Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package syft for openSUSE:Factory checked in
at 2023-02-02 18:08:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/syft (Old)
and /work/SRC/openSUSE:Factory/.syft.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syft"
Thu Feb 2 18:08:48 2023 rev:25 rq:1062582 version:0.69.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/syft/syft.changes 2023-02-01
16:39:08.773633704 +0100
+++ /work/SRC/openSUSE:Factory/.syft.new.32243/syft.changes 2023-02-02
18:18:48.547952104 +0100
@@ -1,0 +2,8 @@
+Thu Feb 02 06:48:23 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 0.69.1:
+ * chore: update spdx/tools-golang to v0.5.0-rc1 (#1503)
+ * feat: update golang to 1.19 (#1526)
+ * Update syft bootstrap tools to latest versions. (#1525)
+
+-------------------------------------------------------------------
Old:
----
syft-0.69.0.tar.gz
New:
----
syft-0.69.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ syft.spec ++++++
--- /var/tmp/diff_new_pack.STsKke/_old 2023-02-02 18:18:49.519958048 +0100
+++ /var/tmp/diff_new_pack.STsKke/_new 2023-02-02 18:18:49.523958073 +0100
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: syft
-Version: 0.69.0
+Version: 0.69.1
Release: 0
Summary: CLI tool and library for generating a Software Bill of
Materials
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.STsKke/_old 2023-02-02 18:18:49.559958293 +0100
+++ /var/tmp/diff_new_pack.STsKke/_new 2023-02-02 18:18:49.563958317 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/anchore/syft</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.69.0</param>
+ <param name="revision">v0.69.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -16,7 +16,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">syft-0.69.0.tar.gz</param>
+ <param name="archive">syft-0.69.1.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.STsKke/_old 2023-02-02 18:18:49.583958440 +0100
+++ /var/tmp/diff_new_pack.STsKke/_new 2023-02-02 18:18:49.587958464 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/anchore/syft</param>
- <param
name="changesrevision">b81c9805dcc9bf25dad7659fd9c2bbf7dd3f3d90</param></service></servicedata>
+ <param
name="changesrevision">1530ef354ffaf59cef6a02c949f2cdb82353954f</param></service></servicedata>
(No newline at EOF)
++++++ syft-0.69.0.tar.gz -> syft-0.69.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/.github/actions/bootstrap/action.yaml
new/syft-0.69.1/.github/actions/bootstrap/action.yaml
--- old/syft-0.69.0/.github/actions/bootstrap/action.yaml 2023-01-30
19:47:24.000000000 +0100
+++ new/syft-0.69.1/.github/actions/bootstrap/action.yaml 2023-01-31
17:53:16.000000000 +0100
@@ -4,7 +4,7 @@
go-version:
description: "Go version to install"
required: true
- default: "1.18.x"
+ default: "1.19.x"
use-go-cache:
description: "Restore go cache"
required: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/.github/scripts/go-mod-tidy-check.sh
new/syft-0.69.1/.github/scripts/go-mod-tidy-check.sh
--- old/syft-0.69.0/.github/scripts/go-mod-tidy-check.sh 2023-01-30
19:47:24.000000000 +0100
+++ new/syft-0.69.1/.github/scripts/go-mod-tidy-check.sh 2023-01-31
17:53:16.000000000 +0100
@@ -4,7 +4,7 @@
ORIGINAL_STATE_DIR=$(mktemp -d "TEMP-original-state-XXXXXXXXX")
TIDY_STATE_DIR=$(mktemp -d "TEMP-tidy-state-XXXXXXXXX")
