chore: bump github.com/aquasecurity/trivy from 0.32.1 to 0.43.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.32.1 to 0.43.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.43.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#4741

Changelog

• 600819248 chore(deps): Update defsec to v0.90.1 (#4739)
• 73734eab2 feat(nodejs): support yarn workspaces (#4664)
• 22463abab feat(cli): add include-dev-deps flag (#4700)
• 790c8054e fix(image): pass the secret scanner option to scan the img config (#4735)
• 86fec9c4a fix: scan job pod it not found on k8s-1.27.x (#4729)
• 26bc91160 feat(docker): add support for mTLS authentication when connecting to registry (#4649)
• d699e8c10 chore(deps): Update defsec to v0.90.0 (#4723)
• 1777878e8 fix: skip scanning the gpg-pubkey package (#4720)
• 9be08253a Fix http registry oci pull (#4701)
• 5d73b47db feat(misconf): Support skipping services (#4686)
• 46e784c8a docs: fix supported modes for pubspec.lock files (#4713)
• 0f61a8471 fix(misconf): disable the terraform plan analyzer for other scanners (#4714)
• 8a1aa448a clarifying a dir path is required for custom policies (#4716)
• fbab9eea3 chore: update alpine base images (#4715)
• f84417bba fix last-history-created (#4697)
• 85c681d44 feat: kbom and cyclonedx v1.5 spec support (#4708)
• 46748ce6e docs: add information about Aqua (#4590)
• c6741bddf fix: k8s escape resource filename on windows os (#4693)
• a21acc7e0 ci: ignore merge queue branches (#4696)
• 32a3a3311 chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695)
• cbb47dc7c chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694)
• e3d10d251 feat: cyclondx sbom custom property support (#4688)
• e1770e046 ci: do not trigger tests in main (#4692)
• 337c0b70d add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690)
• 5ccee1430 use group field for jar in cyclonedx (#4674)
• 96db52c3f feat(java): capture licenses from pom.xml (#4681)
• 3e902a57a feat(helm): make sessionAffinity configurable (#4623)
• 904f1cf24 fix: Show the correct URL of the secret scanning (#4682)
• 7d48c5d5d document expected file pattern definition format (#4654)
• dcc73e964 fix: format arg error (#4642)
• 35c4262d0 feat(k8s): cyclonedx kbom support (#4557)
• 0e01851e9 fix(nodejs): remove unused fields for the pnpm lockfile (#4630)
• 4d9b44449 fix(vm): update ext4-filesystem parser for parse multi block extents (#4616)
• c29197ab7 ci: update build IDs (#4641)
• d7637adc6 fix(debian): update EOL for Debian 12 (#4647)
• ef39eeedf chore(deps): bump go-containerregistry (#4639)
• 1ce8bb535 chore: unnecessary use of fmt.Sprintf (S1039) (#4637)
• bc9513fc5 fix(db): change argument order in Exists query for JavaDB (#4595)
• aecd2f0bf feat(aws): Add support to see successes in results (#4427)
• 2cbf402b6 chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613)
• 0099b20e3 ci: do not trigger tests in main (#4614)
• a597a54fb chore(deps): bump sigstore/cosign-installer (#4609)
• b453fbec3 chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608)
• 0e876d5aa ci: bypass the required status checks (#4611)

... (truncated)

Commits

• 6008192 chore(deps): Update defsec to v0.90.1 (#4739)
• 73734ea feat(nodejs): support yarn workspaces (#4664)
• 22463ab feat(cli): add include-dev-deps flag (#4700)
• 790c805 fix(image): pass the secret scanner option to scan the img config (#4735)
• 86fec9c fix: scan job pod it not found on k8s-1.27.x (#4729)
• 26bc911 feat(docker): add support for mTLS authentication when connecting to registry...
• d699e8c chore(deps): Update defsec to v0.90.0 (#4723)
• 1777878 fix: skip scanning the gpg-pubkey package (#4720)
• 9be0825 Fix http registry oci pull (#4701)
• 5d73b47 feat(misconf): Support skipping services (#4686)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (da5864a) 34.94% compared to head (7db18ff) 34.94%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #195   +/-   ##
=======================================
  Coverage   34.94%   34.94%           
=======================================
  Files          12       12           
  Lines        1139     1139           
=======================================
  Hits          398      398           
  Misses        720      720           
  Partials       21       21           

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[dependabot]

Superseded by #201.