08:02:30.000Z","updated_at":"2025-06-02T08:02:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"aquasecurity/trivy","old_version":"0.62.1","new_version":"0.63.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.62.1 to 0.63.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.63.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/8945\"\u003e👉 Trivy v.63.0 release notes (click here)\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e⬇️ Download Trivy\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=macos\u0026amp;arch=arm64\"\u003eMacOS Apple Silicon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=macos\u0026amp;arch=amd64\"\u003eMacOS Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=linux\u0026amp;arch=amd64\"\u003eLinux Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=linux\u0026amp;arch=arm64\"\u003eLinux ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=zip\u0026amp;version=0.63.0\u0026amp;os=windows\u0026amp;arch=amd64\"\u003eWindows Intel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0630-2025-05-29\"\u003eFull changelog\u003c/a\u003e\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.63.0\"\u003e0.63.0\u003c/a\u003e (2025-05-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Bottlerocket OS package analyzer (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8653\"\u003e#8653\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/07ef63b4830f9f3d791a07433287a99118d7590a\"\u003e07ef63b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd JSONC support for comments and trailing commas (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8862\"\u003e#8862\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0b0e4061ef955efc0f94280d2d390f11ff6e2409\"\u003e0b0e406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ealpine:\u003c/strong\u003e add maintainer field extraction for APK packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8930\"\u003e#8930\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/104bbc18ea85caec17125296dc4fe2dea9c49826\"\u003e104bbc1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Add available version checking (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8553\"\u003e#8553\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5a0bf9ed31ad34248895e69231da602935e66785\"\u003e5a0bf9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eecho:\u003c/strong\u003e Add Echo Support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8833\"\u003e#8833\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c7b8cc392eb28eb63e10561cf1ff7991e5e3c548\"\u003ec7b8cc3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ego:\u003c/strong\u003e support license scanning in both GOPATH and vendor (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8843\"\u003e#8843\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/26437be083960d17bee8b1b37b8a6780eff07981\"\u003e26437be\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ek8s:\u003c/strong\u003e get components from namespaced resources (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8918\"\u003e#8918\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4f1ab238693919772a65450de9fb9fb2f873c0d6\"\u003e4f1ab23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e improve work text licenses with custom classification (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8888\"\u003e#8888\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ee522300b73a2afc72829fc2fa7ff419712fc89a\"\u003eee52230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e improve work with custom classification of licenses from config file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8861\"\u003e#8861\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c321fdfcdd58f34d076fc730e2b63fdd13e426a9\"\u003ec321fdf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e scan vendor directory for license for go.mod files (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8689\"\u003e#8689\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/dd6a6e50a44b7b543fd9dba634da599a76650acb\"\u003edd6a6e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e Support compound licenses (licenses using SPDX operators) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8816\"\u003e#8816\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/39f9ed128b2c0fb599ad9092a3cf5675106bffdc\"\u003e39f9ed1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eminimos:\u003c/strong\u003e Add support for MinimOS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8792\"\u003e#8792\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c2dde33c3f19d499258a7089d7658a9f90722acf\"\u003ec2dde33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e add misconfiguration location to junit template (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8793\"\u003e#8793\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a516775da6fda92a55a62418a081561127a1d5ca\"\u003ea516775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e Add support for \u003ccode\u003eMinimum Trivy Version\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8880\"\u003e#8880\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/3b2a3976ac7e7785828655903b132e84ebd9d727\"\u003e3b2a397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e export raw Terraform data to Rego (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8741\"\u003e#8741\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aaecc29e909db4d5dac03caa0daf223035bfb877\"\u003eaaecc29\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e add a bun.lock analyzer (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8897\"\u003e#8897\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ca656d54b99346253fc6ac6422eecaca169514e\"\u003e7ca656d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e add bun.lock parser (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8851\"\u003e#8851\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1dcf81666f1c814600702b9ab603b4070da0b940\"\u003e1dcf816\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eterraform parser option to set current working directory (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8909\"\u003e#8909\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/893945117464bf6e090a55e3822f8299825f26d4\"\u003e8939451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echeck post-analyzers for StaticPaths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8904\"\u003e#8904\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/93e6680b1c6bbb590157f521c667c0f611775143\"\u003e93e6680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e disable \u003ccode\u003e--skip-dir\u003c/code\u003e and \u003ccode\u003e--skip-files\u003c/code\u003e flags for \u003ccode\u003esbom\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8886\"\u003e#8886\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/69a5fa18ca86ff7e5206abacf98732d46c000c7a\"\u003e69a5fa1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e don't use allow values for \u003ccode\u003e--compliance\u003c/code\u003e flag (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8881\"\u003e#8881\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/35e88890c3c201b3eb11f95376172e57bf44df4b\"\u003e35e8889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efilter all files when processing files installed from package managers (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8842\"\u003e#8842\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6ebde88dbcaf22f25932bad4844b3c9eaca90560\"\u003e6ebde88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e exclude dev dependencies in gradle lockfile (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8803\"\u003e#8803\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8995838e8d184ee9178d5b52d2d3fa9b4e403015\"\u003e8995838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ejulia parser panicing (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8883\"\u003e#8883\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/be8c7b796dbe36d8dc3889e0bdea23336de9a1ab\"\u003ebe8c7b7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejulia:\u003c/strong\u003e add \u003ccode\u003eRelationship\u003c/code\u003e field support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8939\"\u003e#8939\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/22f040f94790060132c7b0a635f44c35d5a35fb6\"\u003e22f040f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ek8s:\u003c/strong\u003e use in-memory cache backend during misconfig scanning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8873\"\u003e#8873\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fe127715e505d753e0d878d52c5f280cdc326b76\"\u003efe12771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e check if for-each is known when expanding dyn block (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8808\"\u003e#8808\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/570660314698472ab831a7e0d55044e0b1e9c6c0\"\u003e5706603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use argument value in WithIncludeDeprecatedChecks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8942\"\u003e#8942\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7e9a54cd6bf4bc15e485c6233d140b389e432fe5\"\u003e7e9a54c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emore revive rules (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8814\"\u003e#8814\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/3ab459e3b674f319bf349d478917a531a69754c0\"\u003e3ab459e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoctalLiteral from go-critic (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8811\"\u003e#8811\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a19e0aa1ba0350198c898fd57c9405fbf38fa432\"\u003ea19e0aa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e Also try to find buildinfo in root layer (layer 0) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8924\"\u003e#8924\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/906b037cff97060267d20f8947f429e078419d66\"\u003e906b037\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e save contentSets for OS packages in fs/vm modes (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8820\"\u003e#8820\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9256804df8577d8a746fb8b97c508c247ab82f8f\"\u003e9256804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e trim invalid suffix from content_sets in manifest parsing (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8818\"\u003e#8818\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa1077bbf5863a519f6f180a600afe5e2d6180d8\"\u003efa1077b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e add missed Relationship field for \u003ccode\u003erpc\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8872\"\u003e#8872\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/38f17c945e3ef7784607037c0457fb1e06a99959\"\u003e38f17c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse-any from revive (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8810\"\u003e#8810\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/883c63bf29568f0feab37e5d36ae1c417eef88f5\"\u003e883c63b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evex:\u003c/strong\u003e use \u003ccode\u003elo.IsNil\u003c/code\u003e to check \u003ccode\u003eVEX\u003c/code\u003e from OCI artifact (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8858\"\u003e#8858\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e97af9806ab13e1ec8b792e0586b486c4982c170\"\u003ee97af98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewolfi:\u003c/strong\u003e support new APK database location (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8937\"\u003e#8937\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b15d9a60e6a3ed40811d5ca6387082266ae92ea7\"\u003eb15d9a6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/69093d2c23b275d79a69acfa604c5d159c7c2904\"\u003e\u003ccode\u003e69093d2\u003c/code\u003e\u003c/a\u003e release: v0.63.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8809\"\u003e#8809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7e9a54cd6bf4bc15e485c6233d140b389e432fe5\"\u003e\u003ccode\u003e7e9a54c\u003c/code\u003e\u003c/a\u003e fix(misconf): use argument value in WithIncludeDeprecatedChecks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8942\"\u003e#8942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/78e3304bbec5d90cbd8421f44aca12b2116ce4d6\"\u003e\u003ccode\u003e78e3304\u003c/code\u003e\u003c/a\u003e chore(deps): Bump trivy-checks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8934\"\u003e#8934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/22f040f94790060132c7b0a635f44c35d5a35fb6\"\u003e\u003ccode\u003e22f040f\u003c/code\u003e\u003c/a\u003e fix(julia): add \u003ccode\u003eRelationship\u003c/code\u003e field support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8939\"\u003e#8939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c2dde33c3f19d499258a7089d7658a9f90722acf\"\u003e\u003ccode\u003ec2dde33\u003c/code\u003e\u003c/a\u003e feat(minimos): Add support for MinimOS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8792\"\u003e#8792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/104bbc18ea85caec17125296dc4fe2dea9c49826\"\u003e\u003ccode\u003e104bbc1\u003c/code\u003e\u003c/a\u003e feat(alpine): add maintainer field extraction for APK packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8930\"\u003e#8930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c7b8cc392eb28eb63e10561cf1ff7991e5e3c548\"\u003e\u003ccode\u003ec7b8cc3\u003c/code\u003e\u003c/a\u003e feat(echo): Add Echo Support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8833\"\u003e#8833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/906b037cff97060267d20f8947f429e078419d66\"\u003e\u003ccode\u003e906b037\u003c/code\u003e\u003c/a\u003e fix(redhat): Also try to find buildinfo in root layer (layer 0) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8924\"\u003e#8924\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b15d9a60e6a3ed40811d5ca6387082266ae92ea7\"\u003e\u003ccode\u003eb15d9a6\u003c/code\u003e\u003c/a\u003e fix(wolfi): support new APK database location (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8937\"\u003e#8937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4f1ab238693919772a65450de9fb9fb2f873c0d6\"\u003e\u003ccode\u003e4f1ab23\u003c/code\u003e\u003c/a\u003e feat(k8s): get components from namespaced resources (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8918\"\u003e#8918\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.1...v0.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.62.1\u0026new-version=0.63.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mattdowdell/sandbox/pull/306","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdowdell%2Fsandbox/issues/306","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/306/packages"},{"uuid":"2513177935","node_id":"PR_kwDONj2Hx86VzA1P","number":262,"state":"closed","title":"Bump aquasecurity/trivy from 0.62.0 to 0.62.1","user":"dependabot[bot]","labels":["dependencies","size/XS","docker"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2025-05-12T09:30:33.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-12T08:56:52.000Z","updated_at":"2025-05-12T09:30:33.000Z","time_to_close":2021,"merged_at":"2025-05-12T09:30:33.000Z","merged_by":"dependabot[bot]","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"aquasecurity/trivy","old_version":"0.62.0","new_version":"0.62.1","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.62.0 to 0.62.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.62.