-trap "cp ${ORIGINAL_STATE_DIR}/* ./ && rm -fR ${ORIGINAL_STATE_DIR}
${TIDY_STATE_DIR}" EXIT
+trap "cp -p ${ORIGINAL_STATE_DIR}/* ./ && git update-index -q --refresh && rm
-fR ${ORIGINAL_STATE_DIR} ${TIDY_STATE_DIR}" EXIT
# capturing original state of files...
cp go.mod go.sum "${ORIGINAL_STATE_DIR}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/syft-0.69.0/.github/scripts/json-schema-drift-check.sh
new/syft-0.69.1/.github/scripts/json-schema-drift-check.sh
--- old/syft-0.69.0/.github/scripts/json-schema-drift-check.sh 1970-01-01
01:00:00.000000000 +0100
+++ new/syft-0.69.1/.github/scripts/json-schema-drift-check.sh 2023-01-31
17:53:16.000000000 +0100
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -u
+
+if ! git diff-index --quiet HEAD --; then
+ git diff-index HEAD --
+ git --no-pager diff
+ echo "there are uncommitted changes, please commit them before running this
check"
+ exit 1
+fi
+
+success=true
+
+if ! make generate-json-schema; then
+ echo "Generating json schema failed"
+ success=false
+fi
+
+if ! git diff-index --quiet HEAD --; then
+ git diff-index HEAD --
+ git --no-pager diff
+ echo "JSON schema drift detected!"
+ success=false
+fi
+
+if ! $success; then
+ exit 1
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/.github/workflows/release.yaml
new/syft-0.69.1/.github/workflows/release.yaml
--- old/syft-0.69.0/.github/workflows/release.yaml 2023-01-30
19:47:24.000000000 +0100
+++ new/syft-0.69.1/.github/workflows/release.yaml 2023-01-31
17:53:16.000000000 +0100
@@ -9,7 +9,7 @@
- "v*"
env:
- GO_VERSION: "1.18.x"
+ GO_VERSION: "1.19.x"
jobs:
quality-gate:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/syft-0.69.0/.github/workflows/update-bootstrap-tools.yml
new/syft-0.69.1/.github/workflows/update-bootstrap-tools.yml
--- old/syft-0.69.0/.github/workflows/update-bootstrap-tools.yml
2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/.github/workflows/update-bootstrap-tools.yml
2023-01-31 17:53:16.000000000 +0100
@@ -6,7 +6,7 @@
workflow_dispatch:
env:
- GO_VERSION: "1.18.x"
+ GO_VERSION: "1.19.x"
GO_STABLE_VERSION: true
jobs:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/syft-0.69.0/.github/workflows/update-stereoscope-release.yml
new/syft-0.69.1/.github/workflows/update-stereoscope-release.yml
--- old/syft-0.69.0/.github/workflows/update-stereoscope-release.yml
2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/.github/workflows/update-stereoscope-release.yml
2023-01-31 17:53:16.000000000 +0100
@@ -6,7 +6,7 @@
workflow_dispatch:
env:
- GO_VERSION: "1.18.x"
+ GO_VERSION: "1.19.x"
GO_STABLE_VERSION: true
jobs:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/CONTRIBUTING.md
new/syft-0.69.1/CONTRIBUTING.md
--- old/syft-0.69.0/CONTRIBUTING.md 2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/CONTRIBUTING.md 2023-01-31 17:53:16.000000000 +0100
@@ -1,4 +1,4 @@
-# Contributing to Syft
+[#](#) Contributing to Syft
If you are looking to contribute to this project and want to open a GitHub
pull request ("PR"), there are a few guidelines of what we are looking for in
patches. Make sure you go through this document and ensure that your code
proposal is aligned.
@@ -10,7 +10,7 @@
You will need to install Go. The version on https://go.dev works best, using
the system golang doesn't always work the way you might expect.
-At the time of writing, Go 1.19 does not work correctly with Syft. Please use
Go 1.18 for now.
+Refer to the go.mod file in the root of this repo for the recommended version
of Go to install.
