chore(deps): bump github.com/aquasecurity/trivy from 0.58.2 to 0.59.1

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.58.2 to 0.59.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.59.1

Changelog

• 9aabfd2a91e7278384bce7ccc6841a1d2851feb0 release: v0.59.1 [release/v0.59] (#8334)
• 412c690924d4414ef6d8a5f37b293969bc245d32 fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349)
• 98f9ba295a55da34914b849c73b2d003d57d238a chore(deps): bump Go to v1.23.5 [backport: release/v0.59] (#8343)
• 1741fddbe07d166dffbfb9b6f768940e52d08487 fix(python): add poetry v2 support [backport: release/v0.59] (#8335)
• 3fd8e2785b2b838327a80cdc8b489583c3664944 fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333)

v0.59.0

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/8312

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0590-2025-01-30

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.59.1 (2025-02-04)

Bug Fixes

• misconf: do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349) (412c690)
• python: add poetry v2 support [backport: release/v0.59] (#8335) (1741fdd)
• sbom: preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333) (3fd8e27)

0.59.0 (2025-01-30)

Features

• add --distro flag to manually specify OS distribution for vulnerability scanning (#8070) (da17dc7)
• add a examples field to check metadata (#8068) (6d84e0c)
• add support for registry mirrors (#8244) (4316bcb)
• fs: use git commit hash as cache key for clean repositories (#8278) (b5062f3)
• image: prevent scanning oversized container images (#8178) (509e030)
• image: return error early if total size of layers exceeds limit (#8294) (73bd20d)
• k8s: improve artifact selections for specific namespaces (#8248) (db9e57a)
• misconf: generate placeholders for random provider resources (#8051) (ffe24e1)
• misconf: support for ignoring by inline comments for Dockerfile (#8115) (c002327)
• misconf: support for ignoring by inline comments for Helm (#8138) (a0429f7)
• nodejs: respect peer dependencies for dependency tree (#7989) (7389961)
• python: add support for poetry dev dependencies (#8152) (774e04d)
• python: add support for uv (#8080) (c4a4a5f)
• python: add support for uv dev and optional dependencies (#8134) (49c54b4)

Bug Fixes

• CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088) (d7ac286)
• CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207) (670fbf2)
• de-duplicate same dpkg packages with different filePaths from different layers (#8298) (846498d)
• enable err-error and errorf rules from perfsprint linter (#7859) (156a2aa)
• flag: skip hidden flags for --generate-default-config command (#8046) (5e68bdc)
• fs: fix cache key generation to use UUID (#8275) (eafd810)
• handle BLOW_UNKNOWN error to download DBs (#8060) (51f2123)
• improve conversion of image config to Dockerfile (#8308) (2e8e38a)
• java: correctly overwrite version from depManagement if dependency uses project.* props (#8050) (9d9f80d)
• license: always trim leading and trailing spaces for licenses (#8095) (f5e4291)
• misconf: allow null values only for tf variables (#8112) (23dc3a6)
• misconf: correctly handle all YAML tags in K8S templates (#8259) (f12054e)
• misconf: disable git terminal prompt on tf module load (#8026) (bbc5a85)
• misconf: handle heredocs in dockerfile instructions (#8284) (0a3887c)
• misconf: use log instead of fmt for logging (#8033) (07b2d7f)
• oracle: add architectures support for advisories (#4809) (90f1d8d)
• python: skip dev group's deps for poetry (#8106) (a034d26)
• redhat: check usr/share/buildinfo/ dir to detect content sets (#8222) (f352f6b)

... (truncated)

Commits

• 9aabfd2 release: v0.59.1 [release/v0.59] (#8334)
• 412c690 fix(misconf): do not log scanners when misconfig scanning is disabled [backpo...
• 98f9ba2 chore(deps): bump Go to v1.23.5 [backport: release/v0.59] (#8343)
• 1741fdd fix(python): add poetry v2 support [backport: release/v0.59] (#8335)
• 3fd8e27 fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59]...
• a58d685 release: v0.59.0 [main] (#8041)
• 73bd20d feat(image): return error early if total size of layers exceeds limit (#8294)
• 0031a38 chore(deps): Bump trivy-checks (#8310)
• 87f3751 chore(terraform): add accessors to underlying raw hcl values (#8306)
• 2e8e38a fix: improve conversion of image config to Dockerfile (#8308)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)