release: v0.54.1 [release/v0.54] (#7282 )

fix(flag): incorrect behavior for deprected flag --clear-cache [backport: release/v0.54] (#7285 )
Co-authored-by: afdesk <work@afdesk.com>
2025-12-12 15:50:15 -08:00 · 2024-07-31 15:52:50 +00:00 · 2024-07-31 14:00:38 +00:00 · 2024-07-31 12:56:18 +00:00 · 2024-07-31 12:14:03 +00:00
5 changed files with 20 additions and 10 deletions
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1 +1 @@
-{".":"0.54.0"}
+{".":"0.54.1"}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog

+## [0.54.1](https://github.com/aquasecurity/trivy/compare/v0.54.0...v0.54.1) (2024-07-31)
+
+
+### Bug Fixes
+
+* **flag:** incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] ([#7285](https://github.com/aquasecurity/trivy/issues/7285)) ([334a1c2](https://github.com/aquasecurity/trivy/commit/334a1c293bb3d490af2a6d80732f399efaac22f7))
+* **java:** Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] ([#7283](https://github.com/aquasecurity/trivy/issues/7283)) ([f61725c](https://github.com/aquasecurity/trivy/commit/f61725c28b56d80fb46395479842a2ab0c517c5f))
+* **plugin:** do not call GitHub content API for releases and tags [backport: release/v0.54] ([#7279](https://github.com/aquasecurity/trivy/issues/7279)) ([a7b7117](https://github.com/aquasecurity/trivy/commit/a7b7117fe2c9608e990b42e702cc83675c48f888))
+
 ## [0.54.0](https://github.com/aquasecurity/trivy/compare/v0.53.0...v0.54.0) (2024-07-30)


--- a/pkg/dependency/parser/java/pom/parse.go
+++ b/pkg/dependency/parser/java/pom/parse.go
@@ -13,7 +13,7 @@ import (
 	"sort"
 	"strings"

-	multierror "github.com/hashicorp/go-multierror"
+	"github.com/hashicorp/go-multierror"
 	"github.com/samber/lo"
 	"golang.org/x/net/html/charset"
 	"golang.org/x/xerrors"
@@ -680,18 +680,15 @@ func (p *Parser) fetchPOMFromRemoteRepositories(paths []string, snapshot bool) (
 func (p *Parser) remoteRepoRequest(repo string, paths []string) (*http.Request, error) {
 	repoURL, err := url.Parse(repo)
 	if err != nil {
-		p.logger.Error("URL parse error", log.String("repo", repo))
-		return nil, nil
+		return nil, xerrors.Errorf("unable to parse URL: %w", err)
 	}

 	paths = append([]string{repoURL.Path}, paths...)
 	repoURL.Path = path.Join(paths...)

-	logger := p.logger.With(log.String("host", repoURL.Host), log.String("path", repoURL.Path))
 	req, err := http.NewRequest("GET", repoURL.String(), http.NoBody)
 	if err != nil {
-		logger.Debug("HTTP request failed")
-		return nil, nil
+		return nil, xerrors.Errorf("unable to create HTTP request: %w", err)
 	}
 	if repoURL.User != nil {
 		password, _ := repoURL.User.Password()
@@ -709,7 +706,8 @@ func (p *Parser) fetchPomFileNameFromMavenMetadata(repo string, paths []string)

 	req, err := p.remoteRepoRequest(repo, mavenMetadataPaths)
 	if err != nil {
-		return "", xerrors.Errorf("unable to create request for maven-metadata.xml file")
+		p.logger.Debug("Unable to create request", log.String("repo", repo), log.Err(err))
+		return "", nil
 	}

 	client := &http.Client{}
@@ -739,7 +737,8 @@ func (p *Parser) fetchPomFileNameFromMavenMetadata(repo string, paths []string)
 func (p *Parser) fetchPOMFromRemoteRepository(repo string, paths []string) (*pom, error) {
 	req, err := p.remoteRepoRequest(repo, paths)
 	if err != nil {
-		return nil, xerrors.Errorf("unable to create request for pom file")
+		p.logger.Debug("Unable to create request", log.String("repo", repo), log.Err(err))
+		return nil, nil
 	}

 	client := &http.Client{}
--- a/pkg/downloader/download.go
+++ b/pkg/downloader/download.go
@@ -154,7 +154,8 @@ func (t *CustomTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 func NewGitHubTransport(u *url.URL, insecure bool, token string) http.RoundTripper {
 	client := newGitHubClient(insecure, token)
 	ss := strings.SplitN(u.Path, "/", 4)
-	if len(ss) < 4 || strings.HasPrefix(ss[3], "archive/") {
+	if len(ss) < 4 || strings.HasPrefix(ss[3], "archive/") || strings.HasPrefix(ss[3], "releases/") ||
+		strings.HasPrefix(ss[3], "tags/") {
 		// Use the default transport from go-github for authentication
 		return client.Client().Transport
 	}
--- a/pkg/flag/cache_flags.go
+++ b/pkg/flag/cache_flags.go
@@ -80,6 +80,7 @@ type CacheOptions struct {
 // NewCacheFlagGroup returns a default CacheFlagGroup
 func NewCacheFlagGroup() *CacheFlagGroup {
 	return &CacheFlagGroup{
+		ClearCache:   ClearCacheFlag.Clone(),
 		CacheBackend: CacheBackendFlag.Clone(),
 		CacheTTL:     CacheTTLFlag.Clone(),
 		RedisTLS:     RedisTLSFlag.Clone(),
Author	SHA1	Message	Date
Aqua Security automated builds	854c61d34a	release: v0.54.1 [release/v0.54] (#7282 )	2024-07-31 15:52:50 +00:00
Aqua Security automated builds	334a1c293b	fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285 ) Co-authored-by: afdesk <work@afdesk.com>	2024-07-31 14:00:38 +00:00
Aqua Security automated builds	f61725c28b	fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283 ) Co-authored-by: Colm O hEigeartaigh <coheigea@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>	2024-07-31 12:56:18 +00:00
Aqua Security automated builds	a7b7117fe2	fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279 ) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2024-07-31 12:14:03 +00:00