You will also need Docker. There's no reason the system packages shouldn't
work, but we used the official Docker package. You can find instructions for
installing Docker in Debian
[here](https://docs.docker.com/engine/install/debian/).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/Makefile new/syft-0.69.1/Makefile
--- old/syft-0.69.0/Makefile 2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/Makefile 2023-01-31 17:53:16.000000000 +0100
@@ -12,7 +12,7 @@
GOSIMPORTS_VERSION := v0.3.5
BOUNCER_VERSION := v0.4.0
CHRONICLE_VERSION := v0.5.1
-GORELEASER_VERSION := v1.14.1
+GORELEASER_VERSION := v1.15.0
YAJSV_VERSION := v1.4.1
COSIGN_VERSION := v1.13.1
QUILL_VERSION := v0.2.0
@@ -132,10 +132,7 @@
check-json-schema-drift:
$(call title,Ensure there is no drift between the JSON schema and the
code)
- @git diff-index --quiet HEAD -- || (echo "there are uncommitted
changes, please commit them before running this check" && false)
- @make generate-json-schema || (echo "$(RED)$(BOLD)JSON schema drift
detected!$(RESET)" && false)
- @git diff-index --quiet HEAD -- || (echo "$(RED)$(BOLD)JSON schema
drift detected!$(RESET)" && false)
-
+ @.github/scripts/json-schema-drift-check.sh
## Testing targets #################################
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/go.mod new/syft-0.69.1/go.mod
--- old/syft-0.69.0/go.mod 2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/go.mod 2023-01-31 17:53:16.000000000 +0100
@@ -1,6 +1,6 @@
module github.com/anchore/syft
-go 1.18
+go 1.19
require (
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
@@ -31,7 +31,7 @@
github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e
github.com/sergi/go-diff v1.3.1
github.com/sirupsen/logrus v1.9.0
- github.com/spdx/tools-golang v0.4.0
+ github.com/spdx/tools-golang v0.5.0-rc1
github.com/spf13/afero v1.9.3
github.com/spf13/cobra v1.6.1
github.com/spf13/pflag v1.0.5
@@ -69,6 +69,7 @@
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
github.com/Microsoft/go-winio v0.6.0 // indirect
+ github.com/anchore/go-struct-converter
v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/containerd/containerd v1.6.12 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.12.1 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/go.sum new/syft-0.69.1/go.sum
--- old/syft-0.69.0/go.sum 2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/go.sum 2023-01-31 17:53:16.000000000 +0100
@@ -138,6 +138,8 @@
github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8/go.mod
h1:+gPap4jha079qzRTUaehv+UZ6sSdaNwkH0D3b6zhTuk=
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb
h1:iDMnx6LIjtjZ46C0akqveX83WFzhpTD3eqOthawb5vU=
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb/go.mod
h1:DmTY2Mfcv38hsHbG78xMiTDdxFtkHpgYNVDPsF2TgHk=
+github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092
h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc=
+github.com/anchore/go-struct-converter
v0.0.0-20221118182256-c68fdcfa2092/go.mod
h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA=
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
h1:VzprUTpc0vW0nnNKJfJieyH/TZ9UYAnTZs5/gHTdAe8=
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod
h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
@@ -1046,8 +1048,8 @@
github.com/soheilhy/cmux v0.1.5/go.mod
