🌱 Update Builder Image group

[cluster-stack-bot]

This PR contains the following updates:

Package	Type	Update	Change
adrienverge/yamllint		minor	v1.35.1 -> v1.37.0
docker.io/aquasec/trivy (source)	stage	minor	0.59.1 -> 0.61.0
golangci/golangci-lint		major	v1.64.5 -> v2.0.2

---

Release Notes

adrienverge/yamllint (adrienverge/yamllint)

v1.37.0

Compare Source

v1.36.2

Compare Source

v1.36.1

Compare Source

v1.36.0

Compare Source

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.61.0

Compare Source

Features

• fs: optimize scanning performance by direct file access for known paths (#​8525) (8bf6caf)
• k8s: add support for controllers (#​8614) (1bf0117)
• misconf: adapt aws_default_security_group (#​8538) (b57eccb)
• misconf: adapt aws_opensearch_domain (#​8550) (9913465)
• misconf: adapt AWS::DynamoDB::Table (#​8529) (8112cdf)
• misconf: adapt AWS::EC2::VPC (#​8534) (0d9865f)
• misconf: Add support for aws_ami (#​8499) (573502e)
• replace TinyGo with standard Go for WebAssembly modules (#​8496) (529957e)

Bug Fixes

• debian: don't include empty licenses for dpkgs (#​8623) (346f5b3)
• fs: check postAnalyzers for StaticPaths (#​8543) (c228307)
• k8s: show report for --report all (#​8613) (dbb6f28)
• misconf: add ephemeral block type to config schema (#​8513) (41512f8)
• misconf: Check values wholly prior to evalution (#​8604) (ad58cf4)
• misconf: do not skip loading documents from subdirectories (#​8526) (de7eb13)
• misconf: do not use cty.NilVal for non-nil values (#​8567) (400a79c)
• misconf: identify the chart file exactly by name (#​8590) (ba77dbe)
• misconf: Improve logging for unsupported checks (#​8634) (5b7704d)
• misconf: set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#​8548) (1f05b45)
• misconf: skip Azure CreateUiDefinition (#​8503) (c7814f1)
• spdx: save text licenses into otherLicenses without normalize (#​8502) (e5072f1)
• use --file-patterns flag for all post analyzers (#​7365) (8b88238)

Performance Improvements

• misconf: parse input for Rego once (#​8483) (0e5e909)
• misconf: retrieve check metadata from annotations once (#​8478) (7b96351)

v0.60.0

Compare Source

Features

• add --vuln-severity-source flag (#​8269) (d464807)
• add report summary table (#​8177) (dd54f80)
• cyclonedx: Add initial support for loading external VEX files from SBOM references (#​8254) (4820eb7)
• go: fix parsing main module version for go >= 1.24 (#​8433) (e58dcfc)
• misconf: render causes for Terraform (#​8360) (a99498c)

Bug Fixes

• db: fix case when 2 trivy-db were copied at the same time (#​8452) (bb3cca6)
• don't use scope for trivy registry login command (#​8393) (8715e5d)
• go: merge nested flags into string for ldflags for Go binaries (#​8368) (b675b06)
• image: disable AVD-DS-0007 for history scanning (#​8366) (a3cd693)
• k8s: add missed option PkgRelationships (#​8442) (f987e41)
• misconf: do not log scanners when misconfig scanning is disabled (#​8345) (5695eb2)
• misconf: ecs include enhanced for container insights (#​8326) (39789ff)
• misconf: fix incorrect k8s locations due to JSON to YAML conversion (#​8073) (a994453)
• os: add mapping OS aliases (#​8466) (6b4cebe)
• python: add poetry v2 support (#​8323) (10cd98c)
• report: remove html escaping for shortDescription and fullDescription fields for sarif reports (#​8344) (3eb0b03)
• sbom: add SBOM file's filePath as Application FilePath if we can't detect its path (#​8346) (ecc01bb)
• sbom: improve logic for binding direct dependency to parent component (#​8489) (85cca8c)
• sbom: preserve OS packages from multiple SBOMs (#​8325) (bd5baaf)
• server: secrets inspectation for the config analyzer in client server mode (#​8418) (a1c4bd7)
• spdx: init pkgFilePaths map for all formats (#​8380) (72ea4b0)
• terraform: apply parser options to submodule parsing (#​8377) (398620b)
• update all documentation links (#​8045) (49456ba)

golangci/golangci-lint (golangci/golangci-lint)

