Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release: v0.59.0 [main] #8041

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

release: v0.59.0 [main] #8041

wants to merge 1 commit into from
+46 −1

Conversation

aqua-bot
Copy link
Contributor

@aqua-bot aqua-bot commented Dec 4, 2024
edited
Loading

🤖 I have created a release beep boop

0.59.0 (2025-01-17)

Features

  • add --distro flag to manually specify OS distribution for vulnerability scanning (#8070) (da17dc7)
  • add a examples field to check metadata (#8068) (6d84e0c)
  • misconf: generate placeholders for random provider resources (#8051) (ffe24e1)
  • misconf: support for ignoring by inline comments for Helm (#8138) (a0429f7)
  • nodejs: respect peer dependencies for dependency tree (#7989) (7389961)
  • python: add support for poetry dev dependencies (#8152) (774e04d)
  • python: add support for uv (#8080) (c4a4a5f)
  • python: add support for uv dev and optional dependencies (#8134) (49c54b4)

Bug Fixes

  • CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088) (d7ac286)
  • CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207) (670fbf2)
  • enable err-error and errorf rules from perfsprint linter (#7859) (156a2aa)
  • flag: skip hidden flags for --generate-default-config command (#8046) (5e68bdc)
  • handle BLOW_UNKNOWN error to download DBs (#8060) (51f2123)
  • java: correctly overwrite version from depManagement if dependency uses project.* props (#8050) (9d9f80d)
  • license: always trim leading and trailing spaces for licenses (#8095) (f5e4291)
  • misconf: allow null values only for tf variables (#8112) (23dc3a6)
  • misconf: disable git terminal prompt on tf module load (#8026) (bbc5a85)
  • misconf: use log instead of fmt for logging (#8033) (07b2d7f)
  • oracle: add architectures support for advisories (#4809) (90f1d8d)
  • python: skip dev group's deps for poetry (#8106) (a034d26)
  • redhat: check usr/share/buildinfo/ dir to detect content sets (#8222) (f352f6b)
  • redhat: correct rewriting of recommendations for the same vulnerability (#8063) (4202c4b)
  • respect GITHUB_TOKEN to download artifacts from GHCR (#7580) (21b68e1)
  • sbom: attach nested packages to Application (#8144) (735335f)
  • sbom: fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052) (fd07074)
  • sbom: scan results of SBOMs generated from container images are missing layers (#7635) (f9fceb5)
  • sbom: use root package for unknown dependencies (if exists) (#8104) (7558df7)
  • suse: SUSE - update OSType constants and references for compatility (#8236) (ae28398)
  • Updated twitter icon (#7772) (2c41ac8)
  • wasm module test (#8099) (2200f38)

Performance Improvements

  • avoid heap allocation in applier findPackage (#7883) (9bd6ed7)

This PR was generated with Release Please. See documentation.

@aqua-bot aqua-bot requested a review from knqyf263 as a code owner December 4, 2024 04:21
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 2 times, most recently from 1c36608 to 593e005 Compare December 5, 2024 05:24
@aqua-bot aqua-bot changed the title release: v0.58.1 [main] release: v0.59.0 [main] Dec 5, 2024
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 13 times, most recently from 43eab50 to 73df148 Compare December 11, 2024 16:57
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 7 times, most recently from b7cb2f7 to 9907ddd Compare December 20, 2024 07:04
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 5 times, most recently from 613d635 to 183da0f Compare December 24, 2024 12:33
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 3 times, most recently from 63e86de to b7da2ef Compare December 28, 2024 17:47
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 5 times, most recently from dd1c348 to d546786 Compare January 9, 2025 13:05
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 3 times, most recently from 2098973 to 4a90a1b Compare January 11, 2025 04:05
@hanslemm
Copy link

@knqyf263 any schedule on when this will be released? Looking forward to Trivy uv lock file support :).

@knqyf263
Copy link
Collaborator

https://github.com/aquasecurity/trivy/milestone/42

@knqyf263 knqyf263 added this to the v0.59.0 milestone Jan 13, 2025
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 2 times, most recently from 808483e to 54b4467 Compare January 13, 2025 12:34
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch 2 times, most recently from 8b630a8 to b7a26cd Compare January 16, 2025 10:37
@aqua-bot aqua-bot force-pushed the release-please--branches--main branch from b7a26cd to 71b12b7 Compare January 17, 2025 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@DmitriyLewen DmitriyLewen

Labels
autorelease: pending
Projects
None yet
Milestone
v0.59.0
Development

Successfully merging this pull request may close these issues.
4 participants
@aqua-bot @hanslemm @knqyf263 @DmitriyLewen