h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod
h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod
h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
-github.com/spdx/tools-golang v0.4.0
h1:jdhnW8zYelURCbYTphiviFKZkWu51in0E4A1KT2csP0=
-github.com/spdx/tools-golang v0.4.0/go.mod
h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM=
+github.com/spdx/tools-golang v0.5.0-rc1
h1:ooCSe48QatlidqEFd+nSI308tyeNTR6NJvauUj3ApX8=
+github.com/spdx/tools-golang v0.5.0-rc1/go.mod
h1:LI6onw172PdO57Ob/hgnLDD4Y2PMnroeNT3wO/2WJJI=
github.com/spf13/afero v1.1.2/go.mod
h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2/go.mod
h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
github.com/spf13/afero v1.3.3/go.mod
h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/syft-0.69.0/syft/formats/common/spdxhelpers/to_format_model.go
new/syft-0.69.1/syft/formats/common/spdxhelpers/to_format_model.go
--- old/syft-0.69.0/syft/formats/common/spdxhelpers/to_format_model.go
2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/syft/formats/common/spdxhelpers/to_format_model.go
2023-01-31 17:53:16.000000000 +0100
@@ -8,8 +8,7 @@
"strings"
"time"
- "github.com/spdx/tools-golang/spdx/common"
- spdx "github.com/spdx/tools-golang/spdx/v2_3"
+ "github.com/spdx/tools-golang/spdx"
"github.com/anchore/syft/internal"
"github.com/anchore/syft/internal/log"
@@ -23,7 +22,6 @@
)
const (
- spdxVersion = "SPDX-2.3"
noAssertion = "NOASSERTION"
)
@@ -40,11 +38,11 @@
// for the primary package purpose field:
//
https://spdx.github.io/spdx-spec/v2.3/package-information/#724-primary-package-purpose-field
documentDescribesRelationship := &spdx.Relationship{
- RefA: common.DocElementID{
+ RefA: spdx.DocElementID{
ElementRefID: "DOCUMENT",
},
Relationship: string(DescribesRelationship),
- RefB: common.DocElementID{
+ RefB: spdx.DocElementID{
ElementRefID: "DOCUMENT",
},
RelationshipComment: "",
@@ -55,11 +53,11 @@
return &spdx.Document{
// 6.1: SPDX Version; should be in the format "SPDX-x.x"
// Cardinality: mandatory, one
- SPDXVersion: spdxVersion,
+ SPDXVersion: spdx.Version,
// 6.2: Data License; should be "CC0-1.0"
// Cardinality: mandatory, one
- DataLicense: "CC0-1.0",
+ DataLicense: spdx.DataLicense,
// 6.3: SPDX Identifier; should be "DOCUMENT" to represent
mandatory identifier of SPDXRef-DOCUMENT
// Cardinality: mandatory, one
@@ -104,7 +102,7 @@
// 6.8: Creators: may have multiple keys for Person,
Organization
// and/or Tool
// Cardinality: mandatory, one or many
- Creators: []common.Creator{
+ Creators: []spdx.Creator{
{
Creator: "Anchore, Inc",
CreatorType: "Organization",
@@ -129,7 +127,7 @@
}
}
-func toSPDXID(identifiable artifact.Identifiable) common.ElementID {
+func toSPDXID(identifiable artifact.Identifiable) spdx.ElementID {
id := ""
if p, ok := identifiable.(pkg.Package); ok {
id = SanitizeElementID(fmt.Sprintf("Package-%+v-%s-%s", p.Type,
p.Name, p.ID()))
@@ -137,7 +135,7 @@
id = string(identifiable.ID())
}
// NOTE: the spdx libraries prepend SPDXRef-, so we don't do it here
- return common.ElementID(id)
+ return spdx.ElementID(id)
}
// packages populates all Package Information from the package Catalog (see
https://spdx.github.io/spdx-spec/3-package-information/)
@@ -313,9 +311,9 @@
return results
}
-func toPackageChecksums(p pkg.Package) ([]common.Checksum, bool) {
