Bump github.com/aquasecurity/trivy from 0.42.1 to 0.44.0

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.42.1 to 0.44.0.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.44.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#4903

Changelog

• d19c7d9f2 feat(repo): support local repositories (#4890)
• 3c1976187 bump go-dep-parser (#4893)
• e1c2a8c80 fix(misconf): add missing fields to proto (#4861)
• 8b8e0e83d fix: remove trivy-db package replacement (#4877)
• f9efe44fd chore(test): bump the integration test timeout to 15m (#4880)
• 7271d682f chore(deps): Update defsec to v0.91.0 (#4886)
• c3bc67c89 chore: update CODEOWNERS (#4871)
• 232ba823e feat(vuln): support vulnerability status (#4867)
• 11618c940 feat(misconf): Support custom URLs for policy bundle (#4834)
• 07075696d refactor: replace with sortable packages (#4858)
• fbe1c9eb1 docs: correct license scanning sample command (#4855)
• 20c2246a6 fix(report): close the file (#4842)
• 24a3e547d feat(nodejs): add support for include-dev-deps flag for yarn (#4812)
• a7bd7bb65 feat(misconf): Add support for independently enabling libraries (#4070)
• 4aa9ea096 feat(secret): add secret config file for cache calculation (#4837)
• 5d349d814 Fix a link in gitlab-ci.md (#4850)
• a61531c1f fix(flag): use globalstar to skip directories (#4854)
• 78cc20937 chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849)
• 93996041b fix(license): using common way for splitting licenses (#4434)
• 3e2416d77 fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
• ce77bb46c remove govulndb (#4783)
• c05caae43 fix(java): inherit licenses from parents (#4817)
• aca11b95d refactor: add allowed values for CLI flags (#4800)
• 4cecd17ea add example regex to allow rules (#4827)
• 4bc8d29c1 feat(misconf): Support custom data for rego policies for cloud (#4745)
• 88243a0ad docs: correcting the trivy k8s tutorial (#4815)
• 3c7d988d7 feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
• fd0fd104f fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
• d0d543b88 feat(misconf): enable --policy flag to accept directory and files both (#4777)
• b43a3e623 feat(python): add license fields (#4722)
• aef7b148a fix: support trivy k8s-version on k8s sub-command (#4786)

v0.43.1

Changelog

• 5d76abadc chore(deps): Update defsec to v0.90.3 (#4793)
• fed446c51 chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752)
• df62927e5 chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748)
• 1b9b9a84f chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758)
• 3c16ca821 docs(image): fix the comment on the soft/hard link (#4740)
• e5bee5ccc check Type when filling pkgs in vulns (#4776)
• 4b9f310b9 feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)
• 8e7fb7cc8 chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756)
• a9badeaba fix(rocky): add architectures support for advisories (#4691)

... (truncated)

Commits

• d19c7d9 feat(repo): support local repositories (#4890)
• 3c19761 bump go-dep-parser (#4893)
• e1c2a8c fix(misconf): add missing fields to proto (#4861)
• 8b8e0e8 fix: remove trivy-db package replacement (#4877)
• f9efe44 chore(test): bump the integration test timeout to 15m (#4880)
• 7271d68 chore(deps): Update defsec to v0.91.0 (#4886)
• c3bc67c chore: update CODEOWNERS (#4871)
• 232ba82 feat(vuln): support vulnerability status (#4867)
• 11618c9 feat(misconf): Support custom URLs for policy bundle (#4834)
• 0707569 refactor: replace with sortable packages (#4858)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #3259.