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ec75ed2156c8fa801d6998016f46f6b953e8a9556 release: v0.62.1 [release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8825\"\u003e#8825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eaafebeb53aecbc9ed1ea44f8601183b4c25c49e3 chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e99485cfea2de53570342901eac860afdaacce86f fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8826\"\u003e#8826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4fc9e8ca1ff77a2795ffa47d0fc53cecd0e1bbd fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8824\"\u003e#8824\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/v0.62.1/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.62.1\"\u003e0.62.1\u003c/a\u003e (2025-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e check if for-each is known when expanding dyn block [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8826\"\u003e#8826\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/99485cfea2de53570342901eac860afdaacce86f\"\u003e99485cf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8824\"\u003e#8824\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b4fc9e8ca1ff77a2795ffa47d0fc53cecd0e1bbd\"\u003eb4fc9e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c75ed2156c8fa801d6998016f46f6b953e8a9556\"\u003e\u003ccode\u003ec75ed21\u003c/code\u003e\u003c/a\u003e release: v0.62.1 [release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8825\"\u003e#8825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aafebeb53aecbc9ed1ea44f8601183b4c25c49e3\"\u003e\u003ccode\u003eaafebeb\u003c/code\u003e\u003c/a\u003e chore(deps): bump the common group across 1 directory with 10 updates [backpo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/99485cfea2de53570342901eac860afdaacce86f\"\u003e\u003ccode\u003e99485cf\u003c/code\u003e\u003c/a\u003e fix(misconf): check if for-each is known when expanding dyn block [backport: ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b4fc9e8ca1ff77a2795ffa47d0fc53cecd0e1bbd\"\u003e\u003ccode\u003eb4fc9e8\u003c/code\u003e\u003c/a\u003e fix(redhat): trim invalid suffix from content_sets in manifest parsing [backp...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.62.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.62.0\u0026new-version=0.62.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mattdowdell/sandbox/pull/262","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdowdell%2Fsandbox/issues/262","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/262/packages"}],"issue_packages":[{"old_version":"0.69.3","new_version":"0.70.0","update_type":"minor","path":null,"pr_created_at":"2026-04-21T13:34:34.000Z","version_change":"0.69.3 → 0.70.0","issue":{"uuid":"4302944640","node_id":"PR_kwDODOjFv87UULU_","number":7765,"state":"open","title":"deps(docker): bump the docker group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T13:34:34.000Z","updated_at":"2026-04-21T13:49:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":3,"packages":[{"name":"terraform-linters/tflint","old_version":"v0.61.0","new_version":"v0.62.0","repository_url":"https://github.com/terraform-linters/tflint"},{"name":"hashicorp/terraform","old_version":"1.14.8","new_version":"1.14.9"},{"name":"aquasecurity/trivy","old_version":"0.69.3","new_version":"0.70.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 3 updates in the / directory: [terraform-linters/tflint](https://github.com/terraform-linters/tflint), hashicorp/terraform and [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `terraform-linters/tflint` from v0.61.0 to v0.62.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/terraform-linters/tflint/releases\"\u003eterraform-linters/tflint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.62.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Add signature mode to control plugin verifications by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2483\"\u003eterraform-linters/tflint#2483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Ignore forbidden attestation fetch errors by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2481\"\u003eterraform-linters/tflint#2481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2461\"\u003eterraform-linters/tflint#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.18.0 to 6.19.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2463\"\u003eterraform-linters/tflint#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2464\"\u003eterraform-linters/tflint#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2467\"\u003eterraform-linters/tflint#2467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2469\"\u003eterraform-linters/tflint#2469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2470\"\u003eterraform-linters/tflint#2470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/net from 0.50.0 to 0.51.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2472\"\u003eterraform-linters/tflint#2472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/zclconf/go-cty from 1.17.0 to 1.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2473\"\u003eterraform-linters/tflint#2473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2471\"\u003eterraform-linters/tflint#2471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/metadata-action from 5.10.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2474\"\u003eterraform-linters/tflint#2474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2476\"\u003eterraform-linters/tflint#2476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2479\"\u003eterraform-linters/tflint#2479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.1 to 1.79.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2480\"\u003eterraform-linters/tflint#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2475\"\u003eterraform-linters/tflint#2475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.19.2 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2477\"\u003eterraform-linters/tflint#2477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 3.7.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2478\"\u003eterraform-linters/tflint#2478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: Bump Go version to 1.26 by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2482\"\u003eterraform-linters/tflint#2482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2484\"\u003eterraform-linters/tflint#2484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2489\"\u003eterraform-linters/tflint#2489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump mislav/bump-homebrew-formula-action from 3.6 to 4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2490\"\u003eterraform-linters/tflint#2490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/terraform-linters/tflint-plugin-sdk from 0.23.1 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2491\"\u003eterraform-linters/tflint#2491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/fatih/color from 1.18.0 to 1.19.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2492\"\u003eterraform-linters/tflint#2492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edependabot: Set cooldown period by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2493\"\u003eterraform-linters/tflint#2493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2495\"\u003eterraform-linters/tflint#2495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2496\"\u003eterraform-linters/tflint#2496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2498\"\u003eterraform-linters/tflint#2498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.4 to 1.7.8 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2499\"\u003eterraform-linters/tflint#2499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.95.0 to 1.97.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2500\"\u003eterraform-linters/tflint#2500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2501\"\u003eterraform-linters/tflint#2501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2502\"\u003eterraform-linters/tflint#2502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2506\"\u003eterraform-linters/tflint#2506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2503\"\u003eterraform-linters/tflint#2503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2497\"\u003eterraform-linters/tflint#2497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2504\"\u003eterraform-linters/tflint#2504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2507\"\u003eterraform-linters/tflint#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: Migrate attest-build-provenance to attest by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2508\"\u003eterraform-linters/tflint#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ehttps://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/2376055e05a48529705050c30e9c994b702e48ec\"\u003e\u003ccode\u003e2376055\u003c/code\u003e\u003c/a\u003e Bump up version to v0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/641dbb62a66d9325f99d37e085f08fae39b2cbda\"\u003e\u003ccode\u003e641dbb6\u003c/code\u003e\u003c/a\u003e Bump Go version to 1.26.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/94f1eb872fd905c454585ab911cab74bf5345e05\"\u003e\u003ccode\u003e94f1eb8\u003c/code\u003e\u003c/a\u003e release: Migrate attest-build-provenance to attest (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/7d900633823c4be574b1837f088bac1623adcc46\"\u003e\u003ccode\u003e7d90063\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/62b61c5f5b27d41cb2efb6dcfab26640df74ee97\"\u003e\u003ccode\u003e62b61c5\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/login-action from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2504\"\u003e#2504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/540c3e0142f049bc54b460ad92f5e7e8e15ad1b2\"\u003e\u003ccode\u003e540c3e0\u003c/code\u003e\u003c/a\u003e build(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2497\"\u003e#2497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/3405bffb2be971699c18f8da383c70328e065210\"\u003e\u003ccode\u003e3405bff\u003c/code\u003e\u003c/a\u003e build(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2503\"\u003e#2503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/ab01b38d2b54fe6ef4ec0d237b80d354bf16ff55\"\u003e\u003ccode\u003eab01b38\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/sigstore/timestamp-authority/v2 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2506\"\u003e#2506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/e9091c75562fee7ea66ff31e1b845eb50df73011\"\u003e\u003ccode\u003ee9091c7\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2502\"\u003e#2502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/999b9d65784a3468af97adbe8c68d16287b0dcbc\"\u003e\u003ccode\u003e999b9d6\u003c/code\u003e\u003c/a\u003e build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2501\"\u003e#2501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hashicorp/terraform` from 1.14.8 to 1.14.9\n\nUpdates `aquasecurity/trivy` from 0.69.3 to 0.70.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.70.0\u003c/h2\u003e\n\u003ch2\u003e⚡ Highlights ⚡\u003c/h2\u003e\n\u003cp\u003e👉 \u003ca href=\"https://github.com/aquasecurity/trivy/discussions/10546\"\u003ehttps://github.com/aquasecurity/trivy/discussions/10546\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\"\u003ehttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.0...v0.70.0\"\u003e0.70.0\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ego:\u003c/strong\u003e detect version from ELF symbol table for binaries built with -trimpath (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10197\"\u003e#10197\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7acb5f6f095a11cb9911af5a0bc03aecc7c88f8f\"\u003e7acb5f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e add support for proxy configuration from Maven settings.xml (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10187\"\u003e#10187\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/350fe3345129f0f341ab80438f66f951b602364a\"\u003e350fe33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e adapt ARM k8s clusters (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9696\"\u003e#9696\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10125\"\u003e#10125\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/66bdec4f6af6100b6ab991ca417b0c801cb5cd80\"\u003e66bdec4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e resolve Azure resources via resource_id (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10173\"\u003e#10173\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/823f3634ae8f41a17be8695ceabcb8ca52f82a63\"\u003e823f363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e support for azurerm_network_interface_security_group_association  (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10215\"\u003e#10215\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/da94d5f38676885264787fe22f3ed8ab42511b2a\"\u003eda94d5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml (PEP 751) parser (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9632\"\u003e#9632\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1a72b326bba9e0959d5f3b63367bb311f064d795\"\u003e1a72b32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10137\"\u003e#10137\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d0a3f63b84e6a8cd9067e85344097f9179c14b0d\"\u003ed0a3f63\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e include server version info in JSON output for client/server mode (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10075\"\u003e#10075\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4c46d418c58c9a070a87b9d3c88966d40e435329\"\u003e4c46d41\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add eol data for 25.10 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10181\"\u003e#10181\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2c1f65bdeec62baef45e93f58cc8e5eca7d84d26\"\u003e2c1f65b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e skip third-party packages in common Detect function (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10129\"\u003e#10129\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d6e6331abba28fe22f6d8d3bc36f7821601ff8ad\"\u003ed6e6331\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e include CVSS v4 vulnerability ratings (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10313\"\u003e#10313\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2a4dfbf18a71a17de2c22c02afc5742466f6d799\"\u003e2a4dfbf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetected vulnerability fields in azure and mariner detector (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10275\"\u003e#10275\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/77f5cb5abda49844b936322e85829b256cb4599c\"\u003e77f5cb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eflag:\u003c/strong\u003e validate template file extension (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10296\"\u003e#10296\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/20458b836b71b2bed72d31ebba1ba9572333dcfd\"\u003e20458b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehandle Go 1.26 GOEXPERIMENT version format change (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10351\"\u003e#10351\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/f207ec693b23b6d5114dbf3b309903689b93073d\"\u003ef207ec6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e Disable overwriting exclusions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10088\"\u003e#10088\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a3e0a845db68a79f4fd0e71f5cb7d8ca3976bbe\"\u003e9a3e0a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e apply check aliases when filtering results via .trivyignore (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10112\"\u003e#10112\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b775a1b63cd7afeda8dec2c1c8b8b6d422418bc6\"\u003eb775a1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e initialize custom annotation field if empty (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10123\"\u003e#10123\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0f0d6dbff4825f7b0ea7744b2229e0157af52972\"\u003e0f0d6db\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e handle multiple version specifiers in requirements.txt (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10361\"\u003e#10361\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4cf44985c58575850138c9cc3780b201dfad7c09\"\u003e4cf4498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e nil pointer dereference with optional poetry groups without dependencies (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10359\"\u003e#10359\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/12ab3cee257f89b3b180c38bc2d765dc4c7918a1\"\u003e12ab3ce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove os.Stdout from wazero module config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10403\"\u003e#10403\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bda9710eb0c4c7d5ba1bc60bbaa06d43dc3c523a\"\u003ebda9710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereport:\u003c/strong\u003e set correct sarif ROOTPATH uri when scanning a git repository (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10366\"\u003e#10366\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e5da6deee9904d00cb4fd5ea1f67e8a1711ec8dd\"\u003ee5da6de\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10368\"\u003e#10368\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/33b9d8ec318bb1f4081371a0a5fd46071080aef1\"\u003e33b9d8e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e preserve Red Hat BuildInfo when scanning SBOMs without layer info (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10378\"\u003e#10378\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e9e9e8c6bd914b4d4802107bbf8d0c40bad1dd57\"\u003ee9e9e8c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e exclude JavaDB and CheckBundle from /version endpoint (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10100\"\u003e#10100\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b9a8d2d80adc47bf9f48e13c2738b099c907518b\"\u003eb9a8d2d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate PhotonOS feed URL (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10122\"\u003e#10122\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa195b4d11d946b0212900b2a153a1abf381e8a2\"\u003efa195b4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e7ee3e1e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin:\u003c/strong\u003e optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10325\"\u003e#10325\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d7fb3558db610dc08ef1c3e22dd37082180368b2\"\u003ed7fb355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.69.0\"\u003e0.69.0\u003c/a\u003e (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use ID instead of AVDID for providers mapping (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9752\"\u003e#9752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8a3177aedf7ee0864920eb1852eef031cd3742b8\"\u003e\u003ccode\u003e8a3177a\u003c/code\u003e\u003c/a\u003e release: v0.70.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10105\"\u003e#10105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/974de495449f2bef46fdc0654f57d61da1452d8a\"\u003e\u003ccode\u003e974de49\u003c/code\u003e\u003c/a\u003e chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10496\"\u003e#10496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21755974af6155e55652e2088be8f5c03beceb25\"\u003e\u003ccode\u003e2175597\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/50c7a1ecb0b279b4980fa2631a2c596c77e426d4\"\u003e\u003ccode\u003e50c7a1e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the common group across 1 directory with 8 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10540\"\u003e#10540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/885fbcedaf6057b5ac526efa9991c624272153cd\"\u003e\u003ccode\u003e885fbce\u003c/code\u003e\u003c/a\u003e chore(deps): bump the docker group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10538\"\u003e#10538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e\u003ccode\u003e7ee3e1e\u003c/code\u003e\u003c/a\u003e fix: use Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6dbe3691f5158594c52783b95895a835981f8836\"\u003e\u003ccode\u003e6dbe369\u003c/code\u003e\u003c/a\u003e chore(deps): bump testcontainers-go to v0.42.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10531\"\u003e#10531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21e6888c7be3ef017516daa644716f110cb8d901\"\u003e\u003ccode\u003e21e6888\u003c/code\u003e\u003c/a\u003e chore: update CODEOWNERS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10529\"\u003e#10529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/35d28e81e9226d42de9c20e21fd954eb9061cfd3\"\u003e\u003ccode\u003e35d28e8\u003c/code\u003e\u003c/a\u003e chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10511\"\u003e#10511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6d40a9826c0ec7f4a183962c23c142c7f7e8d6df\"\u003e\u003ccode\u003e6d40a98\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10510\"\u003e#10510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.3...v0.70.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7765","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7765","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7765/packages"}},{"old_version":"0.69.3","new_version":"0.70.0","update_type":"minor","path":null,"pr_created_at":"2026-04-19T23:17:15.000Z","version_change":"0.69.3 → 0.70.0","issue":{"uuid":"4292290842","node_id":"PR_kwDOSGxogc7Txx6a","number":3,"state":"closed","title":"deps(docker): bump the docker group with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-04-19T23:17:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-19T23:17:15.000Z","updated_at":"2026-04-20T00:32:46.000Z","time_to_close":14,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":2,"packages":[{"name":"terraform-linters/tflint","old_version":"v0.61.0","new_version":"v0.62.0","repository_url":"https://github.com/terraform-linters/tflint"},{"name":"aquasecurity/trivy","old_version":"0.69.3","new_version":"0.70.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 2 updates: [terraform-linters/tflint](https://github.com/terraform-linters/tflint) and [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `terraform-linters/tflint` from v0.61.0 to v0.62.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/terraform-linters/tflint/releases\"\u003eterraform-linters/tflint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.62.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Add signature mode to control plugin verifications by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2483\"\u003eterraform-linters/tflint#2483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin: Ignore forbidden attestation fetch errors by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2481\"\u003eterraform-linters/tflint#2481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2461\"\u003eterraform-linters/tflint#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.18.0 to 6.19.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2463\"\u003eterraform-linters/tflint#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2464\"\u003eterraform-linters/tflint#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2467\"\u003eterraform-linters/tflint#2467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2469\"\u003eterraform-linters/tflint#2469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2470\"\u003eterraform-linters/tflint#2470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/net from 0.50.0 to 0.51.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2472\"\u003eterraform-linters/tflint#2472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/zclconf/go-cty from 1.17.0 to 1.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2473\"\u003eterraform-linters/tflint#2473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2471\"\u003eterraform-linters/tflint#2471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/metadata-action from 5.10.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2474\"\u003eterraform-linters/tflint#2474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2476\"\u003eterraform-linters/tflint#2476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in the go-x group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2479\"\u003eterraform-linters/tflint#2479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.1 to 1.79.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2480\"\u003eterraform-linters/tflint#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2475\"\u003eterraform-linters/tflint#2475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 6.19.2 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2477\"\u003eterraform-linters/tflint#2477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 3.7.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2478\"\u003eterraform-linters/tflint#2478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: Bump Go version to 1.26 by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2482\"\u003eterraform-linters/tflint#2482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump the go-x group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2484\"\u003eterraform-linters/tflint#2484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2489\"\u003eterraform-linters/tflint#2489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump mislav/bump-homebrew-formula-action from 3.6 to 4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2490\"\u003eterraform-linters/tflint#2490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/terraform-linters/tflint-plugin-sdk from 0.23.1 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2491\"\u003eterraform-linters/tflint#2491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/fatih/color from 1.18.0 to 1.19.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2492\"\u003eterraform-linters/tflint#2492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edependabot: Set cooldown period by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2493\"\u003eterraform-linters/tflint#2493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2495\"\u003eterraform-linters/tflint#2495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2496\"\u003eterraform-linters/tflint#2496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2498\"\u003eterraform-linters/tflint#2498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.4 to 1.7.8 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2499\"\u003eterraform-linters/tflint#2499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.95.0 to 1.97.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2500\"\u003eterraform-linters/tflint#2500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2501\"\u003eterraform-linters/tflint#2501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2502\"\u003eterraform-linters/tflint#2502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2506\"\u003eterraform-linters/tflint#2506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2503\"\u003eterraform-linters/tflint#2503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2497\"\u003eterraform-linters/tflint#2497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/login-action from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2504\"\u003eterraform-linters/tflint#2504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2507\"\u003eterraform-linters/tflint#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: Migrate attest-build-provenance to attest by \u003ca href=\"https://github.com/wata727\"\u003e\u003ccode\u003e@​wata727\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/terraform-linters/tflint/pull/2508\"\u003eterraform-linters/tflint#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ehttps://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/2376055e05a48529705050c30e9c994b702e48ec\"\u003e\u003ccode\u003e2376055\u003c/code\u003e\u003c/a\u003e Bump up version to v0.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/641dbb62a66d9325f99d37e085f08fae39b2cbda\"\u003e\u003ccode\u003e641dbb6\u003c/code\u003e\u003c/a\u003e Bump Go version to 1.26.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/94f1eb872fd905c454585ab911cab74bf5345e05\"\u003e\u003ccode\u003e94f1eb8\u003c/code\u003e\u003c/a\u003e release: Migrate attest-build-provenance to attest (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/7d900633823c4be574b1837f088bac1623adcc46\"\u003e\u003ccode\u003e7d90063\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/build-push-action from 7.0.0 to 7.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/62b61c5f5b27d41cb2efb6dcfab26640df74ee97\"\u003e\u003ccode\u003e62b61c5\u003c/code\u003e\u003c/a\u003e build(deps): Bump docker/login-action from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2504\"\u003e#2504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/540c3e0142f049bc54b460ad92f5e7e8e15ad1b2\"\u003e\u003ccode\u003e540c3e0\u003c/code\u003e\u003c/a\u003e build(deps): Bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2497\"\u003e#2497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/3405bffb2be971699c18f8da383c70328e065210\"\u003e\u003ccode\u003e3405bff\u003c/code\u003e\u003c/a\u003e build(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2503\"\u003e#2503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/ab01b38d2b54fe6ef4ec0d237b80d354bf16ff55\"\u003e\u003ccode\u003eab01b38\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/sigstore/timestamp-authority/v2 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2506\"\u003e#2506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/e9091c75562fee7ea66ff31e1b845eb50df73011\"\u003e\u003ccode\u003ee9091c7\u003c/code\u003e\u003c/a\u003e build(deps): Bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2502\"\u003e#2502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/terraform-linters/tflint/commit/999b9d65784a3468af97adbe8c68d16287b0dcbc\"\u003e\u003ccode\u003e999b9d6\u003c/code\u003e\u003c/a\u003e build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/terraform-linters/tflint/issues/2501\"\u003e#2501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/terraform-linters/tflint/compare/v0.61.0...v0.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aquasecurity/trivy` from 0.69.3 to 0.70.