chore(deps): update Syft to v0.101.0 (#436)

* chore(deps): update Syft to v0.101.0 Signed-off-by: GitHub <noreply@github.com> * chore(test): update snapshots Signed-off-by: anchore-actions <anchore-actions@users.noreply.github.com> --------- Signed-off-by: GitHub <noreply@github.com> Signed-off-by: anchore-actions <anchore-actions@users.noreply.github.com> Co-authored-by: kzantow <kzantow@users.noreply.github.com> Co-authored-by: anchore-actions <anchore-actions@users.noreply.github.com>
anchore · Jan 18, 2024 · 41f7a6c · 41f7a6c
1 parent c7f031d
commit 41f7a6c
Show file tree

Hide file tree

Showing 5 changed files with 220 additions and 4 deletions.
diff --git a/dist/attachReleaseAssets/index.js b/dist/attachReleaseAssets/index.js
diff --git a/dist/downloadSyft/index.js b/dist/downloadSyft/index.js
diff --git a/dist/runSyftAction/index.js b/dist/runSyftAction/index.js
diff --git a/src/SyftVersion.ts b/src/SyftVersion.ts
@@ -1 +1 @@
-export const VERSION = "v0.100.0";
+export const VERSION = "v0.101.0";
diff --git a/tests/integration/__snapshots__/formatExports.test.ts.snap b/tests/integration/__snapshots__/formatExports.test.ts.snap
@@ -2501,6 +2501,12 @@ exports[`SPDX JSON alpine 1`] = `
    "relationshipType": "OTHER",
    "comment": "evident-by: indicates the package's existence is evident by the given file"
   },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
   {
    "spdxElementId": "redacted",
    "relatedSpdxElement": "redacted",
@@ -3206,6 +3212,42 @@ exports[`SPDX JSON debian 1`] = `
    "relationshipType": "OTHER",
    "comment": "evident-by: indicates the package's existence is evident by the given file"
   },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
   {
    "spdxElementId": "redacted",
    "relatedSpdxElement": "redacted",
@@ -3826,6 +3868,84 @@ exports[`SPDX JSON npm 1`] = `
    "relationshipType": "OTHER",
    "comment": "evident-by: indicates the package's existence is evident by the given file"
   },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
   {
    "spdxElementId": "redacted",
    "relatedSpdxElement": "redacted",
@@ -4276,6 +4396,48 @@ exports[`SPDX JSON yarn 1`] = `
    "relationshipType": "OTHER",
    "comment": "evident-by: indicates the package's existence is evident by the given file"
   },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
+  {
+   "spdxElementId": "redacted",
+   "relatedSpdxElement": "redacted",
+   "relationshipType": "OTHER",
+   "comment": "evident-by: indicates the package's existence is evident by the given file"
+  },
   {
    "spdxElementId": "redacted",
    "relatedSpdxElement": "redacted",
@@ -4371,6 +4533,8 @@ ExternalRef: PACKAGE-MANAGER purl pkg:apk/alpine/libvncserver@0.9.9?arch=x86_64&
 
 ##### Relationships
 
+Relationship: SPDXRef-Package-apk-libvncserver-hash:redacted OTHER SPDXRef-File-lib-apk-db-installed-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-apk-libvncserver-hash:redacted OTHER SPDXRef-File-lib-apk-db-installed-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-alpine CONTAINS SPDXRef-Package-apk-libvncserver-hash:redacted
@@ -4617,16 +4781,28 @@ ExtractedText: BSD License
 
 ##### Relationships
 
+Relationship: SPDXRef-Package-java-archive-example-java-app-maven-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-java-archive-example-java-app-maven-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-java-archive-joda-time-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-java-archive-joda-time-hash:redacted OTHER SPDXRef-File-java-example-java-app-maven-0.1.0.jar-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-deb-apt-hash:redacted OTHER SPDXRef-File-var-lib-dpkg-status-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-deb-apt-hash:redacted OTHER SPDXRef-File-var-lib-dpkg-status-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-python-Pygments-hash:redacted OTHER SPDXRef-File-python-dist-info-METADATA-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-python-Pygments-hash:redacted OTHER SPDXRef-File-python-dist-info-METADATA-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-gem-bundler-hash:redacted OTHER SPDXRef-File-ruby-specifications-bundler.gemspec-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-gem-bundler-hash:redacted OTHER SPDXRef-File-ruby-specifications-bundler.gemspec-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-npm-hash:redacted OTHER SPDXRef-File-javascript-pkg-json-package.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-npm-hash:redacted OTHER SPDXRef-File-javascript-pkg-json-package.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-DocumentRoot-Image-localhost-5000-match-coverage-debian CONTAINS SPDXRef-Package-python-Pygments-hash:redacted
@@ -4895,30 +5071,56 @@ ExternalRef: PACKAGE-MANAGER purl pkg:npm/yallist@4.0.0
 
 Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-minizlib-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-minizlib-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-tar-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-tar-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-fs-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-fs-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-mkdirp-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-mkdirp-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-chownr-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-chownr-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-minipass-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-yallist-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-yallist-hash:redacted OTHER SPDXRef-File-package-lock.json-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-npm-project CONTAINS SPDXRef-Package-npm-chownr-hash:redacted
 Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-npm-project CONTAINS SPDXRef-Package-npm-fs-minipass-hash:redacted
 Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-npm-project CONTAINS SPDXRef-Package-npm-js-tokens-hash:redacted
@@ -5097,18 +5299,32 @@ ExternalRef: PACKAGE-MANAGER purl pkg:npm/trim@0.0.2
 
 Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-loose-envify-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-react-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-prop-types-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-js-tokens-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-trim-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-trim-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-object-assign-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
 RelationshipComment: evident-by: indicates the package's existence is evident by the given file
+Relationship: SPDXRef-Package-npm-react-is-hash:redacted OTHER SPDXRef-File-yarn.lock-hash:redacted
+RelationshipComment: evident-by: indicates the package's existence is evident by the given file
 Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-yarn-project CONTAINS SPDXRef-Package-npm-js-tokens-hash:redacted
 Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-yarn-project CONTAINS SPDXRef-Package-npm-loose-envify-hash:redacted
 Relationship: SPDXRef-DocumentRoot-Directory-tests-fixtures-yarn-project CONTAINS SPDXRef-Package-npm-object-assign-hash:redacted