commit syft for openSUSE:Factory

Source-Sync Thu, 26 Jan 2023 05:11:14 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package syft for openSUSE:Factory checked in 
at 2023-01-26 13:58:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/syft (Old)
 and      /work/SRC/openSUSE:Factory/.syft.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "syft"

Thu Jan 26 13:58:52 2023 rev:23 rq:1061116 version:0.68.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/syft/syft.changes        2023-01-23 
18:32:21.580224643 +0100
+++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes     2023-01-26 
14:10:58.968433840 +0100
@@ -1,0 +2,15 @@
+Thu Jan 26 06:37:19 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.68.1:
+  * fix: add relevant CPEs to python and busybox classifiers (#1517)
+  * Update syft bootstrap tools to latest versions. (#1515)
+  * chore: correct bootstrap tool script (#1514)
+  * chore(deps): bump github.com/google/go-containerregistry (#1513)
+  * Fix AssertEncoderAgainstGoldenSnapshot calls to conditionally update 
(#1511)
+  * chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#1505)
+  * chore(deps): bump github.com/docker/docker (#1506)
+  * chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 
(#1507)
+  * chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#1508)
+  * Bump github.com/spdx/tools-golang to v0.4.0 (#1450)
+
+-------------------------------------------------------------------

Old:
----
  syft-0.68.0.tar.gz

New:
----
  syft-0.68.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ syft.spec ++++++
--- /var/tmp/diff_new_pack.WfJyoh/_old  2023-01-26 14:11:00.676443027 +0100
+++ /var/tmp/diff_new_pack.WfJyoh/_new  2023-01-26 14:11:00.732443328 +0100
@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           syft
-Version:        0.68.0
+Version:        0.68.1
 Release:        0
 Summary:        CLI tool and library for generating a Software Bill of 
Materials
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.WfJyoh/_old  2023-01-26 14:11:01.028444920 +0100
+++ /var/tmp/diff_new_pack.WfJyoh/_new  2023-01-26 14:11:01.060445092 +0100
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/anchore/syft</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.68.0</param>
+    <param name="revision">v0.68.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
@@ -16,7 +16,7 @@
     <param name="compression">gz</param>
   </service>
   <service name="go_modules" mode="disabled">
-    <param name="archive">syft-0.68.0.tar.gz</param>
+    <param name="archive">syft-0.68.1.tar.gz</param>
   </service>
 </services>
 

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.WfJyoh/_old  2023-01-26 14:11:01.128445458 +0100
+++ /var/tmp/diff_new_pack.WfJyoh/_new  2023-01-26 14:11:01.136445501 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/anchore/syft</param>
-              <param 
name="changesrevision">e58050bac045be672621047d5699b88884e2da62</param></service></servicedata>
+              <param 
name="changesrevision">4c0aef09b8d7fb78200b04416f474b90b79370de</param></service></servicedata>
 (No newline at EOF)
 

++++++ syft-0.68.0.tar.gz -> syft-0.68.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/syft-0.68.0/.github/workflows/update-bootstrap-tools.yml 
new/syft-0.68.1/.github/workflows/update-bootstrap-tools.yml
--- old/syft-0.68.0/.github/workflows/update-bootstrap-tools.yml        
2023-01-20 15:49:44.000000000 +0100
+++ new/syft-0.68.1/.github/workflows/update-bootstrap-tools.yml        
2023-01-25 18:18:24.000000000 +0100
@@ -31,22 +31,22 @@
           COSIGN_LATEST_VERSION=$(go list -m -json 
github.com/sigstore/cosign@latest 2>/dev/null | jq -r '.Version')
           