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.70.0\u003c/h2\u003e\n\u003ch2\u003e📣Announcements 📣\u003c/h2\u003e\n\u003cp\u003e⚡ v0.70.0 - \u003ca href=\"https://github.com/aquasecurity/trivy/discussions/10546\"\u003ehttps://github.com/aquasecurity/trivy/discussions/10546\u003c/a\u003e\n⚡ GPG key for deb/rpm repos has been updated - \u003ca href=\"https://github.com/aquasecurity/trivy/discussions/10549\"\u003ehttps://github.com/aquasecurity/trivy/discussions/10549\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\"\u003ehttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.0...v0.70.0\"\u003e0.70.0\u003c/a\u003e (2026-04-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ego:\u003c/strong\u003e detect version from ELF symbol table for binaries built with -trimpath (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10197\"\u003e#10197\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7acb5f6f095a11cb9911af5a0bc03aecc7c88f8f\"\u003e7acb5f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e add support for proxy configuration from Maven settings.xml (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10187\"\u003e#10187\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/350fe3345129f0f341ab80438f66f951b602364a\"\u003e350fe33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e adapt ARM k8s clusters (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9696\"\u003e#9696\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10125\"\u003e#10125\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/66bdec4f6af6100b6ab991ca417b0c801cb5cd80\"\u003e66bdec4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e resolve Azure resources via resource_id (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10173\"\u003e#10173\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/823f3634ae8f41a17be8695ceabcb8ca52f82a63\"\u003e823f363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e support for azurerm_network_interface_security_group_association  (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10215\"\u003e#10215\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/da94d5f38676885264787fe22f3ed8ab42511b2a\"\u003eda94d5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml (PEP 751) parser (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9632\"\u003e#9632\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1a72b326bba9e0959d5f3b63367bb311f064d795\"\u003e1a72b32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e add pylock.toml support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10137\"\u003e#10137\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d0a3f63b84e6a8cd9067e85344097f9179c14b0d\"\u003ed0a3f63\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e include server version info in JSON output for client/server mode (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10075\"\u003e#10075\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4c46d418c58c9a070a87b9d3c88966d40e435329\"\u003e4c46d41\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add eol data for 25.10 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10181\"\u003e#10181\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2c1f65bdeec62baef45e93f58cc8e5eca7d84d26\"\u003e2c1f65b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e skip third-party packages in common Detect function (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10129\"\u003e#10129\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d6e6331abba28fe22f6d8d3bc36f7821601ff8ad\"\u003ed6e6331\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e include CVSS v4 vulnerability ratings (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10313\"\u003e#10313\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2a4dfbf18a71a17de2c22c02afc5742466f6d799\"\u003e2a4dfbf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edetected vulnerability fields in azure and mariner detector (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10275\"\u003e#10275\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/77f5cb5abda49844b936322e85829b256cb4599c\"\u003e77f5cb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eflag:\u003c/strong\u003e validate template file extension (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10296\"\u003e#10296\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/20458b836b71b2bed72d31ebba1ba9572333dcfd\"\u003e20458b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehandle Go 1.26 GOEXPERIMENT version format change (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10351\"\u003e#10351\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/f207ec693b23b6d5114dbf3b309903689b93073d\"\u003ef207ec6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e Disable overwriting exclusions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10088\"\u003e#10088\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a3e0a845db68a79f4fd0e71f5cb7d8ca3976bbe\"\u003e9a3e0a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e apply check aliases when filtering results via .trivyignore (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10112\"\u003e#10112\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b775a1b63cd7afeda8dec2c1c8b8b6d422418bc6\"\u003eb775a1b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e initialize custom annotation field if empty (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10123\"\u003e#10123\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0f0d6dbff4825f7b0ea7744b2229e0157af52972\"\u003e0f0d6db\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e handle multiple version specifiers in requirements.txt (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10361\"\u003e#10361\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4cf44985c58575850138c9cc3780b201dfad7c09\"\u003e4cf4498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e nil pointer dereference with optional poetry groups without dependencies (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10359\"\u003e#10359\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/12ab3cee257f89b3b180c38bc2d765dc4c7918a1\"\u003e12ab3ce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove os.Stdout from wazero module config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10403\"\u003e#10403\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bda9710eb0c4c7d5ba1bc60bbaa06d43dc3c523a\"\u003ebda9710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereport:\u003c/strong\u003e set correct sarif ROOTPATH uri when scanning a git repository (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10366\"\u003e#10366\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e5da6deee9904d00cb4fd5ea1f67e8a1711ec8dd\"\u003ee5da6de\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10368\"\u003e#10368\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/33b9d8ec318bb1f4081371a0a5fd46071080aef1\"\u003e33b9d8e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e preserve Red Hat BuildInfo when scanning SBOMs without layer info (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10378\"\u003e#10378\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e9e9e8c6bd914b4d4802107bbf8d0c40bad1dd57\"\u003ee9e9e8c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e exclude JavaDB and CheckBundle from /version endpoint (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10100\"\u003e#10100\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b9a8d2d80adc47bf9f48e13c2738b099c907518b\"\u003eb9a8d2d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate PhotonOS feed URL (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10122\"\u003e#10122\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa195b4d11d946b0212900b2a153a1abf381e8a2\"\u003efa195b4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e7ee3e1e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin:\u003c/strong\u003e optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10325\"\u003e#10325\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d7fb3558db610dc08ef1c3e22dd37082180368b2\"\u003ed7fb355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.69.0\"\u003e0.69.0\u003c/a\u003e (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use ID instead of AVDID for providers mapping (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9752\"\u003e#9752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8a3177aedf7ee0864920eb1852eef031cd3742b8\"\u003e\u003ccode\u003e8a3177a\u003c/code\u003e\u003c/a\u003e release: v0.70.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10105\"\u003e#10105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/974de495449f2bef46fdc0654f57d61da1452d8a\"\u003e\u003ccode\u003e974de49\u003c/code\u003e\u003c/a\u003e chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10496\"\u003e#10496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21755974af6155e55652e2088be8f5c03beceb25\"\u003e\u003ccode\u003e2175597\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/50c7a1ecb0b279b4980fa2631a2c596c77e426d4\"\u003e\u003ccode\u003e50c7a1e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the common group across 1 directory with 8 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10540\"\u003e#10540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/885fbcedaf6057b5ac526efa9991c624272153cd\"\u003e\u003ccode\u003e885fbce\u003c/code\u003e\u003c/a\u003e chore(deps): bump the docker group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10538\"\u003e#10538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ee3e1eeb0faf69a08837a3f42678e5e7f314286\"\u003e\u003ccode\u003e7ee3e1e\u003c/code\u003e\u003c/a\u003e fix: use Development category for GoReleaser discussions (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10530\"\u003e#10530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6dbe3691f5158594c52783b95895a835981f8836\"\u003e\u003ccode\u003e6dbe369\u003c/code\u003e\u003c/a\u003e chore(deps): bump testcontainers-go to v0.42.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10531\"\u003e#10531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21e6888c7be3ef017516daa644716f110cb8d901\"\u003e\u003ccode\u003e21e6888\u003c/code\u003e\u003c/a\u003e chore: update CODEOWNERS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10529\"\u003e#10529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/35d28e81e9226d42de9c20e21fd954eb9061cfd3\"\u003e\u003ccode\u003e35d28e8\u003c/code\u003e\u003c/a\u003e chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10511\"\u003e#10511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6d40a9826c0ec7f4a183962c23c142c7f7e8d6df\"\u003e\u003ccode\u003e6d40a98\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/10510\"\u003e#10510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.69.3...v0.70.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/TechForce-Lyron0785/super-linter/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechForce-Lyron0785%2Fsuper-linter/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"0.68.1","new_version":"0.68.2","update_type":"patch","path":null,"pr_created_at":"2025-12-23T14:07:39.000Z","version_change":"0.68.1 → 0.68.2","issue":{"uuid":"3757500742","node_id":"PR_kwDOJbs5-s66Vg3s","number":168,"state":"closed","title":"deps(docker): bump the docker group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-23T16:58:43.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-23T14:07:39.000Z","updated_at":"2025-12-23T16:58:45.000Z","time_to_close":10264,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":5,"packages":[{"name":"alpine/helm","old_version":"4.0.0","new_version":"4.0.4"},{"name":"hashicorp/terraform","old_version":"1.14.2","new_version":"1.14.3"},{"name":"clj-kondo/clj-kondo","old_version":"2025.10.23-alpine","new_version":"2025.12.23-alpine","repository_url":"https://github.com/clj-kondo/clj-kondo"},{"name":"dart","old_version":"3.10.4-sdk","new_version":"3.10.6-sdk"},{"name":"aquasecurity/trivy","old_version":"0.68.1","new_version":"0.68.2","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| alpine/helm | `4.0.0` | `4.0.4` |\n| hashicorp/terraform | `1.14.2` | `1.14.3` |\n| [clj-kondo/clj-kondo](https://github.com/clj-kondo/clj-kondo) | `2025.10.23-alpine` | `2025.12.23-alpine` |\n| dart | `3.10.4-sdk` | `3.10.6-sdk` |\n| [aquasecurity/trivy](https://github.com/aquasecurity/trivy) | `0.68.1` | `0.68.2` |\n\n\nUpdates `alpine/helm` from 4.0.0 to 4.0.4\n\nUpdates `hashicorp/terraform` from 1.14.2 to 1.14.3\n\nUpdates `clj-kondo/clj-kondo` from 2025.10.23-alpine to 2025.12.23-alpine\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/clj-kondo/clj-kondo/releases\"\u003eclj-kondo/clj-kondo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2025.12.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2651\"\u003e#2651\u003c/a\u003e: resume linting after paren mismatches by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2652\"\u003eclj-kondo/clj-kondo#2652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate key args for associative fns by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2650\"\u003eclj-kondo/clj-kondo#2650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inner class normalization by \u003ca href=\"https://github.com/ericdallo\"\u003e\u003ccode\u003e@​ericdallo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2657\"\u003eclj-kondo/clj-kondo#2657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude inner classes by \u003ca href=\"https://github.com/ericdallo\"\u003e\u003ccode\u003e@​ericdallo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2658\"\u003eclj-kondo/clj-kondo#2658\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade fs by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2659\"\u003eclj-kondo/clj-kondo#2659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCircle config by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2662\"\u003eclj-kondo/clj-kondo#2662\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2532\"\u003e#2532\u003c/a\u003e: ignore duplicate require icm :reload/:reload-all by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2663\"\u003eclj-kondo/clj-kondo#2663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2432\"\u003e#2432\u003c/a\u003e: don't warn for redundant-fn-wrapper in case of inlined fun… by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2664\"\u003eclj-kondo/clj-kondo#2664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd redundant-let-binding linter by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2655\"\u003eclj-kondo/clj-kondo#2655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2599\"\u003e#2599\u003c/a\u003e: Detect wrong no. of arguments passed to coll by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2665\"\u003eclj-kondo/clj-kondo#2665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix linter.md entry for redundant-let-binding by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2667\"\u003eclj-kondo/clj-kondo#2667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: redundant-call's level check didn't work by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2670\"\u003eclj-kondo/clj-kondo#2670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2661\"\u003e#2661\u003c/a\u003e: recur in tail position in core.match by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2672\"\u003eclj-kondo/clj-kondo#2672\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2617\"\u003e#2617\u003c/a\u003e - Add types for \u003ccode\u003erepeatedly\u003c/code\u003e function by \u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2674\"\u003eclj-kondo/clj-kondo#2674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2653\"\u003e#2653\u003c/a\u003e: detect unquote that isn't syntax-quoted by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2681\"\u003eclj-kondo/clj-kondo#2681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint trailing varargs syntax errs, lint varargs errs in let bindings by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2669\"\u003eclj-kondo/clj-kondo#2669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake all :keys bindings symbols, not keywords by \u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2682\"\u003eclj-kondo/clj-kondo#2682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2683\"\u003e#2683\u003c/a\u003e: ex-info data may be nil by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2685\"\u003eclj-kondo/clj-kondo#2685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2676\"\u003e#2676\u003c/a\u003e: Add handling for unresolved namespaces in maps by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2686\"\u003eclj-kondo/clj-kondo#2686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd ratio type support for numerator and denominator by \u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2684\"\u003eclj-kondo/clj-kondo#2684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2613\"\u003e#2613\u003c/a\u003e - Add linter for non-existing vars in refer-clojure by \u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2675\"\u003eclj-kondo/clj-kondo#2675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump clojurescript by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2688\"\u003eclj-kondo/clj-kondo#2688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: :refer-global and :require-global by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2689\"\u003eclj-kondo/clj-kondo#2689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2544\u003c/a\u003e: support inline configs in .cljc files by \u003ca href=\"https://github.com/borkdude\"\u003e\u003ccode\u003e@​borkdude\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2690\"\u003eclj-kondo/clj-kondo#2690\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2674\"\u003eclj-kondo/clj-kondo#2674\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/clj-kondo/clj-kondo/compare/v2025.10.23...v2025.12.23\"\u003ehttps://github.com/clj-kondo/clj-kondo/compare/v2025.10.23...v2025.12.