deps: update module github.com/anchore/syft to v0.48.1 (#121)

* deps: update module github.com/anchore/syft to v0.48.1 * test: update syft-fixtures Signed-off-by: Christian Kotzbauer <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Christian Kotzbauer <[email protected]>
ckotzbauer · Jun 18, 2022 · 5f26087 · 5f26087
1 parent eafde44
commit 5f26087
Show file tree

Hide file tree

Showing 11 changed files with 45 additions and 29 deletions.
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/ckotzbauer/sbom-operator
 go 1.18
 
 require (
-	github.com/anchore/syft v0.47.0
+	github.com/anchore/syft v0.48.1
 	github.com/ckotzbauer/libk8soci v0.0.0-20220617111310-769e57e01900
 	github.com/novln/docker-parser v1.0.0
 	github.com/nscuro/dtrack-client v0.5.0
@@ -26,7 +26,7 @@ require (
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 // indirect
-	github.com/anchore/stereoscope v0.0.0-20220518185348-c97a3c6ffc67 // indirect
+	github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.0.2 // indirect
 	github.com/containerd/containerd v1.6.6 // indirect
@@ -95,6 +95,7 @@ require (
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.3.0 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
+	github.com/vbatts/go-mtree v0.5.0 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	github.com/vifraa/gopom v0.1.0 // indirect
 	github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5 // indirect

diff --git a/go.sum b/go.sum
@@ -105,6 +105,7 @@ github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn
 github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
 github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
 github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
+github.com/Microsoft/hcsshim v0.8.24/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
 github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@@ -136,8 +137,12 @@ github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTS
 github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.0-20220518185348-c97a3c6ffc67 h1:nbcYgEEv9CLnuKg/8ExvXDiEpCA9pwZcyyraZyBE+aw=
 github.com/anchore/stereoscope v0.0.0-20220518185348-c97a3c6ffc67/go.mod h1:yoCLUZY0k/pYLNIy0L80p2Ko0PKVNXm8rHtgxp4OiSc=
+github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06 h1:TSRA7gtuia3eyleTO3t7iPU+9xHbdSaufoUFNQUwUXo=
+github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06/go.mod h1:sai2ZjAtT/y1GRQBDRbynhdhnQcGWBvVcv8CN3hTWmI=
 github.com/anchore/syft v0.47.0 h1:ER/c3hIqE/f23REZcoz88NJYyrpWjgmKojPwtlRBlVU=
 github.com/anchore/syft v0.47.0/go.mod h1:7R9U/NZu+VCBFNolgp+g4UfSkxq4U0c1ruq8/7GHZTY=
+github.com/anchore/syft v0.48.1 h1:tBJicJQVvaDTdgQB9hVgXLl+gb6C3RIQ8THp11C9Riw=
+github.com/anchore/syft v0.48.1/go.mod h1:lQ90VDNtxYK09F+/6hs5b2FSpnT+1/eLy+Z8ap6jsSo=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
@@ -233,6 +238,7 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S
 github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
 github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
 github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
+github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
@@ -254,6 +260,7 @@ github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoT
 github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
 github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
 github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
+github.com/containerd/containerd v1.5.13/go.mod h1:3AlCrzKROjIuP3JALsY14n8YtntaUDBu7vek+rPN5Vc=
 github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
 github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -1083,6 +1090,7 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
@@ -1190,6 +1198,8 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC
 github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus=
 github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
+github.com/vbatts/go-mtree v0.5.0 h1:dM+5XZdqH0j9CSZeerhoN/tAySdwnmevaZHO1XGW2Vc=
+github.com/vbatts/go-mtree v0.5.0/go.mod h1:7JbaNHyBMng+RP8C3Q4E+4Ca8JnGQA2R/MB+jb4tSOk=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
 github.com/vifraa/gopom v0.1.0 h1:v897eVxf6lflkEXzPmKbo4YhX2oS/LGjz7cqjWnSmCU=
@@ -1257,6 +1267,7 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=