           # update version variables in the Makefile
-          sed -r -i -e 's/^(GOLANGCILINT_VERSION = 
).*/\1'${GOLANGCILINT_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(BOUNCER_VERSION = 
).*/\1'${BOUNCER_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(CHRONICLE_VERSION = 
).*/\1'${CHRONICLE_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(GORELEASER_VERSION = 
).*/\1'${GORELEASER_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(GOSIMPORTS_VERSION = 
).*/\1'${GOSIMPORTS_LATEST_VERSION}'/' Makefile
-          sed -r -i -e 's/^(YAJSV_VERSION = ).*/\1'${YAJSV_LATEST_VERSION}'/' 
Makefile
-          sed -r -i -e 's/^(COSIGN_VERSION = 
).*/\1'${COSIGN_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(GOLANGCILINT_VERSION := 
).*/\1'${GOLANGCILINT_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(BOUNCER_VERSION := 
).*/\1'${BOUNCER_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(CHRONICLE_VERSION := 
).*/\1'${CHRONICLE_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(GORELEASER_VERSION := 
).*/\1'${GORELEASER_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(GOSIMPORTS_VERSION := 
).*/\1'${GOSIMPORTS_LATEST_VERSION}'/' Makefile
+          sed -r -i -e 's/^(YAJSV_VERSION := ).*/\1'${YAJSV_LATEST_VERSION}'/' 
Makefile
+          sed -r -i -e 's/^(COSIGN_VERSION := 
).*/\1'${COSIGN_LATEST_VERSION}'/' Makefile
           
           # export the versions for use with create-pull-request
-          echo "::set-output name=GOLANGCILINT::$GOLANGCILINT_LATEST_VERSION"
-          echo "::set-output name=BOUNCER::$BOUNCER_LATEST_VERSION"
-          echo "::set-output name=CHRONICLE::$CHRONICLE_LATEST_VERSION"
-          echo "::set-output name=GORELEASER::$GORELEASER_LATEST_VERSION"
-          echo "::set-output name=GOSIMPORTS::$GOSIMPORTS_LATEST_VERSION"
-          echo "::set-output name=YAJSV::$YAJSV_LATEST_VERSION"
-          echo "::set-output name=COSIGN::$COSIGN_LATEST_VERSION"
+          echo "GOLANGCILINT=$GOLANGCILINT_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "BOUNCER=$BOUNCER_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "CHRONICLE=$CHRONICLE_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "GORELEASER=$GORELEASER_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "GOSIMPORTS=$GOSIMPORTS_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "YAJSV=$YAJSV_LATEST_VERSION" >> $GITHUB_OUTPUT
+          echo "COSIGN=$COSIGN_LATEST_VERSION" >> $GITHUB_OUTPUT
         id: latest-versions
 
       - uses: tibdex/github-app-token@v1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/syft-0.68.0/Makefile new/syft-0.68.1/Makefile
--- old/syft-0.68.0/Makefile    2023-01-20 15:49:44.000000000 +0100
+++ new/syft-0.68.1/Makefile    2023-01-25 18:18:24.000000000 +0100
@@ -11,7 +11,7 @@
 GOLANGCILINT_VERSION := v1.50.1
 GOSIMPORTS_VERSION := v0.3.5
 BOUNCER_VERSION := v0.4.0
-CHRONICLE_VERSION := v0.4.2
+CHRONICLE_VERSION := v0.5.1
 GORELEASER_VERSION := v1.14.1
 YAJSV_VERSION := v1.4.1
 COSIGN_VERSION := v1.13.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/syft-0.68.0/go.mod new/syft-0.68.1/go.mod
--- old/syft-0.68.0/go.mod      2023-01-20 15:49:44.000000000 +0100
+++ new/syft-0.68.1/go.mod      2023-01-25 18:18:24.000000000 +0100
@@ -11,7 +11,7 @@
        github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
        github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501
        github.com/bmatcuk/doublestar/v4 v4.6.0
-       github.com/dustin/go-humanize v1.0.0
+       github.com/dustin/go-humanize v1.0.1
        github.com/facebookincubator/nvdtools v0.1.5
        github.com/go-test/deep v1.1.0
        github.com/google/go-cmp v0.5.9
@@ -31,7 +31,7 @@
        github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e
        github.com/sergi/go-diff v1.3.1
        github.com/sirupsen/logrus v1.9.0
-       github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342
+       github.com/spdx/tools-golang v0.4.0
        github.com/spf13/afero v1.9.3
        github.com/spf13/cobra v1.6.1
        github.com/spf13/pflag v1.0.5
@@ -42,7 +42,7 @@
        github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240
        github.com/wagoodman/jotframe v0.0.0-20211129225309-56b0d0a4aebb
        github.com/xeipuuv/gojsonschema v1.2.0
-       golang.org/x/mod v0.6.0
+       golang.org/x/mod v0.7.0
        golang.org/x/net v0.5.0
        golang.org/x/term v0.4.0
        gopkg.in/yaml.v2 v2.4.0
@@ -50,11 +50,11 @@
 
