build(deps): bump github.com/aquasecurity/trivy from 0.53.0 to 0.54.1

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.53.0 to 0.54.1.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.54.1

Changelog

• 854c61d34a550a9fcbab3bc59e55b868c15d1962 release: v0.54.1 [release/v0.54] (#7282)
• 334a1c293bb3d490af2a6d80732f399efaac22f7 fix(flag): incorrect behavior for deprected flag --clear-cache [backport: release/v0.54] (#7285)
• f61725c28b56d80fb46395479842a2ab0c517c5f fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283)
• a7b7117fe2c9608e990b42e702cc83675c48f888 fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279)

v0.54.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#7268

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0540-2024-07-30

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.54.1 (2024-07-31)

Bug Fixes

• flag: incorrect behavior for deprected flag --clear-cache [backport: release/v0.54] (#7285) (334a1c2)
• java: Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) (f61725c)
• plugin: do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) (a7b7117)

0.54.0 (2024-07-30)

Features

• add log.FilePath() function for logger (#7080) (1f5f348)
• add openSUSE tumbleweed detection and scanning (#6965) (17b5dbf)
• cli: rename --vuln-type flag to --pkg-types flag (#7104) (7cbdb0a)
• mariner: Add support for Azure Linux (#7186) (5cbc452)
• misconf: enabled China configuration for ACRs (#7156) (d1ec89d)
• nodejs: add license parser to pnpm analyser (#7036) (03ac93d)
• sbom: add image labels into SPDX and CycloneDX reports (#7257) (4a2f492)
• sbom: add vulnerability support for SPDX formats (#7213) (efb1f69)
• share build-in rules (#7207) (bff317c)
• vex: retrieve VEX attestations from OCI registries (#7249) (c2fd2e0)
• vex: VEX Repository support (#7206) (88ba460)
• vuln: add --pkg-relationships (#7237) (5c37361)

Bug Fixes

• Add dependencyManagement exclusions to the child exclusions (#6969) (dc68a66)
• add missing platform and type to spec (#7149) (c8a7abd)
• cli: error on missing config file (#7154) (7fa5e7d)
• close file when failed to open gzip (#7164) (2a577a7)
• dotnet: don't include non-runtime libraries into report for *.deps.json files (#7039) (5bc662b)
• dotnet: show nuget package dir not found log only when checking nuget packages (#7194) (d76feba)
• ignore nodes when listing permission is not allowed (#7107) (25f8143)
• java: avoid panic if deps from pom in it dir are not found (#7245) (4e54a7e)
• java: use go-mvn-version to remove Package duplicates (#7088) (a7a304d)
• misconf: do not evaluate TF when a load error occurs (#7109) (f27c236)
• nodejs: detect direct dependencies when using latest version for files yarn.lock + package.json (#7110) (54bb8bd)
• report: hide empty table when all secrets/license/misconfigs are ignored (#7171) (c3036de)
• secret: skip regular strings contain secret patterns (#7182) (174b1e3)
• secret: trim excessively long lines (#7192) (92b13be)
• secret: update length of hugging-face-access-token (#7216) (8c87194)
• server: pass license categories to options (#7203) (9d52018)

Performance Improvements

... (truncated)

Commits

• 854c61d release: v0.54.1 [release/v0.54] (#7282)
• 334a1c2 fix(flag): incorrect behavior for deprected flag --clear-cache [backport: r...
• f61725c fix(java): Return error when trying to find a remote pom to avoid segfault [b...
• a7b7117 fix(plugin): do not call GitHub content API for releases and tags [backport: ...
• ff403a3 release: v0.54.0 [main] (#7075)
• b3ee4bc docs: update ecosystem page reporting with plopsec.com app (#7262)
• 3b7aad3 chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
• c2fd2e0 feat(vex): retrieve VEX attestations from OCI registries (#7249)
• 4a2f492 feat(sbom): add image labels into SPDX and CycloneDX reports (#7257)
• f198cf8 refactor(flag): return error if both --download-db-only and `--download-jav...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2256.