+func toPackageChecksums(p pkg.Package) ([]spdx.Checksum, bool) {
filesAnalyzed := false
- var checksums []common.Checksum
+ var checksums []spdx.Checksum
switch meta := p.Metadata.(type) {
// we generate digest for some Java packages
//
spdx.github.io/spdx-spec/package-information/#710-package-checksum-field
@@ -325,8 +323,8 @@
filesAnalyzed = true
for _, digest := range meta.ArchiveDigests {
algo := strings.ToUpper(digest.Algorithm)
- checksums = append(checksums, common.Checksum{
- Algorithm:
common.ChecksumAlgorithm(algo),
+ checksums = append(checksums, spdx.Checksum{
+ Algorithm: spdx.ChecksumAlgorithm(algo),
Value: digest.Value,
})
}
@@ -339,20 +337,20 @@
break
}
algo = strings.ToUpper(algo)
- checksums = append(checksums, common.Checksum{
- Algorithm: common.ChecksumAlgorithm(algo),
+ checksums = append(checksums, spdx.Checksum{
+ Algorithm: spdx.ChecksumAlgorithm(algo),
Value: hexStr,
})
}
return checksums, filesAnalyzed
}
-func toPackageOriginator(p pkg.Package) *common.Originator {
+func toPackageOriginator(p pkg.Package) *spdx.Originator {
kind, originator := Originator(p)
if kind == "" || originator == "" {
return nil
}
- return &common.Originator{
+ return &spdx.Originator{
Originator: originator,
OriginatorType: kind,
}
@@ -386,11 +384,11 @@
}
result = append(result, &spdx.Relationship{
- RefA: common.DocElementID{
+ RefA: spdx.DocElementID{
ElementRefID: toSPDXID(r.From),
},
Relationship: string(relationshipType),
- RefB: common.DocElementID{
+ RefB: spdx.DocElementID{
ElementRefID: toSPDXID(r.To),
},
RelationshipComment: comment,
@@ -462,10 +460,10 @@
return results
}
-func toFileChecksums(digests []file.Digest) (checksums []common.Checksum) {
- checksums = make([]common.Checksum, 0, len(digests))
+func toFileChecksums(digests []file.Digest) (checksums []spdx.Checksum) {
+ checksums = make([]spdx.Checksum, 0, len(digests))
for _, digest := range digests {
- checksums = append(checksums, common.Checksum{
+ checksums = append(checksums, spdx.Checksum{
Algorithm: toChecksumAlgorithm(digest.Algorithm),
Value: digest.Value,
})
@@ -473,9 +471,9 @@
return checksums
}
-func toChecksumAlgorithm(algorithm string) common.ChecksumAlgorithm {
+func toChecksumAlgorithm(algorithm string) spdx.ChecksumAlgorithm {
// this needs to be an uppercase version of our algorithm
- return common.ChecksumAlgorithm(strings.ToUpper(algorithm))
+ return spdx.ChecksumAlgorithm(strings.ToUpper(algorithm))
}
func toFileTypes(metadata *source.FileMetadata) (ty []string) {
@@ -517,7 +515,7 @@
// f file is an "excludes" file, skip it /* exclude SPDX analysis file(s) */
// see:
https://spdx.github.io/spdx-spec/v2.3/package-information/#79-package-verification-code-field
// the above link contains the SPDX algorithm for a package verification code
-func newPackageVerificationCode(p pkg.Package, sbom sbom.SBOM)
*common.PackageVerificationCode {
+func newPackageVerificationCode(p pkg.Package, sbom sbom.SBOM)
*spdx.PackageVerificationCode {
// key off of the contains relationship;
// spdx validator will fail if a package claims to contain a file but
no sha1 provided
// if a sha1 for a file is provided then the validator will fail if the
package does not have
@@ -558,7 +556,7 @@
//nolint:gosec
hasher := sha1.New()
_, _ = hasher.Write([]byte(b.String()))
- return &common.PackageVerificationCode{