diff --git a/internal/syft/fixtures/alpine.cyclonedx b/internal/syft/fixtures/alpine.cyclonedx
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:66cbf9ff-27c4-49f2-a64d-9a6597a5507a" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:6630fe58-1e58-4096-8cee-ea86b7ead3e3" version="1">
   <metadata>
-    <timestamp>2022-05-22T08:49:43+02:00</timestamp>
+    <timestamp>2022-06-18T08:37:05+02:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.46.1</version>
+        <version>0.48.1</version>
       </tool>
     </tools>
     <component bom-ref="27f24e002ab47c1b" type="container">

diff --git a/internal/syft/fixtures/alpine.json b/internal/syft/fixtures/alpine.json
@@ -2993,7 +2993,7 @@
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.46.1",
+  "version": "0.48.1",
   "configuration": {
    "configPath": "",
    "verbosity": 0,
@@ -3085,7 +3085,7 @@
   }
  },
  "schema": {
-  "version": "3.2.3",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.3.json"
+  "version": "3.3.0",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.3.0.json"
  }
 }
diff --git a/internal/syft/fixtures/alpine.spdxjson b/internal/syft/fixtures/alpine.spdxjson
@@ -3,15 +3,15 @@
  "name": "alpine@sha256-21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300",
  "spdxVersion": "SPDX-2.2",
  "creationInfo": {
-  "created": "2022-05-22T06:49:45.889039055Z",
+  "created": "2022-06-18T06:37:07.668412974Z",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.46.1"
+   "Tool: syft-0.48.1"
   ],
   "licenseListVersion": "3.17"
  },
  "dataLicense": "CC0-1.0",
- "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300-b640e5a1-ee0d-4420-b25d-2f6b875e1fc7",
+ "documentNamespace": "https://anchore.com/syft/image/alpine@sha256-21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300-1c8b3a21-f526-4adf-a741-b455b9bba0e2",
  "packages": [
   {
    "SPDXID": "SPDXRef-9f527213f4d2a873",

diff --git a/internal/syft/fixtures/nginx.cyclonedx b/internal/syft/fixtures/nginx.cyclonedx
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:fac1fac5-05c7-4203-8780-4b9764c1686f" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:30c10e0a-10db-494e-b4f4-3a5a7f9e5183" version="1">
   <metadata>
-    <timestamp>2022-05-22T08:50:09+02:00</timestamp>
+    <timestamp>2022-06-18T08:37:32+02:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.46.1</version>
+        <version>0.48.1</version>
       </tool>
     </tools>
     <component bom-ref="bed2b68c44140e08" type="container">
@@ -4543,6 +4543,7 @@
       <properties>
         <property name="syft:distro:id">debian</property>
         <property name="syft:distro:prettyName">Debian GNU/Linux 11 (bullseye)</property>
+        <property name="syft:distro:versionCodename">bullseye</property>
         <property name="syft:distro:versionID">11</property>
       </properties>
     </component>

diff --git a/internal/syft/fixtures/nginx.json b/internal/syft/fixtures/nginx.json
@@ -96193,13 +96193,14 @@
   "id": "debian",
   "version": "11 (bullseye)",
   "versionID": "11",
+  "versionCodename": "bullseye",
   "homeURL": "https://www.debian.org/",
   "supportURL": "https://www.debian.org/support",
   "bugReportURL": "https://bugs.debian.org/"
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.46.1",
+  "version": "0.48.1",
   "configuration": {
    "configPath": "",
    "verbosity": 0,
@@ -96291,7 +96292,7 @@
   }
  },
  "schema": {
-  "version": "3.2.3",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.3.json"
+  "version": "3.3.0",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.3.0.json"
  }
 }
diff --git a/internal/syft/fixtures/nginx.spdxjson b/internal/syft/fixtures/nginx.spdxjson
@@ -3,15 +3,15 @@
  "name": "nginx@sha256-2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767",
  "spdxVersion": "SPDX-2.2",
  "creationInfo": {
-  "created": "2022-05-22T06:50:21.843188405Z",
+  "created": "2022-06-18T06:37:44.332809359Z",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.46.1"
+   "Tool: syft-0.48.1"
   ],
   "licenseListVersion": "3.17"
  },
  "dataLicense": "CC0-1.0",
- "documentNamespace": "https://anchore.com/syft/image/nginx@sha256-2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767-0cfadcb5-5dfb-43d5-a7a4-1fe5a384df8c",
+ "documentNamespace": "https://anchore.com/syft/image/nginx@sha256-2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767-c15c85b6-e558-492f-a320-4b0ab506f4a8",
  "packages": [
   {
    "SPDXID": "SPDXRef-a124711c55c5b5ec",

