Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,501 Commits 6 Branches 121 Tags
7f79b8eadf52995b13b3800655ea2e0f0700a086
Commit Graph

1501 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
MaineK00n
7f79b8eadf feat(config/os): add alpine 3.19, 3.20 EOL (#1965) 2024-06-12 17:18:20 +09:00
Shunichi Shinohara
cb26be180a fix(ci): Remove unused files to avoid disk full (#1957) 
cf.
- https://zenn.dev/pinto0309/scraps/c6413eb15a1b2a (in Japanese)
- https://github.com/actions/runner-images/issues/709
v0.26.0-rc2 		2024-06-09 12:32:21 +09:00
MaineK00n
e1fab805af fix(debian,ubuntu): collect running kernel source package (#1935) 2024-06-06 21:20:16 +09:00
MaineK00n
5af1a22733 fix(redhat-based): collect running kernel packages (#1950) 2024-06-06 10:28:40 +09:00
dependabot[bot]
0533069446 chore(deps): bump docker/setup-buildx-action from 2 to 3 (#1955) 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-03 18:15:00 +09:00
dependabot[bot]
3e1f2bc88b chore(deps): bump docker/setup-qemu-action from 2 to 3 (#1954) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-03 18:09:09 +09:00
dependabot[bot]
368c496d40 chore(deps): bump docker/metadata-action from 4 to 5 (#1953) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 5.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-03 18:06:18 +09:00
dependabot[bot]
a99e3af3fe chore(deps): bump golangci/golangci-lint-action from 3 to 6 (#1952) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v6)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-03 17:59:19 +09:00
dependabot[bot]
1769107382 chore(deps): bump github/codeql-action from 2 to 3 (#1951) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-03 17:58:27 +09:00
dependabot[bot]
2e5884b9bd chore(deps): bump github.com/aquasecurity/trivy from 0.51.2 to 0.51.4 (#1938) 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.51.2 to 0.51.4.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.51.2...v0.51.4)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-29 16:41:11 +09:00
MaineK00n
cc9734d5e4 chore(deps): use github.com/Azure/azure-sdk-for-go/sdk/storage/azblob (#1661) 2024-05-28 19:31:21 +09:00
dependabot[bot]
227208b60b chore(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#1949) 
Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/BurntSushi/toml/releases)
- [Commits](https://github.com/BurntSushi/toml/compare/v1.3.2...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/BurntSushi/toml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 11:24:39 +09:00
dependabot[bot]
949d72d0b7 chore(deps): bump actions/setup-go from 3 to 5 (#1946) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 11:24:29 +09:00
dependabot[bot]
2f02918064 chore(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#1948) 
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-version/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-version
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 11:24:10 +09:00
dependabot[bot]
73917188d5 chore(deps): bump the aws group with 2 updates (#1947) 
Bumps the aws group with 2 updates: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.15 to 1.27.16
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.15...config/v1.27.16)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.54.2 to 1.54.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.2...service/s3/v1.54.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 11:04:29 +09:00
dependabot[bot]
980c1ff262 chore(deps): bump docker/build-push-action from 2 to 5 (#1945) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 10:59:59 +09:00
dependabot[bot]
58bb6c7e09 chore(deps): bump actions/checkout from 3 to 4 (#1944) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 10:59:40 +09:00
dependabot[bot]
977fe0ca49 chore(deps): bump goreleaser/goreleaser-action from 4 to 5 (#1943) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 10:53:57 +09:00
dependabot[bot]
474c76e7a7 chore(deps): bump docker/login-action from 2 to 3 (#1942) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 10:53:23 +09:00
MaineK00n
5116a6a23d feat(ci): group aws-sdk-go-v2 updates, check github actions update (#1941) 
* feat(ci): group aws-sdk-go-v2 updates

* faet(ci): add github actions update
 2024-05-28 10:39:13 +09:00
dependabot[bot]
8449f2e295 chore(deps): bump github.com/aws/aws-sdk-go-v2/credentials (#1936) 
Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.17.15 to 1.17.16.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.15...credentials/v1.17.16)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-28 10:27:54 +09:00
MaineK00n
db2c502b4a feat(reporter/s3): support minio (#1930) 
* feat(reporter/s3): support minio

* feat(reporter/s3): disable config/credential: file and some providers
 2024-05-28 10:13:39 +09:00
dependabot[bot]
337eb0b281 chore(deps): bump github.com/aws/aws-sdk-go from 1.53.0 to 1.53.9 (#1934) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.53.0 to 1.53.9.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.53.0...v1.53.9)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-24 19:31:37 +09:00
MaineK00n
d8bce94d8c chore(deps): use aws-sdk-go-v2 (#1922) 2024-05-24 19:08:38 +09:00
dependabot[bot]
9107d1b1bc chore(deps): bump github.com/aquasecurity/trivy from 0.51.1 to 0.51.2 (#1928) 
* ---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): go mod tidy