 require (
        github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce
-       github.com/Masterminds/sprig/v3 v3.2.2
+       github.com/Masterminds/sprig/v3 v3.2.3
        github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
        github.com/anchore/stereoscope v0.0.0-20221208011002-c5ff155d72f1
-       github.com/docker/docker v20.10.20+incompatible
-       github.com/google/go-containerregistry v0.12.1
+       github.com/docker/docker v20.10.23+incompatible
+       github.com/google/go-containerregistry v0.13.0
        github.com/invopop/jsonschema v0.7.0
        github.com/knqyf263/go-rpmdb v0.0.0-20221030135625-4082a22221ce
        github.com/opencontainers/go-digest v1.0.0
@@ -67,7 +67,7 @@
 require (
        github.com/DataDog/zstd v1.4.5 // indirect
        github.com/Masterminds/goutils v1.1.1 // indirect
-       github.com/Masterminds/semver/v3 v3.1.1 // indirect
+       github.com/Masterminds/semver/v3 v3.2.0 // indirect
        github.com/Microsoft/go-winio v0.6.0 // indirect
        github.com/containerd/containerd v1.6.12 // indirect
        github.com/containerd/stargz-snapshotter/estargz v0.12.1 // indirect
@@ -86,7 +86,7 @@
        github.com/golang/snappy v0.0.4 // indirect
        github.com/hashicorp/errwrap v1.1.0 // indirect
        github.com/hashicorp/hcl v1.0.0 // indirect
-       github.com/huandu/xstrings v1.3.2 // indirect
+       github.com/huandu/xstrings v1.3.3 // indirect
        github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // 
indirect
        github.com/imdario/mergo v0.3.12 // indirect
        github.com/inconshreveable/mousetrap v1.0.1 // indirect
@@ -149,7 +149,7 @@
        // go: warning: github.com/andybalholm/brotli@v1.0.1: retracted by 
module author: occasional panics and data corruption
        github.com/andybalholm/brotli v1.0.4 // indirect
        github.com/pkg/errors v0.9.1 // indirect
-       golang.org/x/crypto v0.1.0 // indirect
+       golang.org/x/crypto v0.3.0 // indirect
 )
 