v2.0.2

Compare Source

1. Misc.
   • Fixes flags parsing for formatters
   • Fixes the filepath used by the exclusion source option
2. Documentation
   • Adds a section about flags migration
   • Cleaning pages with v1 options

v2.0.1

Compare Source

1. Linters/formatters bug fixes
   • golines: fix settings during linter load
2. Misc.
   • Validates the version field before the configuration
   • forbidigo: fix migration

v2.0.0

Compare Source

1. Enhancements
   • 🌟 New golangci-lint fmt command with dedicated formatter configuration
   • ♻️ New golangci-lint migrate command to help migration from v1 to v2 (cf. Migration guide)
   • ⚠️ New default values (cf. Migration guide)
   • ⚠️ No exclusions by default (cf. Migration guide)
   • ⚠️ New default sort order (cf. Migration guide)
   • 🌟 New option run.relative-path-mode (cf. Migration guide)
   • 🌟 New linters configuration (cf. Migration guide)
   • 🌟 New output format configuration (cf. Migration guide)
   • 🌟 New --fast-only flag (cf. Migration guide)
   • 🌟 New option linters.exclusions.warn-unused to log a warning if an exclusion rule is unused.
2. New linters/formatters
   • Add golines formatter https://github.com/segmentio/golines
3. Linters new features
   • ⚠️ Merge staticcheck, stylecheck, gosimple into one linter (staticcheck) (cf. Migration guide)
   • go-critic: from 0.12.0 to 0.13.0
   • gomodguard: from 1.3.5 to 1.4.1 (block explicit indirect dependencies)
   • nilnil: from 1.0.1 to 1.1.0 (new option: only-two)
   • perfsprint: from 0.8.2 to 0.9.1 (checker name in the diagnostic message)
   • staticcheck: new quickfix set of rules
   • testifylint: from 1.5.2 to 1.6.0 (new options: equal-values, suite-method-signature, require-string-msg)
   • wsl: from 4.5.0 to 4.6.0 (new option: allow-cuddle-used-in-block)
4. Linters bug fixes
   • bidichk: from 0.3.2 to 0.3.3
   • errchkjson: from 0.4.0 to 0.4.1
   • errname: from 1.0.0 to 1.1.0
   • funlen: fix ignore-comments option
   • gci: from 0.13.5 to 0.13.6
   • gosmopolitan: from 1.2.2 to 1.3.0
   • inamedparam: from 0.1.3 to 0.2.0
   • intrange: from 0.3.0 to 0.3.1
   • protogetter: from 0.3.9 to 0.3.12
   • unparam: from 8a5130c to 0df0534
5. Misc.
   • 🧹 Configuration options renaming (cf. Migration guide)
   • 🧹 Remove options (cf. Migration guide)
   • 🧹 Remove flags (cf. Migration guide)
   • 🧹 Remove alternative names (cf. Migration guide)
   • 🧹 Remove or replace deprecated elements (cf. Migration guide)
   • Adds an option to display some commands as JSON:
     • golangci-lint config path --json
     • golangci-lint help linters --json
     • golangci-lint help formatters --json
     • golangci-lint linters --json
     • golangci-lint formatters --json
     • golangci-lint version --json
6. Documentation
   • Migration guide

v1.64.8

Compare Source

• Detects use of configuration files from golangci-lint v2

v1.64.7

Compare Source

1. Linters bug fixes
   • depguard: from 2.2.0 to 2.2.1
   • dupl: from 3e9179a to f665c8d
   • gosec: from 2.22.1 to 2.22.2
   • staticcheck: from 0.6.0 to 0.6.1
2. Documentation
   • Add GitLab documentation

v1.64.6

Compare Source

1. Linters bug fixes
   • asciicheck: from 0.4.0 to 0.4.1
   • contextcheck: from 1.1.5 to 1.1.6
   • errcheck: from 1.8.0 to 1.9.0
   • exptostd: from 0.4.1 to 0.4.2
   • ginkgolinter: from 0.19.0 to 0.19.1
   • go-exhaustruct: from 3.3.0 to 3.3.1
   • gocheckcompilerdirectives: from 1.2.1 to 1.3.0
   • godot: from 1.4.20 to 1.5.0
   • perfsprint: from 0.8.1 to 0.8.2
   • revive: from 1.6.1 to 1.7.0
   • tagalign: from 1.4.1 to 1.4.2

---

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box