+ return &spdx.PackageVerificationCode{
// 7.9.1: Package Verification Code Value
// Cardinality: mandatory, one
Value: fmt.Sprintf("%+x", hasher.Sum(nil)),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/syft-0.69.0/syft/formats/common/spdxhelpers/to_format_model_test.go
new/syft-0.69.1/syft/formats/common/spdxhelpers/to_format_model_test.go
--- old/syft-0.69.0/syft/formats/common/spdxhelpers/to_format_model_test.go
2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/syft/formats/common/spdxhelpers/to_format_model_test.go
2023-01-31 17:53:16.000000000 +0100
@@ -4,8 +4,7 @@
"fmt"
"testing"
- "github.com/spdx/tools-golang/spdx/common"
- spdx "github.com/spdx/tools-golang/spdx/v2_3"
+ "github.com/spdx/tools-golang/spdx"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -21,7 +20,7 @@
tests := []struct {
name string
pkg pkg.Package
- expected []common.Checksum
+ expected []spdx.Checksum
filesAnalyzed bool
}{
{
@@ -39,7 +38,7 @@
},
},
},
- expected: []common.Checksum{
+ expected: []spdx.Checksum{
{
Algorithm: "SHA1",
Value: "1234",
@@ -57,7 +56,7 @@
ArchiveDigests: []file.Digest{},
},
},
- expected: []common.Checksum{},
+ expected: []spdx.Checksum{},
filesAnalyzed: false,
},
{
@@ -67,7 +66,7 @@
Version: "1.0.0",
Language: pkg.Java,
},
- expected: []common.Checksum{},
+ expected: []spdx.Checksum{},
filesAnalyzed: false,
},
{
@@ -81,7 +80,7 @@
H1Digest:
"h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=",
},
},
- expected: []common.Checksum{
+ expected: []spdx.Checksum{
{
Algorithm: "SHA256",
Value:
"f5f1c0b4ad2e0dfa6f79eaaaa3586411925c16f61702208ddd4bad2fc17dc47c",
@@ -97,7 +96,7 @@
Language: pkg.Java,
Metadata: struct{}{},
},
- expected: []common.Checksum{},
+ expected: []spdx.Checksum{},
filesAnalyzed: false,
},
}
@@ -229,7 +228,7 @@
tests := []struct {
name string
digests []file.Digest
- expected []common.Checksum
+ expected []spdx.Checksum
}{
{
name: "empty",
@@ -246,7 +245,7 @@
Value: "meh",
},
},
- expected: []common.Checksum{
+ expected: []spdx.Checksum{
{
Algorithm: "SHA256",
Value: "deadbeefcafe",
@@ -275,8 +274,8 @@
FileSystemID: "nowhere",
}
- docElementId := func(identifiable artifact.Identifiable)
common.DocElementID {
- return common.DocElementID{
+ docElementId := func(identifiable artifact.Identifiable)
spdx.DocElementID {
+ return spdx.DocElementID{
ElementRefID: toSPDXID(identifiable),
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/syft-0.69.0/syft/formats/common/spdxhelpers/to_syft_model.go
new/syft-0.69.1/syft/formats/common/spdxhelpers/to_syft_model.go
--- old/syft-0.69.0/syft/formats/common/spdxhelpers/to_syft_model.go
2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/syft/formats/common/spdxhelpers/to_syft_model.go
2023-01-31 17:53:16.000000000 +0100
@@ -6,7 +6,7 @@
"strconv"
"strings"
- spdx "github.com/spdx/tools-golang/spdx/v2_3"
+ "github.com/spdx/tools-golang/spdx"
"github.com/anchore/packageurl-go"
"github.com/anchore/syft/internal/log"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/syft-0.69.0/syft/formats/common/spdxhelpers/to_syft_model_test.go
new/syft-0.69.1/syft/formats/common/spdxhelpers/to_syft_model_test.go
--- old/syft-0.69.0/syft/formats/common/spdxhelpers/to_syft_model_test.go
2023-01-30 19:47:24.000000000 +0100
+++ new/syft-0.69.1/syft/formats/common/spdxhelpers/to_syft_model_test.go
