⬆️ (deps): Update image helm-dashboard/dashboard dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
docker.io/alpine	final	minor	3.18.4 → 3.23.4
docker.io/alpine/helm	stage	minor	3.13.1 → 3.20.2
docker.io/aquasec/trivy (source)	stage	minor	0.47.0 → 0.70.0
docker.io/library/golang	stage	minor	1.21.4 → 1.26.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.70.0

Compare Source

📣Announcements 📣

⚡ v0.70.0 - https://redirect.github.com/aquasecurity/trivy/discussions/10546
⚡ GPG key for deb/rpm repos has been updated - https://redirect.github.com/aquasecurity/trivy/discussions/10549

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16

v0.69.3

Compare Source

Changelog

• 6fb20c8 release: v0.69.3 [release/v0.69] (#​10293)
• dabefec fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#​10291)

v0.69.2

Compare Source

Changelog

• cfa322e release: v0.69.2 [release/v0.69] (#​10266)
• 86debce fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#​10267)
• cf3d4cd fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#​10264)
• 6dfd3b0 ci: remove apidiff workflow

v0.69.1

Compare Source

v0.69.0

Compare Source

⚠ BREAKING CHANGES

• misconf: use ID instead of AVDID for providers mapping (#​9752)

Features

• activestate: add support ActiveState images (#​10081) (676709d)
• add AnalyzedBy field to track which analyzer detected packages (#​10059) (1953824)
• cloudformation: add support for Fn::ForEach (#​9508) (d65b504)
• debian: detect third-party packages using maintainer list (#​9917) (effc1c0)
• flag: add JSON Schema for trivy.yaml configuration file (#​9971) (4caf731)
• helm: add sslCertDir parameter (#​9697) (879e4fc)
• julia: enable vulnerability scanning for the Julia language ecosystem (#​9800) (c2f82ad)
• misconf: add action block to Terraform schema (#​10035) (b06ef6d)
• misconf: initial ansible scanning support (#​9332) (9275e15)
• misconf: support for ARM resources defined as an object (#​9959) (92d3465)
• misconf: support for azurerm_*_web_app (#​9944) (37b5da8)
• misconf: Update Azure Database schema (#​9811) (48dfede)
• misconf: use Terraform plan configuration to partially restore schema (#​9623) (5fced3a)
• nodejs: parse licenses from package-lock.json file (#​9983) (b64d5ad)
• php: add support for dev dependencies in Composer (#​9910) (56b59e8)
• report: add Trivy version to JSON output (#​10065) (fe7d20a)
• rocky: enable modular package vulnerability detection (#​10069) (31c4780)
• rootio: Update trivy db to support usage of Severity from root.io feed (#​9930) (d3096e7)
• sbom: exclude PEP 770 SBOMs in .dist-info/sboms/ (#​10033) (07ff788)
• secret: add detection for Symfony default secret key (#​9892) (34baef2)
• vex: support per-repo tls configuration (#​10030) (f809066)
• vuln: skip vulnerability scanning for third-party packages in Debian/Ubuntu (#​9932) (74819bf)

Bug Fixes

• docker: fix non-det scan results for images with embedded SBOM (#​9866) (7f71b57)
• go: use ldflags version for all pseudo-versions (#​10037) (3c0ab97)
• image: race condition in image artifact inspection (#​9966) (18acf4f)
• java: add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#​9880) (809db46)
• java: correctly inherit properties from parent fields for pom.xml files (#​9111) (2933b01)
• java: correctly propagate repositories from upper POMs to dependencies (#​10077) (b9415a3)
• license: normalize licenses for PostAnalyzers (#​9941) (11dd3fa)
• misconf: correct typos in block and attribute names (#​9993) (ac061f8)
• misconf: respect .yml files when Helm charts are detected (#​9912) (18ecf75)
• misconf: safely parse rotation_period in google_kms_crypto_key (#​9980) (a0ecc8e)
• move enum into items for array-type fields in JSON Schema (#​10039) (4e06c3d)
• remove trailing tab in statefulset template (#​9889) (9db123c)
• repo: return a nil interface for gitAuth if missing (#​10097) (036c05b)
• rust: add cargo workspace members glob support (#​10032) (d2dc46a)
• rust: implement version inheritance for Cargo mono repos (#​10011) (47d3103)
• secret: improve word boundary detection for Hugging Face tokens (#​10046) (cdb28ee)
• use canonical SPDX license IDs from embedded licenses.json (#​10053) (c233735)
• vex: add CVE-2025-66564 as not_affected into Trivy VEX file (#​9924) (335cc99)
• vuln: skip vulns detection for CentOS Stream family without scan failure (#​9964) (b46cde0)