 retract (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/syft-0.68.0/go.sum new/syft-0.68.1/go.sum
--- old/syft-0.68.0/go.sum      2023-01-20 15:49:44.000000000 +0100
+++ new/syft-0.68.1/go.sum      2023-01-25 18:18:24.000000000 +0100
@@ -82,10 +82,10 @@
 github.com/GoogleCloudPlatform/docker-credential-gcr 
v2.0.5+incompatible/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs=
 github.com/Masterminds/goutils v1.1.1 
h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod 
h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.1.1 
h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod 
h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/sprig/v3 v3.2.2 
h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
-github.com/Masterminds/sprig/v3 v3.2.2/go.mod 
h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Masterminds/semver/v3 v3.2.0 
h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod 
h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/sprig/v3 v3.2.3 
h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
+github.com/Masterminds/sprig/v3 v3.2.3/go.mod 
h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Microsoft/go-winio v0.4.11/go.mod 
h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.14/go.mod 
h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod 
h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
@@ -395,8 +395,8 @@
 github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod 
h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.10+incompatible/go.mod 
h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.12+incompatible/go.mod 
h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.20+incompatible 
h1:kH9tx6XO+359d+iAkumyKDc5Q1kOwPuAUaeri48nD6E=
-github.com/docker/docker v20.10.20+incompatible/go.mod 
h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.23+incompatible 
h1:1ZQUUYAdh+oylOT85aA2ZcfRp22jmLhoaEcVEfK8dyA=
+github.com/docker/docker v20.10.23+incompatible/go.mod 
h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod 
h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod 
h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
 github.com/docker/docker-credential-helpers v0.7.0 
h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
@@ -417,8 +417,9 @@
 github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod 
h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
 github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod 
h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod 
h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0 
h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod 
h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 
h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod 
h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod 
h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod 
h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod 
h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
@@ -574,8 +575,8 @@
 github.com/google/go-cmp v0.5.9/go.mod 
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.5.1/go.mod 
h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
 github.com/google/go-containerregistry v0.7.0/go.mod 
h1:2zaoelrL0d08gGbpdP3LqyUuBmhWbpD6IOe2s9nLS2k=
-github.com/google/go-containerregistry v0.12.1 
h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6KxE5hHl5fkPsp8=
-github.com/google/go-containerregistry v0.12.1/go.mod 
h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k=
+github.com/google/go-containerregistry v0.13.0 
h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k=
+github.com/google/go-containerregistry v0.13.0/go.mod 
h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo=
 github.com/google/gofuzz v1.0.0/go.mod 
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod 
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0/go.mod 
h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -678,9 +679,8 @@
 github.com/hashicorp/serf v0.9.5/go.mod 
h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/serf v0.9.6/go.mod 
h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
 github.com/hpcloud/tail v1.0.0/go.mod 
h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/huandu/xstrings v1.3.1/go.mod 
h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.2 
h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
-github.com/huandu/xstrings v1.3.2/go.mod 
h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3 
h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
+github.com/huandu/xstrings v1.3.3/go.mod 
h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 
h1:i462o439ZjprVSFSZLZxcsoAe592sZB1rci2Z8j4wdk=
 github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod 
h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA=
 github.com/iancoleman/strcase v0.2.0/go.mod 
h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
@@ -1046,8 +1046,8 @@
 github.com/soheilhy/cmux v0.1.5/go.mod 
h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod 
h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod 
h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
-github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342 
h1:6uvaOTv4GeRqQV6O1/znbpziqhctMRLTy3OGeZrNMic=
-github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342/go.mod 
h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM=
+github.com/spdx/tools-golang v0.4.0 
h1:jdhnW8zYelURCbYTphiviFKZkWu51in0E4A1KT2csP0=
+github.com/spdx/tools-golang v0.4.0/go.mod 
h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM=
 github.com/spf13/afero v1.1.2/go.mod 
h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod 
h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.3.3/go.mod 
h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
@@ -1175,6 +1175,7 @@
 github.com/yuin/goldmark v1.1.32/go.mod 
h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod 
h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod 
h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod 
h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod 
h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod 
h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go 
v0.0.0-20140908184405-b21fdbd4370f/go.mod 
h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
@@ -1245,7 +1246,6 @@
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod 
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod 
h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod 
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod 
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod 
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod 
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod 
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -1257,8 +1257,8 @@
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod 
h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod 
h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod 
h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod 
h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod 
h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod 
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod 
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod 
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1297,8 +1297,9 @@
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
-golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod 
h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod 
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod 
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod 
h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1363,6 +1364,7 @@
 golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod 
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod 
h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod 
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1394,6 +1396,7 @@
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod 
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod 
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod 
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod 
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod 
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1517,6 +1520,7 @@
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod 
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod 
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod 
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod 
h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -1524,6 +1528,7 @@
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod 
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod 
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod 
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod 
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1535,6 +1540,7 @@
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod 
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/syft-0.68.0/syft/formats/spdxjson/encoder_test.go 
new/syft-0.68.1/syft/formats/spdxjson/encoder_test.go
--- old/syft-0.68.0/syft/formats/spdxjson/encoder_test.go       2023-01-20 
15:49:44.000000000 +0100
+++ new/syft-0.68.1/syft/formats/spdxjson/encoder_test.go       2023-01-25 
18:18:24.000000000 +0100
@@ -48,11 +48,11 @@
 