2023-01-31 17:53:16.000000000 +0100
@@ -3,8 +3,7 @@
import (
"testing"
- "github.com/spdx/tools-golang/spdx/common"
- spdx "github.com/spdx/tools-golang/spdx/v2_3"
+ "github.com/spdx/tools-golang/spdx"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -246,9 +245,9 @@
RefType: "purl",
},
},
- PackageChecksums: []common.Checksum{
+ PackageChecksums: []spdx.Checksum{
{
- Algorithm: common.SHA256,
+ Algorithm: spdx.SHA256,
Value:
"f5f1c0b4ad2e0dfa6f79eaaaa3586411925c16f61702208ddd4bad2fc17dc47c",
},
},
@@ -267,9 +266,9 @@
RefType: "purl",
},
},
- PackageChecksums: []common.Checksum{
+ PackageChecksums: []spdx.Checksum{
{
- Algorithm: common.SHA1,
+ Algorithm: spdx.SHA1,
Value:
"f5f1c0b4ad2e0dfa6f79eaaaa3586411925c16f61702208ddd4bad2fc17dc47c",
},
},
@@ -288,9 +287,9 @@
RefType: "purl",
},
},
- PackageChecksums: []common.Checksum{
+ PackageChecksums: []spdx.Checksum{
{
- Algorithm: common.SHA256,
+ Algorithm: spdx.SHA256,
Value: "",
},
},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/syft/formats/spdxjson/decoder.go
new/syft-0.69.1/syft/formats/spdxjson/decoder.go
--- old/syft-0.69.0/syft/formats/spdxjson/decoder.go 2023-01-30
19:47:24.000000000 +0100
+++ new/syft-0.69.1/syft/formats/spdxjson/decoder.go 2023-01-31
17:53:16.000000000 +0100
@@ -4,14 +4,14 @@
"fmt"
"io"
- spdx "github.com/spdx/tools-golang/json"
+ "github.com/spdx/tools-golang/json"
"github.com/anchore/syft/syft/formats/common/spdxhelpers"
"github.com/anchore/syft/syft/sbom"
)
func decoder(reader io.Reader) (s *sbom.SBOM, err error) {
- doc, err := spdx.Load2_3(reader)
+ doc, err := json.Read(reader)
if err != nil {
return nil, fmt.Errorf("unable to decode spdx-json: %w", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/syft/formats/spdxtagvalue/decoder.go
new/syft-0.69.1/syft/formats/spdxtagvalue/decoder.go
--- old/syft-0.69.0/syft/formats/spdxtagvalue/decoder.go 2023-01-30
19:47:24.000000000 +0100
+++ new/syft-0.69.1/syft/formats/spdxtagvalue/decoder.go 2023-01-31
17:53:16.000000000 +0100
@@ -4,14 +4,14 @@
"fmt"
"io"
- "github.com/spdx/tools-golang/tvloader"
+ "github.com/spdx/tools-golang/tagvalue"
"github.com/anchore/syft/syft/formats/common/spdxhelpers"
"github.com/anchore/syft/syft/sbom"
)
func decoder(reader io.Reader) (*sbom.SBOM, error) {
- doc, err := tvloader.Load2_3(reader)
+ doc, err := tagvalue.Read(reader)
if err != nil {
return nil, fmt.Errorf("unable to decode spdx-tag-value: %w",
err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/syft-0.69.0/syft/formats/spdxtagvalue/encoder.go
new/syft-0.69.1/syft/formats/spdxtagvalue/encoder.go
--- old/syft-0.69.0/syft/formats/spdxtagvalue/encoder.go 2023-01-30
19:47:24.000000000 +0100
+++ new/syft-0.69.1/syft/formats/spdxtagvalue/encoder.go 2023-01-31
17:53:16.000000000 +0100
@@ -3,7 +3,7 @@
import (
"io"
- "github.com/spdx/tools-golang/tvsaver"
+ "github.com/spdx/tools-golang/tagvalue"
"github.com/anchore/syft/syft/formats/common/spdxhelpers"
"github.com/anchore/syft/syft/sbom"
@@ -11,5 +11,5 @@
func encoder(output io.Writer, s sbom.SBOM) error {
model := spdxhelpers.ToFormatModel(s)
- return tvsaver.Save2_3(model, output)
+ return tagvalue.Write(model, output)
}
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/syft/vendor.tar.gz
/work/SRC/openSUSE:Factory/.syft.new.32243/vendor.tar.gz differ: char 5, line 1