Performance Improvements

• misconf: optimize string concatenation in azure scanner (#​9969) (10a50a7)

Code Refactoring

• misconf: use ID instead of AVDID for providers mapping (#​9752) (6462dc8)

v0.68.2

Compare Source

v0.68.1

Compare Source

Bug Fixes

• update cosing settings for GoReleaser after bumping cosing to v3 (#​9863) (c7accc8)

v0.67.2

Compare Source

v0.67.1

Compare Source

v0.67.0

Compare Source

Features

• add documentation URL for database lock errors (#​9531) (eba48af)
• cli: change --list-all-pkgs default to true (#​9510) (7b663d8)
• cloudformation: support default values and list results in Fn::FindInMap (#​9515) (42b3bf3)
• cyclonedx: preserve SBOM structure when scanning SBOM files with vulnerability updates (#​9439) (aff03eb)
• redhat: add os-release detection for RHEL-based images (#​9458) (cb25a07)
• sbom: added support for CoreOS (#​9448) (6d562a3)
• seal: add seal support (#​9370) (e4af279)

Bug Fixes

• aws: use BuildableClient instead of xhttp.Client (#​9436) (fa6f1bf)
• close file descriptors and pipes on error paths (#​9536) (a4cbd6a)
• db: Download database when missing but metadata still exists (#​9393) (92ebc7e)
• k8s: disable parallel traversal with fs cache for k8s images (#​9534) (c0c7a6b)
• misconf: handle tofu files in module detection (#​9486) (bfd2f6b)
• misconf: strip build metadata suffixes from image history (#​9498) (c938806)
• misconf: unmark cty values before access (#​9495) (8e40d27)
• misconf: wrap legacy ENV values in quotes to preserve spaces (#​9497) (267a970)
• nodejs: parse workspaces as objects for package-lock.json files (#​9518) (404abb3)
• nodejs: use snapshot string as Package.ID for pnpm packages (#​9330) (4517e8c)
• vex: don't suppress vulns for packages with infinity loop (#​9465) (78f0d4a)
• vuln: compare nuget package names in lower case (#​9456) (1ff9ac7)

v0.66.0

Compare Source

Features

• add timeout handling for cache database operations (#​9307) (235c24e)
• misconf: added audit config attribute (#​9249) (4d4a244)
• secret: implement streaming secret scanner with byte offset tracking (#​9264) (5a5e097)
• terraform: use .terraform cache for remote modules in plan scanning (#​9277) (298a994)

Bug Fixes

• conda: memory leak by adding closure method for package.json file (#​9349) (03d039f)
• create temp file under composite fs dir (#​9387) (ce22f54)
• cyclonedx: handle multiple license types (#​9378) (46ab76a)
• fs: avoid shadowing errors in file.glob (#​9286) (b51c789)
• image: use standardized HTTP client for ECR authentication (#​9322) (84fbf86)
• misconf: ensure ignore rules respect subdirectory chart paths (#​9324) (d3cd101)
• misconf: ensure module source is known (#​9404) (81d9425)
• misconf: preserve original paths of remote submodules from .terraform (#​9294) (1319d8d)
• misconf: use correct field log_bucket instead of target_bucket in gcp bucket (#​9296) (04ad0c4)
• persistent flag option typo (#​9374) (6e99dd3)
• plugin: don't remove plugins when updating index.yaml file (#​9358) (5f067ac)
• python: improve package name normalization (#​9290) (1473e88)
• repo: preserve RepoMetadata on FS cache hit (#​9389) (4f2a44e)
• repo: sanitize git repo URL before inserting into report metadata (#​9391) (1ac9b1f)
• sbom: add support for file component type of CycloneDX (#​9372) (aa7cf43)
• suppress debug log for context cancellation errors (#​9298) (2458d5e)

v0.65.0

Compare Source

Features

• add graceful shutdown with signal handling (#​9242) (2c05882)
• add HTTP request/response tracing support (#​9125) (aa5b32a)
• alma: add AlmaLinux 10 support (#​9207) (861d51e)
• flag: add schema validation for --server flag (#​9270) (ed4640e)
• image: add Docker context resolution (#​9166) (99cd4e7)
• license: observe pkg types option in license scanner (#​9091) (d44af8c)
• misconf: add private ip google access attribute to subnetwork (#​9199) (263845c)
• misconf: added logging and versioning to the gcp storage bucket (#​9226) (110f80e)
• repo: add git repository metadata to reports (#​9252) (f4b2cf1)
• report: add CVSS vectors in sarif report (#​9157) (60723e6)
• sbom: add SHA-512 hash support for CycloneDX SBOM (#​9126) (12d6706)

Bug Fixes

• alma: parse epochs from rpmqa file (#​9101) (82db2fc)
• also check filepath when removing duplicate packages (#​9142) (4d10a81)
• aws: update amazon linux 2 EOL date (#​9176) (0ecfed6)
• cli: Add more non-sensitive flags to telemetry (#​9110) (7041a39)
• cli: ensure correct command is picked by telemetry (#​9260) (b4ad00f)
• cli: panic: attempt to get os.Args[1] when len(os.Args) < 2 (#​9206) (adfa879)
• license: add missed GFDL-NIV-1.1 and GFDL-NIV-1.2 into Trivy mapping (#​9116) (a692f29)
• license: handle WITH operator for LaxSplitLicenses (#​9232) (b4193d0)
• migrate from *.list to *.md5sums files for dpkg (#​9131) (f224de3)
• misconf: correctly adapt azure storage account (#​9138) (51aa022)
• misconf: correctly parse empty port ranges in google_compute_firewall (#​9237) (77bab7b)
• misconf: fix log bucket in schema (#​9235) (7ebc129)
• misconf: skip rewriting expr if attr is nil (#​9113) (42ccd3d)
• nodejs: don't use prerelease logic for compare npm constraints (#​9208) (fe96436)
• prevent graceful shutdown message on normal exit (#​9244) (6095984)
• rootio: check full version to detect root.io packages (#​9117) (c2ddd44)
• rootio: fix severity selection (#​9181) (6fafbeb)
• sbom: merge in-graph and out-of-graph OS packages in scan results (#​9194) (aa944cc)
• sbom: use correct field for licenses in CycloneDX reports (#​9057) (143da88)
• secret: add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#​9253) (54832a7)
• secret: fix line numbers for multiple-line secrets (#​9104) (e579746)
• server: add HTTP transport setup to server mode (#​9217) (1163b04)
• supporting .egg-info/METADATA in python.Packaging analyzer (#​9151) (e306e2d)
• terraform: for_each on a map returns a resource for every key (#​9156) (153318f)

v0.64.1

Compare Source

v0.64.0

Compare Source

v0.63.0

Compare Source

v0.62.1

Compare Source

v0.62.0

Compare Source

v0.61.1

Compare Source

v0.61.0

Compare Source

v0.60.0

Compare Source

Features

• add --vuln-severity-source flag (#​8269) (d464807)
• add report summary table (#​8177) (dd54f80)
• cyclonedx: Add initial support for loading external VEX files from SBOM references (#​8254) (4820eb7)
• go: fix parsing main module version for go >= 1.24 (#​8433) (e58dcfc)
• misconf: render causes for Terraform (#​8360) (a99498c)

Bug Fixes

• db: fix case when 2 trivy-db were copied at the same time (#​8452) (bb3cca6)
• don't use scope for trivy registry login command (#​8393) (8715e5d)
• go: merge nested flags into string for ldflags for Go binaries (#​8368) (b675b06)
• image: disable AVD-DS-0007 for history scanning (#​8366) (a3cd693)
• k8s: add missed option PkgRelationships (#​8442) (f987e41)
• misconf: do not log scanners when misconfig scanning is disabled (#​8345) (5695eb2)
• misconf: ecs include enhanced for container insights (#​8326) (39789ff)
• misconf: fix incorrect k8s locations due to JSON to YAML conversion (#​8073) (a994453)
• os: add mapping OS aliases (#​8466) (6b4cebe)
• python: add poetry v2 support (#​8323) (10cd98c)
• report: remove html escaping for shortDescription and fullDescription fields for sarif reports (#​8344) (3eb0b03)
• sbom: add SBOM file's filePath as Application FilePath if we can't detect its path (#​8346) (ecc01bb)
• sbom: improve logic for binding direct dependency to parent component (#​8489) (85cca8c)
• sbom: preserve OS packages from multiple SBOMs (#​8325) (bd5baaf)
• server: secrets inspectation for the config analyzer in client server mode (#​8418) (a1c4bd7)
• spdx: init pkgFilePaths map for all formats (#​8380) (72ea4b0)
• terraform: apply parser options to submodule parsing (#​8377) (398620b)
• update all documentation links (#​8045) (49456ba)

v0.59.1

Compare Source

v0.59.0

Compare Source

Features

• add --distro flag to manually specify OS distribution for vulnerability scanning (#​8070) (da17dc7)
• add a examples field to check metadata (#​8068) (6d84e0c)
• add support for registry mirrors (#​8244) (4316bcb)
• fs: use git commit hash as cache key for clean repositories (#​8278) (b5062f3)
• image: prevent scanning oversized container images (#​8178) (509e030)
• image: return error early if total size of layers exceeds limit (#​8294) (73bd20d)
• k8s: improve artifact selections for specific namespaces (#​8248) (db9e57a)
• misconf: generate placeholders for random provider resources (#​8051) (ffe24e1)
• misconf: support for ignoring by inline comments for Dockerfile (#​8115) (c002327)
• misconf: support for ignoring by inline comments for Helm (#​8138) (a0429f7)
• nodejs: respect peer dependencies for dependency tree (#​7989) (7389961)
• python: add support for poetry dev dependencies (#​8152) (774e04d)
• python: add support for uv (#​8080) (c4a4a5f)
• python: add support for uv dev and optional dependencies (#​8134) (49c54b4)

