update syft to v0.50.0 (#818)

go.mod

@@ -10,8 +10,8 @@ require (
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
 	github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7
-	github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06
-	github.com/anchore/syft v0.49.0
+	github.com/anchore/stereoscope v0.0.0-20220628191509-5bd627c0f9ce
+	github.com/anchore/syft v0.50.0
 	github.com/bmatcuk/doublestar/v2 v2.0.4
 	github.com/docker/docker v20.10.12+incompatible
 	github.com/dustin/go-humanize v1.0.0

go.sum

@@ -253,10 +253,10 @@ github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTS
 github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963 h1:vrf2PYH77vqVJoNR15ZuFJ63qwBMqrmGIt/7VsBhLF8=
 github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963/go.mod h1:AVRyXOUP0hTz9Cb8OlD1XnwA8t4lBPfTuwPHmEUuiLc=
-github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06 h1:TSRA7gtuia3eyleTO3t7iPU+9xHbdSaufoUFNQUwUXo=
-github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06/go.mod h1:sai2ZjAtT/y1GRQBDRbynhdhnQcGWBvVcv8CN3hTWmI=
-github.com/anchore/syft v0.49.0 h1:C+ol3K5K1UDgzRAAdHt+dWglex9lAV+JQMotM10HR0s=
-github.com/anchore/syft v0.49.0/go.mod h1:bo4IP6CDEnITW3WDy0Sefyg0GpvRPPcmkzB4cLGkcqs=
+github.com/anchore/stereoscope v0.0.0-20220628191509-5bd627c0f9ce h1:KNB0d342QvE6V7iwqyf4NoyxRp6LVYoGjU1htgf0at8=
+github.com/anchore/stereoscope v0.0.0-20220628191509-5bd627c0f9ce/go.mod h1:sai2ZjAtT/y1GRQBDRbynhdhnQcGWBvVcv8CN3hTWmI=
+github.com/anchore/syft v0.50.0 h1:gCLnnpQGX06ATVtaRNnA5M9Cn6hodq7YfOkpFwTElEk=
+github.com/anchore/syft v0.50.0/go.mod h1:suElXOFuhOBa76Xd+EVZQw2RZvnHvp+yIyg6IdTCzvs=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=

grype/db/v3/namespace_test.go

@@ -334,8 +334,9 @@ func Test_NamespacesForLanguage(t *testing.T) {
 		allLanguages.Add(string(l))
 	}
 
-	// remove PHP for coverage as feed has not been updated
+	// remove PHP, CPP for coverage as feed has not been updated
 	allLanguages.Remove(string(syftPkg.PHP))
+	allLanguages.Remove(string(syftPkg.CPP))
 
 	for _, test := range tests {
 		t.Run(string(test.language), func(t *testing.T) {

grype/pkg/package_test.go

@@ -289,6 +289,16 @@ func TestNew(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "cpp conan-metadata",
+			syftPkg: syftPkg.Package{
+				MetadataType: syftPkg.ConanaMetadataType,
+				Metadata: syftPkg.ConanMetadata{
+					Name:    "name",
+					Version: "version",
+				},
+			},
+		},
 	}
 
 	// capture each observed metadata type, we should see all of them relate to what syft provides by the end of testing

test/integration/compare_sbom_input_vs_lib_test.go

@@ -61,6 +61,7 @@ func TestCompareSBOMInputToLibResults(t *testing.T) {
 		string(syftPkg.DartPubPkg),
 		string(syftPkg.DotnetPkg),
 		string(syftPkg.PhpComposerPkg),
+		string(syftPkg.ConanPkg),
 		string(syftPkg.JenkinsPluginPkg), // package type cannot be inferred for all formats
 	)
 	observedPkgTypes := strset.New()