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/clj-kondo/clj-kondo/blob/master/CHANGELOG.md\"\u003eclj-kondo/clj-kondo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eFor a list of breaking changes, check \u003ca href=\"https://github.com/clj-kondo/clj-kondo/blob/master/#breaking-changes\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo\"\u003eClj-kondo\u003c/a\u003e: static analyzer and linter for Clojure code that sparks joy ✨\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e2025.12.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2654\"\u003e#2654\u003c/a\u003e: NEW linter: \u003ccode\u003eredundant-let-binding\u003c/code\u003e, defaults to \u003ccode\u003e:off\u003c/code\u003e (\u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2653\"\u003e#2653\u003c/a\u003e: NEW linter: \u003ccode\u003e:unquote-not-syntax-quoted\u003c/code\u003e to warn on \u003ccode\u003e~\u003c/code\u003e and \u003ccode\u003e~@\u003c/code\u003e usage outside syntax-quote (\u003ccode\u003e`\u003c/code\u003e) (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2613\"\u003e#2613\u003c/a\u003e: NEW linter: \u003ccode\u003e:refer-clojure-exclude-unresolved-var\u003c/code\u003e to warn on non-existing vars in \u003ccode\u003e:refer-clojure :exclude\u003c/code\u003e (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2668\"\u003e#2668\u003c/a\u003e: Lint \u003ccode\u003e\u0026amp;\u003c/code\u003e syntax errors in let bindings and lint for trailing \u003ccode\u003e\u0026amp;\u003c/code\u003e (\u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2590\"\u003e#2590\u003c/a\u003e: \u003ccode\u003eduplicate-key-in-assoc\u003c/code\u003e changed to \u003ccode\u003eduplicate-key-args\u003c/code\u003e, and now lints \u003ccode\u003edissoc\u003c/code\u003e, \u003ccode\u003eassoc!\u003c/code\u003e and \u003ccode\u003edissoc!\u003c/code\u003e too (\u003ca href=\"https://github.com/tomdl89\"\u003e\u003ccode\u003e@​tomdl89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2651\"\u003e#2651\u003c/a\u003e: resume linting after paren mismatches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clojure-lsp/clojure-lsp/issues/2157\"\u003eclojure-lsp#2651\u003c/a\u003e: Fix inner class name for java-class-definitions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clojure-lsp/clojure-lsp/issues/2157\"\u003eclojure-lsp#2651\u003c/a\u003e: Include inner class java-class-definition analysis.\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003ebabashka/fs\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2532\"\u003e#2532\u003c/a\u003e: Disable \u003ccode\u003e:duplicate-require\u003c/code\u003e in \u003ccode\u003erequire\u003c/code\u003e + \u003ccode\u003e:reload\u003c/code\u003e / \u003ccode\u003e:reload-all\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2432\"\u003e#2432\u003c/a\u003e: Don't warn for \u003ccode\u003e:redundant-fn-wrapper\u003c/code\u003e in case of inlined function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2599\"\u003e#2599\u003c/a\u003e: detect invalid arity for invoking collection as higher order function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2661\"\u003e#2661\u003c/a\u003e: Fix false positive \u003ccode\u003e:unexpected-recur\u003c/code\u003e when \u003ccode\u003erecur\u003c/code\u003e is used inside \u003ccode\u003eclojure.core.match/match\u003c/code\u003e (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2617\"\u003e#2617\u003c/a\u003e: Add types for \u003ccode\u003erepeatedly\u003c/code\u003e (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e:ratio\u003c/code\u003e type support for \u003ccode\u003enumerator\u003c/code\u003e and \u003ccode\u003edenominator\u003c/code\u003e functions (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2676\"\u003e#2676\u003c/a\u003e: Report unresolved namespace for namespaced maps with unknown aliases (\u003ca href=\"https://github.com/jramosg\"\u003e\u003ccode\u003e@​jramosg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2683\"\u003e#2683\u003c/a\u003e: data argument of \u003ccode\u003eex-info\u003c/code\u003e may be nil since clojure 1.12\u003c/li\u003e\n\u003cli\u003eBump built-in ClojureScript analysis info\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: support new \u003ccode\u003e:refer-global\u003c/code\u003e and \u003ccode\u003e:require-global\u003c/code\u003e ns options in CLJS\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2554\u003c/a\u003e: support inline configs in \u003ccode\u003e.cljc\u003c/code\u003e files\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2025.10.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2590\"\u003e#2590\u003c/a\u003e: NEW linter: \u003ccode\u003eduplicate-key-in-assoc\u003c/code\u003e, defaults to \u003ccode\u003e:warning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2639\"\u003e#2639\u003c/a\u003e: NEW \u003ccode\u003e:equals-nil\u003c/code\u003e linter to detect \u003ccode\u003e(= nil x)\u003c/code\u003e or \u003ccode\u003e(= x nil)\u003c/code\u003e patterns and suggest \u003ccode\u003e(nil? x)\u003c/code\u003e instead (\u003ca href=\"https://github.com/conao3\"\u003e\u003ccode\u003e@​conao3\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2633\"\u003e#2633\u003c/a\u003e: support new \u003ccode\u003edefparkingop\u003c/code\u003e macro in core.async alpha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/pull/2635\"\u003e#2635\u003c/a\u003e: Add \u003ccode\u003e:interface\u003c/code\u003e flag to \u003ccode\u003e:flags\u003c/code\u003e set in \u003ccode\u003e:java-class-definitions\u003c/code\u003e analysis output to distinguish Java interfaces from classes (\u003ca href=\"https://github.com/hugoduncan\"\u003e\u003ccode\u003e@​hugoduncan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2636\"\u003e#2636\u003c/a\u003e: set global SCI context so hooks can use \u003ccode\u003erequiring-resolve\u003c/code\u003e etc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2641\"\u003e#2641\u003c/a\u003e: fix linting of \u003ccode\u003edef\u003c/code\u003e body, no results due to laziness bug\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/ca54a322fc860b85cc17f029910a4ec8ad3a8060\"\u003e\u003ccode\u003eca54a32\u003c/code\u003e\u003c/a\u003e v2025.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/e18de6534a65a078c43cc87e4e4ad4f66b06f3e0\"\u003e\u003ccode\u003ee18de65\u003c/code\u003e\u003c/a\u003e Minor tweak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/1c599194c7a5995b369d312e0d5f5f538fef70d0\"\u003e\u003ccode\u003e1c59919\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2554\"\u003e#2554\u003c/a\u003e: wrong issue number mentioned in previous commit, \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/8d9d24f1043eab2878770c271e36d22d3f7e3e94\"\u003e\u003ccode\u003e8d9d24f\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2544\"\u003e#2544\u003c/a\u003e: support inline configs in .cljc files (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2690\"\u003e#2690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/d002f6af84fccd427786568d4821b4225013ff16\"\u003e\u003ccode\u003ed002f6a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: addendum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/f73abcaeed22288c8103ac5074646558b2dd9075\"\u003e\u003ccode\u003ef73abca\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2687\"\u003e#2687\u003c/a\u003e: :refer-global and :require-global (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2689\"\u003e#2689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/c802e14ec8c5a1bebb3929068f4ada61f7b1b484\"\u003e\u003ccode\u003ec802e14\u003c/code\u003e\u003c/a\u003e Bump clojurescript (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2688\"\u003e#2688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/53cba064390edc1e8e3910ec8cce13bf003ba61f\"\u003e\u003ccode\u003e53cba06\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2613\"\u003e#2613\u003c/a\u003e - Add linter for non-existing vars in refer-clojure (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2675\"\u003e#2675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/29709fd0cb2b7d29055aff55ea9782decb58c153\"\u003e\u003ccode\u003e29709fd\u003c/code\u003e\u003c/a\u003e Add ratio type support for numerator and denominator (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2684\"\u003e#2684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/clj-kondo/clj-kondo/commit/ac3d2121dfc774289b6385be78e86cb31ec32172\"\u003e\u003ccode\u003eac3d212\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2676\"\u003e#2676\u003c/a\u003e: Add handling for unresolved namespaces in maps (\u003ca href=\"https://redirect.github.com/clj-kondo/clj-kondo/issues/2686\"\u003e#2686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/clj-kondo/clj-kondo/compare/v2025.10.23...v2025.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dart` from 3.10.4-sdk to 3.10.6-sdk\n\nUpdates `aquasecurity/trivy` from 0.68.1 to 0.68.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.68.2\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0c40a8d4b9b943f1b679a20f8ba3cb61c94831de release: v0.68.2 [release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9950\"\u003e#9950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edb2894561daa20301eb144cad467d75d8a3d2647 fix(deps): bump alpine from \u003ccode\u003e3.22.1\u003c/code\u003e to \u003ccode\u003e3.23.0\u003c/code\u003e [backport: release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9949\"\u003e#9949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/v0.68.2/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.68.2\"\u003e0.68.2\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump alpine from \u003ccode\u003e3.22.1\u003c/code\u003e to \u003ccode\u003e3.23.0\u003c/code\u003e [backport: release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9949\"\u003e#9949\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/db2894561daa20301eb144cad467d75d8a3d2647\"\u003edb28945\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0c40a8d4b9b943f1b679a20f8ba3cb61c94831de\"\u003e\u003ccode\u003e0c40a8d\u003c/code\u003e\u003c/a\u003e release: v0.68.2 [release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9950\"\u003e#9950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/db2894561daa20301eb144cad467d75d8a3d2647\"\u003e\u003ccode\u003edb28945\u003c/code\u003e\u003c/a\u003e fix(deps): bump alpine from \u003ccode\u003e3.22.1\u003c/code\u003e to \u003ccode\u003e3.23.0\u003c/code\u003e [backport: release/v0.68] (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/dc28f242809c076e63527866f44ad3d6b5229e80\"\u003e\u003ccode\u003edc28f24\u003c/code\u003e\u003c/a\u003e ci: enable \u003ccode\u003echeck-latest\u003c/code\u003e for \u003ccode\u003esetup-go\u003c/code\u003e [backport: release/v0.68] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9946\"\u003e#9946\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.68.1...v0.68.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/super-linter_super-linter/pull/168","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fsuper-linter_super-linter/issues/168","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/168/packages"}},{"old_version":"0.66.0","new_version":"0.67.0","update_type":"minor","path":"the docker group","pr_created_at":"2025-09-30T10:13:26.000Z","version_change":"0.66.0 → 0.67.0","issue":{"uuid":"2873851994","node_id":"PR_kwDODOjFv86rS4Ba","number":7080,"state":"open","title":"deps(docker): bump aquasecurity/trivy from 0.66.0 to 0.67.0 in the docker group","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-30T10:13:26.000Z","updated_at":"2025-09-30T17:48:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker)","packages":[{"name":"aquasecurity/trivy","old_version":"0.66.0","new_version":"0.67.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":"the docker group","ecosystem":"docker"},"body":"Bumps the docker group with 1 update: [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `aquasecurity/trivy` from 0.66.0 to 0.67.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.67.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/9550\"\u003e👉 Trivy v0.67.0 release notes (click here)\u003c/a\u003e\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0670-2025-09-30\"\u003ehttps://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0670-2025-09-30\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.66.0...v0.67.0\"\u003e0.67.0\u003c/a\u003e (2025-09-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd documentation URL for database lock errors (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9531\"\u003e#9531\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/eba48afd583391cef346e45a176aa5a6d77b704f\"\u003eeba48af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e change --list-all-pkgs default to true (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9510\"\u003e#9510\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7b663d86ca65ee3eb332c857b77bfa18e6da56c4\"\u003e7b663d8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecloudformation:\u003c/strong\u003e support default values and list results in Fn::FindInMap (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9515\"\u003e#9515\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/42b3bf37bb7d39139911843297c8b8ab3551c31a\"\u003e42b3bf3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e preserve SBOM structure when scanning SBOM files with vulnerability updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9439\"\u003e#9439\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aff03ebab2e7874dd997e20b4ec9962a41eae7bb\"\u003eaff03eb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e add os-release detection for RHEL-based images (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9458\"\u003e#9458\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/cb25a074501c5cf48050fdf6a0ae7c85c4f385ea\"\u003ecb25a07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e added support for CoreOS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9448\"\u003e#9448\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6d562a3b48926b6efd508e067e1059564173b270\"\u003e6d562a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eseal:\u003c/strong\u003e add seal support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9370\"\u003e#9370\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e4af279b29ed5b77ed1d62e31b232b1f9b92ef4f\"\u003ee4af279\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eaws:\u003c/strong\u003e use \u003ccode\u003eBuildableClient\u003c/code\u003e insead of \u003ccode\u003exhttp.Client\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9436\"\u003e#9436\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa6f1bfecfb68c29ad4684a6fb5d86948c7d6887\"\u003efa6f1bf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclose file descriptors and pipes on error paths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9536\"\u003e#9536\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a4cbd6a1380b7b4dc650a312ec4e5bc47501f674\"\u003ea4cbd6a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edb:\u003c/strong\u003e Dowload database when missing but metadata still exists (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9393\"\u003e#9393\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/92ebc7e4d72424c17d93c54e5f24891710c85a60\"\u003e92ebc7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ek8s:\u003c/strong\u003e disable parallel traversal with fs cache for k8s images (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9534\"\u003e#9534\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c0c7a6bf1b92c868ed44172b3cd15c51667b8a6e\"\u003ec0c7a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e handle tofu files in module detection (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9486\"\u003e#9486\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bfd2f6ba697c223d60a7378283293d8e1fc8a8fe\"\u003ebfd2f6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e strip build metadata suffixes from image history (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9498\"\u003e#9498\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c9388069a4325a9f8bc53bc8a82ff46d84d06847\"\u003ec938806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e unmark cty values before access (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9495\"\u003e#9495\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8e40d27a43ecb96795a8a7d4a2444241fc7fce9a\"\u003e8e40d27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e wrap legacy ENV values in quotes to preserve spaces (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9497\"\u003e#9497\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/267a9700fa233abe1a04eada8f3ea513f3ebacb3\"\u003e267a970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e parse workspaces as objects for package-lock.json files (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9518\"\u003e#9518\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/404abb3d91cb3b1c1ee027169de5a40e32ba8b8a\"\u003e404abb3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e use snapshot string as \u003ccode\u003ePackage.ID\u003c/code\u003e for pnpm packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9330\"\u003e#9330\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4517e8c0ef5e942b8e2e498729257374634ffbf8\"\u003e4517e8c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evex:\u003c/strong\u003e don't  suppress vulns for packages with infinity loop (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9465\"\u003e#9465\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/78f0d4ae0378f81940a5faa6497e6905cb5d034a\"\u003e78f0d4a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e compare \u003ccode\u003enuget\u003c/code\u003e package names in lower case (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9456\"\u003e#9456\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1ff9ac79488e0d4deab4226f1a969676a9851cdb\"\u003e1ff9ac7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/adeb362424506fbd6b9a6213297c1a211f94755e\"\u003e\u003ccode\u003eadeb362\u003c/code\u003e\u003c/a\u003e release: v0.67.