chore(deps): update aquasec/trivy docker tag to v0.69.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aquasec/trivy (source)	final	minor	0.68.2 → 0.69.3
aquasec/trivy (source)	stage	minor	0.68.2 → 0.69.3

---

Release Notes

aquasecurity/trivy (aquasec/trivy)

v0.69.3

Compare Source

Changelog

• 6fb20c8 release: v0.69.3 [release/v0.69] (#​10293)
• dabefec fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#​10291)

v0.69.2

Compare Source

Changelog

• cfa322e release: v0.69.2 [release/v0.69] (#​10266)
• 86debce fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#​10267)
• cf3d4cd fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#​10264)
• 6dfd3b0 ci: remove apidiff workflow

v0.69.1

Compare Source

v0.69.0

Compare Source

⚠ BREAKING CHANGES

• misconf: use ID instead of AVDID for providers mapping (#​9752)

Features

• activestate: add support ActiveState images (#​10081) (676709d)
• add AnalyzedBy field to track which analyzer detected packages (#​10059) (1953824)
• cloudformation: add support for Fn::ForEach (#​9508) (d65b504)
• debian: detect third-party packages using maintainer list (#​9917) (effc1c0)
• flag: add JSON Schema for trivy.yaml configuration file (#​9971) (4caf731)
• helm: add sslCertDir parameter (#​9697) (879e4fc)
• julia: enable vulnerability scanning for the Julia language ecosystem (#​9800) (c2f82ad)
• misconf: add action block to Terraform schema (#​10035) (b06ef6d)
• misconf: initial ansible scanning support (#​9332) (9275e15)
• misconf: support for ARM resources defined as an object (#​9959) (92d3465)
• misconf: support for azurerm_*_web_app (#​9944) (37b5da8)
• misconf: Update Azure Database schema (#​9811) (48dfede)
• misconf: use Terraform plan configuration to partially restore schema (#​9623) (5fced3a)
• nodejs: parse licenses from package-lock.json file (#​9983) (b64d5ad)
• php: add support for dev dependencies in Composer (#​9910) (56b59e8)
• report: add Trivy version to JSON output (#​10065) (fe7d20a)
• rocky: enable modular package vulnerability detection (#​10069) (31c4780)
• rootio: Update trivy db to support usage of Severity from root.io feed (#​9930) (d3096e7)
• sbom: exclude PEP 770 SBOMs in .dist-info/sboms/ (#​10033) (07ff788)
• secret: add detection for Symfony default secret key (#​9892) (34baef2)
• vex: support per-repo tls configuration (#​10030) (f809066)
• vuln: skip vulnerability scanning for third-party packages in Debian/Ubuntu (#​9932) (74819bf)

Bug Fixes

• docker: fix non-det scan results for images with embedded SBOM (#​9866) (7f71b57)
• go: use ldflags version for all pseudo-versions (#​10037) (3c0ab97)
• image: race condition in image artifact inspection (#​9966) (18acf4f)
• java: add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#​9880) (809db46)
• java: correctly inherit properties from parent fields for pom.xml files (#​9111) (2933b01)
• java: correctly propagate repositories from upper POMs to dependencies (#​10077) (b9415a3)
• license: normalize licenses for PostAnalyzers (#​9941) (11dd3fa)
• misconf: correct typos in block and attribute names (#​9993) (ac061f8)
• misconf: respect .yml files when Helm charts are detected (#​9912) (18ecf75)
• misconf: safely parse rotation_period in google_kms_crypto_key (#​9980) (a0ecc8e)
• move enum into items for array-type fields in JSON Schema (#​10039) (4e06c3d)
• remove trailing tab in statefulset template (#​9889) (9db123c)
• repo: return a nil interface for gitAuth if missing (#​10097) (036c05b)
• rust: add cargo workspace members glob support (#​10032) (d2dc46a)
• rust: implement version inheritance for Cargo mono repos (#​10011) (47d3103)
• secret: improve word boundary detection for Hugging Face tokens (#​10046) (cdb28ee)
• use canonical SPDX license IDs from embeded licenses.json (#​10053) (c233735)
• vex: add CVE-2025-66564 as not_affected into Trivy VEX file (#​9924) (335cc99)
• vuln: skip vulns detection for CentOS Stream family without scan failure (#​9964) (b46cde0)

Performance Improvements

• misconf: optimize string concatenation in azure scanner (#​9969) (10a50a7)

Code Refactoring

• misconf: use ID instead of AVDID for providers mapping (#​9752) (6462dc8)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None