chore(docker): bump the docker group in /versions with 5 updates#38
Open
dependabot[bot] wants to merge 1 commit into
Open
chore(docker): bump the docker group in /versions with 5 updates#38dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the docker group in /versions with 5 updates: | Package | From | To | | --- | --- | --- | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.95.2` | `3.95.6` | | [anchore/syft](https://github.com/anchore/syft) | `v1.44.0` | `v1.45.1` | | [aquasecurity/trivy](https://github.com/aquasecurity/trivy) | `0.70.0` | `0.71.2` | | [anchore/grype](https://github.com/anchore/grype) | `v0.112.0` | `v0.114.0` | | semgrep/semgrep | `1.161.0` | `1.166.0` | Updates `trufflesecurity/trufflehog` from 3.95.2 to 3.95.6 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.95.2...v3.95.6) Updates `anchore/syft` from v1.44.0 to v1.45.1 - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md) - [Commits](anchore/syft@v1.44.0...v1.45.1) Updates `aquasecurity/trivy` from 0.70.0 to 0.71.2 - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/v0.71.2/CHANGELOG.md) - [Commits](aquasecurity/trivy@v0.70.0...v0.71.2) Updates `anchore/grype` from v0.112.0 to v0.114.0 - [Release notes](https://github.com/anchore/grype/releases) - [Changelog](https://github.com/anchore/grype/blob/main/RELEASE.md) - [Commits](anchore/grype@v0.112.0...v0.114.0) Updates `semgrep/semgrep` from 1.161.0 to 1.166.0 --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker - dependency-name: anchore/syft dependency-version: v1.45.1 dependency-type: direct:production dependency-group: docker - dependency-name: aquasecurity/trivy dependency-version: 0.71.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: docker - dependency-name: anchore/grype dependency-version: v0.114.0 dependency-type: direct:production dependency-group: docker - dependency-name: semgrep/semgrep dependency-version: 1.166.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: docker ... Signed-off-by: dependabot[bot] <support@github.com>
This was referenced Jun 20, 2026
Semgrep Scan ResultsRepository:
Scanned at 2026-06-20 13:30 UTC |
Security Scan ResultsRepository:
Scanned at 2026-06-20 13:30 UTC |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the docker group in /versions with 5 updates:
3.95.23.95.6v1.44.0v1.45.10.70.00.71.2v0.112.0v0.114.01.161.01.166.0Updates
trufflesecurity/trufflehogfrom 3.95.2 to 3.95.6Release notes
Sourced from trufflesecurity/trufflehog's releases.
... (truncated)
Commits
30d5bb9S3: surface bucket listing failures and fix multi-role object count (#5035)f0739f1close todo - embed small HTTP test fixtures (#5001)36d680aadd filetype=sdist param so we get the correct response code (#4988)248ffd5fix(dropbox): prevent long sl.u. tokens from being truncated before verificat...afbdaa8Fix: Resolve known dedup issues in notifierWorker (#5028)7bcf376[INS-472] [INS-515] Add user detector to defaults.go, gate it behind feat fla...84a2b33Fix Renovate lookup: update setup-captain version comment (#4999)ac0805e[INS-469] Added Rev detectors to defaults.go and gated it behind feature flag...d03d087GitHub finegrain analyzer was improperly handling errors (#4498)b64cefeset redacted value to last 4 characters of secret, to match how the secret ty...Updates
anchore/syftfrom v1.44.0 to v1.45.1Release notes
Sourced from anchore/syft's releases.
Commits
d4496b0chore(deps): update anchore dependencies (#4934)adc55cdchore(deps): bump the go-minor-patch group across 1 directory with 3 updates ...00d0bb5chore(deps): update tool versions (#4724)f474308chore(deps): bump the go-minor-patch group across 2 directories with 14 updat...bf67072chore: bump golang.org/x/crypto (#4955)9673f86Pass contents: read to check-gate (#4951)a4fb2c0perf(python): hoist name normalization regexp to package level (#4926)cf2ce64update helm classifier (#4922)524a44bchore(deps): bump the actions-minor-patch group across 1 directory with 6 upd...4e86715fix: improve julia classifier to find shared libs and beta versions (#4945)Updates
aquasecurity/trivyfrom 0.70.0 to 0.71.2Release notes
Sourced from aquasecurity/trivy's releases.
Changelog
Sourced from aquasecurity/trivy's changelog.
Commits
055a5c8release: v0.71.2 [release/v0.71] (#10871)875328afix(deps): bump alpine to 3.24.1 [backport: release/v0.71] (#10870)998f7b3chore(deps): bump the common group with 4 updates [backport: release/v0.71] (...164b383release: v0.71.1 [release/v0.71] (#10818)a72d9a4fix(oci): validate artifact filename3dd9847fix: forward ospkg detector options through ospkg.NewScanner [backport: relea...a62cbe4fix(vex): load VEX documents from within the repository directory [backport: ...43d1d26fix: surface the original analysis error instead of context cancellation [bac...ac7696cci: expect GitHub App bot as backport PR author [backport: release/v0.71] (#1...9b49920release: v0.71.0 [main] (#10638)Updates
anchore/grypefrom v0.112.0 to v0.114.0Release notes
Sourced from anchore/grype's releases.
Commits
ef8e65achore(deps): update anchore dependencies (#3487)024e26bfix: respect withdrawn status of Go Vuln DB OSV records (#3495)9879170feat(scan): add support for a Zarf scan target (#3366)09dcb8cchore(deps): update quality gate database (#3478)c4a5368chore(deps): update tool versions (#3488)7e47096Govulndb OSV transformer (#3485)a0c0312give install script uploader contents: read (#3489)577c4cdchore(deps): update anchore dependencies (#3412)b5af082Pass contents: read to check-gate workflow (#3486)1a5ef89chore: rename rpm_arch to architecture (#3482)Updates
semgrep/semgrepfrom 1.161.0 to 1.166.0You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions