build(deps): bump github.com/aquasecurity/trivy from 0.57.1 to 0.58.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.57.1 to 0.58.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.58.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#8039

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0580-2024-12-02

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.58.0 (2024-12-02)

Features

• add workspaceRelationship (#7889) (d622ca2)
• add cvss v4 score and vector in scan response (#7968) (e0f2054)
• go: construct dependencies in the parser (#7973) (bcdc0bb)
• go: construct dependencies of go.mod main module in the parser (#7977) (5448ba2)
• k8s: add default commands for unknown platform (#7863) (b1c7f55)
• misconf: log causes of HCL file parsing errors (#7634) (e9a899a)
• oracle: add flavors support (#7858) (b9b383e)
• secret: Add built-in secrets rules for Private Packagist (#7826) (132d9df)
• suse: Align SUSE/OpenSUSE OS Identifiers (#7965) (45d3b40)
• Update registry fallbacks (#7679) (5ba9a83)

Bug Fixes

• alpine: add UID for removed packages (#7887) (07915da)
• aws: change CPU and Memory type of ContainerDefinition to a string (#7995) (aeeba70)
• cli: Handle empty ignore files more gracefully (#7962) (4cfb2a9)
• debian: infinite loop (#7928) (d982e6a)
• fs: add missing defered Cleanup() call to post analyzer fs (#7882) (ab32297)
• Improve version comparisons when build identifiers are present (#7873) (eda4d76)
• k8s: check all results for vulnerabilities (#7946) (797b36f)
• misconf: do not erase variable type for child modules (#7941) (de3b7ea)
• misconf: handle null properties in CloudFormation templates (#7813) (99b2db3)
• misconf: load full Terraform module (#7925) (fbc42a0)
• misconf: properly resolve local Terraform cache (#7983) (fe3a897)
• misconf: Update trivy-checks default repo to mirror.gcr.io (#7953) (9988147)
• misconf: wrap AWS EnvVar to iac types (#7407) (54130dc)
• redhat: don't return error if root/buildinfo/content_manifests/ contains files that are not contentSets files (#7912) (38775a5)
• report: handle git@github.com schema for misconfigs in sarif report (#7898) (19aea4b)
• sbom: Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871) (461a68a)
• terraform: set null value as fallback for missing variables (#7669) (611558e)

0.57.0 (2024-10-31)

⚠ BREAKING CHANGES

• k8s: support k8s multi container (#7444)

Features

• add end of life date for Ubuntu 24.10 (#7787) (ad3c09e)
• cli: add trivy auth (#7664) (27117f8)
• cli: error out when ignore file cannot be found (#7624) (cb0b3a9)
• cli: rename trivy auth to trivy registry (#7727) (633a7ab)

... (truncated)

Commits

• cd01f23 release: v0.58.0 [main] (#7874)
• 54130dc fix(misconf): wrap AWS EnvVar to iac types (#7407)
• a16270c chore(deps): Upgrade trivy-checks (#8018)
• 511b7d3 refactor(misconf): Remove unused options (#7896)
• eaf8d41 docs: add terminology page to explain Trivy concepts (#7996)
• d622ca2 feat: add workspaceRelationship (#7889)
• 0627992 refactor(sbom): simplify relationship generation (#7985)
• c238c51 chore: remove Go checks (#7907)
• 745be1a docs: improve databases documentation (#7732)
• f5bdc79 refactor: remove support for custom Terraform checks (#7901)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like github.com/aquasecurity/trivy is up-to-date now, so this is no longer needed.