* chore(deps): follow type name change

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shunichi Shinohara <shino.shun@gmail.com>
 2024-05-23 05:13:59 +09:00
MaineK00n
407407d306 fix(contrib/trivy-to-vuls): remove cvss/severity duplicates, list all severities (#1929) 2024-05-22 17:16:02 +09:00
dependabot[bot]
dccdd8a091 chore(deps): bump github.com/package-url/packageurl-go from 0.1.2 to 0.1.3 (#1927) 
updated-dependencies:
- dependency-name: github.com/package-url/packageurl-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-21 15:13:50 +09:00
MaineK00n
878c25bf5a feat(detector, contrib/trivy-to-vuls): collect vendor severity and cvss (#1921) v0.25.4 2024-05-17 19:11:51 +09:00
MaineK00n
e4728e3881 fix(gost/debian): show all severities that appeared (#1914) 2024-05-16 18:01:01 +09:00
MaineK00n
61c39637f2 feat(scanner/redhat): each package has modularitylabel (#1381) 2024-05-16 02:54:02 +09:00
dependabot[bot]
f1c384812a chore(deps): bump github.com/aquasecurity/trivy from 0.50.1 to 0.51.1 (#1912) 
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.50.1 to 0.51.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.50.1...v0.51.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-15 22:37:12 +09:00
dependabot[bot]
0fa09e1517 chore(deps): bump github.com/emersion/go-smtp from 0.21.1 to 0.21.2 (#1918) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.21.1 to 0.21.2.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.21.1...v0.21.2)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-14 10:51:15 +09:00
MaineK00n
ef2be3d6ea feat(detect/redhat): detect unpatched vulnerabilities with oval, stop using gost (#1907) 
* feat(oval/redhat): detect not fixed package

* feat(gost/redhat): stop using to detect unpatched vulnerabilities
v0.25.3 		2024-05-10 17:32:40 +09:00
dependabot[bot]
827f2cb8d8 chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#1910) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-08 07:10:05 +09:00
dependabot[bot]
4cb4ec4dda chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 (#1909) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-08 03:04:23 +09:00
dependabot[bot]
81f3d5f3bd chore(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 (#1908) 
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.9 to 1.3.10.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.9...v1.3.10)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-08 02:30:02 +09:00
MaineK00n
f3f667138d feat(ubuntu): add 24.04 noble (#1878) 2024-05-02 16:56:42 +09:00
dependabot[bot]
bca59ff85f chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1903) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-30 15:04:15 +09:00
future-ryunosuketanai
3f98fbc82c style(log) fix trivy scan page link (#1902) 2024-04-25 19:20:42 +09:00
MaineK00n
73dc95f6b9 fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations (#1899) 2024-04-23 16:30:33 +09:00
dependabot[bot]
04bdaabe6b chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 (#1898) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-21 22:52:03 +09:00
Shunichi Shinohara
8f4025120d (fix) Exclude dev dependencies from npm's package-lock.json and Fix Java DB download endpoint (#1893) 
* (fix) Exclude dev dependencies from npm's package-lock.json

* chore(integration) update

* choir(integration) add lib scan names to makefile

* fix(javadb) add schema version only once
 2024-04-17 17:23:57 +09:00
deferdeter
cfbe47bd99 chore: fix some typos in comments (#1897) 
Signed-off-by: deferdeter <deferdeter@outlook.com>
 2024-04-16 19:14:00 +09:00
future-ryunosuketanai
a6cafabfb8 style(log) config.toml template docs url (#1894) 
* fix: config.toml template url

* applied fixes to other places
 2024-04-16 12:11:28 +09:00
dependabot[bot]
d1137ad1ca chore(deps): bump github.com/emersion/go-smtp from 0.21.0 to 0.21.1 (#1896) 
Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.21.0 to 0.21.1.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.21.0...v0.21.1)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-16 10:35:18 +09:00
dependabot[bot]
6181e1c4bb chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (#1890) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0.
- [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-10 18:19:54 +09:00
dependabot[bot]
5f0abc971f chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 (#1891) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-10 17:56:53 +09:00
dependabot[bot]
3cdd2e10d0 chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 (#1888) 
* chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0

Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.2 to 0.21.0.
- [Release notes](https://github.com/emersion/go-smtp/releases)
- [Commits](https://github.com/emersion/go-smtp/compare/v0.20.2...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/emersion/go-smtp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(reporter/email): use DialStartTLS instead of StartTLS

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-04-05 17:41:41 +09:00
Konstantin Eremin
867bf63bb2 TLS insecure option adding (#1220) 
* TLS InsecureSkipVerify option added to sendMail

* refactor(reporter/email): remove redundant if statement

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-04-05 13:12:47 +09:00
dependabot[bot]
5d5dcd5f41 chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 (#1885) 
* chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.49.1 to 0.50.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.49.1...v0.50.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* refactor(cmd/report): use trivy default for trivy-java-db-repository default value

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
 2024-03-28 13:09:49 +09:00