chore: bump github.com/aquasecurity/trivy from 0.57.1 to 0.58.2

[dependabot]

Bumps github.com/aquasecurity/trivy from 0.57.1 to 0.58.2.

Release notes

Sourced from github.com/aquasecurity/trivy's releases.

v0.58.2

Changelog

• 936f06a57864d073aa77b38f77fe76c4fcb1f7c1 release: v0.58.2 [release/v0.58] (#8216)
• f72d2bce8d3418dbcb670434bc15bb857b421f98 fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)
• 289636758eccf990f36ea2be34f6db2c02cfab6b fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)
• b733ecc7bc752d61837d08f2650bd480b645bb1d fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)

v0.58.1

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#8171

Changelog

https://github.com/aquasecurity/trivy/blob/release/v0.58/CHANGELOG.md#0581-2024-12-24

v0.58.0

⚡Release highlights and summary⚡

👉 aquasecurity/trivy#8039

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0580-2024-12-02

Changelog

Sourced from github.com/aquasecurity/trivy's changelog.

0.58.2 (2025-01-13)

Bug Fixes

• CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) (b733ecc)
• misconf: allow null values only for tf variables [backport: release/v0.58] (#8238) (f72d2bc)
• suse: SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) (2896367)

0.58.1 (2024-12-24)

Bug Fixes

• handle BLOW_UNKNOWN error to download DBs [backport: release/v0.58] (#8121) (9a56e7c)
• java: correctly overwrite version from depManagement if dependency uses project.* props [backport: release/v0.58] (#8119) (4278a09)
• oracle: add architectures support for advisories [backport: release/v0.58] (#8125) (89b341f)
• python: skip dev group's deps for poetry [backport: release/v0.58] (#8158) (8b93081)
• redhat: correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) (33818e1)
• sbom: attach nested packages to Application [backport: release/v0.58] (#8168) (03160e4)
• sbom: fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) (f842fe1)
• sbom: use root package for unknown dependencies (if exists) [backport: release/v0.58] (#8156) (18cd1a5)

0.58.0 (2024-12-02)

Features

• add workspaceRelationship (#7889) (d622ca2)
• add cvss v4 score and vector in scan response (#7968) (e0f2054)
• go: construct dependencies in the parser (#7973) (bcdc0bb)
• go: construct dependencies of go.mod main module in the parser (#7977) (5448ba2)
• k8s: add default commands for unknown platform (#7863) (b1c7f55)
• misconf: log causes of HCL file parsing errors (#7634) (e9a899a)
• oracle: add flavors support (#7858) (b9b383e)
• secret: Add built-in secrets rules for Private Packagist (#7826) (132d9df)
• suse: Align SUSE/OpenSUSE OS Identifiers (#7965) (45d3b40)
• Update registry fallbacks (#7679) (5ba9a83)

Bug Fixes

• alpine: add UID for removed packages (#7887) (07915da)
• aws: change CPU and Memory type of ContainerDefinition to a string (#7995) (aeeba70)
• cli: Handle empty ignore files more gracefully (#7962) (4cfb2a9)
• debian: infinite loop (#7928) (d982e6a)
• fs: add missing defered Cleanup() call to post analyzer fs (#7882) (ab32297)
• Improve version comparisons when build identifiers are present (#7873) (eda4d76)
• k8s: check all results for vulnerabilities (#7946) (797b36f)
• misconf: do not erase variable type for child modules (#7941) (de3b7ea)

... (truncated)

Commits

• 936f06a release: v0.58.2 [release/v0.58] (#8216)
• f72d2bc fix(misconf): allow null values only for tf variables [backport: release/v0.5...
• 2896367 fix(suse): SUSE - update OSType constants and references for compatility [bac...
• b733ecc fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the U...
• 7326db1 release: v0.58.1 [release/v0.58] (#8120)
• 03160e4 fix(sbom): attach nested packages to Application [backport: release/v0.58] (#...
• 8b93081 fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)
• 18cd1a5 fix(sbom): use root package for unknown dependencies (if exists) [backport:...
• 1bde3df chore(deps): bump golang.org/x/net from v0.32.0 to v0.33.0 [backport: r...
• 90f9e88 chore(deps): bump github.com/CycloneDX/cyclonedx-go from v0.9.1 to `v0.9....
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)