 func spdxJsonRedactor(s []byte) []byte {
        // each SBOM reports the time it was generated, which is not useful 
during snapshot testing
-       s = regexp.MustCompile(`"created":\s+"[^"]*",?`).ReplaceAll(s, 
[]byte(""))
+       s = regexp.MustCompile(`"created":\s+"[^"]*"`).ReplaceAll(s, 
[]byte(`"created":""`))
 
        // each SBOM reports a unique documentNamespace when generated, this is 
not useful for snapshot testing
-       s = 
regexp.MustCompile(`"documentNamespace":\s+"[^"]*",?`).ReplaceAll(s, []byte(""))
+       s = regexp.MustCompile(`"documentNamespace":\s+"[^"]*"`).ReplaceAll(s, 
[]byte(`"documentNamespace":""`))
 
        // the license list will be updated periodically, the value here should 
not be directly tested in snapshot tests
-       return 
regexp.MustCompile(`"licenseListVersion":\s+"[^"]*",?`).ReplaceAll(s, 
[]byte(""))
+       return 
regexp.MustCompile(`"licenseListVersion":\s+"[^"]*"`).ReplaceAll(s, 
[]byte(`"licenseListVersion":""`))
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/syft-0.68.0/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
 
new/syft-0.68.1/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
--- 
old/syft-0.68.0/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
    2023-01-20 15:49:44.000000000 +0100
+++ 
new/syft-0.68.1/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONDirectoryEncoder.golden
    2023-01-25 18:18:24.000000000 +0100
@@ -3,15 +3,14 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "/some/path",
- "documentNamespace": 
"https://anchore.com/syft/dir/some/path-e13c8924-4bbc-42f8-bd30-4e1554472d62";,
+ "documentNamespace": 
"https://anchore.com/syft/dir/some/path-1fe34646-a616-48c7-974b-3d1e27d406e3";,
  "creationInfo": {
   "licenseListVersion": "3.19",
   "creators": [
    "Organization: Anchore, Inc",
    "Tool: syft-v0.42.0-bogus"
   ],
-  "created": "2022-12-22T23:33:52Z",
-  "comment": ""
+  "created": "2023-01-20T21:41:03Z"
  },
  "packages": [
   {
@@ -27,14 +26,12 @@
     {
      "referenceCategory": "SECURITY",
      "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
-     "comment": ""
+     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
     },
     {
      "referenceCategory": "PACKAGE-MANAGER",
      "referenceType": "purl",
-     "referenceLocator": "a-purl-2",
-     "comment": ""
+     "referenceLocator": "a-purl-2"
     }
    ]
   },
@@ -51,14 +48,12 @@
     {
      "referenceCategory": "SECURITY",
      "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
-     "comment": ""
+     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
     },
     {
      "referenceCategory": "PACKAGE-MANAGER",
      "referenceType": "purl",
-     "referenceLocator": "pkg:deb/debian/package-2@2.0.1",
-     "comment": ""
+     "referenceLocator": "pkg:deb/debian/package-2@2.0.1"
     }
    ]
   }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/syft-0.68.0/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
 