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9432\"\u003e#9432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/78f0d4ae0378f81940a5faa6497e6905cb5d034a\"\u003e\u003ccode\u003e78f0d4a\u003c/code\u003e\u003c/a\u003e fix(vex): don't  suppress vulns for packages with infinity loop (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9465\"\u003e#9465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa6f1bfecfb68c29ad4684a6fb5d86948c7d6887\"\u003e\u003ccode\u003efa6f1bf\u003c/code\u003e\u003c/a\u003e fix(aws): use \u003ccode\u003eBuildableClient\u003c/code\u003e insead of \u003ccode\u003exhttp.Client\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9436\"\u003e#9436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e7c16a756c5f60aa17bd3f09aaae0d8171c803de\"\u003e\u003ccode\u003ee7c16a7\u003c/code\u003e\u003c/a\u003e refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c446a5c1c7ae7ac7dbdcf3d75c4a2775fbec75cd\"\u003e\u003ccode\u003ec446a5c\u003c/code\u003e\u003c/a\u003e docs: clarify inline ignore limitations for resource-less checks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9537\"\u003e#9537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c0c7a6bf1b92c868ed44172b3cd15c51667b8a6e\"\u003e\u003ccode\u003ec0c7a6b\u003c/code\u003e\u003c/a\u003e fix(k8s): disable parallel traversal with fs cache for k8s images (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9534\"\u003e#9534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bfd2f6ba697c223d60a7378283293d8e1fc8a8fe\"\u003e\u003ccode\u003ebfd2f6b\u003c/code\u003e\u003c/a\u003e fix(misconf): handle tofu files in module detection (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9486\"\u003e#9486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e4af279b29ed5b77ed1d62e31b232b1f9b92ef4f\"\u003e\u003ccode\u003ee4af279\u003c/code\u003e\u003c/a\u003e feat(seal): add seal support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9370\"\u003e#9370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e149094f9b39e7c95b31783a09a16aa3b549813e\"\u003e\u003ccode\u003ee149094\u003c/code\u003e\u003c/a\u003e docs: fix modules path and update code example (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9539\"\u003e#9539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a4cbd6a1380b7b4dc650a312ec4e5bc47501f674\"\u003e\u003ccode\u003ea4cbd6a\u003c/code\u003e\u003c/a\u003e fix: close file descriptors and pipes on error paths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9536\"\u003e#9536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.66.0...v0.67.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.66.0\u0026new-version=0.67.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7080","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7080","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7080/packages"}},{"old_version":"0.65.0","new_version":"0.66.0","update_type":"minor","path":null,"pr_created_at":"2025-09-04T14:31:16.000Z","version_change":"0.65.0 → 0.66.0","issue":{"uuid":"2799709440","node_id":"PR_kwDODOjFv86m4C0A","number":7000,"state":"open","title":"deps(docker): bump the docker group with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-04T14:31:16.000Z","updated_at":"2025-09-05T07:30:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(docker): bump","group_name":"docker","update_count":3,"packages":[{"name":"goreleaser/goreleaser","old_version":"v2.11.2","new_version":"v2.12.0"},{"name":"hadolint/hadolint","old_version":"v2.12.0-alpine","new_version":"v2.13.1-alpine"},{"name":"aquasecurity/trivy","old_version":"0.65.0","new_version":"0.66.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps the docker group with 3 updates: goreleaser/goreleaser, hadolint/hadolint and [aquasecurity/trivy](https://github.com/aquasecurity/trivy).\n\nUpdates `goreleaser/goreleaser` from v2.11.2 to v2.12.0\n\nUpdates `hadolint/hadolint` from v2.12.0-alpine to v2.13.1-alpine\n\nUpdates `aquasecurity/trivy` from 0.65.0 to 0.66.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.66.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/9424\"\u003e👉 Trivy v.66.0 release notes (click here)\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e⬇️ Download Trivy\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=macos\u0026amp;arch=arm64\"\u003eMacOS Apple Silicon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=macos\u0026amp;arch=amd64\"\u003eMacOS Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=linux\u0026amp;arch=amd64\"\u003eLinux Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.66.0\u0026amp;os=linux\u0026amp;arch=arm64\"\u003eLinux ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=zip\u0026amp;version=0.66.0\u0026amp;os=windows\u0026amp;arch=amd64\"\u003eWindows Intel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0660-2025-09-02\"\u003eFull changelog\u003c/a\u003e\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.65.0...v0.66.0\"\u003e0.66.0\u003c/a\u003e (2025-09-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd timeout handling for cache database operations (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9307\"\u003e#9307\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/235c24e71a546b6196f7264fced2d02d836e3f85\"\u003e235c24e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e added audit config attribute (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9249\"\u003e#9249\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4d4a2444b692512aca137dcbd367ff224fe25597\"\u003e4d4a244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esecret:\u003c/strong\u003e implement streaming secret scanner with byte offset tracking (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9264\"\u003e#9264\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5a5e0972c72e629ddf2915ef066d632d58b8d3b0\"\u003e5a5e097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eterraform:\u003c/strong\u003e use .terraform cache for remote modules in plan scanning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9277\"\u003e#9277\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/298a9941f098d2701b9524a703b9f9b1b9451785\"\u003e298a994\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econda:\u003c/strong\u003e memory leak by adding closure method for \u003ccode\u003epackage.json\u003c/code\u003e file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9349\"\u003e#9349\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/03d039f17d94cf668152e83d0cf9dabf3b27d3dd\"\u003e03d039f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecreate temp file under composite fs dir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9387\"\u003e#9387\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ce22f54a39a1abac08fa3ad540697c668792bf50\"\u003ece22f54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecyclonedx:\u003c/strong\u003e handle multiple license types (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9378\"\u003e#9378\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/46ab76a5af828c98cf93fc988ed6a405b7b07392\"\u003e46ab76a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003efs:\u003c/strong\u003e avoid shadowing errors in file.glob (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9286\"\u003e#9286\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b51c789330141d634a9b14bd10994c997862940f\"\u003eb51c789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eimage:\u003c/strong\u003e use standardized HTTP client for ECR authentication (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9322\"\u003e#9322\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/84fbf8674dfc0f91d8795a50bafa6041cce83ba2\"\u003e84fbf86\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e ensure ignore rules respect subdirectory chart paths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9324\"\u003e#9324\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/d3cd101266eb7bf9b8ffe5899765efa7bd1abe30\"\u003ed3cd101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e ensure module source is known (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9404\"\u003e#9404\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/81d94253c8bc816ad932f7e0c0b8907e1cd759bb\"\u003e81d9425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e preserve original paths of remote submodules from .terraform (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9294\"\u003e#9294\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1319d8dc7f4796177876af18f0e13ba1f7086348\"\u003e1319d8d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use correct field log_bucket instead of target_bucket in gcp bucket (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9296\"\u003e#9296\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/04ad0c4fc2926a92e9e9ec11bb8eae826ed95827\"\u003e04ad0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epersistent flag option typo (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9374\"\u003e#9374\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6e99dd304c7fad8213489039e7ca42909383b5ff\"\u003e6e99dd3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eplugin:\u003c/strong\u003e don't remove plugins when updating index.yaml file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9358\"\u003e#9358\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5f067ac15e5c609283bef26a211746a279b6b5d0\"\u003e5f067ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epython:\u003c/strong\u003e impove package name normalization  (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9290\"\u003e#9290\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1473e88b74ca269691de7827e045703612b90050\"\u003e1473e88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erepo:\u003c/strong\u003e preserve RepoMetadata on FS cache hit (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9389\"\u003e#9389\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4f2a44ea45bed1e842bb2072077da67ec7e744ac\"\u003e4f2a44e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erepo:\u003c/strong\u003e sanitize git repo URL before inserting into report metadata (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9391\"\u003e#9391\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1ac9b1f07cea429cc122bf9721e8909c649549cf\"\u003e1ac9b1f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add support for \u003ccode\u003efile\u003c/code\u003e component type of \u003ccode\u003eCycloneDX\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9372\"\u003e#9372\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aa7cf4387c5e82c1f629ac14cd6a35b48fc95983\"\u003eaa7cf43\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esuppress debug log for context cancellation errors (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9298\"\u003e#9298\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/2458d5e28a54da9adec0b36f6b1e6bd4f15a72ce\"\u003e2458d5e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7bcb181268893fdd69ef4582588c040bb1036c33\"\u003e\u003ccode\u003e7bcb181\u003c/code\u003e\u003c/a\u003e release: v0.66.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9289\"\u003e#9289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/21258954d2733285d97ba03b08570488b278cbf6\"\u003e\u003ccode\u003e2125895\u003c/code\u003e\u003c/a\u003e chore(deps): bump the aws group with 7 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9419\"\u003e#9419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/29e9ff7e144f5697a6afcc2d38f87e2be0284f4a\"\u003e\u003ccode\u003e29e9ff7\u003c/code\u003e\u003c/a\u003e refactor(secret): clarify secret scanner messages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9409\"\u003e#9409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/46ab76a5af828c98cf93fc988ed6a405b7b07392\"\u003e\u003ccode\u003e46ab76a\u003c/code\u003e\u003c/a\u003e fix(cyclonedx): handle multiple license types (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9378\"\u003e#9378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1ac9b1f07cea429cc122bf9721e8909c649549cf\"\u003e\u003ccode\u003e1ac9b1f\u003c/code\u003e\u003c/a\u003e fix(repo): sanitize git repo URL before inserting into report metadata (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9391\"\u003e#9391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6fa3849c10dc4e0942ebd6b6629c49671bf0e008\"\u003e\u003ccode\u003e6fa3849\u003c/code\u003e\u003c/a\u003e test: add HTTP basic authentication to git test server (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9407\"\u003e#9407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aa7cf4387c5e82c1f629ac14cd6a35b48fc95983\"\u003e\u003ccode\u003eaa7cf43\u003c/code\u003e\u003c/a\u003e fix(sbom): add support for \u003ccode\u003efile\u003c/code\u003e component type of \u003ccode\u003eCycloneDX\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9372\"\u003e#9372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/81d94253c8bc816ad932f7e0c0b8907e1cd759bb\"\u003e\u003ccode\u003e81d9425\u003c/code\u003e\u003c/a\u003e fix(misconf): ensure module source is known (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9404\"\u003e#9404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1d646d62312021ccec3d5ae12b0c8a8252b950bc\"\u003e\u003ccode\u003e1d646d6\u003c/code\u003e\u003c/a\u003e ci: migrate GitHub Actions from version tags to SHA pinning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9405\"\u003e#9405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ce22f54a39a1abac08fa3ad540697c668792bf50\"\u003e\u003ccode\u003ece22f54\u003c/code\u003e\u003c/a\u003e fix: create temp file under composite fs dir (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9387\"\u003e#9387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.65.0...v0.66.