Upgrade trivy and harbor-scanner-trivy for harbor v2.11.1

UPSTREAM_PROJECTS.yaml

@@ -25,11 +25,11 @@ projects:
     repos:
       - name: harbor-scanner-trivy
         versions:
-          - tag: v0.31.2
-            go_version: "1.21"
+          - tag: v0.31.4
+            go_version: "1.22"
       - name: trivy
         versions:
-          - tag: v0.51.2
+          - tag: v0.56.2
             go_version: "1.22"
   - org: aws
     repos:

projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt

@@ -1,5 +1,5 @@
 
-** github.com/aquasecurity/harbor-scanner-trivy; version v0.31.2 --
+** github.com/aquasecurity/harbor-scanner-trivy; version v0.31.4 --
 https://github.com/aquasecurity/harbor-scanner-trivy
 
 ** github.com/containerd/stargz-snapshotter/estargz; version v0.14.3 --
@@ -11,13 +11,13 @@ https://github.com/docker/cli
 ** github.com/docker/distribution/registry/client/auth/challenge; version v2.8.2+incompatible --
 https://github.com/distribution/distribution
 
-** github.com/docker/docker/pkg/homedir; version v26.1.2+incompatible --
+** github.com/docker/docker/pkg/homedir; version v27.1.1+incompatible --
 https://github.com/moby/moby
 
 ** github.com/knqyf263/go-containerregistry; version v0.16.2-0.20231101014841-fd95d0f749dd --
 https://github.com/knqyf263/go-containerregistry
 
-** github.com/klauspost/compress; version v1.16.5 --
+** github.com/klauspost/compress; version v1.17.4 --
 https://github.com/klauspost/compress
 
 ** github.com/opencontainers/go-digest; version v1.0.0 --
@@ -375,7 +375,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ------
 
-** github.com/redis/go-redis/v9; version v9.5.1 --
+** github.com/redis/go-redis/v9; version v9.6.1 --
 https://github.com/redis/go-redis/v9
 
 Copyright (c) 2013 The github.com/redis/go-redis Authors.
@@ -409,7 +409,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ** github.com/gorilla/mux; version v1.8.1 --
 https://github.com/gorilla/mux
 
-** github.com/gorilla/schema; version v1.3.0 --
+** github.com/gorilla/schema; version v1.4.1 --
 https://github.com/gorilla/schema
 
 Copyright (c) 2023 The Gorilla Authors. All rights reserved.
@@ -442,7 +442,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ------
 
-** github.com/klauspost/compress/internal/snapref; version v1.16.5 --
+** github.com/klauspost/compress/internal/snapref; version v1.17.4 --
 https://github.com/klauspost/compress
 
 Copyright (c) 2011 The Snappy-Go Authors. All rights reserved.
@@ -578,22 +578,52 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ------
 
-** golang.org/go; version go1.21.13 --
+** golang.org/go; version go1.22.8 --
 https://github.com/golang/go
 
-** golang.org/x/exp/constraints; version v0.0.0-20230510235704-dd950f8aeaea --
-https://golang.org/x/exp
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+------
 
-** golang.org/x/net/context; version v0.25.0 --
+** golang.org/x/net/context; version v0.28.0 --
 https://golang.org/x/net
 
-** golang.org/x/sync/errgroup; version v0.3.0 --
+** golang.org/x/sync/errgroup; version v0.8.0 --
 https://golang.org/x/sync
 
-** golang.org/x/sys; version v0.20.0 --
+** golang.org/x/sys; version v0.23.0 --
 https://golang.org/x/sys
 
-Copyright (c) 2009 The Go Authors. All rights reserved.
+** golang.org/x/text; version v0.17.0 --
+https://golang.org/x/text
+
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -605,7 +635,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
@@ -730,15 +760,15 @@ Copyright (c) 2017-2020 Damian Gryski <[email protected]>
 https://github.com/docker/docker-credential-helpers
 Copyright (c) 2016 David Calavera
 
-** github.com/klauspost/compress/zstd/internal/xxhash; version v1.16.5 --
+** github.com/klauspost/compress/zstd/internal/xxhash; version v1.17.4 --
 https://github.com/klauspost/compress
 Copyright (c) 2016 Caleb Spare
 
 ** github.com/mitchellh/go-homedir; version v1.1.0 --
 https://github.com/mitchellh/go-homedir
 Copyright (c) 2013 Mitchell Hashimoto
 
-** github.com/samber/lo; version v1.39.0 --
+** github.com/samber/lo; version v1.47.0 --
 https://github.com/samber/lo
 Copyright (c) 2022 Samuel Berthe
 

projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS

@@ -1,2 +1,2 @@
-c2bd544ed3e7ba3e2031c85b5b35834a0e79fe93c20bdc0fe50948efb13efcd4  _output/bin/harbor-scanner-trivy/linux-amd64/scanner-trivy
-712f237c2115cb30bdf3a3d6ad74382bb581a752170a09be5fb1a13bba90dae3  _output/bin/harbor-scanner-trivy/linux-arm64/scanner-trivy
+5bf6a0db227da17c076edab99d467bfa78e9c9eea4e887d086133a0f7d8095e1  _output/bin/harbor-scanner-trivy/linux-amd64/scanner-trivy
+edf2ce6e325e7c28e7e31fab128f4b9ee133847f03ed1d382ea7dd25fcdf538b  _output/bin/harbor-scanner-trivy/linux-arm64/scanner-trivy

projects/aquasecurity/harbor-scanner-trivy/GIT_TAG

@@ -1 +1 @@
-v0.31.2
+v0.31.4

projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION

@@ -1 +1 @@
-1.21
+1.22

projects/aquasecurity/harbor-scanner-trivy/README.md

@@ -1,5 +1,5 @@
 ## **harbor-scanner-trivy**
-![Version](https://img.shields.io/badge/version-v0.31.2-blue)
+![Version](https://img.shields.io/badge/version-v0.31.4-blue)
 ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoieEpzUzBranRhT3NMMGdLU0lSVmh1S2RteDcyd1AwRU5LbVZFc2pnNlcvcWpaZHR4blQ3RktjbzllUmhwMmhma0pnZ2RWVEY0UEIzZ2NPc3pYQ2l1RFZvPSIsIml2UGFyYW1ldGVyU3BlYyI6IitiOTg2c2dOVW55cnVQREoiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main)
 
 The [Harbor Scanner Adapter for Trivy](https://github.com/aquasecurity/harbor-scanner-trivy) is a service that translates the Harbor scanning API into Trivy commands and allows Harbor to use Trivy for providing vulnerability reports on images stored in Harbor registry as part of its vulnerability scan feature.