Bug Fixes

• CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#​8088) (d7ac286)
• CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#​8207) (670fbf2)
• de-duplicate same dpkg packages with different filePaths from different layers (#​8298) (846498d)
• enable err-error and errorf rules from perfsprint linter (#​7859) (156a2aa)
• flag: skip hidden flags for --generate-default-config command (#​8046) (5e68bdc)
• fs: fix cache key generation to use UUID (#​8275) (eafd810)
• handle BLOW_UNKNOWN error to download DBs (#​8060) (51f2123)
• improve conversion of image config to Dockerfile (#​8308) (2e8e38a)
• java: correctly overwrite version from depManagement if dependency uses project.* props (#​8050) (9d9f80d)
• license: always trim leading and trailing spaces for licenses (#​8095) (f5e4291)
• misconf: allow null values only for tf variables (#​8112) (23dc3a6)
• misconf: correctly handle all YAML tags in K8S templates (#​8259) (f12054e)
• misconf: disable git terminal prompt on tf module load (#​8026) (bbc5a85)
• misconf: handle heredocs in dockerfile instructions (#​8284) (0a3887c)
• misconf: use log instead of fmt for logging (#​8033) (07b2d7f)
• oracle: add architectures support for advisories (#​4809) (90f1d8d)
• python: skip dev group's deps for poetry (#​8106) (a034d26)
• redhat: check usr/share/buildinfo/ dir to detect content sets (#​8222) (f352f6b)
• redhat: correct rewriting of recommendations for the same vulnerability (#​8063) (4202c4b)
• respect GITHUB_TOKEN to download artifacts from GHCR (#​7580) (21b68e1)
• sbom: attach nested packages to Application (#​8144) (735335f)
• sbom: fix wrong overwriting of applications obtained from different sbom files but having same app type (#​8052) (fd07074)
• sbom: scan results of SBOMs generated from container images are missing layers (#​7635) (f9fceb5)
• sbom: use root package for unknown dependencies (if exists) (#​8104) (7558df7)
• spdx: use the hasExtractedLicensingInfos field for licenses that are not listed in the SPDX (#​8077) (aec8885)
• suse: SUSE - update OSType constants and references for compatibility (#​8236) (ae28398)
• Updated twitter icon (#​7772) (2c41ac8)
• wasm module test (#​8099) (2200f38)

Performance Improvements

• avoid heap allocation in applier findPackage (#​7883) (9bd6ed7)

v0.58.2

Compare Source

v0.58.1

Compare Source

v0.58.0

Compare Source

Features

• add workspaceRelationship (#​7889) (d622ca2)
• add cvss v4 score and vector in scan response (#​7968) (e0f2054)
• go: construct dependencies in the parser (#​7973) (bcdc0bb)
• go: construct dependencies of go.mod main module in the parser (#​7977) (5448ba2)
• k8s: add default commands for unknown platform (#​7863) (b1c7f55)
• misconf: log causes of HCL file parsing errors (#​7634) (e9a899a)
• oracle: add flavors support (#​7858) (b9b383e)
• secret: Add built-in secrets rules for Private Packagist (#​7826) (132d9df)
• suse: Align SUSE/OpenSUSE OS Identifiers (#​7965) (45d3b40)
• Update registry fallbacks (#​7679) (5ba9a83)

Bug Fixes

• alpine: add UID for removed packages (#​7887) (07915da)
• aws: change CPU and Memory type of ContainerDefinition to a string (#​7995) (aeeba70)
• cli: Handle empty ignore files more gracefully (#​7962) (4cfb2a9)
• debian: infinite loop (#​7928) (d982e6a)
• fs: add missing deferred Cleanup() call to post analyzer fs (#​7882) (ab32297)
• Improve version comparisons when build identifiers are present (#​7873) (eda4d76)
• k8s: check all results for vulnerabilities (#​7946) (797b36f)
• misconf: do not erase variable type for child modules (#​7941) (de3b7ea)
• misconf: handle null properties

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.