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7000","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7000","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7000/packages"}},{"old_version":"0.63.0","new_version":"0.64.1","update_type":"minor","path":null,"pr_created_at":"2025-07-07T09:40:48.000Z","version_change":"0.63.0 → 0.64.1","issue":{"uuid":"3208266103","node_id":"PR_kwDONj2Hx86duG15","number":367,"state":"open","title":"Bump aquasecurity/trivy from 0.63.0 to 0.64.1","user":"dependabot[bot]","labels":["dependencies","size/XS","docker"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-07T09:40:48.000Z","updated_at":"2025-07-12T06:38:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"aquasecurity/trivy","old_version":"0.63.0","new_version":"0.64.1","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.63.0 to 0.64.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.64.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e86ee3c1176d4707536914dfa65ac8eca452e14cd release: v0.64.1 [release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4e1272283a643bfca2d7231d286006219715fada fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e9a7d38432cf00f00970259e5ac3edd060e00ccff fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9124\"\u003e#9124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e53adfba3c25664b01e3a36fdec334b39b53c07f1 fix(rootio): check full version to detect \u003ccode\u003eroot.io\u003c/code\u003e packages [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9120\"\u003e#9120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9119\"\u003e#9119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.64.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/9105\"\u003e👉 Trivy v.64.0 release notes (click here)\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e⬇️ Download Trivy\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=macos\u0026amp;arch=arm64\"\u003eMacOS Apple Silicon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=macos\u0026amp;arch=amd64\"\u003eMacOS Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=linux\u0026amp;arch=amd64\"\u003eLinux Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.64.0\u0026amp;os=linux\u0026amp;arch=arm64\"\u003eLinux ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=zip\u0026amp;version=0.64.0\u0026amp;os=windows\u0026amp;arch=amd64\"\u003eWindows Intel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0640-2025-06-30\"\u003eFull changelog\u003c/a\u003e\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/v0.64.1/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.64.0...v0.64.1\"\u003e0.64.1\u003c/a\u003e (2025-07-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ealma:\u003c/strong\u003e parse epochs from rpmqa file [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9119\"\u003e#9119\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6\"\u003e8cf1bf9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Add more non-sensitive flags to telemetry [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9124\"\u003e#9124\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a7d38432cf00f00970259e5ac3edd060e00ccff\"\u003e9a7d384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e skip rewriting expr if attr is nil [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9127\"\u003e#9127\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4e1272283a643bfca2d7231d286006219715fada\"\u003e4e12722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erootio:\u003c/strong\u003e check full version to detect \u003ccode\u003eroot.io\u003c/code\u003e packages [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9120\"\u003e#9120\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/53adfba3c25664b01e3a36fdec334b39b53c07f1\"\u003e53adfba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.0\"\u003e0.64.0\u003c/a\u003e (2025-06-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add version constraints to annoucements (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9023\"\u003e#9023\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/19efa9fd372242d2ec582a248e9e6573d2caef00\"\u003e19efa9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e dereference all maven settings.xml env placeholders (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9024\"\u003e#9024\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5aade698c71450badf8db028be61e12ec85c6248\"\u003e5aade69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e add OpenTofu file extension support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8747\"\u003e#8747\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/57801d0324384d990889ba39d856c881e5b8b070\"\u003e57801d0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e normalize CreatedBy for buildah and legacy docker builder (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8953\"\u003e#8953\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/65e155fdaf0ad02ec82f00a004427f126faf65ed\"\u003e65e155f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e Add EOL date for RHEL 10. (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8910\"\u003e#8910\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/48258a701a7adb210c433310de52f48568ccee19\"\u003e48258a7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereject unsupported artifact types in remote image retrieval (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9052\"\u003e#9052\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1e1e1b5fa6a884da978fe1ed4c222d613d6eafbd\"\u003e1e1e1b5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e add manufacturer field to CycloneDX tools metadata (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9019\"\u003e#9019\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/41d0f949c874609641c08fa2620fa10bf4ceef78\"\u003e41d0f94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eterraform:\u003c/strong\u003e add partial evaluation for policy templates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8967\"\u003e#8967\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a9f7dcdb9c5973746c3737f2bbc3306a74be5408\"\u003ea9f7dcd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add end of life date for Ubuntu 25.04 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9077\"\u003e#9077\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/367564a3bec0c202566c59598dcff087bf50a23d\"\u003e367564a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eubuntu:\u003c/strong\u003e add eol date for 20.04-ESM (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8981\"\u003e#8981\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/87118a0ec4a6ae492523b7bac9834c2b93a14557\"\u003e87118a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evuln:\u003c/strong\u003e add Root.io support for container image scanning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9073\"\u003e#9073\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/3a0ec0f2acff6a13ed6ab348b6b220d49e14a298\"\u003e3a0ec0f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing version check flags (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8951\"\u003e#8951\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ef5f8de8dadf5534a2c965aecca01c7067e5baca\"\u003eef5f8de\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e add some values to the telemetry call (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9056\"\u003e#9056\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fd2bc91e133f846bc9f0910c19ac3be3fbfe4009\"\u003efd2bc91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly check for semver versions for trivy version check (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8948\"\u003e#8948\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b813527449c4604f5afad71ae82b13399bb48680\"\u003eb813527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edon't show corrupted trivy-db warning for first run (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8991\"\u003e#8991\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4ed78e39afe57e81c12482fef9102dc3f85d1493\"\u003e4ed78e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e .Config.User always takes precedence over USER in .History (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9050\"\u003e#9050\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/371b8cc02f2ffa3f42534a437ce8727519e7b9b9\"\u003e371b8cc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e correct Azure value-to-time conversion in AsTimeValue (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9015\"\u003e#9015\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/40d017b67da38131734eab90c42ad945ac3b5013\"\u003e40d017b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e move disabled checks filtering after analyzer scan (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9002\"\u003e#9002\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a58c36de124cba7250e1a5ae0cc32d83018391fe\"\u003ea58c36d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e reduce log noise on incompatible check (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9029\"\u003e#9029\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/99c5151d6ea1dabe85cce75ff9bb91166532b11f\"\u003e99c5151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e correctly parse \u003ccode\u003epackages\u003c/code\u003e array of \u003ccode\u003ebun.lock\u003c/code\u003e file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8998\"\u003e#8998\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/875ec3a9d2568e15a6824c8f84ad6a59f03eb212\"\u003e875ec3a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ereport:\u003c/strong\u003e don't panic when report contains vulns, but doesn't contain packages for \u003ccode\u003etable\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8549\"\u003e#8549\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/87fda76f38a3a6939a87828c3df0c5ac2cf7fce3\"\u003e87fda76\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esbom:\u003c/strong\u003e remove unnecessary OS detection check in SBOM decoding (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9034\"\u003e#9034\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/198789a07b857b053c73f8fcd1f508902fac344d\"\u003e198789a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/86ee3c1176d4707536914dfa65ac8eca452e14cd\"\u003e\u003ccode\u003e86ee3c1\u003c/code\u003e\u003c/a\u003e release: v0.64.1 [release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4e1272283a643bfca2d7231d286006219715fada\"\u003e\u003ccode\u003e4e12722\u003c/code\u003e\u003c/a\u003e fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9a7d38432cf00f00970259e5ac3edd060e00ccff\"\u003e\u003ccode\u003e9a7d384\u003c/code\u003e\u003c/a\u003e fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64]...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/53adfba3c25664b01e3a36fdec334b39b53c07f1\"\u003e\u003ccode\u003e53adfba\u003c/code\u003e\u003c/a\u003e fix(rootio): check full version to detect \u003ccode\u003eroot.io\u003c/code\u003e packages [backport: relea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6\"\u003e\u003ccode\u003e8cf1bf9\u003c/code\u003e\u003c/a\u003e fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9119\"\u003e#9119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/280491bb5100ec2c16ee6467cd5c6760a4d14ef7\"\u003e\u003ccode\u003e280491b\u003c/code\u003e\u003c/a\u003e release: v0.64.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8955\"\u003e#8955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a6e9807c09f637f1d39389c6c24d76dd9fcd0540\"\u003e\u003ccode\u003ea6e9807\u003c/code\u003e\u003c/a\u003e docs(python): fix type with METADATA file name (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9090\"\u003e#9090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1e1e1b5fa6a884da978fe1ed4c222d613d6eafbd\"\u003e\u003ccode\u003e1e1e1b5\u003c/code\u003e\u003c/a\u003e feat: reject unsupported artifact types in remote image retrieval (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9052\"\u003e#9052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7333c469f42bf9b16c4b1f79d85633cf55ef1a50\"\u003e\u003ccode\u003e7333c46\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9\"\u003e#9\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/bac6f7b3daba7fc0e46cbf1bfa930cee285ca3ab\"\u003e\u003ccode\u003ebac6f7b\u003c/code\u003e\u003c/a\u003e refactor(misconf): rewrite Rego module filtering using functional filters (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/9\"\u003e#9\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.63.0\u0026new-version=0.64.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mattdowdell/sandbox/pull/367","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdowdell%2Fsandbox/issues/367","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/367/packages"}},{"old_version":"0.62.1","new_version":"0.63.0","update_type":"minor","path":null,"pr_created_at":"2025-06-02T08:02:30.000Z","version_change":"0.62.1 → 0.63.0","issue":{"uuid":"2559681377","node_id":"PR_kwDONj2Hx86YkaNh","number":306,"state":"open","title":"Bump aquasecurity/trivy from 0.62.1 to 0.63.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T08:02:30.000Z","updated_at":"2025-06-02T08:02:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"aquasecurity/trivy","old_version":"0.62.1","new_version":"0.63.0","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.62.1 to 0.63.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.63.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/discussions/8945\"\u003e👉 Trivy v.63.0 release notes (click here)\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e⬇️ Download Trivy\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=macos\u0026amp;arch=arm64\"\u003eMacOS Apple Silicon\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=macos\u0026amp;arch=amd64\"\u003eMacOS Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=linux\u0026amp;arch=amd64\"\u003eLinux Intel\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=tar.gz\u0026amp;version=0.63.0\u0026amp;os=linux\u0026amp;arch=arm64\"\u003eLinux ARM\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.trivy.dev/trivy?type=zip\u0026amp;version=0.63.0\u0026amp;os=windows\u0026amp;arch=amd64\"\u003eWindows Intel\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0630-2025-05-29\"\u003eFull changelog\u003c/a\u003e\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.63.0\"\u003e0.63.0\u003c/a\u003e (2025-05-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Bottlerocket OS package analyzer (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8653\"\u003e#8653\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/07ef63b4830f9f3d791a07433287a99118d7590a\"\u003e07ef63b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd JSONC support for comments and trailing commas (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8862\"\u003e#8862\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/0b0e4061ef955efc0f94280d2d390f11ff6e2409\"\u003e0b0e406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ealpine:\u003c/strong\u003e add maintainer field extraction for APK packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8930\"\u003e#8930\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/104bbc18ea85caec17125296dc4fe2dea9c49826\"\u003e104bbc1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Add available version checking (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8553\"\u003e#8553\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/5a0bf9ed31ad34248895e69231da602935e66785\"\u003e5a0bf9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eecho:\u003c/strong\u003e Add Echo Support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8833\"\u003e#8833\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c7b8cc392eb28eb63e10561cf1ff7991e5e3c548\"\u003ec7b8cc3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ego:\u003c/strong\u003e support license scanning in both GOPATH and vendor (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8843\"\u003e#8843\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/26437be083960d17bee8b1b37b8a6780eff07981\"\u003e26437be\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ek8s:\u003c/strong\u003e