diff --git a/internal/syft/fixtures/node.cyclonedx b/internal/syft/fixtures/node.cyclonedx
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:a52653ce-ee2a-4f13-8aea-684bcdad9d02" version="1">
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:e3f9084e-6e2a-4bb8-956c-3366654557c3" version="1">
   <metadata>
-    <timestamp>2022-05-22T08:50:50+02:00</timestamp>
+    <timestamp>2022-06-18T08:38:12+02:00</timestamp>
     <tools>
       <tool>
         <vendor>anchore</vendor>
         <name>syft</name>
-        <version>0.46.1</version>
+        <version>0.48.1</version>
       </tool>
     </tools>
     <component bom-ref="36cc3d123ca150cc" type="container">
@@ -9783,6 +9783,7 @@
       <properties>
         <property name="syft:distro:id">debian</property>
         <property name="syft:distro:prettyName">Debian GNU/Linux 10 (buster)</property>
+        <property name="syft:distro:versionCodename">buster</property>
         <property name="syft:distro:versionID">10</property>
       </properties>
     </component>

diff --git a/internal/syft/fixtures/node.json b/internal/syft/fixtures/node.json
@@ -79310,13 +79310,14 @@
   "id": "debian",
   "version": "10 (buster)",
   "versionID": "10",
+  "versionCodename": "buster",
   "homeURL": "https://www.debian.org/",
   "supportURL": "https://www.debian.org/support",
   "bugReportURL": "https://bugs.debian.org/"
  },
  "descriptor": {
   "name": "syft",
-  "version": "0.46.1",
+  "version": "0.48.1",
   "configuration": {
    "configPath": "",
    "verbosity": 0,
@@ -79408,7 +79409,7 @@
   }
  },
  "schema": {
-  "version": "3.2.3",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.3.json"
+  "version": "3.3.0",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.3.0.json"
  }
 }
diff --git a/internal/syft/fixtures/node.spdxjson b/internal/syft/fixtures/node.spdxjson
@@ -3,15 +3,15 @@
  "name": "node@sha256-f527a6118422b888c35162e0a7e2fb2febced4c85a23d96e1342f9edc2789fec",
  "spdxVersion": "SPDX-2.2",
  "creationInfo": {
-  "created": "2022-05-22T06:51:04.69850617Z",
+  "created": "2022-06-18T06:38:26.654575636Z",
   "creators": [
    "Organization: Anchore, Inc",
-   "Tool: syft-0.46.1"
+   "Tool: syft-0.48.1"
   ],
   "licenseListVersion": "3.17"
  },
  "dataLicense": "CC0-1.0",
- "documentNamespace": "https://anchore.com/syft/image/node@sha256-f527a6118422b888c35162e0a7e2fb2febced4c85a23d96e1342f9edc2789fec-74d963f5-1a78-4b3e-a312-fb5922dbe87f",
+ "documentNamespace": "https://anchore.com/syft/image/node@sha256-f527a6118422b888c35162e0a7e2fb2febced4c85a23d96e1342f9edc2789fec-c6972e96-0a71-4225-8d61-08fc9d9fe179",
  "packages": [
   {
    "SPDXID": "SPDXRef-357eb6b8320e6221",