chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.2

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.49.1 to 0.50.2.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.50.1

Changelog

• 5f69937cc fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
• 258d15346 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#6356)
• ade033a83 docs: add info about support for package license detection in fs/repo modes (#6381)
• f85c9fac6 fix(nodejs): add support for parsing workspaces from package.json as an object (#6231)
• 9d7f5c948 fix: use 0600 perms for tmp files for post analyzers (#6386)
• f148eb10f fix(helm): scan the subcharts once (#6382)
• 97f95c4dd docs(terraform): add file patterns for Terraform Plan (#6393)
• abd62ae74 fix(terraform): сhecking SSE encryption algorithm validity (#6341)
• 7c409fd27 fix(java): parse modules from pom.xml files once (#6312)
• 1b68327b6 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#6364)
• a2482c14e fix(server): add Locations for Packages in client/server mode (#6366)
• e866bd5b5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#6346)
• 1870f2846 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#6348)
• 6c81e5505 chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371)

v0.50.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#6340

Changelog

• 8ec3938e0 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#6321)
• f6c5d5800 feat(java): add support licenses and graph for gradle lock files (#6140)
• c4022d61b feat(vex): consider root component for relationships (#6313)
• 317792433 fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
• dd9620ef3 chore: updates wazero to v1.7.0 (#6301)
• eb3ceb323 feat(sbom): Support license detection for SBOM scan (#6072)
• ab74caa87 refactor(sbom): use intermediate representation for SPDX (#6310)
• 71da44f7e docs(terraform): improve documentation for filtering by inline comments (#6284)
• 102b6df73 fix(terraform): fix policy document retrieval (#6276)
• aa19aaf4e refactor(terraform): remove unused custom error (#6303)
• 8fcef352b refactor(sbom): add intermediate representation for BOM (#6240)
• fb8c516de fix(amazon): check only major version of AL to find advisories (#6295)
• 96bd7ac59 fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#6219)
• 12c5bf080 fix(nodejs): add name validation for package name from package.json (#6268)
• d6c40ce05 docs: Added install instructions for FreeBSD (#6293)
• 9d2057a7c feat(image): customer podman host or socket option (#6256)
• 2a9d9bd21 chore(deps): bump wazero from 1.2.1 to 1.6.0 (#6290)
• 617c3e31b feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#6213)
• 56cedc0d6 fix(license): reorder logic of how python package licenses are acquired (#6220)
• d7d7265eb test(terraform): skip cached modules (#6281)
• 663991166 feat(secret): Support for detecting Hugging Face Access Tokens (#6236)
• 337cb7535 fix(cloudformation): support of all SSE algorithms for s3 (#6270)
• 9361cdb7e feat(terraform): Terraform Plan snapshot scanning support (#6176)
• ee01e6e2f chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#6249)
• 3d2f583ec fix: typo function name and comment optimization (#6200)
• c4b5ab788 fix(java): don't ignore runtime scope for pom.xml files (#6223)
• 355c1b583 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#6242)

... (truncated)

Commits

• 058f483 chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
• 9e3d2c5 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
• 2ad8e33 fix(java): update logic to detect pom.xml file snapshot artifacts from remo...
• 5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
• 258d153 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same de...
• ade033a docs: add info about support for package license detection in fs/repo mod...
• f85c9fa fix(nodejs): add support for parsing workspaces from package.json as an o...
• 9d7f5c9 fix: use 0600 perms for tmp files for post analyzers (#6386)
• f148eb1 fix(helm): scan the subcharts once (#6382)
• 97f95c4 docs(terraform): add file patterns for Terraform Plan (#6393)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #51.