chore: bump github.com/aquasecurity/trivy from 0.32.1 to 0.42.1

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.32.1 to 0.42.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.42.1

Changelog

• 9a279fa7b ci: remove 32bit packages (#4585)
• d52b0b7bc fix(misconf): deduplicate misconf results (#4588)
• 9b531fa27 fix(vm): support sector size of 4096 (#4564)
• 8ca1bfdd2 fix(misconf): terraform relative paths (#4571)
• c20d46604 fix(purl): skip unsupported library type (#4577)
• 52cbe7975 fix(terraform): recursively detect all Root Modules (#4457)
• 4a5b91557 fix(vm): support post analyzer for vm command (#4544)
• 56cdc55f7 fix(nodejs): change the type of the devDependencies field (#4560)
• 17d753676 fix(sbom): export empty dependencies in CycloneDX (#4568)
• 2796abe1e refactor: add composite fs for post-analyzers (#4556)
• 22a157380 chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554)
• 43586659a chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526)
• 508139965 chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528)
• e1a38128a chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529)
• 283eef637 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536)
• bbd7b9874 chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549)
• 11c81bf2f chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532)
• 2d8d63e61 chore(deps): bump github.com/testcontainers/testcontainers-go (#4537)
• a46839b1c chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530)
• 19715f5de chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534)

v0.42.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#4541

Changelog

• 854b63940 chore(deps): bump github.com/sigstore/rekor from 1.2.0 to 1.2.1 (#4533)
• 59e1a8664 chore(deps): bump alpine from 3.17.3 to 3.18.0 (#4525)
• 9ef01133c feat: add SBOM analyzer (#4210)
• dadd1e10c fix(sbom): update logic for work with files in spdx format (#4513)
• 1a658210a feat: azure workload identity support (#4489)
• 411862c90 feat(ubuntu): add eol date for 18.04 ESM (#4524)
• 62a1aaf03 fix(misconf): Update required extensions for terraformplan (#4523)
• 48b2e15c2 refactor(cyclonedx): add intermediate representation (#4490)
• c15f269a9 fix(misconf): Remove debug print while scanning (#4521)
• b6ee08e55 fix(java): remove duplicates of jar libs (#4515)
• d4740401a fix(java): fix overwriting project props in pom.xml (#4498)
• 4cf2f94d0 docs: Update compilation instructions (#4512)
• 18ce1c336 fix(nodejs): update logic for parsing pnpm lock files (#4502)
• 87eed38c6 fix(secret): remove aws-account-id rule (#4494)
• b0c591ef6 feat(oci): add support for referencing an input image by digest (#4470)
• b84b5ecfc chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#4338)
• 305255a49 docs: fixed the format (#4503)
• d586de585 fix(java): add support of * for exclusions for pom.xml files (#4501)
• de6eef3b0 feat: adding issue template for documentation (#4453)
• 83a9c4a4c docs: switch glad to ghsa for Go (#4493)
• 537272257 chore(deps): Update defsec to v0.89.0 (#4474)

... (truncated)

Commits

• 9a279fa ci: remove 32bit packages (#4585)
• d52b0b7 fix(misconf): deduplicate misconf results (#4588)
• 9b531fa fix(vm): support sector size of 4096 (#4564)
• 8ca1bfd fix(misconf): terraform relative paths (#4571)
• c20d466 fix(purl): skip unsupported library type (#4577)
• 52cbe79 fix(terraform): recursively detect all Root Modules (#4457)
• 4a5b915 fix(vm): support post analyzer for vm command (#4544)
• 56cdc55 fix(nodejs): change the type of the devDependencies field (#4560)
• 17d7536 fix(sbom): export empty dependencies in CycloneDX (#4568)
• 2796abe refactor: add composite fs for post-analyzers (#4556)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (da5864a) 34.94% compared to head (fd618a0) 34.94%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #178   +/-   ##
=======================================
  Coverage   34.94%   34.94%           
=======================================
  Files          12       12           
  Lines        1139     1139           
=======================================
  Hits          398      398           
  Misses        720      720           
  Partials       21       21           

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[sozercan]

needs dependency resolution fix

[dependabot]

Superseded by #195.