new/syft-0.68.1/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
--- 
old/syft-0.68.0/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
        2023-01-20 15:49:44.000000000 +0100
+++ 
new/syft-0.68.1/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXJSONImageEncoder.golden
        2023-01-25 18:18:24.000000000 +0100
@@ -3,15 +3,14 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "user-image-input",
- "documentNamespace": 
"https://anchore.com/syft/image/user-image-input-a1cc9d58-830a-4a4b-9dcd-f41ea3001216";,
+ "documentNamespace": 
"https://anchore.com/syft/image/user-image-input-33759ac3-6006-4f2c-bdc4-f40b9287a7f0";,
  "creationInfo": {
   "licenseListVersion": "3.19",
   "creators": [
    "Organization: Anchore, Inc",
    "Tool: syft-v0.42.0-bogus"
   ],
-  "created": "2022-12-22T23:33:53Z",
-  "comment": ""
+  "created": "2023-01-20T21:41:03Z"
  },
  "packages": [
   {
@@ -27,14 +26,12 @@
     {
      "referenceCategory": "SECURITY",
      "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*",
-     "comment": ""
+     "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"
     },
     {
      "referenceCategory": "PACKAGE-MANAGER",
      "referenceType": "purl",
-     "referenceLocator": "a-purl-1",
-     "comment": ""
+     "referenceLocator": "a-purl-1"
     }
    ]
   },
@@ -51,14 +48,12 @@
     {
      "referenceCategory": "SECURITY",
      "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
-     "comment": ""
+     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
     },
     {
      "referenceCategory": "PACKAGE-MANAGER",
      "referenceType": "purl",
-     "referenceLocator": "pkg:deb/debian/package-2@2.0.1",
-     "comment": ""
+     "referenceLocator": "pkg:deb/debian/package-2@2.0.1"
     }
    ]
   }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/syft-0.68.0/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
 
new/syft-0.68.1/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
--- 
old/syft-0.68.0/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
       2023-01-20 15:49:44.000000000 +0100
+++ 
new/syft-0.68.1/syft/formats/spdxjson/test-fixtures/snapshot/TestSPDXRelationshipOrder.golden
       2023-01-25 18:18:24.000000000 +0100
@@ -3,15 +3,14 @@
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "user-image-input",
- "documentNamespace": 
"https://anchore.com/syft/image/user-image-input-fc663ee3-0f9b-402e-827f-3f29aeff164e";,
+ "documentNamespace": 
"https://anchore.com/syft/image/user-image-input-ce98f51f-b483-4e93-9a15-5a8a16d35de6";,
  "creationInfo": {
   "licenseListVersion": "3.19",
   "creators": [
    "Organization: Anchore, Inc",
    "Tool: syft-v0.42.0-bogus"
   ],
-  "created": "2022-12-22T23:33:53Z",
-  "comment": ""
+  "created": "2023-01-20T21:41:03Z"
  },
  "packages": [
   {
@@ -27,14 +26,12 @@
     {
      "referenceCategory": "SECURITY",
      "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*",
-     "comment": ""
+     "referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*"
     },
     {
      "referenceCategory": "PACKAGE-MANAGER",
      "referenceType": "purl",
-     "referenceLocator": "a-purl-1",
-     "comment": ""
+     "referenceLocator": "a-purl-1"
     }
    ]
   },
@@ -51,14 +48,12 @@
     {
      "referenceCategory": "SECURITY",
      "referenceType": "cpe23Type",
-     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
-     "comment": ""
+     "referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*"
     },
     {
      "referenceCategory": "PACKAGE-MANAGER",
      "referenceType": "purl",
-     "referenceLocator": "pkg:deb/debian/package-2@2.0.1",
-     "comment": ""
+     "referenceLocator": "pkg:deb/debian/package-2@2.0.1"
     }
    ]
   }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/syft-0.68.0/syft/formats/syftjson/encoder_test.go 
new/syft-0.68.1/syft/formats/syftjson/encoder_test.go
--- old/syft-0.68.0/syft/formats/syftjson/encoder_test.go       2023-01-20 
15:49:44.000000000 +0100
+++ new/syft-0.68.1/syft/formats/syftjson/encoder_test.go       2023-01-25 
18:18:24.000000000 +0100
@@ -2,6 +2,7 @@
 
 import (
        "flag"
+       "regexp"
        "testing"
 
        "github.com/anchore/syft/syft/artifact"
@@ -20,8 +21,9 @@
        testutils.AssertEncoderAgainstGoldenSnapshot(t,
                Format(),
                testutils.DirectoryInput(t),
-               true,
                *updateJson,
+               true,
+               schemaVersionRedactor,
        )
 }
 
@@ -31,11 +33,18 @@
                Format(),
                testutils.ImageInput(t, testImage, testutils.FromSnapshot()),
                testImage,
-               true,
                *updateJson,
+               true,
+               schemaVersionRedactor,
        )
 }
 
+func schemaVersionRedactor(s []byte) []byte {
+       pattern := regexp.MustCompile(`,?\s*"schema":\s*\{[^}]*}`)
+       out := pattern.ReplaceAll(s, []byte(""))
+       return out
+}
+
 func TestEncodeFullJSONDocument(t *testing.T) {
        catalog := pkg.NewCatalog()
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/syft-0.68.0/syft/formats/table/encoder_test.go 
new/syft-0.68.1/syft/formats/table/encoder_test.go
--- old/syft-0.68.0/syft/formats/table/encoder_test.go  2023-01-20 
15:49:44.000000000 +0100
+++ new/syft-0.68.1/syft/formats/table/encoder_test.go  2023-01-25 
18:18:24.000000000 +0100
@@ -15,8 +15,8 @@
        testutils.AssertEncoderAgainstGoldenSnapshot(t,
                Format(),
                testutils.DirectoryInput(t),
-               false,
                *updateTableGoldenFiles,
+               false,
        )
 }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/syft-0.68.0/syft/pkg/cataloger/binary/default_classifiers.go 
new/syft-0.68.1/syft/pkg/cataloger/binary/default_classifiers.go
--- old/syft-0.68.0/syft/pkg/cataloger/binary/default_classifiers.go    
2023-01-20 15:49:44.000000000 +0100
+++ new/syft-0.68.1/syft/pkg/cataloger/binary/default_classifiers.go    
2023-01-25 18:18:24.000000000 +0100
@@ -1,6 +1,9 @@
 package binary
 
-import "github.com/anchore/syft/syft/pkg"
+import (
+       "github.com/anchore/syft/syft/cpe"
+       "github.com/anchore/syft/syft/pkg"
+)
 
 var defaultClassifiers = []classifier{
        {
@@ -11,6 +14,10 @@
                        `(?m)(?P<version>{{ .version 
}}\.[0-9]+[-_a-zA-Z0-9]*)`),
                Package: "python",
                PURL:    mustPURL("pkg:generic/python@version"),
+               CPEs: []cpe.CPE{
+                       
cpe.Must("cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"),
+                       cpe.Must("cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"),
+               },
        },
        {
                Class:    "python-binary-lib",
@@ -20,6 +27,10 @@
                        `(?m)(?P<version>{{ .version 
}}\.[0-9]+[-_a-zA-Z0-9]*)`),
                Package: "python",
                PURL:    mustPURL("pkg:generic/python@version"),
+               CPEs: []cpe.CPE{
+                       
cpe.Must("cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"),
+                       cpe.Must("cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"),
+               },
        },
        {
                Class:    "cpython-source",
@@ -28,6 +39,10 @@
                        
`(?m)#define\s+PY_VERSION\s+"?(?P<version>[0-9\.\-_a-zA-Z]+)"?`),
                Package: "python",
                PURL:    mustPURL("pkg:generic/python@version"),
+               CPEs: []cpe.CPE{
+                       
cpe.Must("cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:*"),
+                       cpe.Must("cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"),
+               },
        },
        {
                Class:    "go-binary",
@@ -103,6 +118,7 @@
                EvidenceMatcher: fileContentsVersionMatcher(
                        `(?m)BusyBox\s+v(?P<version>[0-9]+\.[0-9]+\.[0-9]+)`),
                Package: "busybox",
+               CPEs:    singleCPE("cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*"),
        },
        {
                Class:    "php-cli-binary",

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/syft/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.syft.new.32243/vendor.tar.gz differ: char 5, line 1

commit syft for openSUSE:Factory

Reply via email to