From 41f7a6c033dbcdf78917f23b652c8b8146298c85 Mon Sep 17 00:00:00 2001 From: "anchore-actions-token-generator[bot]" <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 05:17:04 -0500 Subject: [PATCH] chore(deps): update Syft to v0.101.0 (#436) * chore(deps): update Syft to v0.101.0 Signed-off-by: GitHub * chore(test): update snapshots Signed-off-by: anchore-actions --------- Signed-off-by: GitHub Signed-off-by: anchore-actions Co-authored-by: kzantow Co-authored-by: anchore-actions --- dist/attachReleaseAssets/index.js | 2 +- dist/downloadSyft/index.js | 2 +- dist/runSyftAction/index.js | 2 +- src/SyftVersion.ts | 2 +- .../__snapshots__/formatExports.test.ts.snap | 216 ++++++++++++++++++ 5 files changed, 220 insertions(+), 4 deletions(-) diff --git a/dist/attachReleaseAssets/index.js b/dist/attachReleaseAssets/index.js index 6565d00c..8117e0ca 100644 --- a/dist/attachReleaseAssets/index.js +++ b/dist/attachReleaseAssets/index.js @@ -23385,7 +23385,7 @@ function wrappy (fn, cb) { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v0.100.0"; +exports.VERSION = "v0.101.0"; /***/ }), diff --git a/dist/downloadSyft/index.js b/dist/downloadSyft/index.js index 0739860f..c3a9c44a 100644 --- a/dist/downloadSyft/index.js +++ b/dist/downloadSyft/index.js @@ -23385,7 +23385,7 @@ function wrappy (fn, cb) { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v0.100.0"; +exports.VERSION = "v0.101.0"; /***/ }), diff --git a/dist/runSyftAction/index.js b/dist/runSyftAction/index.js index d84f50b9..a9fb403a 100644 --- a/dist/runSyftAction/index.js +++ b/dist/runSyftAction/index.js @@ -23385,7 +23385,7 @@ function wrappy (fn, cb) { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.VERSION = void 0; -exports.VERSION = "v0.100.0"; +exports.VERSION = "v0.101.0"; /***/ }), diff --git a/src/SyftVersion.ts b/src/SyftVersion.ts index c4486ea3..582cb095 100644 --- a/src/SyftVersion.ts +++ b/src/SyftVersion.ts @@ -1 +1 @@ -export const VERSION = "v0.100.0"; +export const VERSION = "v0.101.0"; diff --git a/tests/integration/__snapshots__/formatExports.test.ts.snap b/tests/integration/__snapshots__/formatExports.test.ts.snap index bf809b41..e3a9d0f0 100644 --- a/tests/integration/__snapshots__/formatExports.test.ts.snap +++ b/tests/integration/__snapshots__/formatExports.test.ts.snap @@ -2501,6 +2501,12 @@ exports[`SPDX JSON alpine 1`] = ` "relationshipType": "OTHER", "comment": "evident-by: indicates the package's existence is evident by the given file" }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, { "spdxElementId": "redacted", "relatedSpdxElement": "redacted", @@ -3206,6 +3212,42 @@ exports[`SPDX JSON debian 1`] = ` "relationshipType": "OTHER", "comment": "evident-by: indicates the package's existence is evident by the given file" }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, { "spdxElementId": "redacted", "relatedSpdxElement": "redacted", @@ -3826,6 +3868,84 @@ exports[`SPDX JSON npm 1`] = ` "relationshipType": "OTHER", "comment": "evident-by: indicates the package's existence is evident by the given file" }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, { "spdxElementId": "redacted", "relatedSpdxElement": "redacted", @@ -4276,6 +4396,48 @@ exports[`SPDX JSON yarn 1`] = ` "relationshipType": "OTHER", "comment": "evident-by: indicates the package's existence is evident by the given file" }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, + { + "spdxElementId": "redacted", + "relatedSpdxElement": "redacted", + "relationshipType": "OTHER", + "comment": "evident-by: indicates the package's existence is evident by the given file" + }, { "spdxElementId": "redacted", "relatedSpdxElement": "redacted", @@ -4371,6 +4533,8 @@ ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64& ##### Relationships +Relationship: SPDXRef-Package-apk-libvncserver-hash:redacted OTHER SPDXRef-File-lib-apk-db-installed-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-apk-libvncserver-hash:redacted OTHER SPDXRef-File-lib-apk-db-installed-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-alpine CONTAINS SPDXRef-Package-apk-libvncserver-hash:redacted @@ -4617,16 +4781,28 @@ ExtractedText: BSD License ##### Relationships +Relationship: SPDXRef-Package-java-archive-example-java-app-maven-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-java-archive-example-java-app-maven-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-java-archive-joda-time-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-java-archive-joda-time-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-deb-apt-hash:redacted OTHER SPDXRef-File-var-lib-dpkg-status-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-deb-apt-hash:redacted OTHER SPDXRef-File-var-lib-dpkg-status-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-python-Pygments-hash:redacted OTHER SPDXRef-File-python-dist-info-METADATA-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-python-Pygments-hash:redacted OTHER SPDXRef-File-python-dist-info-METADATA-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-gem-bundler-hash:redacted OTHER SPDXRef-File-ruby-specifications-bundler.gemspec-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-gem-bundler-hash:redacted OTHER SPDXRef-File-ruby-specifications-bundler.gemspec-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-npm-hash:redacted OTHER SPDXRef-File-javascript-pkg-json-package.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-npm-hash:redacted OTHER SPDXRef-File-javascript-pkg-json-package.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-python-Pygments-hash:redacted @@ -4895,30 +5071,56 @@ ExternalRef: PACKAGE-MANAGER purl pkg:npm/yallist@4.0.0 Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-minizlib-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-minizlib-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-tar-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-tar-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-fs-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-fs-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-mkdirp-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-mkdirp-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-chownr-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-chownr-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-yallist-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-yallist-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-npm-project CONTAINS SPDXRef-Package-npm-chownr-hash:redacted Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-npm-project CONTAINS SPDXRef-Package-npm-fs-minipass-hash:redacted Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-npm-project CONTAINS SPDXRef-Package-npm-js-tokens-hash:redacted @@ -5097,18 +5299,32 @@ ExternalRef: PACKAGE-MANAGER purl pkg:npm/trim@0.0.2 Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-trim-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-trim-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted RelationshipComment: evident-by: indicates the package's existence is evident by the given file +Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted +RelationshipComment: evident-by: indicates the package's existence is evident by the given file Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-yarn-project CONTAINS SPDXRef-Package-npm-js-tokens-hash:redacted Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-yarn-project CONTAINS SPDXRef-Package-npm-loose-envify-hash:redacted Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-yarn-project CONTAINS SPDXRef-Package-npm-object-assign-hash:redacted