get components from namespaced resources (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8918\"\u003e#8918\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4f1ab238693919772a65450de9fb9fb2f873c0d6\"\u003e4f1ab23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e improve work text licenses with custom classification (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8888\"\u003e#8888\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/ee522300b73a2afc72829fc2fa7ff419712fc89a\"\u003eee52230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e improve work with custom classification of licenses from config file (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8861\"\u003e#8861\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c321fdfcdd58f34d076fc730e2b63fdd13e426a9\"\u003ec321fdf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e scan vendor directory for license for go.mod files (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8689\"\u003e#8689\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/dd6a6e50a44b7b543fd9dba634da599a76650acb\"\u003edd6a6e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elicense:\u003c/strong\u003e Support compound licenses (licenses using SPDX operators) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8816\"\u003e#8816\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/39f9ed128b2c0fb599ad9092a3cf5675106bffdc\"\u003e39f9ed1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eminimos:\u003c/strong\u003e Add support for MinimOS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8792\"\u003e#8792\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c2dde33c3f19d499258a7089d7658a9f90722acf\"\u003ec2dde33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e add misconfiguration location to junit template (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8793\"\u003e#8793\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a516775da6fda92a55a62418a081561127a1d5ca\"\u003ea516775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e Add support for \u003ccode\u003eMinimum Trivy Version\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8880\"\u003e#8880\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/3b2a3976ac7e7785828655903b132e84ebd9d727\"\u003e3b2a397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e export raw Terraform data to Rego (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8741\"\u003e#8741\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aaecc29e909db4d5dac03caa0daf223035bfb877\"\u003eaaecc29\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e add a bun.lock analyzer (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8897\"\u003e#8897\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7ca656d54b99346253fc6ac6422eecaca169514e\"\u003e7ca656d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003enodejs:\u003c/strong\u003e add bun.lock parser (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8851\"\u003e#8851\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/1dcf81666f1c814600702b9ab603b4070da0b940\"\u003e1dcf816\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eterraform parser option to set current working directory (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8909\"\u003e#8909\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/893945117464bf6e090a55e3822f8299825f26d4\"\u003e8939451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echeck post-analyzers for StaticPaths (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8904\"\u003e#8904\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/93e6680b1c6bbb590157f521c667c0f611775143\"\u003e93e6680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e disable \u003ccode\u003e--skip-dir\u003c/code\u003e and \u003ccode\u003e--skip-files\u003c/code\u003e flags for \u003ccode\u003esbom\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8886\"\u003e#8886\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/69a5fa18ca86ff7e5206abacf98732d46c000c7a\"\u003e69a5fa1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e don't use allow values for \u003ccode\u003e--compliance\u003c/code\u003e flag (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8881\"\u003e#8881\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/35e88890c3c201b3eb11f95376172e57bf44df4b\"\u003e35e8889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efilter all files when processing files installed from package managers (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8842\"\u003e#8842\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/6ebde88dbcaf22f25932bad4844b3c9eaca90560\"\u003e6ebde88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejava:\u003c/strong\u003e exclude dev dependencies in gradle lockfile (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8803\"\u003e#8803\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/8995838e8d184ee9178d5b52d2d3fa9b4e403015\"\u003e8995838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ejulia parser panicing (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8883\"\u003e#8883\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/be8c7b796dbe36d8dc3889e0bdea23336de9a1ab\"\u003ebe8c7b7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ejulia:\u003c/strong\u003e add \u003ccode\u003eRelationship\u003c/code\u003e field support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8939\"\u003e#8939\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/22f040f94790060132c7b0a635f44c35d5a35fb6\"\u003e22f040f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ek8s:\u003c/strong\u003e use in-memory cache backend during misconfig scanning (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8873\"\u003e#8873\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fe127715e505d753e0d878d52c5f280cdc326b76\"\u003efe12771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e check if for-each is known when expanding dyn block (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8808\"\u003e#8808\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/570660314698472ab831a7e0d55044e0b1e9c6c0\"\u003e5706603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e use argument value in WithIncludeDeprecatedChecks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8942\"\u003e#8942\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7e9a54cd6bf4bc15e485c6233d140b389e432fe5\"\u003e7e9a54c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emore revive rules (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8814\"\u003e#8814\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/3ab459e3b674f319bf349d478917a531a69754c0\"\u003e3ab459e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoctalLiteral from go-critic (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8811\"\u003e#8811\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/a19e0aa1ba0350198c898fd57c9405fbf38fa432\"\u003ea19e0aa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e Also try to find buildinfo in root layer (layer 0) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8924\"\u003e#8924\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/906b037cff97060267d20f8947f429e078419d66\"\u003e906b037\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e save contentSets for OS packages in fs/vm modes (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8820\"\u003e#8820\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/9256804df8577d8a746fb8b97c508c247ab82f8f\"\u003e9256804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e trim invalid suffix from content_sets in manifest parsing (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8818\"\u003e#8818\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/fa1077bbf5863a519f6f180a600afe5e2d6180d8\"\u003efa1077b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eserver:\u003c/strong\u003e add missed Relationship field for \u003ccode\u003erpc\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8872\"\u003e#8872\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/38f17c945e3ef7784607037c0457fb1e06a99959\"\u003e38f17c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse-any from revive (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8810\"\u003e#8810\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/883c63bf29568f0feab37e5d36ae1c417eef88f5\"\u003e883c63b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003evex:\u003c/strong\u003e use \u003ccode\u003elo.IsNil\u003c/code\u003e to check \u003ccode\u003eVEX\u003c/code\u003e from OCI artifact (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8858\"\u003e#8858\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/e97af9806ab13e1ec8b792e0586b486c4982c170\"\u003ee97af98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewolfi:\u003c/strong\u003e support new APK database location (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8937\"\u003e#8937\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b15d9a60e6a3ed40811d5ca6387082266ae92ea7\"\u003eb15d9a6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/69093d2c23b275d79a69acfa604c5d159c7c2904\"\u003e\u003ccode\u003e69093d2\u003c/code\u003e\u003c/a\u003e release: v0.63.0 [main] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8809\"\u003e#8809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/7e9a54cd6bf4bc15e485c6233d140b389e432fe5\"\u003e\u003ccode\u003e7e9a54c\u003c/code\u003e\u003c/a\u003e fix(misconf): use argument value in WithIncludeDeprecatedChecks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8942\"\u003e#8942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/78e3304bbec5d90cbd8421f44aca12b2116ce4d6\"\u003e\u003ccode\u003e78e3304\u003c/code\u003e\u003c/a\u003e chore(deps): Bump trivy-checks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8934\"\u003e#8934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/22f040f94790060132c7b0a635f44c35d5a35fb6\"\u003e\u003ccode\u003e22f040f\u003c/code\u003e\u003c/a\u003e fix(julia): add \u003ccode\u003eRelationship\u003c/code\u003e field support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8939\"\u003e#8939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c2dde33c3f19d499258a7089d7658a9f90722acf\"\u003e\u003ccode\u003ec2dde33\u003c/code\u003e\u003c/a\u003e feat(minimos): Add support for MinimOS (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8792\"\u003e#8792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/104bbc18ea85caec17125296dc4fe2dea9c49826\"\u003e\u003ccode\u003e104bbc1\u003c/code\u003e\u003c/a\u003e feat(alpine): add maintainer field extraction for APK packages (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8930\"\u003e#8930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c7b8cc392eb28eb63e10561cf1ff7991e5e3c548\"\u003e\u003ccode\u003ec7b8cc3\u003c/code\u003e\u003c/a\u003e feat(echo): Add Echo Support (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8833\"\u003e#8833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/906b037cff97060267d20f8947f429e078419d66\"\u003e\u003ccode\u003e906b037\u003c/code\u003e\u003c/a\u003e fix(redhat): Also try to find buildinfo in root layer (layer 0) (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8924\"\u003e#8924\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b15d9a60e6a3ed40811d5ca6387082266ae92ea7\"\u003e\u003ccode\u003eb15d9a6\u003c/code\u003e\u003c/a\u003e fix(wolfi): support new APK database location (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8937\"\u003e#8937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/4f1ab238693919772a65450de9fb9fb2f873c0d6\"\u003e\u003ccode\u003e4f1ab23\u003c/code\u003e\u003c/a\u003e feat(k8s): get components from namespaced resources (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8918\"\u003e#8918\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.1...v0.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.62.1\u0026new-version=0.63.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mattdowdell/sandbox/pull/306","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdowdell%2Fsandbox/issues/306","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/306/packages"}},{"old_version":"0.62.0","new_version":"0.62.1","update_type":"patch","path":null,"pr_created_at":"2025-05-12T08:56:52.000Z","version_change":"0.62.0 → 0.62.1","issue":{"uuid":"2513177935","node_id":"PR_kwDONj2Hx86VzA1P","number":262,"state":"closed","title":"Bump aquasecurity/trivy from 0.62.0 to 0.62.1","user":"dependabot[bot]","labels":["dependencies","size/XS","docker"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2025-05-12T09:30:33.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-12T08:56:52.000Z","updated_at":"2025-05-12T09:30:33.000Z","time_to_close":2021,"merged_at":"2025-05-12T09:30:33.000Z","merged_by":"dependabot[bot]","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"aquasecurity/trivy","old_version":"0.62.0","new_version":"0.62.1","repository_url":"https://github.com/aquasecurity/trivy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.62.0 to 0.62.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/releases\"\u003eaquasecurity/trivy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.62.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ec75ed2156c8fa801d6998016f46f6b953e8a9556 release: v0.62.1 [release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8825\"\u003e#8825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eaafebeb53aecbc9ed1ea44f8601183b4c25c49e3 chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e99485cfea2de53570342901eac860afdaacce86f fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8826\"\u003e#8826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4fc9e8ca1ff77a2795ffa47d0fc53cecd0e1bbd fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8824\"\u003e#8824\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy/blob/v0.62.1/CHANGELOG.md\"\u003eaquasecurity/trivy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.62.1\"\u003e0.62.1\u003c/a\u003e (2025-05-06)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emisconf:\u003c/strong\u003e check if for-each is known when expanding dyn block [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8826\"\u003e#8826\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/99485cfea2de53570342901eac860afdaacce86f\"\u003e99485cf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eredhat:\u003c/strong\u003e trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8824\"\u003e#8824\u003c/a\u003e) (\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b4fc9e8ca1ff77a2795ffa47d0fc53cecd0e1bbd\"\u003eb4fc9e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/c75ed2156c8fa801d6998016f46f6b953e8a9556\"\u003e\u003ccode\u003ec75ed21\u003c/code\u003e\u003c/a\u003e release: v0.62.1 [release/v0.62] (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy/issues/8825\"\u003e#8825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/aafebeb53aecbc9ed1ea44f8601183b4c25c49e3\"\u003e\u003ccode\u003eaafebeb\u003c/code\u003e\u003c/a\u003e chore(deps): bump the common group across 1 directory with 10 updates [backpo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/99485cfea2de53570342901eac860afdaacce86f\"\u003e\u003ccode\u003e99485cf\u003c/code\u003e\u003c/a\u003e fix(misconf): check if for-each is known when expanding dyn block [backport: ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy/commit/b4fc9e8ca1ff77a2795ffa47d0fc53cecd0e1bbd\"\u003e\u003ccode\u003eb4fc9e8\u003c/code\u003e\u003c/a\u003e fix(redhat): trim invalid suffix from content_sets in manifest parsing [backp...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.62.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy\u0026package-manager=docker\u0026previous-version=0.62.0\u0026new-version=0.62.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mattdowdell/sandbox/pull/262","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdowdell%2Fsandbox/issues/262","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/262/packages"}}]}